Package org.springframework.security.oauth2.provider

Examples of org.springframework.security.oauth2.provider.OAuth2Request

84
85
86
87
88
89
90
91
92
93
94
    assertFalse(root.throwOnError(hasAnyScope));
  }

  @Test(expected = AccessDeniedException.class)
  public void testInsufficientScope() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));

    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    OAuth2SecurityExpressionMethods root = new OAuth2SecurityExpressionMethods(oAuth2Authentication);
    boolean hasAnyScope = root.hasAnyScope("foo");
View Full Code Here
95
96
97
98
99
100
101
102
103
104
105
    root.throwOnError(hasAnyScope);
  }

  @Test
  public void testSufficientScope() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));

    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertTrue(new OAuth2SecurityExpressionMethods(oAuth2Authentication).hasAnyScope("read"));
    assertTrue(new OAuth2SecurityExpressionMethods(oAuth2Authentication).throwOnError(true));
View Full Code Here
66
67
68
69
70
71
72
73
74
75
76
    parameters.put(OAuth2Utils.USER_OAUTH_APPROVAL, "false");
    parameters.put("client_id", "foo");
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(parameters, null, "foo", null, null, null, false, null, null, null);
    authorizationRequest.setApproved(false);
    TestAuthentication userAuthentication = new TestAuthentication("marissa", true);
    OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest);
   
    tokenServices.createAccessToken(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
    authorizationRequest = handler.checkForPreApproval(authorizationRequest, userAuthentication);
    assertTrue(handler.isApproved(authorizationRequest, userAuthentication));
  }
View Full Code Here
71
72
73
74
75
76
77
78
79
80
81
        Authentication user = new UsernamePasswordAuthenticationToken(userId, "N/A", AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
        AuthorizationRequest authorizationRequest = new AuthorizationRequest();
        authorizationRequest.setClientId(clientId);
        Set<String> scopes = users.get(userId);
        authorizationRequest.setScope(scopes);
        OAuth2Request request = authorizationRequest.createOAuth2Request();
        OAuth2Authentication authentication = new OAuth2Authentication(request, user);
        DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString());
        token.setScope(scopes);
        tokenStore.storeAccessToken(token, authentication);       
      }
View Full Code Here
147
148
149
150
151
152
153
154
    tokenEnhancer.afterPropertiesSet();
    assertTrue(tokenEnhancer.getKey().get("value").contains("BEGIN PUBLIC"));
  }

  private OAuth2Request createOAuth2Request(String clientId, Set<String> scope) {
    return new OAuth2Request(Collections.<String, String> emptyMap(), clientId, null, true, scope, null, null,
        null, null);
  }
View Full Code Here
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
  }

  @Test
  public void testRetrieveAccessToken() {
    //Test approved request
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", true);
    OAuth2Authentication authentication = new OAuth2Authentication(storedOAuth2Request, new TestAuthentication("test2", true));
    DefaultOAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken");
    expectedOAuth2AccessToken.setExpiration(new Date(Long.MAX_VALUE-1));
    getTokenStore().storeAccessToken(expectedOAuth2AccessToken, authentication);

    //Test unapproved request
    storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", false);
    authentication = new OAuth2Authentication(storedOAuth2Request, new TestAuthentication("test2", true));
    OAuth2AccessToken actualOAuth2AccessToken = getTokenStore().getAccessToken(authentication);
    assertEquals(expectedOAuth2AccessToken, actualOAuth2AccessToken);
    assertEquals(authentication.getUserAuthentication(), getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()).getUserAuthentication());
    // The authorizationRequest does not match because it is unapproved, but the token was granted to an approved request
    assertFalse(storedOAuth2Request.equals(getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()).getOAuth2Request()));
    actualOAuth2AccessToken = getTokenStore().getAccessToken(authentication);
    assertEquals(expectedOAuth2AccessToken, actualOAuth2AccessToken);
    getTokenStore().removeAccessToken(expectedOAuth2AccessToken);
    assertNull(getTokenStore().readAccessToken("testToken"));
    assertNull(getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()));
View Full Code Here
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
  }

  @Test
  public void testGetAccessTokenForDeletedUser() throws Exception {
    //Test approved request
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", true);
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(storedOAuth2Request, new TestAuthentication("test", true));
    OAuth2AccessToken expectedOAuth2AccessToken = new DefaultOAuth2AccessToken("testToken");
    getTokenStore().storeAccessToken(expectedOAuth2AccessToken, expectedAuthentication);
    assertEquals(expectedOAuth2AccessToken, getTokenStore().getAccessToken(expectedAuthentication));
    assertEquals(expectedAuthentication, getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()));
   
    //Test unapproved request
    storedOAuth2Request = RequestTokenFactory.createOAuth2Request("id", false);
    OAuth2Authentication anotherAuthentication = new OAuth2Authentication(storedOAuth2Request, new TestAuthentication("test", true));
    assertEquals(expectedOAuth2AccessToken, getTokenStore().getAccessToken(anotherAuthentication));
    // The generated key for the authentication is the same as before, but the two auths are not equal. This could
    // happen if there are 2 users in a system with the same username, or (more likely), if a user account was
    // deleted and re-created.
    assertEquals(anotherAuthentication.getUserAuthentication(), getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()).getUserAuthentication());
    // The authorizationRequest does not match because it is unapproved, but the token was granted to an approved request
    assertFalse(storedOAuth2Request.equals(getTokenStore().readAuthentication(expectedOAuth2AccessToken.getValue()).getOAuth2Request()));
  }
View Full Code Here
123
124
125
126
127
128
129
130
131
132
133
    refreshToken = Mockito.mock(OAuth2RefreshTokenEntity.class);
    Mockito.when(tokenRepository.getRefreshTokenByValue(refreshTokenValue)).thenReturn(refreshToken);
    Mockito.when(refreshToken.getClient()).thenReturn(client);
    Mockito.when(refreshToken.isExpired()).thenReturn(false);

    tokenRequest = new TokenRequest(null, clientId, null, null);

    storedAuthentication = authentication;
    storedAuthRequest = clientAuth;
    storedAuthHolder = Mockito.mock(AuthenticationHolderEntity.class);
    storedScope = Sets.newHashSet(scope);
View Full Code Here
441
442
443
444
445
446
447
448
449
450
451
452
    return newClient;
  }
 
  private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) {
   
    OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
    OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());
   
    if (config.getRegTokenLifeTime() != null) {
   
      try {
        // Re-issue the token if it has been issued before [currentTime - validity]
View Full Code Here
137
138
139
140
141
142
143
    @EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
    private static class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration {<% if (authenticationType == 'token') { %>

        @Override
        protected MethodSecurityExpressionHandler createExpressionHandler() {
            return new OAuth2MethodSecurityExpressionHandler();
        }<% } %>
View Full Code Here
TOP

Related Classes of org.springframework.security.oauth2.provider.OAuth2Request

  • client.ClientServerInteractionTests
  • com.springsource.greenhouse.settings.SettingsControllerTest
  • demo.Application
  • demo.Application$OAuth2Config
  • demo.Application$TokenEndpointSecurity
  • OAuth2AuthenticationReadConverter
  • org.codehaus.jackson.map.ObjectMapper
  • org.mitre.oauth2.introspectingfilter.IntrospectingTokenService
  • org.mitre.oauth2.repository.impl.JpaAuthorizationCodeRepository
  • org.mitre.oauth2.service.impl.DefaultIntrospectionResultAssembler
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.