List of usage examples for org.springframework.security.oauth2.common OAuth2AccessToken getRefreshToken
OAuth2RefreshToken getRefreshToken();
From source file:org.apigw.authserver.svc.impl.TokenServicesImplTest.java
@Test(expected = InvalidScopeException.class) @DirtiesContext/*w w w . ja v a 2 s . co m*/ public void testRefreshedTokenWithAnotherScope() throws Exception { services.setSupportRefreshToken(true); OAuth2Authentication expectedAuthentication = new OAuth2Authentication( createAuthorizationRequest(CLIENT, new HashSet<String>(Arrays.asList(READ_SCOPE))), new TestAuthentication(false)); OAuth2AccessToken accessToken = services.createAccessToken(expectedAuthentication); assertEquals("[" + READ_SCOPE + "]", accessToken.getScope().toString()); AuthorizationRequest request = createAuthorizationRequest(CLIENT, Collections.singleton(WRITE_SCOPE)); services.refreshAccessToken(accessToken.getRefreshToken().getValue(), request); }
From source file:org.apigw.authserver.svc.impl.TokenServicesImplTest.java
@Test @DirtiesContext/*from www. java2s. co m*/ public void testBuildAccessTokenFromAuthorizationGrantWithNoRefreshToken() { AuthorizationGrant authorizationGrant = buildAuthorizationGrant(); TokenServicesImpl tokenServices = new TokenServicesImpl(); tokenServices.setSupportRefreshToken(false); OAuth2AccessToken accessToken = tokenServices.buildAccessTokenFromAuthorizationGrant(authorizationGrant, true); Assert.assertNotNull(accessToken); SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmm"); Assert.assertEquals("201205021630", sdf.format(accessToken.getExpiration())); Assert.assertNull(accessToken.getRefreshToken()); }
From source file:org.apigw.authserver.svc.impl.TokenServicesImplTest.java
@Test @DirtiesContext//from w ww . j a v a 2 s.c o m public void testBuildAccessTokenFromAuthorizationGrant() { AuthorizationGrant authorizationGrant = buildAuthorizationGrant(); TokenServicesImpl tokenServices = new TokenServicesImpl(); tokenServices.setSupportRefreshToken(true); OAuth2AccessToken accessToken = tokenServices.buildAccessTokenFromAuthorizationGrant(authorizationGrant, true); Assert.assertNotNull(accessToken); SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmm"); Assert.assertEquals("201205021630", sdf.format(accessToken.getExpiration())); Assert.assertEquals("XYZ", accessToken.getRefreshToken().getValue()); Set<String> scope = accessToken.getScope(); Assert.assertEquals(2, scope.size()); Set<String> expectedScopes = new HashSet<String>(Arrays.asList(READ_SCOPE, WRITE_SCOPE)); for (String actualScope : scope) { Assert.assertTrue(expectedScopes.remove(actualScope)); } Assert.assertEquals(OAuth2AccessToken.BEARER_TYPE, accessToken.getTokenType()); Assert.assertEquals("ABC", accessToken.getValue()); }
From source file:org.apigw.authserver.svc.impl.TokenServicesImplTest.java
@Test @DirtiesContext//from www .j ava 2 s. c om public void testRefreshedTokenWithNarrowedScope() throws Exception { services.setSupportRefreshToken(true); OAuth2Authentication expectedAuthentication = new OAuth2Authentication( createAuthorizationRequest(CLIENT, new HashSet<String>(Arrays.asList(READ_SCOPE, WRITE_SCOPE))), new TestAuthentication(false)); OAuth2AccessToken accessToken = services.createAccessToken(expectedAuthentication); assertEquals("[" + READ_SCOPE + ", " + WRITE_SCOPE + "]", accessToken.getScope().toString()); AuthorizationRequest request = createAuthorizationRequest(CLIENT, Collections.singleton(READ_SCOPE)); OAuth2AccessToken refreshedAccessToken = services .refreshAccessToken(accessToken.getRefreshToken().getValue(), request); assertEquals("[" + READ_SCOPE + "]", refreshedAccessToken.getScope().toString()); }
From source file:org.apigw.authserver.svc.impl.TokenServicesImplTest.java
@Test(expected = InvalidScopeException.class) @DirtiesContext//from ww w.j av a 2 s. co m public void testRefreshedTokenOnExistingClientAndScope() throws Exception { services.setSupportRefreshToken(true); OAuth2Authentication firstAuthentication = new OAuth2Authentication( createAuthorizationRequest(CLIENT, new HashSet<String>(Arrays.asList(READ_SCOPE))), new TestAuthentication(false)); OAuth2AccessToken firstAccessToken = services.createAccessToken(firstAuthentication); assertEquals("[" + READ_SCOPE + "]", firstAccessToken.getScope().toString()); OAuth2Authentication secondAuthentication = new OAuth2Authentication( createAuthorizationRequest(CLIENT, new HashSet<String>(Arrays.asList(READ_SCOPE, WRITE_SCOPE))), new TestAuthentication(false)); OAuth2AccessToken secondAccessToken = services.createAccessToken(secondAuthentication); assertEquals("[" + READ_SCOPE + ", " + WRITE_SCOPE + "]", secondAccessToken.getScope().toString()); assertEquals(2, authorizationGrantRepository.count()); for (AuthorizationGrant auth : authorizationGrantRepository.findAll()) { System.out.println(auth.getAuthenticationKey()); } AuthorizationRequest request = createAuthorizationRequest(CLIENT, Collections.singleton(READ_SCOPE)); services.refreshAccessToken(secondAccessToken.getRefreshToken().getValue(), request); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test(expected = InvalidScopeException.class) public void testCreateAccessTokenAuthcodeGrantExpandedScopes() { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); approvalStore.addApproval(//w w w. j a va2 s.c o m new Approval("jdsa", "client", "read", expiresAt.getTime(), ApprovalStatus.APPROVED, new Date())); approvalStore.addApproval( new Approval("jdsa", "client", "write", expiresAt.getTime(), ApprovalStatus.APPROVED, new Date())); // First Request DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Jwt tokenJwt = JwtHelper.decodeAndVerify(accessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertNotNull(accessToken.getRefreshToken()); Jwt refreshTokenJwt = JwtHelper.decodeAndVerify(accessToken.getRefreshToken().getValue(), signerProvider.getVerifier()); assertNotNull(refreshTokenJwt); Map<String, Object> refreshTokenClaims = null; try { refreshTokenClaims = mapper.readValue(refreshTokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(refreshTokenClaims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(refreshTokenClaims.get("aud"), Arrays.asList(new String[] { "read", "write" })); // Second request with expanded scopes DefaultAuthorizationRequest expandedScopeAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write", "delete" })); expandedScopeAuthorizationRequest .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( expandedScopeAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); expandedScopeAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2Authentication expandedScopeAuthentication = new OAuth2Authentication( expandedScopeAuthorizationRequest, userAuthentication); tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), expandedScopeAuthentication.getAuthorizationRequest()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenAuthcodeGrantNarrowerScopes() { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval("jdsa", "client", "read", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); approvalStore.addApproval(new Approval("jdsa", "client", "write", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); // First Request DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Jwt tokenJwt = JwtHelper.decodeAndVerify(accessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt);/*from w w w. j av a 2s.c om*/ Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertNotNull(accessToken.getRefreshToken()); Jwt refreshTokenJwt = JwtHelper.decodeAndVerify(accessToken.getRefreshToken().getValue(), signerProvider.getVerifier()); assertNotNull(refreshTokenJwt); Map<String, Object> refreshTokenClaims = null; try { refreshTokenClaims = mapper.readValue(refreshTokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(refreshTokenClaims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(refreshTokenClaims.get("aud"), Arrays.asList(new String[] { "read", "write" })); // Second request with reduced scopes DefaultAuthorizationRequest reducedScopeAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read" })); reducedScopeAuthorizationRequest .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( reducedScopeAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); reducedScopeAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2Authentication reducedScopeAuthentication = new OAuth2Authentication(reducedScopeAuthorizationRequest, userAuthentication); OAuth2AccessToken reducedScopeAccessToken = tokenServices.refreshAccessToken( accessToken.getRefreshToken().getValue(), reducedScopeAuthentication.getAuthorizationRequest()); // AT should have the new scopes, RT should be the same Jwt newTokenJwt = JwtHelper.decodeAndVerify(reducedScopeAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> reducedClaims = null; try { reducedClaims = mapper.readValue(newTokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(reducedClaims.get("scope"), Arrays.asList(new String[] { "read" })); assertEquals(reducedScopeAccessToken.getRefreshToken(), accessToken.getRefreshToken()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test(expected = InvalidTokenException.class) public void testRefreshTokenAfterApprovalsMissing2() { DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); refreshAuthorizationRequest// ww w. ja v a2 s.c om .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test(expected = InvalidTokenException.class) public void testRefreshTokenAfterApprovalsMissing() { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, -3000); approvalStore.addApproval(//from w w w.j a va2 s . c om new Approval("jdsa", "client", "read", expiresAt.getTime(), ApprovalStatus.DENIED, new Date())); DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); refreshAuthorizationRequest .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test(expected = InvalidTokenException.class) public void testRefreshTokenAfterApprovalsExpired() { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, -3000); approvalStore.addApproval(// ww w . jav a2 s . c o m new Approval("jdsa", "client", "read", expiresAt.getTime(), ApprovalStatus.APPROVED, new Date())); approvalStore.addApproval( new Approval("jdsa", "client", "write", expiresAt.getTime(), ApprovalStatus.APPROVED, new Date())); DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); refreshAuthorizationRequest .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); }