Package org.mitre.oauth2.model

Examples of org.mitre.oauth2.model.AuthenticationHolderEntity


    @Test
    public void shouldAssembleExpectedResultForAccessToken() {

        // given
        OAuth2AccessTokenEntity accessToken = accessToken(new Date(123), scopes("foo", "bar"), "Bearer",
                authentication("name", request("clientId")));

        UserInfo userInfo = userInfo("sub");

        // when
View Full Code Here


    @Test
    public void shouldAssembleExpectedResultForAccessTokenWithoutUserInfo() {

        // given
        OAuth2AccessTokenEntity accessToken = accessToken(new Date(123), scopes("foo", "bar"), "Bearer",
                authentication("name", request("clientId")));

        // when
        Map<String, Object> result = assembler.assembleFrom(accessToken, null);
View Full Code Here

    @Test
    public void shouldAssembleExpectedResultForAccessTokenWithoutExpiry() {

        // given
        OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), "Bearer",
                authentication("name", request("clientId")));

        UserInfo userInfo = userInfo("sub");

        // when
View Full Code Here

        given(userInfo.getSub()).willReturn(sub);
        return userInfo;
    }

    private OAuth2AccessTokenEntity accessToken(Date exp, Set<String> scopes, String tokenType, OAuth2Authentication authentication) {
        OAuth2AccessTokenEntity accessToken = mock(OAuth2AccessTokenEntity.class, RETURNS_DEEP_STUBS);
        given(accessToken.getExpiration()).willReturn(exp);
        given(accessToken.getScope()).willReturn(scopes);
        given(accessToken.getTokenType()).willReturn(tokenType);
        given(accessToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
        return accessToken;
    }
View Full Code Here

   */
  @Override
  protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) throws AuthenticationException, InvalidTokenException {
    // read and load up the existing token
    String incomingTokenValue = tokenRequest.getRequestParameters().get("token");
    OAuth2AccessTokenEntity incomingToken = tokenServices.readAccessToken(incomingTokenValue);

    // check for scoping in the request, can't up-scope with a chained request
    Set<String> approvedScopes = incomingToken.getScope();
    Set<String> requestedScopes = tokenRequest.getScope();

    if (requestedScopes == null) {
      requestedScopes = new HashSet<String>();
    }

    // do a check on the requested scopes -- if they exactly match the client scopes, they were probably shadowed by the token granter
    if (client.getScope().equals(requestedScopes)) {
      requestedScopes = new HashSet<String>();
    }

    // if our scopes are a valid subset of what's allowed, we can continue
    if (approvedScopes.containsAll(requestedScopes)) {

      if (requestedScopes.isEmpty()) {
        // if there are no scopes, inherit the original scopes from the token
        tokenRequest.setScope(approvedScopes);
      } else {
        // if scopes were asked for, give only the subset of scopes requested
        // this allows safe downscoping
        tokenRequest.setScope(Sets.intersection(requestedScopes, approvedScopes));
      }

      // NOTE: don't revoke the existing access token

      // create a new access token
      OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());

      return authentication;

    } else {
      throw new InvalidScopeException("Invalid scope requested in chained request", approvedScopes);
View Full Code Here

   */
  @Override
  protected OAuth2AccessToken getAccessToken(ClientDetails client, TokenRequest tokenRequest) throws AuthenticationException, InvalidTokenException {
    // read and load up the existing token
    String incomingTokenValue = tokenRequest.getRequestParameters().get("assertion");
    OAuth2AccessTokenEntity incomingToken = tokenServices.readAccessToken(incomingTokenValue);

    if (incomingToken.getScope().contains(SystemScopeService.ID_TOKEN_SCOPE)) {

      if (!client.getClientId().equals(tokenRequest.getClientId())) {
        throw new InvalidClientException("Not the right client for this token");
      }

      // it's an ID token, process it accordingly

      try {

        // TODO: make this use a more specific idtoken class
        JWT idToken = JWTParser.parse(incomingTokenValue);

        OAuth2AccessTokenEntity accessToken = tokenServices.getAccessTokenForIdToken(incomingToken);

        if (accessToken != null) {

          //OAuth2AccessTokenEntity newIdToken = tokenServices.get

          OAuth2AccessTokenEntity newIdTokenEntity = new OAuth2AccessTokenEntity();

          // copy over all existing claims
          JWTClaimsSet claims = new JWTClaimsSet(idToken.getJWTClaimsSet());

          if (client instanceof ClientDetailsEntity) {

            ClientDetailsEntity clientEntity = (ClientDetailsEntity) client;

            // update expiration and issued-at claims
            if (clientEntity.getIdTokenValiditySeconds() != null) {
              Date expiration = new Date(System.currentTimeMillis() + (clientEntity.getIdTokenValiditySeconds() * 1000L));
              claims.setExpirationTime(expiration);
              newIdTokenEntity.setExpiration(expiration);
            }

          } else {
            //This should never happen
            logger.fatal("SEVERE: Client is not an instance of OAuth2AccessTokenEntity.");
            throw new BadCredentialsException("SEVERE: Client is not an instance of ClientDetailsEntity; JwtAssertionTokenGranter cannot process this request.");
          }

          claims.setIssueTime(new Date());


          SignedJWT newIdToken = new SignedJWT((JWSHeader) idToken.getHeader(), claims);
          jwtService.signJwt(newIdToken);

          newIdTokenEntity.setJwt(newIdToken);
          newIdTokenEntity.setAuthenticationHolder(incomingToken.getAuthenticationHolder());
          newIdTokenEntity.setScope(incomingToken.getScope());
          newIdTokenEntity.setClient(incomingToken.getClient());

          newIdTokenEntity = tokenServices.saveAccessToken(newIdTokenEntity);

          // attach the ID token to the access token entity
          accessToken.setIdToken(newIdTokenEntity);
View Full Code Here

    private void fixObjectReferences() {
        for (Long oldRefreshTokenId : refreshTokenToClientRefs.keySet()) {
            String clientRef = refreshTokenToClientRefs.get(oldRefreshTokenId);
            ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
            Long newRefreshTokenId = refreshTokenOldToNewIdMap.get(oldRefreshTokenId);
            OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
            refreshToken.setClient(client);
            tokenRepository.saveRefreshToken(refreshToken);
        }
        refreshTokenToClientRefs.clear();
        for (Long oldRefreshTokenId : refreshTokenToAuthHolderRefs.keySet()) {
            Long oldAuthHolderId = refreshTokenToAuthHolderRefs.get(oldRefreshTokenId);
            Long newAuthHolderId = authHolderOldToNewIdMap.get(oldAuthHolderId);
            AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId);
            Long newRefreshTokenId = refreshTokenOldToNewIdMap.get(oldRefreshTokenId);
            OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
            refreshToken.setAuthenticationHolder(authHolder);
            tokenRepository.saveRefreshToken(refreshToken);
        }
        refreshTokenToAuthHolderRefs.clear();
        for (Long oldAccessTokenId : accessTokenToClientRefs.keySet()) {
            String clientRef = accessTokenToClientRefs.get(oldAccessTokenId);
            ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
            Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
            OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
            accessToken.setClient(client);
            tokenRepository.saveAccessToken(accessToken);
        }
        accessTokenToClientRefs.clear();
        for (Long oldAccessTokenId : accessTokenToAuthHolderRefs.keySet()) {
            Long oldAuthHolderId = accessTokenToAuthHolderRefs.get(oldAccessTokenId);
            Long newAuthHolderId = authHolderOldToNewIdMap.get(oldAuthHolderId);
            AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId);
            Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
            OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
            accessToken.setAuthenticationHolder(authHolder);
            tokenRepository.saveAccessToken(accessToken);
        }
        accessTokenToAuthHolderRefs.clear();
        for (Long oldAccessTokenId : accessTokenToRefreshTokenRefs.keySet()) {
            Long oldRefreshTokenId = accessTokenToRefreshTokenRefs.get(oldAccessTokenId);
            Long newRefreshTokenId = refreshTokenOldToNewIdMap.get(oldRefreshTokenId);
            OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
            Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
            OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
            accessToken.setRefreshToken(refreshToken);
            tokenRepository.saveAccessToken(accessToken);
        }
View Full Code Here

  }

  @Override
  @Transactional
  public void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
    OAuth2RefreshTokenEntity found = getRefreshTokenByValue(refreshToken.getValue());
    if (found != null) {
      manager.remove(found);
    } else {
      throw new IllegalArgumentException("Refresh token not found: " + refreshToken);
    }
View Full Code Here

      model.addAttribute("entity", entity);
      return JsonEntityView.VIEWNAME;
    }

        OAuth2AccessTokenEntity accessToken = null;
        OAuth2RefreshTokenEntity refreshToken = null;
    ClientDetailsEntity tokenClient;
    Set<String> scopes;
    UserInfo user;

    try {

      // check access tokens first (includes ID tokens)
      accessToken = tokenServices.readAccessToken(tokenValue);

      tokenClient = accessToken.getClient();
      scopes = accessToken.getScope();

            user = userInfoService.getByUsernameAndClientId(accessToken.getAuthenticationHolder().getAuthentication().getName(), tokenClient.getClientId());

    } catch (InvalidTokenException e) {
      logger.info("Verify failed; Invalid access token. Checking refresh token.");
      try {

        // check refresh tokens next
        refreshToken = tokenServices.getRefreshToken(tokenValue);

        tokenClient = refreshToken.getClient();
        scopes = refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope();

        user = userInfoService.getByUsernameAndClientId(refreshToken.getAuthenticationHolder().getAuthentication().getName(), tokenClient.getClientId());

      } catch (InvalidTokenException e2) {
        logger.error("Verify failed; Invalid access/refresh token", e2);
        Map<String,Boolean> entity = ImmutableMap.of("active", Boolean.FALSE);
        model.addAttribute("entity", entity);
View Full Code Here

  }

  @RequestMapping(value = "/refresh/{id}", method = RequestMethod.GET, produces = "application/json")
  public String getRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) {

    OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id);

    if (token == null) {
      logger.error("refresh token not found: " + id);
      m.put("code", HttpStatus.NOT_FOUND);
      m.put("errorMessage", "The requested token with id " + id + " could not be found.");
      return JsonErrorView.VIEWNAME;
    } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
      logger.error("refresh token " + id + " does not belong to principal " + p.getName());
      m.put("code", HttpStatus.FORBIDDEN);
      m.put("errorMessage", "You do not have permission to view this token");
      return JsonErrorView.VIEWNAME;
    } else {
View Full Code Here

TOP

Related Classes of org.mitre.oauth2.model.AuthenticationHolderEntity

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.