Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

Package org.springframework.security.oauth2.provider

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

org.springframework.security.oauth2.provider.AuthorizationRequest
A request for authorization by an OAuth 2 Client, normally received and processed by the AuthorizationEndpoint. This class is meant to be manipulated throughout the authorization process, and is therefore treated as ephemeral and not to be stored long term. For long term storage, use the read-only {@link OAuth2Request} class.HTTP request parameters are stored in the parameters map, and any processing the server makes throughout the lifecycle of a request are stored on individual properties. The original request parameters will remain available through the parameters map. For convenience, constants are defined in order to get at those original values. However, the parameters map is unmodifiable so that processing cannot drop the original values. This class is {@link Serializable} in order to support storage of theauthorization request as a {@link SessionAttributes} member while the enduser through the authorization process (which may span several page requests). @author Ryan Heaton @author Dave Syer @author Amanda Anganes

  }


  @Test
  public void testCreateAuthorizationRequestWithUserRoles() {
    factory.setCheckUserScopes(true);
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("foo", request.getClientId());
    assertEquals("[bar]", request.getScope().toString());
  }

View Full Code Here

  }


  @Test
  public void testCreateTokenThenOAuth2RequestWithGrantType() {
    factory.setCheckUserScopes(true);
    AuthorizationRequest auth = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    OAuth2Request request = factory.createTokenRequest(auth, "password").createOAuth2Request(client);
    assertEquals("password", request.getGrantType());
    assertEquals("[bar]", request.getResourceIds().toString());
  }

View Full Code Here

    SecurityContextHolder.getContext().setAuthentication(
        new UsernamePasswordAuthenticationToken("user", "N/A", AuthorityUtils
            .commaSeparatedStringToAuthorityList("ROLE_BAR")));
    factory.setCheckUserScopes(true);
    client.setScope(Collections.singleton("foo"));
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("foo", request.getClientId());
    assertEquals("[]", request.getScope().toString());
  }

View Full Code Here


  private OAuth2MethodSecurityExpressionHandler handler = new OAuth2MethodSecurityExpressionHandler();


  @Test
  public void testScopesWithOr() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "",
        "client_credentials", "ROLE_CLIENT"));
    request.setApproved(true);
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass",
        AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(),
        "testOauthClient"));

View Full Code Here

    assertTrue((Boolean) expression.getValue(context));
  }


  @Test(expected = AccessDeniedException.class)
  public void testScopesInsufficient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "",
        "client_credentials", "ROLE_CLIENT"));
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass",
        AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(),
        "testOauthClient"));

View Full Code Here

    expression.getValue(context);
  }


  @Test
  public void testOauthClient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "", "",
        "client_credentials", "ROLE_CLIENT"));
    Authentication userAuthentication = null;


    OAuth2Request clientAuthentication = RequestTokenFactory
        .createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(),
            request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(),
            request.getResponseTypes(), request.getExtensions());


    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(),
        "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);

View Full Code Here


  private ApprovalStore approvalStore;


  @RequestMapping("/oauth/confirm_access")
  public ModelAndView getAccessConfirmation(Map<String, Object> model, Principal principal) throws Exception {
    AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
    ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
    model.put("auth_request", clientAuth);
    model.put("client", client);
    Map<String, String> scopes = new LinkedHashMap<String, String>();
    for (String scope : clientAuth.getScope()) {
      scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
    }
    for (Approval approval : approvalStore.getApprovals(principal.getName(), client.getClientId())) {
      if (clientAuth.getScope().contains(approval.getScope())) {
        scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
            approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
      }
    }
    model.put("scopes", scopes);

View Full Code Here

 */
public class OAuth2SecurityExpressionMethodsTests {


  @Test
  public void testOauthClient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo",
        Collections.singleton("read"));
    request
        .setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "", "", "client_credentials", "ROLE_CLIENT"));
    Authentication userAuthentication = null;
    
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(), request.isApproved(), request.getScope(), request.getResourceIds(),
        request.getRedirectUri(), request.getResponseTypes(), request.getExtensions());
    
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertTrue(new OAuth2SecurityExpressionMethods(oAuth2Authentication).clientHasAnyRole("ROLE_CLIENT"));
  }

View Full Code Here

    @Override
    public void run() {
      // With no explicit approval store we still expect to see scopes in the user approval model
      UserApprovalHandler handler = (UserApprovalHandler) ReflectionTestUtils.getField(endpoint,
          "userApprovalHandler");
      AuthorizationRequest authorizationRequest = new AuthorizationRequest();
      authorizationRequest.setScope(Arrays.asList("read"));
      Map<String, Object> request = handler.getUserApprovalRequest(authorizationRequest,
          new UsernamePasswordAuthenticationToken("user", "password"));
      assertTrue(request.containsKey("scopes"));


      Map<String,Object> information = clientDetailsService.loadClientByClientId("my-trusted-client")

View Full Code Here

  private Map<String, String> parameters = new HashMap<String, String>();
  private MockHttpServletRequest request = new MockHttpServletRequest();
  private MockHttpServletResponse response = new MockHttpServletResponse();


  private AuthorizationRequest createFromParameters(Map<String, String> authorizationParameters) {
    AuthorizationRequest request = new AuthorizationRequest(authorizationParameters, Collections.<String, String> emptyMap(), 
        authorizationParameters.get(OAuth2Utils.CLIENT_ID), 
        OAuth2Utils.parseParameterList(authorizationParameters.get(OAuth2Utils.SCOPE)), null,
        null, false, authorizationParameters.get(OAuth2Utils.STATE), 
        authorizationParameters.get(OAuth2Utils.REDIRECT_URI), 
        OAuth2Utils.parseParameterList(authorizationParameters.get(OAuth2Utils.RESPONSE_TYPE)));

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.springframework.security.oauth2.provider.AuthorizationRequest

client.ClientServerInteractionTests

com.springsource.greenhouse.settings.SettingsControllerTest

demo.Application

demo.Application$OAuth2Config

demo.Application$TokenEndpointSecurity

OAuth2AuthenticationReadConverter

org.codehaus.jackson.map.ObjectMapper

org.mitre.oauth2.introspectingfilter.IntrospectingTokenService

org.mitre.oauth2.repository.impl.JpaAuthorizationCodeRepository

org.mitre.oauth2.service.impl.DefaultIntrospectionResultAssembler

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.