|
|
@@ -19,6 +19,7 @@ package org.springframework.security;
|
|
|
import java.io.IOException;
|
|
|
import java.io.Serializable;
|
|
|
import java.lang.reflect.Field;
|
|
|
+import java.security.Principal;
|
|
|
import java.time.Instant;
|
|
|
import java.util.Collection;
|
|
|
import java.util.Date;
|
|
|
@@ -122,6 +123,8 @@ import org.springframework.security.oauth2.client.oidc.session.OidcSessionInform
|
|
|
import org.springframework.security.oauth2.client.oidc.session.TestOidcSessionInformations;
|
|
|
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
|
|
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
|
|
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
|
|
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
|
|
import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
|
|
|
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
|
|
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
|
|
|
@@ -156,6 +159,34 @@ import org.springframework.security.oauth2.jwt.JwtEncodingException;
|
|
|
import org.springframework.security.oauth2.jwt.JwtException;
|
|
|
import org.springframework.security.oauth2.jwt.JwtValidationException;
|
|
|
import org.springframework.security.oauth2.jwt.TestJwts;
|
|
|
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
|
|
|
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent;
|
|
|
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata;
|
|
|
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenIntrospection;
|
|
|
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
|
|
|
+import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceAuthorizationConsentAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceAuthorizationRequestAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceVerificationAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2PushedAuthorizationRequestAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenIntrospectionAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
|
|
+import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
|
|
+import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration;
|
|
|
+import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration;
|
|
|
+import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcClientRegistrationAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcLogoutAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
|
|
+import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
|
|
|
+import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
|
|
|
+import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
|
|
|
import org.springframework.security.oauth2.server.resource.BearerTokenError;
|
|
|
import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
|
|
|
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
|
|
|
@@ -374,6 +405,146 @@ final class SerializationSamples {
|
|
|
generatorByClassName.put(DPoPAuthenticationToken.class,
|
|
|
(r) -> applyDetails(new DPoPAuthenticationToken("token", "proof", "method", "uri")));
|
|
|
|
|
|
+ // oauth2-authorization-server
|
|
|
+ RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
|
|
|
+ OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
|
|
|
+ OAuth2AuthorizationRequest authorizationRequest = authorization
|
|
|
+ .getAttribute(OAuth2AuthorizationRequest.class.getName());
|
|
|
+ Authentication principal = authorization.getAttribute(Principal.class.getName());
|
|
|
+ generatorByClassName.put(RegisteredClient.class, (r) -> registeredClient);
|
|
|
+ generatorByClassName.put(OAuth2Authorization.class, (r) -> authorization);
|
|
|
+ generatorByClassName.put(OAuth2Authorization.Token.class, (r) -> authorization.getAccessToken());
|
|
|
+ generatorByClassName.put(OAuth2AuthorizationConsent.class,
|
|
|
+ (r) -> OAuth2AuthorizationConsent.withId("registeredClientId", "principalName")
|
|
|
+ .scope("scope1")
|
|
|
+ .scope("scope2")
|
|
|
+ .build());
|
|
|
+ generatorByClassName.put(OAuth2AuthorizationCodeRequestAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2AuthorizationCodeRequestAuthenticationToken authenticationToken = new OAuth2AuthorizationCodeRequestAuthenticationToken(
|
|
|
+ "authorizationUri", "clientId", principal, "redirectUri", "state", authorizationRequest.getScopes(),
|
|
|
+ authorizationRequest.getAdditionalParameters());
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2PushedAuthorizationRequestAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2PushedAuthorizationRequestAuthenticationToken authenticationToken = new OAuth2PushedAuthorizationRequestAuthenticationToken(
|
|
|
+ "authorizationUri", "clientId", principal, "redirectUri", "state", authorizationRequest.getScopes(),
|
|
|
+ authorizationRequest.getAdditionalParameters());
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2AuthorizationGrantAuthenticationToken.class, (r) -> {
|
|
|
+ org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken authenticationToken = new org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken(
|
|
|
+ "code", principal, "redirectUri", new HashMap<>());
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2AuthorizationConsentAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2AuthorizationConsentAuthenticationToken authenticationToken = new OAuth2AuthorizationConsentAuthenticationToken(
|
|
|
+ "authorizationUri", "clientId", principal, "state", authorizationRequest.getScopes(),
|
|
|
+ authorizationRequest.getAdditionalParameters());
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2DeviceAuthorizationRequestAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2DeviceAuthorizationRequestAuthenticationToken authenticationToken = new OAuth2DeviceAuthorizationRequestAuthenticationToken(
|
|
|
+ principal, "authorizationUri", authorizationRequest.getScopes(),
|
|
|
+ authorizationRequest.getAdditionalParameters());
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2DeviceAuthorizationConsentAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2DeviceAuthorizationConsentAuthenticationToken authenticationToken = new OAuth2DeviceAuthorizationConsentAuthenticationToken(
|
|
|
+ "authorizationUri", "clientId", principal, "userCode", "state", authorizationRequest.getScopes(),
|
|
|
+ authorizationRequest.getAdditionalParameters());
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2DeviceVerificationAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2DeviceVerificationAuthenticationToken authenticationToken = new OAuth2DeviceVerificationAuthenticationToken(
|
|
|
+ principal, "userCode", new HashMap<>());
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2TokenIntrospectionAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2TokenIntrospectionAuthenticationToken authenticationToken = new OAuth2TokenIntrospectionAuthenticationToken(
|
|
|
+ "token", principal, "tokenTypeHint", new HashMap<>());
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2TokenRevocationAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2TokenRevocationAuthenticationToken authenticationToken = new OAuth2TokenRevocationAuthenticationToken(
|
|
|
+ "token", principal, "tokenTypeHint");
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ OidcClientRegistration oidcClientRegistration = OidcClientRegistration.builder()
|
|
|
+ .grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue())
|
|
|
+ .scope("scope1")
|
|
|
+ .redirectUri("https://localhost/oauth2/callback")
|
|
|
+ .build();
|
|
|
+ generatorByClassName.put(OidcClientRegistration.class, (r) -> oidcClientRegistration);
|
|
|
+ generatorByClassName.put(OidcClientRegistrationAuthenticationToken.class, (r) -> {
|
|
|
+ OidcClientRegistrationAuthenticationToken authenticationToken = new OidcClientRegistrationAuthenticationToken(
|
|
|
+ principal, oidcClientRegistration);
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OidcUserInfoAuthenticationToken.class, (r) -> {
|
|
|
+ OidcUserInfo userInfo = OidcUserInfo.builder().subject("subject").name("name").build();
|
|
|
+ OidcUserInfoAuthenticationToken authenticationToken = new OidcUserInfoAuthenticationToken(principal,
|
|
|
+ userInfo);
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OidcLogoutAuthenticationToken.class, (r) -> {
|
|
|
+ OidcIdToken idToken = OidcIdToken.withTokenValue("tokenValue")
|
|
|
+ .issuedAt(Instant.now())
|
|
|
+ .expiresAt(Instant.now().plusSeconds(60))
|
|
|
+ .build();
|
|
|
+ OidcLogoutAuthenticationToken authenticationToken = new OidcLogoutAuthenticationToken(idToken, principal,
|
|
|
+ "sessionId", "clientId", "postLogoutRedirectUri", "state");
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2ClientAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2ClientAuthenticationToken authenticationToken = new OAuth2ClientAuthenticationToken(registeredClient,
|
|
|
+ ClientAuthenticationMethod.CLIENT_SECRET_BASIC, "credentials");
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2TokenIntrospection.class,
|
|
|
+ (r) -> OAuth2TokenIntrospection.builder().active(true).clientId("clientId").build());
|
|
|
+ generatorByClassName.put(OAuth2AccessTokenAuthenticationToken.class, (r) -> {
|
|
|
+ OAuth2AccessTokenAuthenticationToken authenticationToken = new OAuth2AccessTokenAuthenticationToken(
|
|
|
+ registeredClient, principal, authorization.getAccessToken().getToken());
|
|
|
+ authenticationToken.setDetails(details);
|
|
|
+ return authenticationToken;
|
|
|
+ });
|
|
|
+ generatorByClassName.put(OAuth2AuthorizationServerMetadata.class,
|
|
|
+ (r) -> OAuth2AuthorizationServerMetadata.builder()
|
|
|
+ .issuer("https://localhost")
|
|
|
+ .authorizationEndpoint("https://localhost/oauth2/authorize")
|
|
|
+ .tokenEndpoint("https://localhost/oauth2/token")
|
|
|
+ .responseType("code")
|
|
|
+ .build());
|
|
|
+ generatorByClassName.put(OidcProviderConfiguration.class,
|
|
|
+ (r) -> OidcProviderConfiguration.builder()
|
|
|
+ .issuer("https://localhost")
|
|
|
+ .authorizationEndpoint("https://localhost/oauth2/authorize")
|
|
|
+ .tokenEndpoint("https://localhost/oauth2/token")
|
|
|
+ .jwkSetUrl("https://localhost/oauth2/jwks")
|
|
|
+ .responseType("code")
|
|
|
+ .subjectType("subjectType")
|
|
|
+ .idTokenSigningAlgorithm("RS256")
|
|
|
+ .build());
|
|
|
+ generatorByClassName.put(OAuth2TokenType.class, (r) -> OAuth2TokenType.ACCESS_TOKEN);
|
|
|
+ generatorByClassName.put(OAuth2TokenFormat.class, (r) -> OAuth2TokenFormat.SELF_CONTAINED);
|
|
|
+ generatorByClassName.put(AuthorizationServerSettings.class,
|
|
|
+ (r) -> AuthorizationServerSettings.builder().build());
|
|
|
+ generatorByClassName.put(ClientSettings.class, (r) -> ClientSettings.builder().build());
|
|
|
+ generatorByClassName.put(TokenSettings.class, (r) -> TokenSettings.builder().build());
|
|
|
+
|
|
|
// config
|
|
|
generatorByClassName.put(AlreadyBuiltException.class, (r) -> new AlreadyBuiltException("message"));
|
|
|
|
Joe Grandja