@Test public void testDefaultPrePostSecurityAnnotations() { this.context = new AnnotationConfigServletWebServerApplicationContext(); this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(ClientDetails.class); DelegatingMethodSecurityMetadataSource source = this.context .getBean(DelegatingMethodSecurityMetadataSource.class); List<MethodSecurityMetadataSource> sources = source .getMethodSecurityMetadataSources(); assertThat(sources.size()).isEqualTo(1); assertThat(sources.get(0).getClass().getName()) .isEqualTo(PrePostAnnotationSecurityMetadataSource.class.getName()); verifyAuthentication(config); }
@Test public void testClassicSecurityAnnotationOverride() { this.context = new AnnotationConfigServletWebServerApplicationContext(); this.context.register(SecuredEnabledConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(ClientDetails.class); DelegatingMethodSecurityMetadataSource source = this.context .getBean(DelegatingMethodSecurityMetadataSource.class); List<MethodSecurityMetadataSource> sources = source .getMethodSecurityMetadataSources(); assertThat(sources.size()).isEqualTo(1); assertThat(sources.get(0).getClass().getName()) .isEqualTo(SecuredAnnotationSecurityMetadataSource.class.getName()); verifyAuthentication(config, HttpStatus.OK); }
@Test public void testJsr250SecurityAnnotationOverride() { this.context = new AnnotationConfigServletWebServerApplicationContext(); this.context.register(Jsr250EnabledConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(ClientDetails.class); DelegatingMethodSecurityMetadataSource source = this.context .getBean(DelegatingMethodSecurityMetadataSource.class); List<MethodSecurityMetadataSource> sources = source .getMethodSecurityMetadataSources(); assertThat(sources.size()).isEqualTo(1); assertThat(sources.get(0).getClass().getName()) .isEqualTo(Jsr250MethodSecurityMetadataSource.class.getName()); verifyAuthentication(config, HttpStatus.OK); }
@Test public void testDefaultPrePostSecurityAnnotations() { this.context = new AnnotationConfigEmbeddedWebApplicationContext(); this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(ClientDetails.class); DelegatingMethodSecurityMetadataSource source = this.context .getBean(DelegatingMethodSecurityMetadataSource.class); List<MethodSecurityMetadataSource> sources = source .getMethodSecurityMetadataSources(); assertThat(sources.size()).isEqualTo(1); assertThat(sources.get(0).getClass().getName()) .isEqualTo(PrePostAnnotationSecurityMetadataSource.class.getName()); verifyAuthentication(config); }
@Test public void testClassicSecurityAnnotationOverride() { this.context = new AnnotationConfigEmbeddedWebApplicationContext(); this.context.register(SecuredEnabledConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(ClientDetails.class); DelegatingMethodSecurityMetadataSource source = this.context .getBean(DelegatingMethodSecurityMetadataSource.class); List<MethodSecurityMetadataSource> sources = source .getMethodSecurityMetadataSources(); assertThat(sources.size()).isEqualTo(1); assertThat(sources.get(0).getClass().getName()) .isEqualTo(SecuredAnnotationSecurityMetadataSource.class.getName()); verifyAuthentication(config, HttpStatus.OK); }
@Test public void testJsr250SecurityAnnotationOverride() { this.context = new AnnotationConfigEmbeddedWebApplicationContext(); this.context.register(Jsr250EnabledConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(ClientDetails.class); DelegatingMethodSecurityMetadataSource source = this.context .getBean(DelegatingMethodSecurityMetadataSource.class); List<MethodSecurityMetadataSource> sources = source .getMethodSecurityMetadataSources(); assertThat(sources.size()).isEqualTo(1); assertThat(sources.get(0).getClass().getName()) .isEqualTo(Jsr250MethodSecurityMetadataSource.class.getName()); verifyAuthentication(config, HttpStatus.OK); }
@Test public void testDefaultConfiguration() { this.context = new AnnotationConfigEmbeddedWebApplicationContext(); this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(AUTHORIZATION_SERVER_CONFIG); this.context.getBean(RESOURCE_SERVER_CONFIG); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(BaseClientDetails.class); AuthorizationEndpoint endpoint = this.context .getBean(AuthorizationEndpoint.class); UserApprovalHandler handler = (UserApprovalHandler) ReflectionTestUtils .getField(endpoint, "userApprovalHandler"); ClientDetailsService clientDetailsService = this.context .getBean(ClientDetailsService.class); ClientDetails clientDetails = clientDetailsService .loadClientByClientId(config.getClientId()); assertThat(AopUtils.isJdkDynamicProxy(clientDetailsService), equalTo(true)); assertThat(AopUtils.getTargetClass(clientDetailsService).getName(), is(equalTo(InMemoryClientDetailsService.class.getName()))); assertThat(handler instanceof ApprovalStoreUserApprovalHandler, equalTo(true)); assertThat(clientDetails, equalTo(config)); verifyAuthentication(config); }
@Test public void testDefaultPrePostSecurityAnnotations() { this.context = new AnnotationConfigEmbeddedWebApplicationContext(); this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(ClientDetails.class); DelegatingMethodSecurityMetadataSource source = this.context .getBean(DelegatingMethodSecurityMetadataSource.class); List<MethodSecurityMetadataSource> sources = source .getMethodSecurityMetadataSources(); assertThat(sources.size(), equalTo(1)); assertThat(sources.get(0).getClass().getName(), equalTo(PrePostAnnotationSecurityMetadataSource.class.getName())); verifyAuthentication(config); }
@Test public void testClassicSecurityAnnotationOverride() { this.context = new AnnotationConfigEmbeddedWebApplicationContext(); this.context.register(SecuredEnabledConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(ClientDetails.class); DelegatingMethodSecurityMetadataSource source = this.context .getBean(DelegatingMethodSecurityMetadataSource.class); List<MethodSecurityMetadataSource> sources = source .getMethodSecurityMetadataSources(); assertThat(sources.size(), equalTo(1)); assertThat(sources.get(0).getClass().getName(), equalTo(SecuredAnnotationSecurityMetadataSource.class.getName())); verifyAuthentication(config, HttpStatus.OK); }
@Test public void testJsr250SecurityAnnotationOverride() { this.context = new AnnotationConfigEmbeddedWebApplicationContext(); this.context.register(Jsr250EnabledConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(ClientDetails.class); DelegatingMethodSecurityMetadataSource source = this.context .getBean(DelegatingMethodSecurityMetadataSource.class); List<MethodSecurityMetadataSource> sources = source .getMethodSecurityMetadataSources(); assertThat(sources.size(), equalTo(1)); assertThat(sources.get(0).getClass().getName(), equalTo(Jsr250MethodSecurityMetadataSource.class.getName())); verifyAuthentication(config, HttpStatus.OK); }
@Test public void testDefaultConfiguration() { this.context = new AnnotationConfigServletWebServerApplicationContext(); this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(AUTHORIZATION_SERVER_CONFIG); this.context.getBean(RESOURCE_SERVER_CONFIG); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(BaseClientDetails.class); AuthorizationEndpoint endpoint = this.context .getBean(AuthorizationEndpoint.class); UserApprovalHandler handler = (UserApprovalHandler) ReflectionTestUtils .getField(endpoint, "userApprovalHandler"); ClientDetailsService clientDetailsService = this.context .getBean(ClientDetailsService.class); ClientDetails clientDetails = clientDetailsService .loadClientByClientId(config.getClientId()); assertThat(AopUtils.isJdkDynamicProxy(clientDetailsService)).isTrue(); assertThat(AopUtils.getTargetClass(clientDetailsService).getName()) .isEqualTo(InMemoryClientDetailsService.class.getName()); assertThat(handler).isInstanceOf(ApprovalStoreUserApprovalHandler.class); assertThat(clientDetails).isEqualTo(config); verifyAuthentication(config); assertThat(this.context.getBeanNamesForType(OAuth2RestOperations.class)) .isEmpty(); }
@Test public void testDefaultConfiguration() { this.context = new AnnotationConfigEmbeddedWebApplicationContext(); this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class); this.context.refresh(); this.context.getBean(AUTHORIZATION_SERVER_CONFIG); this.context.getBean(RESOURCE_SERVER_CONFIG); this.context.getBean(OAuth2MethodSecurityConfiguration.class); ClientDetails config = this.context.getBean(BaseClientDetails.class); AuthorizationEndpoint endpoint = this.context .getBean(AuthorizationEndpoint.class); UserApprovalHandler handler = (UserApprovalHandler) ReflectionTestUtils .getField(endpoint, "userApprovalHandler"); ClientDetailsService clientDetailsService = this.context .getBean(ClientDetailsService.class); ClientDetails clientDetails = clientDetailsService .loadClientByClientId(config.getClientId()); assertThat(AopUtils.isJdkDynamicProxy(clientDetailsService)).isTrue(); assertThat(AopUtils.getTargetClass(clientDetailsService).getName()) .isEqualTo(InMemoryClientDetailsService.class.getName()); assertThat(handler).isInstanceOf(ApprovalStoreUserApprovalHandler.class); assertThat(clientDetails).isEqualTo(config); verifyAuthentication(config); assertThat(this.context.getBeanNamesForType(OAuth2RestOperations.class)) .isEmpty(); }
