List of usage examples for org.springframework.security.oauth2.common OAuth2AccessToken getValue
String getValue();
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testLoadAuthenticationForAClient() { DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "client_credentials"); authorizationRequest.setAuthorizationParameters(azParameters); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); OAuth2Authentication loadedAuthentication = tokenServices.loadAuthentication(accessToken.getValue()); assertEquals(AuthorityUtils.commaSeparatedStringToAuthorityList("update"), loadedAuthentication.getAuthorities()); assertEquals("client", loadedAuthentication.getName()); assertEquals("client", loadedAuthentication.getPrincipal()); assertNull(loadedAuthentication.getDetails()); assertNull(loadedAuthentication.getUserAuthentication()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test(expected = InvalidScopeException.class) public void testCreateAccessTokenAuthcodeGrantExpandedScopes() { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); approvalStore.addApproval(/* w ww . ja v a 2 s . com*/ new Approval("jdsa", "client", "read", expiresAt.getTime(), ApprovalStatus.APPROVED, new Date())); approvalStore.addApproval( new Approval("jdsa", "client", "write", expiresAt.getTime(), ApprovalStatus.APPROVED, new Date())); // First Request DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Jwt tokenJwt = JwtHelper.decodeAndVerify(accessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertNotNull(accessToken.getRefreshToken()); Jwt refreshTokenJwt = JwtHelper.decodeAndVerify(accessToken.getRefreshToken().getValue(), signerProvider.getVerifier()); assertNotNull(refreshTokenJwt); Map<String, Object> refreshTokenClaims = null; try { refreshTokenClaims = mapper.readValue(refreshTokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(refreshTokenClaims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(refreshTokenClaims.get("aud"), Arrays.asList(new String[] { "read", "write" })); // Second request with expanded scopes DefaultAuthorizationRequest expandedScopeAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write", "delete" })); expandedScopeAuthorizationRequest .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( expandedScopeAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); expandedScopeAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2Authentication expandedScopeAuthentication = new OAuth2Authentication( expandedScopeAuthorizationRequest, userAuthentication); tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), expandedScopeAuthentication.getAuthorizationRequest()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testLoadAuthenticationForAUser() { DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); OAuth2Authentication loadedAuthentication = tokenServices.loadAuthentication(accessToken.getValue()); assertEquals(UaaAuthority.USER_AUTHORITIES, loadedAuthentication.getAuthorities()); assertEquals("jdsa", loadedAuthentication.getName()); UaaPrincipal uaaPrincipal = new UaaPrincipal(new UaaUser("12345", "jdsa", "password", "jdsa@vmware.com", UaaAuthority.USER_AUTHORITIES, null, null, null, null)); assertEquals(uaaPrincipal, loadedAuthentication.getPrincipal()); assertNull(loadedAuthentication.getDetails()); Authentication userAuth = loadedAuthentication.getUserAuthentication(); assertEquals("jdsa", userAuth.getName()); assertEquals(uaaPrincipal, userAuth.getPrincipal()); assertTrue(userAuth.isAuthenticated()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenAuthcodeGrantNarrowerScopes() { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval("jdsa", "client", "read", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); approvalStore.addApproval(new Approval("jdsa", "client", "write", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); // First Request DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Jwt tokenJwt = JwtHelper.decodeAndVerify(accessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt);//from w w w . j a v a 2 s . c om Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertNotNull(accessToken.getRefreshToken()); Jwt refreshTokenJwt = JwtHelper.decodeAndVerify(accessToken.getRefreshToken().getValue(), signerProvider.getVerifier()); assertNotNull(refreshTokenJwt); Map<String, Object> refreshTokenClaims = null; try { refreshTokenClaims = mapper.readValue(refreshTokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(refreshTokenClaims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(refreshTokenClaims.get("aud"), Arrays.asList(new String[] { "read", "write" })); // Second request with reduced scopes DefaultAuthorizationRequest reducedScopeAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read" })); reducedScopeAuthorizationRequest .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( reducedScopeAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); reducedScopeAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2Authentication reducedScopeAuthentication = new OAuth2Authentication(reducedScopeAuthorizationRequest, userAuthentication); OAuth2AccessToken reducedScopeAccessToken = tokenServices.refreshAccessToken( accessToken.getRefreshToken().getValue(), reducedScopeAuthentication.getAuthorizationRequest()); // AT should have the new scopes, RT should be the same Jwt newTokenJwt = JwtHelper.decodeAndVerify(reducedScopeAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> reducedClaims = null; try { reducedClaims = mapper.readValue(newTokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(reducedClaims.get("scope"), Arrays.asList(new String[] { "read" })); assertEquals(reducedScopeAccessToken.getRefreshToken(), accessToken.getRefreshToken()); }
From source file:com.cedac.security.oauth2.provider.token.store.MongoTokenStore.java
public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) { OAuth2AccessToken accessToken = null; String key = authenticationKeyGenerator.extractKey(authentication); try {// w ww .j av a 2 s .co m DBObject query = new BasicDBObject(authenticationIdFieldName, key); DBObject projection = new BasicDBObject(tokenFieldName, 1); DBObject token = getAccessTokenCollection().findOne(query, projection); if (token != null) { accessToken = deserializeAccessToken((byte[]) token.get(tokenFieldName)); } else { LOG.debug("Failed to find access token for authentication {}", authentication); } } catch (IllegalArgumentException e) { LOG.error("Could not extract access token for authentication " + authentication, e); } if (accessToken != null && !key.equals(authenticationKeyGenerator.extractKey(readAuthentication(accessToken.getValue())))) { removeAccessToken(accessToken.getValue()); // Keep the store consistent (maybe the same user is represented by this authentication but the details have // changed) storeAccessToken(accessToken, authentication); } return accessToken; }
From source file:com.nagarro.core.oauth2.token.provider.HybrisOAuthTokenStore.java
@Override public OAuth2AccessToken getAccessToken(final OAuth2Authentication authentication) { OAuth2AccessToken accessToken = null; OAuthAccessTokenModel accessTokenModel = null; final String authenticationId = authenticationKeyGenerator.extractKey(authentication); try {/*w w w.jav a2s . c om*/ accessTokenModel = oauthTokenService.getAccessTokenForAuthentication(authenticationId); accessToken = deserializeAccessToken((byte[]) accessTokenModel.getToken()); } catch (final ClassCastException e) { LOG.warn("Could not extract access token for authentication " + authentication); oauthTokenService.removeAccessTokenForAuthentication(authenticationId); } catch (final UnknownIdentifierException e) { if (LOG.isInfoEnabled()) { LOG.debug("Failed to find access token for authentication " + authentication); } } if (accessToken != null && accessTokenModel != null && !StringUtils.equals(authenticationId, authenticationKeyGenerator .extractKey(deserializeAuthentication((byte[]) accessTokenModel.getAuthentication())))) { removeAccessToken(accessToken.getValue()); // Keep the store consistent (maybe the same user is represented by this authentication but the details have // changed) storeAccessToken(accessToken, authentication); } return accessToken; }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantAllScopesAutoApproved() throws InterruptedException { BaseClientDetails clientDetails = new BaseClientDetails("client", "scim. clients", "read,write", "authorization_code, password, implicit, client_credentials", "update"); clientDetails.addAdditionalInformation("autoapprove", "true"); clientDetailsService.setClientDetailsStore(Collections.singletonMap("client", clientDetails)); //NO APPROVALS REQUIRED DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); refreshAuthorizationRequest/* ww w . ja v a2 s . c o m*/ .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices .refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); Jwt tokenJwt = JwtHelper.decodeAndVerify(refreshedAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertEquals(claims.get("user_id"), "12345"); assertEquals(claims.get("sub"), "12345"); assertEquals(claims.get("user_name"), "jdsa"); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); assertNotNull(accessToken.getRefreshToken()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantSomeScopesAutoApprovedDowngradedRequest() throws InterruptedException { BaseClientDetails clientDetails = new BaseClientDetails("client", "scim. clients", "read, write", "authorization_code, password, implicit, client_credentials", "update"); clientDetails.addAdditionalInformation("autoapprove", "true"); clientDetailsService.setClientDetailsStore(Collections.singletonMap("client", clientDetails)); //NO APPROVALS REQUIRED DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read" })); refreshAuthorizationRequest/*from w w w. ja v a2 s.co m*/ .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices .refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); Jwt tokenJwt = JwtHelper.decodeAndVerify(refreshedAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertEquals(claims.get("user_id"), "12345"); assertEquals(claims.get("sub"), "12345"); assertEquals(claims.get("user_name"), "jdsa"); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); assertNotNull(accessToken.getRefreshToken()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrant() throws InterruptedException { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval("jdsa", "client", "read", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); approvalStore.addApproval(new Approval("jdsa", "client", "write", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); refreshAuthorizationRequest/* ww w . j a v a 2 s . co m*/ .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices .refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); Jwt tokenJwt = JwtHelper.decodeAndVerify(refreshedAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertEquals(claims.get("user_id"), "12345"); assertEquals(claims.get("sub"), "12345"); assertEquals(claims.get("user_name"), "jdsa"); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); assertNotNull(accessToken.getRefreshToken()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantSomeScopesAutoApproved() throws InterruptedException { BaseClientDetails clientDetails = new BaseClientDetails("client", "scim. clients", "read, write", "authorization_code, password, implicit, client_credentials", "update"); clientDetails.addAdditionalInformation("autoapprove", Arrays.asList(new String[] { "read" })); clientDetailsService.setClientDetailsStore(Collections.singletonMap("client", clientDetails)); Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval("jdsa", "client", "write", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); refreshAuthorizationRequest/*from ww w .j a v a2s.c o m*/ .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices .refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); Jwt tokenJwt = JwtHelper.decodeAndVerify(refreshedAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertEquals(claims.get("user_id"), "12345"); assertEquals(claims.get("sub"), "12345"); assertEquals(claims.get("user_name"), "jdsa"); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); assertNotNull(accessToken.getRefreshToken()); }