Examples of org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter

• org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory
  A filter and authentication endpoint for the OAuth2 Token Endpoint. Allows clients to authenticate using request parameters if included as a security filter, as permitted by the specification (but not recommended). It is recommended by the specification that you permit HTTP basic authentication for clients, and not use this filter at all. @author Dave Syer

        Date expirationDate1 = DateUtil.utcToDate(expiration1);

        ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class);
        when(mockedClient1.getClientId()).thenReturn("mocked_client_1");

        OAuth2Request req1 = new OAuth2Request(new HashMap<String, String>(), "client1", new ArrayList<GrantedAuthority>(),
                                               true, new HashSet<String>(), new HashSet<String>(), "http://foo.com",
                                               new HashSet<String>(), null);
        Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable());
        OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1);

        AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity();
        holder1.setId(1L);
        holder1.setAuthentication(auth1);

        OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity();
        token1.setId(1L);
        token1.setClient(mockedClient1);
        token1.setExpiration(expirationDate1);
        token1.setValue("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.");
        token1.setAuthenticationHolder(holder1);

        String expiration2 = "2015-01-07T18:31:50.079+0000";
        Date expirationDate2 = DateUtil.utcToDate(expiration2);

        ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class);
        when(mockedClient2.getClientId()).thenReturn("mocked_client_2");

        OAuth2Request req2 = new OAuth2Request(new HashMap<String, String>(), "client2", new ArrayList<GrantedAuthority>(),
                                               true, new HashSet<String>(), new HashSet<String>(), "http://bar.com",
                                               new HashSet<String>(), null);
        Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable());
        OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2);

  private static final String USERNAME = "username";

  public String extractKey(OAuth2Authentication authentication) {
    Map<String, String> values = new LinkedHashMap<String, String>();
    OAuth2Request authorizationRequest = authentication.getOAuth2Request();
    if (!authentication.isClientOnly()) {
      values.put(USERNAME, authentication.getName());
    }
    values.put(CLIENT_ID, authorizationRequest.getClientId());
    if (authorizationRequest.getScope() != null) {
      values.put(SCOPE, OAuth2Utils.formatParameterList(authorizationRequest.getScope()));
    }
    MessageDigest digest;
    try {
      digest = MessageDigest.getInstance("MD5");
    }

    refreshToken = Mockito.mock(OAuth2RefreshTokenEntity.class);
    Mockito.when(tokenRepository.getRefreshTokenByValue(refreshTokenValue)).thenReturn(refreshToken);
    Mockito.when(refreshToken.getClient()).thenReturn(client);
    Mockito.when(refreshToken.isExpired()).thenReturn(false);

    tokenRequest = new TokenRequest(null, clientId, null, null);

    storedAuthentication = authentication;
    storedAuthRequest = clientAuth;
    storedAuthHolder = Mockito.mock(AuthenticationHolderEntity.class);
    storedScope = Sets.newHashSet(scope);

    return newClient;
  }

  private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) {

    OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
    OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());

    if (config.getRegTokenLifeTime() != null) {

      try {
        // Re-issue the token if it has been issued before [currentTime - validity]

    return newClient;
  }

  private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) {

    OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
    OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());

    if (config.getRegTokenLifeTime() != null) {

      try {
        // Re-issue the token if it has been issued before [currentTime - validity]

        .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/token")).disable()
        .exceptionHandling().accessDeniedHandler(accessDeniedHandler())
      .and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
      // @formatter:on
      ClientCredentialsTokenEndpointFilter filter = new ClientCredentialsTokenEndpointFilter();
      filter.setAuthenticationManager(super.authenticationManagerBean());
      filter.afterPropertiesSet();
      http.addFilterBefore(filter, BasicAuthenticationFilter.class);
    }

    http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);

  }

  private ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(HttpSecurity http) {
    ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter(
        frameworkEndpointHandlerMapping().getServletPath("/oauth/token"));
    clientCredentialsTokenEndpointFilter
        .setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
    clientCredentialsTokenEndpointFilter = postProcess(clientCredentialsTokenEndpointFilter);
    http.addFilterBefore(clientCredentialsTokenEndpointFilter, BasicAuthenticationFilter.class);
    return clientCredentialsTokenEndpointFilter;
  }

    @SuppressWarnings("unchecked")
    public void configure(HttpSecurity http) throws Exception {

        http.getConfigurer(ExpressionUrlAuthorizationConfigurer.class).expressionHandler(expressionHandler);

        clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
        clientCredentialsTokenEndpointFilter.setAuthenticationManager(http
                .getAuthenticationManager());
        clientCredentialsTokenEndpointFilter = postProcess(clientCredentialsTokenEndpointFilter);

        AuthenticationManager oauthAuthenticationManager = oauthAuthenticationManager(http);

    @EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
    private static class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration {<% if (authenticationType == 'token') { %>

        @Override
        protected MethodSecurityExpressionHandler createExpressionHandler() {
            return new OAuth2MethodSecurityExpressionHandler();
        }<% } %>

  private OAuth2RequestFactory defaultOAuth2RequestFactory;

  public void afterPropertiesSet() throws Exception {
    Assert.state(tokenGranter != null, "TokenGranter must be provided");
    Assert.state(clientDetailsService != null, "ClientDetailsService must be provided");
    defaultOAuth2RequestFactory = new DefaultOAuth2RequestFactory(getClientDetailsService());
    if (oAuth2RequestFactory == null) {
      oAuth2RequestFactory = defaultOAuth2RequestFactory;
    }
  }