diff --git a/oauth2/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2ModuleTests.java b/oauth2/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2ModuleTests.java index 1fe6bccf59..f99a2f106d 100644 --- a/oauth2/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2ModuleTests.java +++ b/oauth2/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2ModuleTests.java @@ -16,73 +16,101 @@ package org.springframework.security.oauth2.server.authorization.jackson2; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedHashSet; +import java.security.Principal; +import java.util.List; import java.util.Map; -import java.util.Set; import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.Module; import com.fasterxml.jackson.databind.ObjectMapper; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.jackson2.SecurityJackson2Modules; +import org.springframework.security.oauth2.jose.jws.MacAlgorithm; +import org.springframework.security.oauth2.jwt.JwtClaimNames; +import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; +import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; +import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeActor; +import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeCompositeAuthenticationToken; +import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; +import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; + import static org.assertj.core.api.Assertions.assertThat; /** * Tests for {@link OAuth2AuthorizationServerJackson2Module}. * * @author Steve Riesenberg + * @author Joe Grandja */ public class OAuth2AuthorizationServerJackson2ModuleTests { private static final TypeReference> STRING_OBJECT_MAP = new TypeReference<>() { }; - private static final TypeReference> STRING_SET = new TypeReference<>() { - }; - - private static final TypeReference STRING_ARRAY = new TypeReference<>() { - }; - private ObjectMapper objectMapper; @BeforeEach public void setup() { this.objectMapper = new ObjectMapper(); + ClassLoader classLoader = OAuth2AuthorizationServerJackson2Module.class.getClassLoader(); + List securityModules = SecurityJackson2Modules.getModules(classLoader); + this.objectMapper.registerModules(securityModules); this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module()); } @Test - public void readValueWhenUnmodifiableMapThenSuccess() throws Exception { - Map map = Collections.unmodifiableMap(new HashMap<>(Collections.singletonMap("key", "value"))); - String json = this.objectMapper.writeValueAsString(map); - assertThat(this.objectMapper.readValue(json, STRING_OBJECT_MAP)).isEqualTo(map); + public void readValueWhenOAuth2AuthorizationAttributesThenSuccess() throws Exception { + Authentication principal = new UsernamePasswordAuthenticationToken("principal", "credentials"); + OAuth2Authorization authorization = TestOAuth2Authorizations.authorization() + .attributes(attrs -> attrs.put(Principal.class.getName(), principal)) + .build(); + Map attributes = authorization.getAttributes(); + String json = this.objectMapper.writeValueAsString(attributes); + assertThat(this.objectMapper.readValue(json, STRING_OBJECT_MAP)).isEqualTo(attributes); + } + + @Test + public void readValueWhenOAuth2AccessTokenMetadataThenSuccess() throws Exception { + OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build(); + Map metadata = authorization.getAccessToken().getMetadata(); + String json = this.objectMapper.writeValueAsString(metadata); + assertThat(this.objectMapper.readValue(json, STRING_OBJECT_MAP)).isEqualTo(metadata); } @Test - public void readValueWhenHashSetThenSuccess() throws Exception { - Set set = new HashSet<>(Arrays.asList("one", "two")); - String json = this.objectMapper.writeValueAsString(set); - assertThat(this.objectMapper.readValue(json, STRING_SET)).isEqualTo(set); + public void readValueWhenClientSettingsThenSuccess() throws Exception { + ClientSettings clientSettings = ClientSettings.builder() + .tokenEndpointAuthenticationSigningAlgorithm(MacAlgorithm.HS256) + .build(); + Map clientSettingsMap = clientSettings.getSettings(); + String json = this.objectMapper.writeValueAsString(clientSettingsMap); + assertThat(this.objectMapper.readValue(json, STRING_OBJECT_MAP)).isEqualTo(clientSettingsMap); } - // gh-457 @Test - public void readValueWhenLinkedHashSetThenSuccess() throws Exception { - Set set = new LinkedHashSet<>(Arrays.asList("one", "two")); - String json = this.objectMapper.writeValueAsString(set); - assertThat(this.objectMapper.readValue(json, STRING_SET)).isEqualTo(set); + public void readValueWhenTokenSettingsThenSuccess() throws Exception { + TokenSettings tokenSettings = TokenSettings.builder().build(); + Map tokenSettingsMap = tokenSettings.getSettings(); + String json = this.objectMapper.writeValueAsString(tokenSettingsMap); + assertThat(this.objectMapper.readValue(json, STRING_OBJECT_MAP)).isEqualTo(tokenSettingsMap); } - // gh-1666 @Test - public void readValueWhenStringArrayThenSuccess() throws Exception { - String[] array = new String[] { "one", "two" }; - String json = this.objectMapper.writeValueAsString(array); - assertThat(this.objectMapper.readValue(json, STRING_ARRAY)).isEqualTo(array); + public void readValueWhenOAuth2TokenExchangeCompositeAuthenticationTokenThenSuccess() throws Exception { + Authentication subject = new UsernamePasswordAuthenticationToken("principal", "credentials"); + OAuth2TokenExchangeActor actor1 = new OAuth2TokenExchangeActor( + Map.of(JwtClaimNames.ISS, "issuer-1", JwtClaimNames.SUB, "actor1")); + OAuth2TokenExchangeActor actor2 = new OAuth2TokenExchangeActor( + Map.of(JwtClaimNames.ISS, "issuer-2", JwtClaimNames.SUB, "actor2")); + OAuth2TokenExchangeCompositeAuthenticationToken authentication = new OAuth2TokenExchangeCompositeAuthenticationToken( + subject, List.of(actor1, actor2)); + String json = this.objectMapper.writeValueAsString(authentication); + assertThat(this.objectMapper.readValue(json, OAuth2TokenExchangeCompositeAuthenticationToken.class)) + .isEqualTo(authentication); } }