Package org.mitre.oauth2.introspectingfilter

Examples of org.mitre.oauth2.introspectingfilter.IntrospectingTokenService


  @PreAuthorize("hasRole('ROLE_ADMIN')")
  @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = "application/json", produces = "application/json")
  public String apiUpdateClient(@PathVariable("id") Long id, @RequestBody String jsonString, Model m, Authentication auth) {

    JsonObject json = null;
    ClientDetailsEntity client = null;

    try {
      // parse the client passed in (from JSON) and fetch the old client from the store
      json = parser.parse(jsonString).getAsJsonObject();
      client = gson.fromJson(json, ClientDetailsEntity.class);
    }
    catch (JsonSyntaxException e) {
      logger.error("apiUpdateClient failed due to JsonSyntaxException", e);
      m.addAttribute("code", HttpStatus.BAD_REQUEST);
      m.addAttribute("errorMessage", "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
      return JsonErrorView.VIEWNAME;
    } catch (IllegalStateException e) {
      logger.error("apiUpdateClient failed due to IllegalStateException", e);
      m.addAttribute("code", HttpStatus.BAD_REQUEST);
      m.addAttribute("errorMessage", "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
      return JsonErrorView.VIEWNAME;
    }

    ClientDetailsEntity oldClient = clientService.getClientById(id);

    if (oldClient == null) {
      logger.error("apiUpdateClient failed; client with id " + id + " could not be found.");
      m.addAttribute("code", HttpStatus.NOT_FOUND);
      m.addAttribute("errorMessage", "Could not update client. The requested client with id " + id + "could not be found.");
      return JsonErrorView.VIEWNAME;
    }

    // if they leave the client identifier empty, force it to be generated
    if (Strings.isNullOrEmpty(client.getClientId())) {
      client = clientService.generateClientId(client);
    }

    if (client.getTokenEndpointAuthMethod() == null ||
        client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
      // we shouldn't have a secret for this client
     
      client.setClientSecret(null);
     
    } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC)
        || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)
        || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) {
     
      // if they've asked for us to generate a client secret (or they left it blank but require one), do so here
      if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()
          || Strings.isNullOrEmpty(client.getClientSecret())) {
        client = clientService.generateClientSecret(client);
      }

    } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {

      if (Strings.isNullOrEmpty(client.getJwksUri())) {
        logger.error("tried to create client with private key auth but no private key");
        m.addAttribute("code", HttpStatus.BAD_REQUEST);
        m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
        return JsonErrorView.VIEWNAME;
      }
     
      // otherwise we shouldn't have a secret for this client
      client.setClientSecret(null);
     
    } else {
     
      logger.error("unknown auth method");
      m.addAttribute("code", HttpStatus.BAD_REQUEST);
      m.addAttribute("errorMessage", "Unknown auth method requested");
      return JsonErrorView.VIEWNAME;
     
     
    }

    ClientDetailsEntity newClient = clientService.updateClient(oldClient, client);
    m.addAttribute("entity", newClient);

    if (isAdmin(auth)) {
      return ClientEntityViewForAdmins.VIEWNAME;
    } else {
View Full Code Here


   */
  @PreAuthorize("hasRole('ROLE_ADMIN')")
  @RequestMapping(value="/{id}", method=RequestMethod.DELETE)
  public String apiDeleteClient(@PathVariable("id") Long id, ModelAndView modelAndView) {

    ClientDetailsEntity client = clientService.getClientById(id);

    if (client == null) {
      logger.error("apiDeleteClient failed; client with id " + id + " could not be found.");
      modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND);
      modelAndView.getModelMap().put("errorMessage", "Could not delete client. The requested client with id " + id + "could not be found.");
View Full Code Here

   * @return
   */
  @RequestMapping(value="/{id}", method=RequestMethod.GET, produces = "application/json")
  public String apiShowClient(@PathVariable("id") Long id, Model model, Authentication auth) {

    ClientDetailsEntity client = clientService.getClientById(id);

    if (client == null) {
      logger.error("apiShowClient failed; client with id " + id + " could not be found.");
      model.addAttribute("code", HttpStatus.NOT_FOUND);
      model.addAttribute("errorMessage", "The requested client with id " + id + " could not be found.");
View Full Code Here

     * @throws IOException
     */
    private void readClients(JsonReader reader) throws IOException {
        reader.beginArray();
        while (reader.hasNext()) {
            ClientDetailsEntity client = new ClientDetailsEntity();
            reader.beginObject();
            while (reader.hasNext()) {
                switch (reader.peek()) {
                    case END_OBJECT:
                        continue;
                    case NAME:
                        String name = reader.nextName();
                        if (reader.peek() == JsonToken.NULL) {
                            reader.skipValue();
                        } else if (name.equals("clientId")) {
                            client.setClientId(reader.nextString());
                        } else if (name.equals("resourceIds")) {
                            Set<String> resourceIds = readSet(reader);
                            client.setResourceIds(resourceIds);
                        } else if (name.equals("secret")) {
                            client.setClientSecret(reader.nextString());
                        } else if (name.equals("scope")) {
                            Set<String> scope = readSet(reader);
                            client.setScope(scope);
                        } else if (name.equals("authorities")) {
                            Set<String> authorityStrs = readSet(reader);
                            Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
                            for (String s : authorityStrs) {
                                GrantedAuthority ga = new SimpleGrantedAuthority(s);
                                authorities.add(ga);
                            }
                            client.setAuthorities(authorities);
                        } else if (name.equals("accessTokenValiditySeconds")) {
                            client.setAccessTokenValiditySeconds(reader.nextInt());
                        } else if (name.equals("refreshTokenValiditySeconds")) {
                            client.setRefreshTokenValiditySeconds(reader.nextInt());
                        } else if (name.equals("redirectUris")) {
                            Set<String> redirectUris = readSet(reader);
                            client.setRedirectUris(redirectUris);
                        } else if (name.equals("name")) {
                            client.setClientName(reader.nextString());
                        } else if (name.equals("uri")) {
                            client.setClientUri(reader.nextString());
                        } else if (name.equals("logoUri")) {
                            client.setLogoUri(reader.nextString());
                        } else if (name.equals("contacts")) {
                            Set<String> contacts = readSet(reader);
                            client.setContacts(contacts);
                        } else if (name.equals("tosUri")) {
                            client.setTosUri(reader.nextString());
                        } else if (name.equals("tokenEndpointAuthMethod")) {
                            AuthMethod am = AuthMethod.getByValue(reader.nextString());
                            client.setTokenEndpointAuthMethod(am);
                        } else if (name.equals("grantTypes")) {
                            Set<String> grantTypes = readSet(reader);
                            client.setGrantTypes(grantTypes);
                        } else if (name.equals("responseTypes")) {
                            Set<String> responseTypes = readSet(reader);
                            client.setResponseTypes(responseTypes);
                        } else if (name.equals("policyUri")) {
                            client.setPolicyUri(reader.nextString());
                        } else if (name.equals("applicationType")) {
                            AppType appType = AppType.getByValue(reader.nextString());
                            client.setApplicationType(appType);
                        } else if (name.equals("sectorIdentifierUri")) {
                            client.setSectorIdentifierUri(reader.nextString());
                        } else if (name.equals("subjectType")) {
                            SubjectType st = SubjectType.getByValue(reader.nextString());
                            client.setSubjectType(st);
                        } else if (name.equals("requestObjectSigningAlg")) {
                            JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
                            client.setRequestObjectSigningAlgEmbed(alg);
                        } else if (name.equals("userInfoEncryptedResponseAlg")) {
                            JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString());
                            client.setUserInfoEncryptedResponseAlgEmbed(alg);
                        } else if (name.equals("userInfoEncryptedResponseEnc")) {
                            JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString());
                            client.setUserInfoEncryptedResponseEncEmbed(alg);
                        } else if (name.equals("userInfoSignedResponseAlg")) {
                            JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
                            client.setUserInfoSignedResponseAlgEmbed(alg);
                        } else if (name.equals("defaultMaxAge")) {
                            client.setDefaultMaxAge(reader.nextInt());
                        } else if (name.equals("requireAuthTime")) {
                            client.setRequireAuthTime(reader.nextBoolean());
                        } else if (name.equals("defaultACRValues")) {
                            Set<String> defaultACRvalues = readSet(reader);
                            client.setDefaultACRvalues(defaultACRvalues);
                        } else if (name.equals("initiateLoginUri")) {
                            client.setInitiateLoginUri(reader.nextString());
                        } else if (name.equals("postLogoutRedirectUri")) {
                            client.setPostLogoutRedirectUri(reader.nextString());
                        } else if (name.equals("requestUris")) {
                            Set<String> requestUris = readSet(reader);
                            client.setRequestUris(requestUris);
                        } else if (name.equals("description")) {
                            client.setClientDescription(reader.nextString());
                        } else if (name.equals("allowIntrospection")) {
                            client.setAllowIntrospection(reader.nextBoolean());
                        } else if (name.equals("reuseRefreshToken")) {
                            client.setReuseRefreshToken(reader.nextBoolean());
                        } else if (name.equals("dynamicallyRegistered")) {
                            client.setDynamicallyRegistered(reader.nextBoolean());
                        } else {
                            logger.debug("Found unexpected entry");
                            reader.skipValue();
                        }
                        break;
View Full Code Here

          // copy over all existing claims
          JWTClaimsSet claims = new JWTClaimsSet(idToken.getJWTClaimsSet());

          if (client instanceof ClientDetailsEntity) {

            ClientDetailsEntity clientEntity = (ClientDetailsEntity) client;

            // update expiration and issued-at claims
            if (clientEntity.getIdTokenValiditySeconds() != null) {
              Date expiration = new Date(System.currentTimeMillis() + (clientEntity.getIdTokenValiditySeconds() * 1000L));
              claims.setExpirationTime(expiration);
              newIdTokenEntity.setExpiration(expiration);
            }

          } else {
View Full Code Here

    }

    private void fixObjectReferences() {
        for (Long oldRefreshTokenId : refreshTokenToClientRefs.keySet()) {
            String clientRef = refreshTokenToClientRefs.get(oldRefreshTokenId);
            ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
            Long newRefreshTokenId = refreshTokenOldToNewIdMap.get(oldRefreshTokenId);
            OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
            refreshToken.setClient(client);
            tokenRepository.saveRefreshToken(refreshToken);
        }
        refreshTokenToClientRefs.clear();
        for (Long oldRefreshTokenId : refreshTokenToAuthHolderRefs.keySet()) {
            Long oldAuthHolderId = refreshTokenToAuthHolderRefs.get(oldRefreshTokenId);
            Long newAuthHolderId = authHolderOldToNewIdMap.get(oldAuthHolderId);
            AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId);
            Long newRefreshTokenId = refreshTokenOldToNewIdMap.get(oldRefreshTokenId);
            OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
            refreshToken.setAuthenticationHolder(authHolder);
            tokenRepository.saveRefreshToken(refreshToken);
        }
        refreshTokenToAuthHolderRefs.clear();
        for (Long oldAccessTokenId : accessTokenToClientRefs.keySet()) {
            String clientRef = accessTokenToClientRefs.get(oldAccessTokenId);
            ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
            Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
            OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
            accessToken.setClient(client);
            tokenRepository.saveAccessToken(accessToken);
        }
View Full Code Here

                            Set<String> responseTypes = readSet(reader);
                            client.setResponseTypes(responseTypes);
                        } else if (name.equals("policyUri")) {
                            client.setPolicyUri(reader.nextString());
                        } else if (name.equals("applicationType")) {
                            AppType appType = AppType.getByValue(reader.nextString());
                            client.setApplicationType(appType);
                        } else if (name.equals("sectorIdentifierUri")) {
                            client.setSectorIdentifierUri(reader.nextString());
                        } else if (name.equals("subjectType")) {
                            SubjectType st = SubjectType.getByValue(reader.nextString());
View Full Code Here

                            Set<String> contacts = readSet(reader);
                            client.setContacts(contacts);
                        } else if (name.equals("tosUri")) {
                            client.setTosUri(reader.nextString());
                        } else if (name.equals("tokenEndpointAuthMethod")) {
                            AuthMethod am = AuthMethod.getByValue(reader.nextString());
                            client.setTokenEndpointAuthMethod(am);
                        } else if (name.equals("grantTypes")) {
                            Set<String> grantTypes = readSet(reader);
                            client.setGrantTypes(grantTypes);
                        } else if (name.equals("responseTypes")) {
View Full Code Here

                            AppType appType = AppType.getByValue(reader.nextString());
                            client.setApplicationType(appType);
                        } else if (name.equals("sectorIdentifierUri")) {
                            client.setSectorIdentifierUri(reader.nextString());
                        } else if (name.equals("subjectType")) {
                            SubjectType st = SubjectType.getByValue(reader.nextString());
                            client.setSubjectType(st);
                        } else if (name.equals("requestObjectSigningAlg")) {
                            JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
                            client.setRequestObjectSigningAlgEmbed(alg);
                        } else if (name.equals("userInfoEncryptedResponseAlg")) {
View Full Code Here

  }

  @Override
  @Transactional
  public void removeAccessToken(OAuth2AccessTokenEntity accessToken) {
    OAuth2AccessTokenEntity found = getAccessTokenByValue(accessToken.getValue());
    if (found != null) {
      manager.remove(found);
    } else {
      throw new IllegalArgumentException("Access token not found: " + accessToken);
    }
View Full Code Here

TOP

Related Classes of org.mitre.oauth2.introspectingfilter.IntrospectingTokenService

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.