Skip to content
This repository was archived by the owner on May 31, 2022. It is now read-only.

remote-check-token-invalid #1440

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
*******************************************************************************/
package org.springframework.security.oauth2.provider.token;

import com.sun.org.apache.xpath.internal.operations.Bool;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpEntity;
Expand Down Expand Up @@ -41,7 +42,6 @@
*
* @author Dave Syer
* @author Luke Taylor
*
*/
public class RemoteTokenServices implements ResourceServerTokenServices {

Expand Down Expand Up @@ -112,9 +112,10 @@ public OAuth2Authentication loadAuthentication(String accessToken) throws Authen
throw new InvalidTokenException(accessToken);
}

Object activeValue = map.get("active");
// gh-838
if (!Boolean.TRUE.equals(map.get("active"))) {
logger.debug("check_token returned active attribute: " + map.get("active"));
if (!(Boolean.TRUE.equals(activeValue) || Boolean.TRUE.toString().equals(activeValue))) {
logger.debug("check_token returned active attribute: " + activeValue);
throw new InvalidTokenException(accessToken);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,4 +89,16 @@ public void loadAuthenticationWhenIntrospectionResponseMissingActiveAttributeThe

this.remoteTokenServices.loadAuthentication("access-token-1234");
}
@Test
public void loadAuthenticationWhenIntrospectionResponseContainsActiveTrueByStringThenReturnAuthentication() throws Exception {
Map responseAttrs = new HashMap();
responseAttrs.put("active", "true"); // "active" is the only required attribute as per RFC 7662 (https://tools.ietf.org/search/rfc7662#section-2.2)
ResponseEntity<Map> response = new ResponseEntity<Map>(responseAttrs, HttpStatus.OK);
RestTemplate restTemplate = mock(RestTemplate.class);
when(restTemplate.exchange(anyString(), any(HttpMethod.class), any(HttpEntity.class), any(Class.class))).thenReturn(response);
this.remoteTokenServices.setRestTemplate(restTemplate);

OAuth2Authentication authentication = this.remoteTokenServices.loadAuthentication("access-token-1234");
assertNotNull(authentication);
}
}