Package org.springframework.security.oauth2.common

Examples of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken


   
    Map<String, String> authorizationParameters = Maps.newHashMap();
    OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(),
        Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true,
        scope, null, null, null, null);
    OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null);

    OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
    token.setClient(client);
    token.setScope(scope);
View Full Code Here


                                        reader.skipValue();
                                        continue;
                                }
                            }
                            reader.endObject();
                            OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
                            ahe.setAuthentication(auth);
                        } else {
                            logger.debug("Found unexpected entry");
                            reader.skipValue();
                        }
View Full Code Here

        given(refreshToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
        return refreshToken;
    }
   
    private OAuth2Authentication authentication(String name, OAuth2Request request) {
        OAuth2Authentication authentication = mock(OAuth2Authentication.class);
        given(authentication.getName()).willReturn(name);
        given(authentication.getOAuth2Request()).willReturn(request);
        return authentication;
    }
View Full Code Here

      }

      // NOTE: don't revoke the existing access token

      // create a new access token
      OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());

      return authentication;

    } else {
      throw new InvalidScopeException("Invalid scope requested in chained request", approvedScopes);
View Full Code Here

        // non-valid token
        logger.info("Server returned non-active token");
        return false;
      }
      // create an OAuth2Authentication
      OAuth2Authentication auth = new OAuth2Authentication(createStoredRequest(tokenResponse), createAuthentication(tokenResponse));
      // create an OAuth2AccessToken
      OAuth2AccessToken token = createAccessToken(tokenResponse, accessToken);

      if (token.getExpiration().after(new Date())) {
        // Store them in the cache
View Full Code Here

public class OAuth2AuthenticationReadConverter implements Converter<DBObject, OAuth2Authentication> {

    @Override
    public OAuth2Authentication convert(DBObject source) {
        DBObject storedRequest = (DBObject)source.get("storedRequest");
        OAuth2Request oAuth2Request = new OAuth2Request((Map<String, String>)storedRequest.get("requestParameters"),
                (String)storedRequest.get("clientId"), null, true, new HashSet((List)storedRequest.get("scope")),
                null, null, null, null);

        DBObject userAuthorization = (DBObject)source.get("userAuthentication");
        Object principal = getPrincipalObject(userAuthorization.get("principal"));
View Full Code Here

                            currentId = reader.nextLong();
                        } else if (name.equals("ownerId")) {
                            //not needed
                            reader.skipValue();
                        } else if (name.equals("authentication")) {
                            OAuth2Request clientAuthorization = null;
                            Authentication userAuthentication = null;
                            reader.beginObject();
                            while (reader.hasNext()) {
                                switch (reader.peek()) {
                                    case END_OBJECT:
View Full Code Here

                    reader.skipValue();
                    continue;
            }
        }
        reader.endObject();
        return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);
    }
View Full Code Here

    }
   
    // create a new token
   
    Map<String, String> authorizationParameters = Maps.newHashMap();
    OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(),
        Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true,
        scope, null, null, null, null);
    OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null);

    OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
View Full Code Here

  public String revoke(@RequestParam("token") String tokenValue, @RequestParam(value = "token_type_hint", required = false) String tokenType, Principal principal, Model model) {

    // This is the token as passed in from OAuth (in case we need it some day)
    //OAuth2AccessTokenEntity tok = tokenServices.getAccessToken((OAuth2Authentication) principal);

    OAuth2Request authRequest = null;
    if (principal instanceof OAuth2Authentication) {
      // if the client is acting on its own behalf (the common case), pull out the client authorization request
      authRequest = ((OAuth2Authentication) principal).getOAuth2Request();
    }

    try {
      // check and handle access tokens first

      OAuth2AccessTokenEntity accessToken = tokenServices.readAccessToken(tokenValue);
      if (authRequest != null) {
        // client acting on its own, make sure it owns the token
        if (!accessToken.getClient().getClientId().equals(authRequest.getClientId())) {
          // trying to revoke a token we don't own, throw a 403
          model.addAttribute("code", HttpStatus.FORBIDDEN);
          return HttpCodeView.VIEWNAME;
        }
      }

      // if we got this far, we're allowed to do this
      tokenServices.revokeAccessToken(accessToken);
      model.addAttribute("code", HttpStatus.OK);
      return HttpCodeView.VIEWNAME;

    } catch (InvalidTokenException e) {

      // access token wasn't found, check the refresh token

      try {
        OAuth2RefreshTokenEntity refreshToken = tokenServices.getRefreshToken(tokenValue);
        if (authRequest != null) {
          // client acting on its own, make sure it owns the token
          if (!refreshToken.getClient().getClientId().equals(authRequest.getClientId())) {
            // trying to revoke a token we don't own, throw a 403
            model.addAttribute("code", HttpStatus.FORBIDDEN);
            return HttpCodeView.VIEWNAME;
          }
        }
View Full Code Here

TOP

Related Classes of org.springframework.security.oauth2.common.DefaultOAuth2AccessToken

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.