Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 00:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Opaque Token Sample and tests

Browse Source 
Issue: gh-6498
This commit is contained in:
Clement Ng 2019-06-26 18:00:08 -07:00 committed by Josh Cummings
parent 491da9db03
commit cd54808718
5 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationToken.java
View File

@ -69,7 +69,7 @@ public class OAuth2IntrospectionAuthenticationToken
public OAuth2IntrospectionAuthenticationToken(OAuth2AccessToken token, OAuth2TokenAttributes attributes,
Collection<? extends GrantedAuthority> authorities, String name) {
super(token, attributes(attributes), token, authorities);
super(token, attributes, token, authorities);
this.attributes = attributes(attributes);
this.name = name == null ? (String) this.attributes.get(SUBJECT) : name;
setAuthenticated(true);

9
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationProviderTests.java
View File

@ -24,6 +24,7 @@ import org.junit.Test;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2TokenAttributes;
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames;
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
@ -63,9 +64,9 @@ public class OAuth2IntrospectionAuthenticationProviderTests {
Authentication result =
provider.authenticate(new BearerTokenAuthenticationToken("token"));
assertThat(result.getPrincipal()).isInstanceOf(Map.class);
assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class);
Map<String, Object> attributes = (Map<String, Object>) result.getPrincipal();
Map<String, Object> attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes();
assertThat(attributes)
.isNotNull()
.containsEntry(ACTIVE, true)
@ -94,9 +95,9 @@ public class OAuth2IntrospectionAuthenticationProviderTests {
Authentication result =
provider.authenticate(new BearerTokenAuthenticationToken("token"));
assertThat(result.getPrincipal()).isInstanceOf(Map.class);
assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class);
Map<String, Object> attributes = (Map<String, Object>) result.getPrincipal();
Map<String, Object> attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes();
assertThat(attributes)
.isNotNull()
.doesNotContainKey(SCOPE);

2
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionAuthenticationTokenTests.java
View File

@ -93,7 +93,7 @@ public class OAuth2IntrospectionAuthenticationTokenTests {
public void constructorWhenAttributesAreNullOrEmptyThenThrowsException() {
assertThatCode(() -> new OAuth2IntrospectionAuthenticationToken(this.token, null, null))
.isInstanceOf(IllegalArgumentException.class)
.hasMessageContaining("attributes cannot be empty");
.hasMessageContaining("principal cannot be null");
assertThatCode(() -> new OAuth2IntrospectionAuthenticationToken(this.token,
new OAuth2TokenAttributes(Collections.emptyMap()), null))

9
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OAuth2IntrospectionReactiveAuthenticationManagerTests.java
View File

@ -22,6 +22,7 @@ import java.util.Arrays;
import java.util.Map;
import org.junit.Test;
import org.springframework.security.oauth2.core.OAuth2TokenAttributes;
import reactor.core.publisher.Mono;
import org.springframework.security.core.Authentication;
@ -62,9 +63,9 @@ public class OAuth2IntrospectionReactiveAuthenticationManagerTests {
Authentication result =
provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
assertThat(result.getPrincipal()).isInstanceOf(Map.class);
assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class);
Map<String, Object> attributes = (Map<String, Object>) result.getPrincipal();
Map<String, Object> attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes();
assertThat(attributes)
.isNotNull()
.containsEntry(ACTIVE, true)
@ -93,9 +94,9 @@ public class OAuth2IntrospectionReactiveAuthenticationManagerTests {
Authentication result =
provider.authenticate(new BearerTokenAuthenticationToken("token")).block();
assertThat(result.getPrincipal()).isInstanceOf(Map.class);
assertThat(result.getPrincipal()).isInstanceOf(OAuth2TokenAttributes.class);
Map<String, Object> attributes = (Map<String, Object>) result.getPrincipal();
Map<String, Object> attributes = ((OAuth2TokenAttributes) result.getPrincipal()).getAttributes();
assertThat(attributes)
.isNotNull()
.doesNotContainKey(SCOPE);

5
samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerController.java
View File

@ -16,6 +16,7 @@
package sample;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.core.OAuth2TokenAttributes;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@ -26,8 +27,8 @@ import org.springframework.web.bind.annotation.RestController;
public class OAuth2ResourceServerController {
@GetMapping("/")
public String index(@AuthenticationPrincipal(expression="['sub']") String subject) {
return String.format("Hello, %s!", subject);
public String index(@AuthenticationPrincipal OAuth2TokenAttributes attributes) {
return String.format("Hello, %s!", (String) attributes.getAttribute("sub"));
}
@GetMapping("/message")