View Javadoc
1   /*
2    * Copyright 2002-2011 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.springframework.security.oauth2.client.test;
17  
18  import java.lang.annotation.ElementType;
19  import java.lang.annotation.Retention;
20  import java.lang.annotation.RetentionPolicy;
21  import java.lang.annotation.Target;
22  
23  import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
24  import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
25  import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
26  import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitResourceDetails;
27  import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails;
28  
29  /**
30   * Annotation to signal that an OAuth2 authentication should be created and and provided to the enclosing scope (method
31   * or class). Used at the class level it will apply to all test methods (and {@link BeforeOAuth2Context} initializers).
32   * Used at the method level it will apply only to the method, overriding any value found on the enclosing class.
33   * 
34   * @author Dave Syer
35   * 
36   */
37  @Retention(RetentionPolicy.RUNTIME)
38  @Target({ ElementType.TYPE, ElementType.METHOD })
39  public @interface OAuth2ContextConfiguration {
40  
41  	/**
42  	 * The resource type to use when obtaining an access token. The value provided must be a concrete implementation of
43  	 * {@link OAuth2ProtectedResourceDetails}. An instance will be constructed by the test framework and used to set up
44  	 * an OAuth2 authentication context. The strategy used for instantiating the value provided might vary depending on
45  	 * the consumer. Defaults to the value of {@link resource()} if not provided.
46  	 * 
47  	 * @see Password
48  	 * @see Implicit
49  	 * @see ClientCredentials
50  	 * 
51  	 * @return the resource type to use
52  	 */
53  	Class<? extends OAuth2ProtectedResourceDetails> value() default OAuth2ProtectedResourceDetails.class;
54  
55  	/**
56  	 * The resource type to use when obtaining an access token. Defaults to {@link Password}. Intended to be used as an
57  	 * alias for {@link #value()}.
58  	 * 
59  	 * @return the resource type to use
60  	 */
61  	Class<? extends OAuth2ProtectedResourceDetails> resource() default Password.class;
62  
63  	static class ResourceHelper {
64  		public static void initialize(OAuth2ProtectedResourceDetails source, BaseOAuth2ProtectedResourceDetails target) {
65  			target.setClientId(source.getClientId());
66  			target.setClientSecret(source.getClientSecret());
67  			target.setScope(source.getScope());
68  			target.setId(source.getId());
69  			target.setAccessTokenUri(source.getAccessTokenUri());
70  		}
71  	}
72  
73  	/**
74  	 * Set up an OAuth2 context for this test using client credentials grant type
75  	 */
76  	static class ClientCredentials extends ClientCredentialsResourceDetails {
77  		public ClientCredentials(TestAccounts testAccounts) {
78  			ClientCredentialsResourceDetails resource = testAccounts.getDefaultClientCredentialsResource();
79  			ResourceHelper.initialize(resource, this);
80  		}
81  	}
82  
83  	/**
84  	 * Set up an OAuth2 context for this test using resource owner password grant type
85  	 */
86  	static class Password extends ResourceOwnerPasswordResourceDetails {
87  		public Password(TestAccounts testAccounts) {
88  			ResourceOwnerPasswordResourceDetails resource = testAccounts.getDefaultResourceOwnerPasswordResource();
89  			ResourceHelper.initialize(resource, this);
90  			setUsername(resource.getUsername());
91  			setPassword(resource.getPassword());
92  		}
93  	}
94  
95  	/**
96  	 * Set up an OAuth2 context for this test using implicit grant type
97  	 */
98  	static class Implicit extends ImplicitResourceDetails {
99  		public Implicit(TestAccounts testAccounts) {
100 			ImplicitResourceDetails resource = testAccounts.getDefaultImplicitResource();
101 			ResourceHelper.initialize(resource, this);
102 			setPreEstablishedRedirectUri(resource.getPreEstablishedRedirectUri());
103 		}
104 	}
105 
106 	/**
107 	 * Flag to indicate whether the access token should be initialized before the test method. If false then the test
108 	 * method should access the protected resource or explicitly grab the access token before trying to use it. Default
109 	 * is true, so test methods can just grab the access token if they need it.
110 	 * 
111 	 * @return flag to indicate whether the access token should be initialized before the test method
112 	 */
113 	boolean initialize() default true;
114 
115 }