View Javadoc
1   /*
2    * Copyright 20013-2014 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
5    * the License. You may obtain a copy of the License at
6    *
7    * https://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
10   * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
11   * specific language governing permissions and limitations under the License.
12   */
13  
14  package org.springframework.security.oauth2.provider.token;
15  
16  import static org.junit.Assert.assertEquals;
17  
18  import java.util.Arrays;
19  import java.util.Collections;
20  
21  import org.junit.Before;
22  import org.junit.Rule;
23  import org.junit.Test;
24  import org.junit.rules.ExpectedException;
25  import org.springframework.security.authentication.AbstractAuthenticationToken;
26  import org.springframework.security.core.GrantedAuthority;
27  import org.springframework.security.core.authority.SimpleGrantedAuthority;
28  import org.springframework.security.oauth2.common.OAuth2AccessToken;
29  import org.springframework.security.oauth2.provider.OAuth2Authentication;
30  import org.springframework.security.oauth2.provider.RequestTokenFactory;
31  import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
32  
33  /**
34   * @author Ismael Gomes
35   * 
36   */
37  public class DefaultTokenServicesAuthoritiesChangeTests {
38  
39  	private DefaultTokenServices services;
40  
41  	private InMemoryTokenStore tokenStore = new InMemoryTokenStore();
42  
43  	@Rule
44  	public ExpectedException expected = ExpectedException.none();
45  
46  	@Before
47  	public void setUp() throws Exception {
48  		services = new DefaultTokenServices();
49  		services.setTokenStore(tokenStore);
50  		services.setSupportRefreshToken(true);
51  		services.afterPropertiesSet();
52  	}
53  
54  	// This test will fail
55  	@Test
56  	public void testChangeAuthoritiesAuthenticationTokenFail() throws Exception {
57  
58  		TestChangeAuthentication testAuthentication = new TestChangeAuthentication("test2", false,
59  				new SimpleGrantedAuthority("USER"));
60  		OAuth2Authentication oauth2Authentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request(
61  				"id", false, Collections.singleton("read")), testAuthentication);
62  
63  		OAuth2AccessToken createAccessToken = getTokenServices().createAccessToken(oauth2Authentication);
64  		// First time. The Authentication has 2 roles;
65  		assertEquals(testAuthentication.getAuthorities(),
66  				getTokenServices().loadAuthentication(createAccessToken.getValue()).getAuthorities());
67  		// Now I change the authorities from testAuthentication
68  		testAuthentication = new TestChangeAuthentication("test2", false, new SimpleGrantedAuthority("NONE"));
69  		// I recreate the request
70  		oauth2Authentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false,
71  				Collections.singleton("read")), testAuthentication);
72  		// I create the authentication again
73  		createAccessToken = getTokenServices().createAccessToken(oauth2Authentication);
74  		assertEquals(testAuthentication.getAuthorities(),
75  				getTokenServices().loadAuthentication(createAccessToken.getValue()).getAuthorities());
76  
77  	}
78  
79  	protected TokenStore createTokenStore() {
80  		tokenStore = new InMemoryTokenStore();
81  		return tokenStore;
82  	}
83  
84  	protected int getAccessTokenCount() {
85  		return tokenStore.getAccessTokenCount();
86  	}
87  
88  	protected int getRefreshTokenCount() {
89  		return tokenStore.getRefreshTokenCount();
90  	}
91  
92  	protected DefaultTokenServices getTokenServices() {
93  		return services;
94  	}
95  
96  	protected static class TestChangeAuthentication extends AbstractAuthenticationToken {
97  
98  		private static final long serialVersionUID = 1L;
99  
100 		private String principal;
101 
102 		public TestChangeAuthentication(String name, boolean authenticated, GrantedAuthority... authorities) {
103 			super(Arrays.asList(authorities));
104 			setAuthenticated(authenticated);
105 			this.principal = name;
106 		}
107 
108 		public Object getCredentials() {
109 			return null;
110 		}
111 
112 		public Object getPrincipal() {
113 			return this.principal;
114 		}
115 
116 	}
117 
118 }