Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

Package org.springframework.security.oauth2.provider

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

org.springframework.security.oauth2.provider.AuthorizationRequest
A request for authorization by an OAuth 2 Client, normally received and processed by the AuthorizationEndpoint. This class is meant to be manipulated throughout the authorization process, and is therefore treated as ephemeral and not to be stored long term. For long term storage, use the read-only {@link OAuth2Request} class.HTTP request parameters are stored in the parameters map, and any processing the server makes throughout the lifecycle of a request are stored on individual properties. The original request parameters will remain available through the parameters map. For convenience, constants are defined in order to get at those original values. However, the parameters map is unmodifiable so that processing cannot drop the original values. This class is {@link Serializable} in order to support storage of theauthorization request as a {@link SessionAttributes} member while the enduser through the authorization process (which may span several page requests). @author Ryan Heaton @author Dave Syer @author Amanda Anganes

    @Override
    public void run() {
      // There should be no scopes in the approval model
      UserApprovalHandler handler = (UserApprovalHandler) ReflectionTestUtils.getField(endpoint,
          "userApprovalHandler");
      AuthorizationRequest authorizationRequest = new AuthorizationRequest();
      authorizationRequest.setScope(Arrays.asList("read"));
      Map<String, Object> request = handler.getUserApprovalRequest(authorizationRequest,
          new UsernamePasswordAuthenticationToken("user", "password"));
      assertFalse(request.containsKey("scopes"));
    }

View Full Code Here


  private OAuth2WebSecurityExpressionHandler handler = new OAuth2WebSecurityExpressionHandler();


  @Test
  public void testScopesWithOr() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "",
        "client_credentials", "ROLE_USER"));
    request.setApproved(true);
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass",
        AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    FilterInvocation invocation = new FilterInvocation("/foo", "GET");
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);

View Full Code Here


  private BaseClientDetails client;


  @Before
  public void init() {
    AuthorizationRequest authorizationRequest = new AuthorizationRequest();
    authorizationRequest.setClientId("client");
    authorizationRequest.setScope(Arrays.asList("read", "write"));
    authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
    InMemoryClientDetailsService clientDetailsService = new InMemoryClientDetailsService();
    client = new BaseClientDetails("client", "source", "read,write", "authorization_code,client_credentials",
        "read");
    clientDetailsService.setClientDetailsStore(Collections.singletonMap("client", client));
    voter.setClientDetailsService(clientDetailsService);

View Full Code Here

    assertTrue((Boolean) expression.getValue(context));
  }


  @Test
  public void testOauthClient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "", "",
        "client_credentials", "ROLE_CLIENT"));


    OAuth2Request clientAuthentication = RequestTokenFactory
        .createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(),
            request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(),
            request.getResponseTypes(), request.getExtensions());


    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    FilterInvocation invocation = new FilterInvocation("/foo", "GET");
    Expression expression = handler.getExpressionParser()

View Full Code Here

    params.put("scope", "foo");
  }


  @Test(expected=InvalidScopeException.class)
  public void testNotPermittedForEmpty() {
    AuthorizationRequest request = factory.createAuthorizationRequest(params);
    request.setScope(Collections.<String>emptySet());
    validator.validateScope(request, client);;
  }

View Full Code Here

    validator.validateScope(request, client);;
  }


  @Test(expected=InvalidScopeException.class)
  public void testNotPermittedForAuthorization() {
    AuthorizationRequest request = factory.createAuthorizationRequest(params );
    request.setScope(Collections.singleton("foo"));
    validator.validateScope(request, client);
  }

View Full Code Here

    validator.validateScope(request, client);
  }


  @Test(expected=InvalidScopeException.class)
  public void testNotPermittedForScope() {
    AuthorizationRequest request = factory.createAuthorizationRequest(params );
    TokenRequest tokenRequest = factory.createTokenRequest(request, "authorization_code");
    tokenRequest.setScope(Collections.singleton("foo"));
    validator.validateScope(tokenRequest, client);;
  }

View Full Code Here

    assertTrue((Boolean) expression.getValue(handler.createEvaluationContext(oAuth2Authentication, invocation)));
  }


  @Test(expected = AccessDeniedException.class)
  public void testInsufficientScope() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "",
        "client_credentials", "ROLE_USER"));
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    OAuth2SecurityExpressionMethods root = new OAuth2SecurityExpressionMethods(oAuth2Authentication);
    boolean hasAnyScope = root.hasAnyScope("foo");
    root.throwOnError(hasAnyScope);

View Full Code Here

    SecurityContextHolder.clearContext();
  }


  @Test
  public void testCreateAuthorizationRequest() {
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("foo", request.getClientId());
  }

View Full Code Here

    assertEquals("foo", request.getClientId());
  }


  @Test
  public void testCreateAuthorizationRequestWithDefaultScopes() {
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("[bar]", request.getScope().toString());
  }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.springframework.security.oauth2.provider.AuthorizationRequest

client.ClientServerInteractionTests

com.springsource.greenhouse.settings.SettingsControllerTest

demo.Application

demo.Application$OAuth2Config

demo.Application$TokenEndpointSecurity

OAuth2AuthenticationReadConverter

org.codehaus.jackson.map.ObjectMapper

org.mitre.oauth2.introspectingfilter.IntrospectingTokenService

org.mitre.oauth2.repository.impl.JpaAuthorizationCodeRepository

org.mitre.oauth2.service.impl.DefaultIntrospectionResultAssembler

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.