Skip to content
This repository was archived by the owner on May 31, 2022. It is now read-only.

remote-check-token-invalid #1440

Closed
wants to merge 3 commits into from
Closed

remote-check-token-invalid #1440

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
81d0f09
remote-check-token-invalid
Jul 30, 2018
e3abf02
add-test-and-take-both-into-account
Aug 2, 2018
922b8de
refactor
Aug 14, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions ...src/main/java/org/springframework/security/oauth2/provider/token/RemoteTokenServices.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
*******************************************************************************/
package org.springframework.security.oauth2.provider.token;

import com.sun.org.apache.xpath.internal.operations.Bool;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpEntity;
Expand Down Expand Up @@ -41,7 +42,6 @@
*
* @author Dave Syer
* @author Luke Taylor
*
*/
public class RemoteTokenServices implements ResourceServerTokenServices {

Expand Down Expand Up @@ -112,9 +112,10 @@ public OAuth2Authentication loadAuthentication(String accessToken) throws Authen
throw new InvalidTokenException(accessToken);
}

Object activeValue = map.get("active");
// gh-838
if (!Boolean.TRUE.equals(map.get("active"))) {
logger.debug("check_token returned active attribute: " + map.get("active"));
if (!(Boolean.TRUE.equals(activeValue) || Boolean.TRUE.toString().equals(activeValue))) {
logger.debug("check_token returned active attribute: " + activeValue);
throw new InvalidTokenException(accessToken);
}

Expand Down
12 changes: 12 additions & 0 deletions ...test/java/org/springframework/security/oauth2/provider/token/RemoteTokenServicesTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,4 +89,16 @@ public void loadAuthenticationWhenIntrospectionResponseMissingActiveAttributeThe

this.remoteTokenServices.loadAuthentication("access-token-1234");
}
@Test
public void loadAuthenticationWhenIntrospectionResponseContainsActiveTrueByStringThenReturnAuthentication() throws Exception {
Map responseAttrs = new HashMap();
responseAttrs.put("active", "true"); // "active" is the only required attribute as per RFC 7662 (https://tools.ietf.org/search/rfc7662#section-2.2)
ResponseEntity<Map> response = new ResponseEntity<Map>(responseAttrs, HttpStatus.OK);
RestTemplate restTemplate = mock(RestTemplate.class);
when(restTemplate.exchange(anyString(), any(HttpMethod.class), any(HttpEntity.class), any(Class.class))).thenReturn(response);
this.remoteTokenServices.setRestTemplate(restTemplate);

OAuth2Authentication authentication = this.remoteTokenServices.loadAuthentication("access-token-1234");
assertNotNull(authentication);
}
}