List of usage examples for org.springframework.security.oauth2.client.token AccessTokenRequest getAuthorizationCode
String getAuthorizationCode();
From source file:spring.AbstractAuthorizationCodeProviderTests.java
@Test @OAuth2ContextConfiguration(resource = MyTrustedClient.class, initialize = false) public void testSuccessfulAuthorizationCodeFlow() throws Exception { // Once the request is ready and approved, we can continue with the access token approveAccessTokenGrant("http://anywhere", true); // Finally everything is in place for the grant to happen... assertNotNull(context.getAccessToken()); AccessTokenRequest request = context.getAccessTokenRequest(); assertNotNull(request.getAuthorizationCode()); assertEquals(HttpStatus.OK, http.getStatusCode("/system/beans")); }
From source file:spring.AbstractAuthorizationCodeProviderTests.java
@Test @OAuth2ContextConfiguration(resource = MyClientWithRegisteredRedirect.class, initialize = false) public void testSuccessfulFlowWithRegisteredRedirect() throws Exception { // Once the request is ready and approved, we can continue with the access token approveAccessTokenGrant(null, true); // Finally everything is in place for the grant to happen... assertNotNull(context.getAccessToken()); AccessTokenRequest request = context.getAccessTokenRequest(); assertNotNull(request.getAuthorizationCode()); assertEquals(HttpStatus.OK, http.getStatusCode("/system/beans")); }
From source file:sparklr.common.AbstractAuthorizationCodeProviderTests.java
@Test @OAuth2ContextConfiguration(resource = MyTrustedClient.class, initialize = false) public void testSuccessfulAuthorizationCodeFlow() throws Exception { // Once the request is ready and approved, we can continue with the access token approveAccessTokenGrant("http://anywhere", true); // Finally everything is in place for the grant to happen... assertNotNull(context.getAccessToken()); AccessTokenRequest request = context.getAccessTokenRequest(); assertNotNull(request.getAuthorizationCode()); assertEquals(HttpStatus.OK, http.getStatusCode("/admin/beans")); }
From source file:sparklr.common.AbstractAuthorizationCodeProviderTests.java
@Test @OAuth2ContextConfiguration(resource = MyClientWithRegisteredRedirect.class, initialize = false) public void testSuccessfulFlowWithRegisteredRedirect() throws Exception { // Once the request is ready and approved, we can continue with the access token approveAccessTokenGrant(null, true); // Finally everything is in place for the grant to happen... assertNotNull(context.getAccessToken()); AccessTokenRequest request = context.getAccessTokenRequest(); assertNotNull(request.getAuthorizationCode()); assertEquals(HttpStatus.OK, http.getStatusCode("/admin/beans")); }
From source file:com.zhm.config.MyAuthorizationCodeAccessTokenProvider.java
private MultiValueMap<String, String> getParametersForTokenRequest(AuthorizationCodeResourceDetails resource, AccessTokenRequest request) { MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>(); form.set("grant_type", "authorization_code"); form.set("code", request.getAuthorizationCode()); Object preservedState = request.getPreservedState(); if (request.getStateKey() != null || stateMandatory) { // The token endpoint has no use for the state so we don't send it back, but we are using it // for CSRF detection client side... if (preservedState == null) { throw new InvalidRequestException( "Possible CSRF detected - state parameter was required but no state could be found"); }/*from w ww . j ava2 s .c o m*/ } // Extracting the redirect URI from a saved request should ignore the current URI, so it's not simply a call to // resource.getRedirectUri() String redirectUri = null; // Get the redirect uri from the stored state if (preservedState instanceof String) { // Use the preserved state in preference if it is there // TODO: treat redirect URI as a special kind of state (this is a historical mini hack) redirectUri = String.valueOf(preservedState); } else { redirectUri = resource.getRedirectUri(request); } if (redirectUri != null && !"NONE".equals(redirectUri)) { form.set("redirect_uri", redirectUri); } return form; }
From source file:com.emergya.spring.security.oauth.google.GoogleAuthorizationCodeAccessTokenProvider.java
private MultiValueMap<String, String> getParametersForTokenRequest( final AuthorizationCodeResourceDetails resource, final AccessTokenRequest request) { MultiValueMap<String, String> form = new LinkedMultiValueMap<>(); form.set("grant_type", "authorization_code"); form.set("code", request.getAuthorizationCode()); Object preservedState = request.getPreservedState(); if (request.getStateKey() != null) { // The token endpoint has no use for the state so we don't send it back, but we are using it // for CSRF detection client side... if (preservedState == null) { throw new InvalidRequestException( "Possible CSRF detected - state parameter was present but no state could be found"); }/*from w w w .j a v a 2 s .c om*/ } // Extracting the redirect URI from a saved request should ignore the current URI, so it's not simply a call to // resource.getRedirectUri() String redirectUri; // Get the redirect uri from the stored state if (preservedState instanceof String) { // Use the preserved state in preference if it is there // TODO: treat redirect URI as a special kind of state (this is a historical mini hack) redirectUri = String.valueOf(preservedState); } else { redirectUri = resource.getRedirectUri(request); } if (redirectUri != null && !"NONE".equals(redirectUri)) { form.set("redirect_uri", redirectUri); } return form; }
From source file:com.zhm.config.MyAuthorizationCodeAccessTokenProvider.java
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest request) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException { // request.setPreservedState("http://localhost:9099/home"); AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) details; if (request.getAuthorizationCode() == null) { if (request.getStateKey() == null) { throw getRedirectForAuthorization(resource, request); }/*from w w w . j a va 2 s . co m*/ obtainAuthorizationCode(resource, request); } return retrieveToken(request, resource, getParametersForTokenRequest(resource, request), getHeadersForTokenRequest(request)); }
From source file:com.emergya.spring.security.oauth.google.GoogleAuthorizationCodeAccessTokenProvider.java
@Override public final OAuth2AccessToken obtainAccessToken(final OAuth2ProtectedResourceDetails details, final AccessTokenRequest request) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException { GoogleAuthCodeResourceDetails resource; try {/* w w w.j a v a 2 s.co m*/ resource = (GoogleAuthCodeResourceDetails) details; } catch (ClassCastException ex) { throw new IllegalArgumentException("details is not an instance of class GoogleAuthCodeResourceDetails"); } if (request.getAuthorizationCode() == null) { if (request.getStateKey() == null) { throw getRedirectForAuthorization(resource, request); } obtainAuthorizationCode(resource, request); } return retrieveToken(request, resource, getParametersForTokenRequest(resource, request), getHeadersForTokenRequest()); }
From source file:sparklr.common.AbstractAuthorizationCodeProviderTests.java
protected void approveAccessTokenGrant(String currentUri, boolean approved) { AccessTokenRequest request = context.getAccessTokenRequest(); request.setHeaders(getAuthenticatedHeaders()); AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource(); if (currentUri != null) { request.setCurrentUri(currentUri); }/*from ww w .j av a2 s. c om*/ String location = null; try { // First try to obtain the access token... assertNotNull(context.getAccessToken()); fail("Expected UserRedirectRequiredException"); } catch (UserRedirectRequiredException e) { // Expected and necessary, so that the correct state is set up in the request... location = e.getRedirectUri(); } assertTrue(location.startsWith(resource.getUserAuthorizationUri())); assertNull(request.getAuthorizationCode()); verifyAuthorizationPage(context.getRestTemplate(), location); try { // Now try again and the token provider will redirect for user approval... assertNotNull(context.getAccessToken()); fail("Expected UserRedirectRequiredException"); } catch (UserApprovalRequiredException e) { // Expected and necessary, so that the user can approve the grant... location = e.getApprovalUri(); } assertTrue(location.startsWith(resource.getUserAuthorizationUri())); assertNull(request.getAuthorizationCode()); // The approval (will be processed on the next attempt to obtain an access token)... request.set(OAuth2Utils.USER_OAUTH_APPROVAL, "" + approved); }