@Test public void oauth2LoginWhenSuccessThenAuthenticationSuccessEventPublished() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class); // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest( authorizationRequest, this.request, this.response); // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions assertThat(OAuth2LoginConfig.EVENTS).isNotEmpty(); assertThat(OAuth2LoginConfig.EVENTS).hasSize(1); assertThat(OAuth2LoginConfig.EVENTS.get(0)).isInstanceOf(AuthenticationSuccessEvent.class); }
@Test public void oidcLoginCustomWithNoUniqueJwtDecoderFactory() { assertThatThrownBy(() -> loadConfig(OAuth2LoginConfig.class, NoUniqueJwtDecoderFactoryConfig.class)) .hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class) .hasMessageContaining("No qualifying bean of type " + "'org.springframework.security.oauth2.jwt.JwtDecoderFactory<org.springframework.security.oauth2.client.registration.ClientRegistration>' " + "available: expected single matching bean but found 2: jwtDecoderFactory1,jwtDecoderFactory2"); }
private OAuth2AuthorizationRequest createOAuth2AuthorizationRequest(String... scopes) { return this.createOAuth2AuthorizationRequest(GOOGLE_CLIENT_REGISTRATION, scopes); }
@Test public void oauth2LoginWithCustomLoginPageThenRedirectCustomLoginPage() throws Exception { loadConfig(OAuth2LoginConfigCustomLoginPage.class); String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); assertThat(this.response.getRedirectedUrl()).matches("http://localhost/custom-login"); }
@Test public void oauth2LoginCustomWithConfigurer() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithConfigurer.class); // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest( authorizationRequest, this.request, this.response); // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)) .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(2); assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER"); }
@Test public void oauth2LoginWithOneClientConfiguredThenRedirectForAuthorization() throws Exception { loadConfig(OAuth2LoginConfig.class); String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); assertThat(this.response.getRedirectedUrl()).matches("http://localhost/oauth2/authorization/google"); }
@Test public void oauth2LoginCustomWithBeanRegistration() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithBeanRegistration.class); // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest( authorizationRequest, this.request, this.response); // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)) .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(2); assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OAUTH2_USER"); }
@Test public void oauth2LoginWithMultipleClientsConfiguredThenRedirectDefaultLoginPage() throws Exception { loadConfig(OAuth2LoginConfigMultipleClients.class); String requestUri = "/"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login"); }
@Test public void oidcLoginCustomWithConfigurer() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithConfigurer.class, JwtDecoderFactoryConfig.class); // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest( authorizationRequest, this.request, this.response); // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)) .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(2); assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OIDC_USER"); }
@Test public void oauth2LoginWhenAuthenticatedThenIgnored() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class); // authenticate TestingAuthenticationToken expectedAuthentication = new TestingAuthenticationToken("a", "b", "ROLE_TEST"); this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, new SecurityContextImpl(expectedAuthentication)); // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", "state"); // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)) .getAuthentication(); assertThat(authentication).isEqualTo(expectedAuthentication); }
@Test public void oidcLoginCustomWithBeanRegistration() throws Exception { // setup application context loadConfig(OAuth2LoginConfigCustomWithBeanRegistration.class, JwtDecoderFactoryConfig.class); // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest( authorizationRequest, this.request, this.response); // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)) .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(2); assertThat(authentication.getAuthorities()).first().hasToString("ROLE_USER"); assertThat(authentication.getAuthorities()).last().hasToString("ROLE_OIDC_USER"); }
@Test public void oauth2LoginWithCustomAuthorizationRequestParameters() throws Exception { loadConfig(OAuth2LoginConfigCustomAuthorizationRequestResolver.class); OAuth2AuthorizationRequestResolver resolver = this.context.getBean( OAuth2LoginConfigCustomAuthorizationRequestResolver.class).resolver; OAuth2AuthorizationRequest result = OAuth2AuthorizationRequest.authorizationCode() .authorizationUri("https://accounts.google.com/authorize") .clientId("client-id") .state("adsfa") .authorizationRequestUri("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1") .build(); when(resolver.resolve(any())).thenReturn(result); String requestUri = "/oauth2/authorization/google"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); assertThat(this.response.getRedirectedUrl()).isEqualTo("https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=clientId&scope=openid+profile+email&state=state&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Foauth2%2Fcode%2Fgoogle&custom-param1=custom-value1"); }
@Test public void oauth2Login() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class); // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.authorizationRequestRepository.saveAuthorizationRequest( authorizationRequest, this.request, this.response); // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)) .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); assertThat(authentication.getAuthorities()).first() .isInstanceOf(OAuth2UserAuthority.class).hasToString("ROLE_USER"); }
@Test public void oauth2LoginWithOneClientConfiguredAndRequestFaviconNotAuthenticatedThenRedirectDefaultLoginPage() throws Exception { loadConfig(OAuth2LoginConfig.class); String requestUri = "/favicon.ico"; this.request = new MockHttpServletRequest("GET", requestUri); this.request.setServletPath(requestUri); this.request.addHeader(HttpHeaders.ACCEPT, new MediaType("image", "*").toString()); this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login"); }
@Test public void oidcLogin() throws Exception { // setup application context loadConfig(OAuth2LoginConfig.class, JwtDecoderFactoryConfig.class); // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest("openid"); this.authorizationRequestRepository.saveAuthorizationRequest( authorizationRequest, this.request, this.response); // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)) .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); assertThat(authentication.getAuthorities()).first() .isInstanceOf(OidcUserAuthority.class).hasToString("ROLE_USER"); }
@Test public void oauth2LoginConfigLoginProcessingUrl() throws Exception { // setup application context loadConfig(OAuth2LoginConfigLoginProcessingUrl.class); // setup authorization request OAuth2AuthorizationRequest authorizationRequest = createOAuth2AuthorizationRequest(); this.request.setServletPath("/login/oauth2/google"); this.authorizationRequestRepository.saveAuthorizationRequest( authorizationRequest, this.request, this.response); // setup authentication parameters this.request.setParameter("code", "code123"); this.request.setParameter("state", authorizationRequest.getState()); // perform test this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain); // assertions Authentication authentication = this.securityContextRepository .loadContext(new HttpRequestResponseHolder(this.request, this.response)) .getAuthentication(); assertThat(authentication.getAuthorities()).hasSize(1); assertThat(authentication.getAuthorities()).first() .isInstanceOf(OAuth2UserAuthority.class).hasToString("ROLE_USER"); }