public OAuth2AccessToken enhance(
OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken);
Map<String, Object> info =
new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation());
String tokenId = result.getValue();
if (!info.containsKey(TOKEN_ID)) {
info.put(TOKEN_ID, tokenId);
}
result.setAdditionalInformation(info);
return result.setValue(encode(result, authentication));
}
@Test
public void testExpiredToken() throws Exception {
OAuth2Authentication expectedAuthentication =
new OAuth2Authentication(
new AuthorizationRequest("id", Collections.singleton("read"), null, null),
new TestAuthentication("test2", false));
DefaultOAuth2AccessToken firstAccessToken =
(DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
// Make it expire (and rely on mutable state in volatile token store)
firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
expected.expect(InvalidTokenException.class);
expected.expectMessage("expired");
getTokenServices().loadAuthentication(firstAccessToken.getValue());
}
@Test
public void testDifferentRefreshTokenMaintainsState() throws Exception {
// create access token
getTokenServices().setAccessTokenValiditySeconds(1);
getTokenServices()
.setClientDetailsService(
new ClientDetailsService() {
public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception {
BaseClientDetails client = new BaseClientDetails();
client.setAccessTokenValiditySeconds(1);
return client;
}
});
OAuth2Authentication expectedAuthentication =
new OAuth2Authentication(
new AuthorizationRequest("id", Collections.singleton("read"), null, null),
new TestAuthentication("test2", false));
DefaultOAuth2AccessToken firstAccessToken =
(DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
OAuth2RefreshToken expectedExpiringRefreshToken = firstAccessToken.getRefreshToken();
// Make it expire (and rely on mutable state in volatile token store)
firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
// create another access token
OAuth2AccessToken secondAccessToken =
getTokenServices().createAccessToken(expectedAuthentication);
assertFalse(
"The new access token should be different",
firstAccessToken.getValue().equals(secondAccessToken.getValue()));
assertEquals(
"The new access token should have the same refresh token",
expectedExpiringRefreshToken.getValue(),
secondAccessToken.getRefreshToken().getValue());
// refresh access token with refresh token
getTokenServices()
.refreshAccessToken(
expectedExpiringRefreshToken.getValue(),
expectedAuthentication.getAuthorizationRequest().getScope());
assertEquals(1, getAccessTokenCount());
}
