List of usage examples for org.springframework.security.oauth2.provider AuthorizationRequest setResourceIds
public void setResourceIds(Set<String> resourceIds)
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
@Test public void testClientSecret_Added_Token_Validation_Still_Works() { defaultClient.setClientSecret(SECRET); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, PASSWORD); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);/*from w ww .jav a2s. c o m*/ OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); //normal token validation tokenServices.loadAuthentication(accessToken.getValue()); //add a 2nd secret defaultClient.setClientSecret(defaultClient.getClientSecret() + " newsecret"); tokenServices.loadAuthentication(accessToken.getValue()); //generate a token when we have two secrets OAuth2AccessToken accessToken2 = tokenServices.createAccessToken(authentication); //remove the 1st secret defaultClient.setClientSecret("newsecret"); try { tokenServices.loadAuthentication(accessToken.getValue()); fail("Token should fail to validate on the revocation signature"); } catch (InvalidTokenException e) { assertTrue(e.getMessage().contains("revocable signature mismatch")); } tokenServices.loadAuthentication(accessToken2.getValue()); OAuth2AccessToken accessToken3 = tokenServices.createAccessToken(authentication); tokenServices.loadAuthentication(accessToken3.getValue()); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
protected TokenRequest getRefreshTokenRequest(Map<String, String> requestParameters) { AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); refreshAuthorizationRequest.setResourceIds(new HashSet<>(resourceIds)); refreshAuthorizationRequest.setRequestParameters(requestParameters); Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters()); refreshAzParameters.put(GRANT_TYPE, REFRESH_TOKEN); refreshAuthorizationRequest.setRequestParameters(refreshAzParameters); return requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token"); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
@Test public void createAccessToken_usingRefreshGrant_inOtherZone() throws Exception { String subdomain = "test-zone-subdomain"; IdentityZone identityZone = getIdentityZone(subdomain); identityZone.setConfig(JsonUtils.readValue( "{\"tokenPolicy\":{\"accessTokenValidity\":3600,\"refreshTokenValidity\":9600}}", IdentityZoneConfiguration.class)); IdentityZoneHolder.set(identityZone); OAuth2AccessToken accessToken = getOAuth2AccessToken(); AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); refreshAuthorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters()); refreshAzParameters.put(GRANT_TYPE, REFRESH_TOKEN); refreshAuthorizationRequest.setRequestParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken( accessToken.getRefreshToken().getValue(), requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token")); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); this.assertCommonUserAccessTokenProperties(refreshedAccessToken); assertThat(refreshedAccessToken,/*from w w w. j a v a 2s.co m*/ issuerUri(is("http://test-zone-subdomain.localhost:8080/uaa/oauth/token"))); assertThat(refreshedAccessToken, scope(is(requestedAuthScopes))); assertThat(refreshedAccessToken, validFor(is(3600))); validateExternalAttributes(accessToken); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
private OAuth2AccessToken getOAuth2AccessToken() { expiresAt.add(Calendar.MILLISECOND, 300000); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval().setUserId(userId).setClientId(CLIENT_ID).setScope(readScope.get(0)) .setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(updatedAt.getTime())); approvalStore.addApproval(new Approval().setUserId(userId).setClientId(CLIENT_ID) .setScope(writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(updatedAt.getTime())); approvalStore.addApproval(new Approval().setUserId(userId).setClientId(CLIENT_ID).setScope(OPENID) .setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(updatedAt.getTime())); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);/*from ww w . j av a2 s. c o m*/ return tokenServices.createAccessToken(authentication); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantAllScopesAutoApproved() throws InterruptedException { BaseClientDetails clientDetails = cloneClient(defaultClient); clientDetails.setAutoApproveScopes(singleton("true")); clientDetailsService.setClientDetailsStore(Collections.singletonMap(CLIENT_ID, clientDetails)); // NO APPROVALS REQUIRED AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);// w w w . j a v a 2 s . c om OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); this.assertCommonUserAccessTokenProperties(accessToken); assertThat(accessToken, issuerUri(is(ISSUER_URI))); assertThat(accessToken, scope(is(requestedAuthScopes))); assertThat(accessToken, validFor(is(60 * 60 * 12))); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); this.assertCommonUserRefreshTokenProperties(refreshToken); assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is(ISSUER_URI))); assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(60 * 60 * 24 * 30))); this.assertCommonEventProperties(accessToken, userId, buildJsonString(requestedAuthScopes)); AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); refreshAuthorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters()); refreshAzParameters.put(GRANT_TYPE, REFRESH_TOKEN); refreshAuthorizationRequest.setRequestParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken( accessToken.getRefreshToken().getValue(), requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token")); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); this.assertCommonUserAccessTokenProperties(refreshedAccessToken); assertThat(refreshedAccessToken, issuerUri(is(ISSUER_URI))); assertThat(refreshedAccessToken, scope(is(requestedAuthScopes))); assertThat(refreshedAccessToken, validFor(is(60 * 60 * 12))); assertThat(accessToken.getRefreshToken(), is(not(nullValue()))); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantSomeScopesAutoApprovedDowngradedRequest() throws InterruptedException { BaseClientDetails clientDetails = cloneClient(defaultClient); clientDetails.setAutoApproveScopes(singleton("true")); clientDetailsService.setClientDetailsStore(Collections.singletonMap(CLIENT_ID, clientDetails)); // NO APPROVALS REQUIRED AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);//w w w.j a va 2 s .c om OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); this.assertCommonUserAccessTokenProperties(accessToken); assertThat(accessToken, issuerUri(is(ISSUER_URI))); assertThat(accessToken, scope(is(requestedAuthScopes))); assertThat(accessToken, validFor(is(60 * 60 * 12))); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); this.assertCommonUserRefreshTokenProperties(refreshToken); assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is(ISSUER_URI))); assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(60 * 60 * 24 * 30))); this.assertCommonEventProperties(accessToken, userId, buildJsonString(requestedAuthScopes)); AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, readScope); refreshAuthorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters()); refreshAzParameters.put(GRANT_TYPE, REFRESH_TOKEN); refreshAuthorizationRequest.setRequestParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken( accessToken.getRefreshToken().getValue(), requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token")); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); this.assertCommonUserAccessTokenProperties(refreshedAccessToken); assertThat(refreshedAccessToken, issuerUri(is(ISSUER_URI))); assertThat(refreshedAccessToken, validFor(is(60 * 60 * 12))); assertThat(accessToken.getRefreshToken(), is(not(nullValue()))); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantSomeScopesAutoApproved() throws InterruptedException { BaseClientDetails clientDetails = cloneClient(defaultClient); clientDetails.setAutoApproveScopes(readScope); clientDetailsService.setClientDetailsStore(Collections.singletonMap(CLIENT_ID, clientDetails)); Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval().setUserId(userId).setClientId(CLIENT_ID) .setScope(writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(updatedAt.getTime())); approvalStore.addApproval(new Approval().setUserId(userId).setClientId(CLIENT_ID).setScope(OPENID) .setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(updatedAt.getTime())); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);//from w w w .j av a2 s . com OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); this.assertCommonUserAccessTokenProperties(accessToken); assertThat(accessToken, issuerUri(is(ISSUER_URI))); assertThat(accessToken, scope(is(requestedAuthScopes))); assertThat(accessToken, validFor(is(60 * 60 * 12))); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); this.assertCommonUserRefreshTokenProperties(refreshToken); assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is(ISSUER_URI))); assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(60 * 60 * 24 * 30))); this.assertCommonEventProperties(accessToken, userId, buildJsonString(requestedAuthScopes)); AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); refreshAuthorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters()); refreshAzParameters.put(GRANT_TYPE, REFRESH_TOKEN); refreshAuthorizationRequest.setRequestParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken( accessToken.getRefreshToken().getValue(), requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token")); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); this.assertCommonUserAccessTokenProperties(refreshedAccessToken); assertThat(refreshedAccessToken, issuerUri(is(ISSUER_URI))); assertThat(refreshedAccessToken, validFor(is(60 * 60 * 12))); assertThat(accessToken.getRefreshToken(), is(not(nullValue()))); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
@Test(expected = InvalidTokenException.class) public void testCreateAccessTokenRefreshGrantNoScopesAutoApprovedIncompleteApprovals() throws InterruptedException { BaseClientDetails clientDetails = cloneClient(defaultClient); clientDetails.setAutoApproveScopes(Arrays.asList()); clientDetailsService.setClientDetailsStore(Collections.singletonMap(CLIENT_ID, clientDetails)); Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval().setUserId(userId).setClientId(CLIENT_ID) .setScope(writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(updatedAt.getTime())); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);//w w w . j ava2s . c om OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); this.assertCommonUserAccessTokenProperties(accessToken); assertThat(accessToken, issuerUri(is(ISSUER_URI))); assertThat(accessToken, scope(is(requestedAuthScopes))); assertThat(accessToken, validFor(is(60 * 60 * 12))); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); this.assertCommonUserRefreshTokenProperties(refreshToken); assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is(ISSUER_URI))); assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(60 * 60 * 24 * 30))); this.assertCommonEventProperties(accessToken, userId, buildJsonString(requestedAuthScopes)); AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); refreshAuthorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters()); refreshAzParameters.put(GRANT_TYPE, REFRESH_TOKEN); refreshAuthorizationRequest.setRequestParameters(refreshAzParameters); tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token")); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantAllScopesAutoApprovedButApprovalDenied() throws InterruptedException { BaseClientDetails clientDetails = cloneClient(defaultClient); clientDetails.setAutoApproveScopes(requestedAuthScopes); clientDetailsService.setClientDetailsStore(Collections.singletonMap(CLIENT_ID, clientDetails)); Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval().setUserId(userId).setClientId(CLIENT_ID).setScope(readScope.get(0)) .setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(updatedAt.getTime())); approvalStore.addApproval(new Approval().setUserId(userId).setClientId(CLIENT_ID) .setScope(writeScope.get(0)).setExpiresAt(expiresAt.getTime()).setStatus(ApprovalStatus.DENIED) .setLastUpdatedAt(updatedAt.getTime())); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);// w w w . j a va 2s .c o m OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); this.assertCommonUserAccessTokenProperties(accessToken); assertThat(accessToken, issuerUri(is(ISSUER_URI))); assertThat(accessToken, scope(is(requestedAuthScopes))); assertThat(accessToken, validFor(is(60 * 60 * 12))); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); this.assertCommonUserRefreshTokenProperties(refreshToken); assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is(ISSUER_URI))); assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(60 * 60 * 24 * 30))); this.assertCommonEventProperties(accessToken, userId, buildJsonString(requestedAuthScopes)); AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); refreshAuthorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters()); refreshAzParameters.put(GRANT_TYPE, REFRESH_TOKEN); refreshAuthorizationRequest.setRequestParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken( accessToken.getRefreshToken().getValue(), requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token")); assertNotNull(refreshedAccessToken); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenImplicitGrant() { AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, IMPLICIT); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);//from www .j a va 2s. co m OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); this.assertCommonUserAccessTokenProperties(accessToken); assertThat(accessToken, issuerUri(is(ISSUER_URI))); assertThat(accessToken, validFor(is(60 * 60 * 12))); assertThat(accessToken.getRefreshToken(), is(nullValue())); this.assertCommonEventProperties(accessToken, userId, buildJsonString(requestedAuthScopes)); }