Package org.mitre.oauth2.model

Examples of org.mitre.oauth2.model.SystemScope


  }

  @RequestMapping(value = "/refresh/{id}", method = RequestMethod.GET, produces = "application/json")
  public String getRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) {

    OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id);

    if (token == null) {
      logger.error("refresh token not found: " + id);
      m.put("code", HttpStatus.NOT_FOUND);
      m.put("errorMessage", "The requested token with id " + id + " could not be found.");
      return JsonErrorView.VIEWNAME;
    } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
      logger.error("refresh token " + id + " does not belong to principal " + p.getName());
      m.put("code", HttpStatus.FORBIDDEN);
      m.put("errorMessage", "You do not have permission to view this token");
      return JsonErrorView.VIEWNAME;
    } else {
View Full Code Here


  }

  @RequestMapping(value = "/refresh/{id}", method = RequestMethod.DELETE, produces = "application/json")
  public String deleteRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) {

    OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id);

    if (token == null) {
      logger.error("refresh token not found: " + id);
      m.put("code", HttpStatus.NOT_FOUND);
      m.put("errorMessage", "The requested token with id " + id + " could not be found.");
      return JsonErrorView.VIEWNAME;
    } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
      logger.error("refresh token " + id + " does not belong to principal " + p.getName());
      m.put("code", HttpStatus.FORBIDDEN);
      m.put("errorMessage", "You do not have permission to view this token");
      return JsonErrorView.VIEWNAME;
    } else {
View Full Code Here

    } catch (InvalidTokenException e) {

      // access token wasn't found, check the refresh token

      try {
        OAuth2RefreshTokenEntity refreshToken = tokenServices.getRefreshToken(tokenValue);
        if (authRequest != null) {
          // client acting on its own, make sure it owns the token
          if (!refreshToken.getClient().getClientId().equals(authRequest.getClientId())) {
            // trying to revoke a token we don't own, throw a 403
            model.addAttribute("code", HttpStatus.FORBIDDEN);
            return HttpCodeView.VIEWNAME;
          }
        }
View Full Code Here

    @Test
    public void shouldAssembleExpectedResultForRefreshToken() {

        // given
        OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123),
                authentication("name", request("clientId", scopes("foo""bar"))));

        UserInfo userInfo = userInfo("sub");

        // when
View Full Code Here

    @Test
    public void shouldAssembleExpectedResultForRefreshTokenWithoutUserInfo() {

        // given
        OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123),
                authentication("name", request("clientId", scopes("foo""bar"))));

        // when
        Map<String, Object> result = assembler.assembleFrom(refreshToken, null);
View Full Code Here

    @Test
    public void shouldAssembleExpectedResultForRefreshTokenWithoutExpiry() {

        // given
        OAuth2RefreshTokenEntity refreshToken = refreshToken(null,
                authentication("name", request("clientId", scopes("foo""bar"))));

        UserInfo userInfo = userInfo("sub");

        // when
View Full Code Here

        given(accessToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
        return accessToken;
    }

    private OAuth2RefreshTokenEntity refreshToken(Date exp, OAuth2Authentication authentication) {
        OAuth2RefreshTokenEntity refreshToken = mock(OAuth2RefreshTokenEntity.class, RETURNS_DEEP_STUBS);
        given(refreshToken.getExpiration()).willReturn(exp);
        given(refreshToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
        return refreshToken;
    }
View Full Code Here

     * @throws IOException
     */
    private void readRefreshTokens(JsonReader reader) throws IOException {
        reader.beginArray();
        while (reader.hasNext()) {
            OAuth2RefreshTokenEntity token = new OAuth2RefreshTokenEntity();
            reader.beginObject();
            Long currentId = null;
            String clientId = null;
            Long authHolderId = null;
            while (reader.hasNext()) {
                switch (reader.peek()) {
                    case END_OBJECT:
                        continue;
                    case NAME:
                        String name = reader.nextName();
                        if (reader.peek() == JsonToken.NULL) {
                            reader.skipValue();
                        } else if (name.equals("id")) {
                            currentId = reader.nextLong();
                        } else if (name.equals("expiration")) {
                            Date date = DateUtil.utcToDate(reader.nextString());
                            token.setExpiration(date);
                        } else if (name.equals("value")) {
                            String value = reader.nextString();
                            try {
                                token.setValue(value);
                            } catch (ParseException ex) {
                                logger.error("Unable to set refresh token value to {}", value, ex);
                            }
                        } else if (name.equals("clientId")) {
                            clientId = reader.nextString();
View Full Code Here

    private void fixObjectReferences() {
        for (Long oldRefreshTokenId : refreshTokenToClientRefs.keySet()) {
            String clientRef = refreshTokenToClientRefs.get(oldRefreshTokenId);
            ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
            Long newRefreshTokenId = refreshTokenOldToNewIdMap.get(oldRefreshTokenId);
            OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
            refreshToken.setClient(client);
            tokenRepository.saveRefreshToken(refreshToken);
        }
        refreshTokenToClientRefs.clear();
        for (Long oldRefreshTokenId : refreshTokenToAuthHolderRefs.keySet()) {
            Long oldAuthHolderId = refreshTokenToAuthHolderRefs.get(oldRefreshTokenId);
            Long newAuthHolderId = authHolderOldToNewIdMap.get(oldAuthHolderId);
            AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId);
            Long newRefreshTokenId = refreshTokenOldToNewIdMap.get(oldRefreshTokenId);
            OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
            refreshToken.setAuthenticationHolder(authHolder);
            tokenRepository.saveRefreshToken(refreshToken);
        }
        refreshTokenToAuthHolderRefs.clear();
        for (Long oldAccessTokenId : accessTokenToClientRefs.keySet()) {
            String clientRef = accessTokenToClientRefs.get(oldAccessTokenId);
            ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
            Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
            OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
            accessToken.setClient(client);
            tokenRepository.saveAccessToken(accessToken);
        }
        accessTokenToClientRefs.clear();
        for (Long oldAccessTokenId : accessTokenToAuthHolderRefs.keySet()) {
            Long oldAuthHolderId = accessTokenToAuthHolderRefs.get(oldAccessTokenId);
            Long newAuthHolderId = authHolderOldToNewIdMap.get(oldAuthHolderId);
            AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId);
            Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
            OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
            accessToken.setAuthenticationHolder(authHolder);
            tokenRepository.saveAccessToken(accessToken);
        }
        accessTokenToAuthHolderRefs.clear();
        for (Long oldAccessTokenId : accessTokenToRefreshTokenRefs.keySet()) {
            Long oldRefreshTokenId = accessTokenToRefreshTokenRefs.get(oldAccessTokenId);
            Long newRefreshTokenId = refreshTokenOldToNewIdMap.get(oldRefreshTokenId);
            OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
            Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
            OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
            accessToken.setRefreshToken(refreshToken);
            tokenRepository.saveAccessToken(accessToken);
        }
View Full Code Here

  @Test
  public void getClientConfiguration_useStatic() {

    Mockito.when(mockStaticService.getClientConfiguration(mockServerConfig)).thenReturn(mockClient);

    RegisteredClient result = hybridService.getClientConfiguration(mockServerConfig);

    Mockito.verify(mockStaticService).getClientConfiguration(mockServerConfig);
    Mockito.verify(mockDynamicService, Mockito.never()).getClientConfiguration(Matchers.any(ServerConfiguration.class));
    assertEquals(mockClient, result);
  }
View Full Code Here

TOP

Related Classes of org.mitre.oauth2.model.SystemScope

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.