public OAuth2Request createOAuth2Request(AuthorizationRequest request) { return request.createOAuth2Request(); }
private Authentication authenticateAsUserAndReturnOldAuth(String userId) { Authentication authentication = new OAuth2Authentication(new AuthorizationRequest("client", Arrays.asList("read")).createOAuth2Request(), UaaAuthenticationTestFactory.getAuthentication(userId, "joe", "joe@test.org")); Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication(); SecurityContextHolder.getContext().setAuthentication(authentication); return currentAuth; }
private OAuth2Authentication constructUserAuthenticationFromAuthzRequest(AuthorizationRequest authzRequest, String userId, String userOrigin, GrantedAuthority... authorities ) { UaaUser uaaUser = jdbcUaaUserDatabase.retrieveUserByName(userId, userOrigin); UaaPrincipal principal = new UaaPrincipal(uaaUser); UaaAuthentication userAuthentication = new UaaAuthentication( principal, null, Arrays.asList(authorities), null, true, System.currentTimeMillis() ); return new OAuth2Authentication(authzRequest.createOAuth2Request(), userAuthentication); }
@Test public void adminClientIsAdmin() throws Exception { AuthorizationRequest authorizationRequest = new AuthorizationRequest("admin", null); authorizationRequest.setScope(UaaAuthority.ADMIN_AUTHORITIES.stream().map(UaaAuthority::getAuthority).collect(Collectors.toList())); SecurityContextHolder.getContext().setAuthentication(new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null)); assertTrue(new DefaultSecurityContextAccessor().isAdmin()); }
private OAuth2AccessToken performPasswordGrant(String tokenFormat) { AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, GRANT_TYPE_PASSWORD); azParameters.put(REQUEST_TOKEN_FORMAT, tokenFormat); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = tokenSupport.defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); return tokenServices.createAccessToken(authentication); }
@Before public void init() { subject.setApplicationEventPublisher(publisher); Authentication authentication = new OAuth2Authentication(new AuthorizationRequest("client", Arrays.asList("read")).createOAuth2Request(), UaaAuthenticationTestFactory.getAuthentication("ID", "joe", "joe@test.org")); SecurityContextHolder.getContext().setAuthentication(authentication); }
@Before public void init() { subject.setApplicationEventPublisher(publisher); authentication = new OAuth2Authentication( new AuthorizationRequest( "client", Arrays.asList("read")).createOAuth2Request(), UaaPasswordTestFactory.getAuthentication("ID", "joe", "joe@test.org") ); SecurityContextHolder.getContext().setAuthentication(authentication); }
@Test public void isOpaqueTokenRequired() { AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, TokenConstants.GRANT_TYPE_USER_TOKEN); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = tokenSupport.defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); assertTrue(tokenServices.isOpaqueTokenRequired(authentication)); }
@Test public void testValidateScopeSinglePresent() throws Exception { authentication = new OAuth2Authentication(new AuthorizationRequest("client", Collections.singleton("scim.read")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue(), Collections.singletonList("scim.read"), request); }
@Test public void testValidateScopesMultiplePresent() throws Exception { authentication = new OAuth2Authentication(new AuthorizationRequest("client", Arrays.asList("scim.read", "scim.write")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue(), Arrays.asList("scim.write", "scim.read"), request); }
@Test public void testCreateAccessTokenOnlyForClientWithoutRefreshToken() { AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID_NO_REFRESH_TOKEN_GRANT, tokenSupport.requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = tokenSupport.defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); validateAccessTokenOnly(accessToken, CLIENT_ID_NO_REFRESH_TOKEN_GRANT); assertNull(accessToken.getRefreshToken()); }
@Test(expected = InvalidScopeException.class) public void testValidateScopesNotPresent() throws Exception { try { authentication = new OAuth2Authentication(new AuthorizationRequest("client", Collections.singleton("scim.read")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue(), Collections.singletonList("scim.write"), request); } catch (InvalidScopeException ex) { assertEquals(missingScopeMessage("scim.write"), ex.getMessage()); throw ex; } }
@Test(expected = InvalidScopeException.class) public void testValidateScopesSomeNotPresent() throws Exception { try { authentication = new OAuth2Authentication(new AuthorizationRequest("client", Arrays.asList("scim.read", "scim.write")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue(), Arrays.asList("scim.read", "ponies.ride"), request); } catch (InvalidScopeException ex) { assertEquals(missingScopeMessage("ponies.ride"), ex.getMessage()); throw ex; } }
@Test(expected = InvalidTokenException.class) public void revokingAuthoritiesFromClients_invalidatesToken() throws Exception { defaultClient = new BaseClientDetails("client", "scim, cc", "write,read", "authorization_code, password", "scim.write", "http://localhost:8080/uaa"); clientDetailsStore = Collections.singletonMap( "client", defaultClient ); clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore); resetAndMockUserDatabase(userId, user); authentication = new OAuth2Authentication(new AuthorizationRequest("client", Collections.singleton("scim.read")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue(), Collections.emptyList(), request); }
@Test(expected = InvalidScopeException.class) public void testValidateScopesMultipleNotPresent() throws Exception { try { authentication = new OAuth2Authentication(new AuthorizationRequest("client", Collections.singletonList("cat.pet")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); endpoint.checkToken(accessToken.getValue(), Arrays.asList("scim.write", "scim.read"), request); } catch (InvalidScopeException ex) { assertEquals(missingScopeMessage("scim.write", "scim.read"), ex.getMessage()); throw ex; } }
@Test public void zoneAdminClientIsAdmin() throws Exception { AuthorizationRequest authorizationRequest = new AuthorizationRequest("admin", null); authorizationRequest.setScope(Arrays.asList("zones." + IdentityZoneHolder.get().getId() + ".admin")); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null); MockHttpServletRequest request = new MockHttpServletRequest(); request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI2ZjIxOTFlYi1iODY2LTQxZDUtYTBjNy1kZTg0ZTE3OTQ3MjIiLCJzdWIiOiJhZG1pbiIsImF1dGhvcml0aWVzIjpbInNjaW0ucmVhZCIsInVhYS5hZG1pbiIsInpvbmVzLmU5ZmY4ZDJmLTk5ODEtNDhkNi04MmIzLWNjYTc0ZGY5YzFmZS5hZG1pbiIsInBhc3N3b3JkLndyaXRlIiwic2NpbS53cml0ZSIsImNsaWVudHMud3JpdGUiLCJjbGllbnRzLnJlYWQiLCJ6b25lcy5yZWFkIiwiY2xpZW50cy5zZWNyZXQiXSwic2NvcGUiOlsic2NpbS5yZWFkIiwidWFhLmFkbWluIiwiem9uZXMuZTlmZjhkMmYtOTk4MS00OGQ2LTgyYjMtY2NhNzRkZjljMWZlLmFkbWluIiwicGFzc3dvcmQud3JpdGUiLCJzY2ltLndyaXRlIiwiY2xpZW50cy53cml0ZSIsImNsaWVudHMucmVhZCIsInpvbmVzLnJlYWQiLCJjbGllbnRzLnNlY3JldCJdLCJjbGllbnRfaWQiOiJhZG1pbiIsImNpZCI6ImFkbWluIiwiYXpwIjoiYWRtaW4iLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6ImVjMWMzN2M0IiwiaWF0IjoxNDM2NTcwMjkzLCJleHAiOjE0MzY2MTM0OTMsImlzcyI6Imh0dHBzOi8vdWFhLmlkZW50aXR5LmNmLWFwcC5jb20vb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiYWRtaW4iLCJzY2ltIiwidWFhIiwiem9uZXMuZTlmZjhkMmYtOTk4MS00OGQ2LTgyYjMtY2NhNzRkZjljMWZlIiwicGFzc3dvcmQiLCJjbGllbnRzIiwiem9uZXMiXX0.ajpOTnvAvHWPEXEZI4XXDIO_Omp03VgQ64W2bfbrGSIVB0lBujegXvXe-61bRqiKKbbkk85Z6AXUfz6aZXb2hjKPeZr8P9ydy23bSCsl9QNsM9D_h3KHzTkJ9G-34aMTpVi8hxmfr_UQ6J-37zoTTIQrk5nxIiwxc4HcKkl_p68"); authentication.setDetails(new OAuth2AuthenticationDetails(request)); SecurityContextHolder.getContext().setAuthentication(authentication); assertTrue(new DefaultSecurityContextAccessor().isAdmin()); }
@Test public void testClientOnly() throws Exception { authentication = new OAuth2Authentication(new AuthorizationRequest("client", Collections.singleton("scim.read")).createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Claims result = endpoint.checkToken(accessToken.getValue(), Collections.emptyList(), request); assertEquals("client", result.getClientId()); assertNull(result.getUserId()); }
@Before public void init() { publisher = TestApplicationEventPublisher.forEventClass(IdentityProviderAuthenticationSuccessEvent.class); manager.setApplicationEventPublisher(publisher); manager.setUserDatabase(userDatabase); oauth2Authentication = new OAuth2Authentication(new AuthorizationRequest("client", Arrays.asList("read", "write")).createOAuth2Request(), null); SecurityContextImpl context = new SecurityContextImpl(); context.setAuthentication(oauth2Authentication); SecurityContextHolder.setContext(context); }
@Test public void zoneAdminUserIsNotAdmin_BecauseOriginIsNotUaa() throws Exception { BaseClientDetails client = new BaseClientDetails(); List<SimpleGrantedAuthority> authorities = new LinkedList<>(); authorities.add(new SimpleGrantedAuthority("zones." + IdentityZoneHolder.get().getId() + ".admin")); client.setAuthorities(authorities); UaaPrincipal principal = new UaaPrincipal("id","username","email", OriginKeys.UAA,null, MultitenancyFixture.identityZone("test","test").getId()); UaaAuthentication userAuthentication = new UaaAuthentication(principal, authorities, new UaaAuthenticationDetails(new MockHttpServletRequest())); AuthorizationRequest authorizationRequest = new AuthorizationRequest("admin", UaaStringUtils.getStringsFromAuthorities(authorities)); authorizationRequest.setResourceIdsAndAuthoritiesFromClientDetails(client); SecurityContextHolder.getContext().setAuthentication(new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication)); assertFalse(new DefaultSecurityContextAccessor().isAdmin()); }
@Test public void ensureJKUHeaderIsSetWhenBuildingAnAccessToken() { AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, GRANT_TYPE_CLIENT_CREDENTIALS, Strings.split(clientScopes, ',')); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Jwt decode = JwtHelper.decode(accessToken.getValue()); assertThat(decode.getHeader().getJku(), startsWith(uaaUrl)); assertThat(decode.getHeader().getJku(), is("https://uaa.some.test.domain.com:555/uaa/token_keys")); }