Package org.springframework.security.oauth2.provider

Examples of org.springframework.security.oauth2.provider.ClientDetails


      chain.doFilter(req, res);
      return;
    }

    // we have to create our own auth request in order to get at all the parmeters appropriately
    AuthorizationRequest authRequest = authRequestFactory.createAuthorizationRequest(createRequestMap(request.getParameterMap()));

    ClientDetailsEntity client = null;

    try {
      client = clientService.loadClientByClientId(authRequest.getClientId());
    } catch (InvalidClientException e) {
      // no need to worry about this here, it would be caught elsewhere
    } catch (IllegalArgumentException e) {
      // no need to worry about this here, it would be caught elsewhere
    }

    if (authRequest.getExtensions().get("prompt") != null) {
      // we have a "prompt" parameter
      String prompt = (String)authRequest.getExtensions().get("prompt");
      List<String> prompts = Splitter.on(" ").splitToList(Strings.nullToEmpty(prompt));

      if (prompts.contains("none")) {
        logger.info("Client requested no prompt");
        // see if the user's logged in
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        if (auth != null) {
          // user's been logged in already (by session management)
          // we're OK, continue without prompting
          chain.doFilter(req, res);
        } else {
          // user hasn't been logged in, we need to "return an error"
          logger.info("User not logged in, no prompt requested, returning 403 from filter");
          response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
          return;
        }
      } else if (prompts.contains("login")) {

        // first see if the user's already been prompted in this session
        HttpSession session = request.getSession();
        if (session.getAttribute(PROMPTED) == null) {
          // user hasn't been PROMPTED yet, we need to check

          session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE);

          // see if the user's logged in
          Authentication auth = SecurityContextHolder.getContext().getAuthentication();
          if (auth != null) {
            // user's been logged in already (by session management)
            // log them out and continue
            SecurityContextHolder.getContext().setAuthentication(null);
            chain.doFilter(req, res);
          } else {
            // user hasn't been logged in yet, we can keep going since we'll get there
            chain.doFilter(req, res);
          }
        } else {
          // user has been PROMPTED, we're fine

          // but first, undo the prompt tag
          session.removeAttribute(PROMPTED);
          chain.doFilter(req, res);
        }
      } else {
        // prompt parameter is a value we don't care about, not our business
        chain.doFilter(req, res);
      }

    } else if (authRequest.getExtensions().get("max_age") != null ||
        (client != null && client.getDefaultMaxAge() != null)) {

      // default to the client's stored value, check the string parameter
      Integer max = (client != null ? client.getDefaultMaxAge() : null);
      String maxAge = (String) authRequest.getExtensions().get("max_age");
      if (maxAge != null) {
        max = Integer.parseInt(maxAge);
      }

      if (max != null) {
View Full Code Here


    // then
    assertThat(permitted, is(false));
  }

  private ClientDetails clientWithId(String clientId) {
    ClientDetails client = mock(ClientDetails.class);
    given(client.getClientId()).willReturn(clientId);
    return client;
  }
View Full Code Here

    return client;
  }

  private ClientDetails clientWithIdAndScope(String clientId,
      Set<String> scope) {
    ClientDetails client = clientWithId(clientId);
    given(client.getScope()).willReturn(scope);
    return client;
  }
View Full Code Here

  @Override
  public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {

    String userId = userAuthentication.getName();
    String clientId = authorizationRequest.getClientId();
    ClientDetails client = clientDetailsService.loadClientByClientId(clientId);

    // This must be re-parsed here because SECOAUTH forces us to call things in a strange order
    if (Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval"))
        && authorizationRequest.getExtensions().get("csrf") != null
        && authorizationRequest.getExtensions().get("csrf").equals(authorizationRequest.getApprovalParameters().get("csrf"))) {

      authorizationRequest.setApproved(true);

      // process scopes from user input
      Set<String> allowedScopes = Sets.newHashSet();
      Map<String,String> approvalParams = authorizationRequest.getApprovalParameters();

      Set<String> keys = approvalParams.keySet();

      for (String key : keys) {
        if (key.startsWith("scope_")) {
          //This is a scope parameter from the approval page. The value sent back should
          //be the scope string. Check to make sure it is contained in the client's
          //registered allowed scopes.

          String scope = approvalParams.get(key);
          Set<String> approveSet = Sets.newHashSet(scope);

          //Make sure this scope is allowed for the given client
          if (systemScopes.scopesMatch(client.getScope(), approveSet)) {

            // If it's structured, assign the user-specified parameter
            SystemScope systemScope = systemScopes.getByValue(scope);
            if (systemScope != null && systemScope.isStructured()){
              String paramValue = approvalParams.get("scopeparam_" + scope);
View Full Code Here

  }

  private void checkClientDetails(OAuth2Authentication auth) {
    if (clientDetailsService != null) {
      ClientDetails client;
      try {
        client = clientDetailsService.loadClientByClientId(auth.getOAuth2Request().getClientId());
      }
      catch (ClientRegistrationException e) {
        throw new OAuth2AccessDeniedException("Invalid token contains invalid client id");
      }
      Set<String> allowed = client.getScope();
      for (String scope : auth.getOAuth2Request().getScope()) {
        if (!allowed.contains(scope)) {
          throw new OAuth2AccessDeniedException("Invalid token contains disallowed scope (" + scope
              + ") for this client");
        }
View Full Code Here

   
    String clientId = authorizationRequest.getClientId();
    Set<String> scopes = authorizationRequest.getScope();
    if (clientDetailsService!=null) {
      try {
        ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
        approved = true;
        for (String scope : scopes) {
          if (!client.isAutoApprove(scope)) {
            approved = false;
          }
        }
        if (approved) {
          authorizationRequest.setApproved(true);
View Full Code Here

      throw new InsufficientAuthenticationException(
          "There is no client authentication. Try adding an appropriate authentication filter.");
    }

    String clientId = getClientId(principal);
    ClientDetails authenticatedClient = getClientDetailsService().loadClientByClientId(clientId);

    TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(parameters, authenticatedClient);

    if (clientId != null && !clientId.equals("")) {
      // Only validate the client details if a client authenticated during this
View Full Code Here

    Set<String> approvedScopes = new HashSet<String>();
    Set<String> validUserApprovedScopes = new HashSet<String>();

    if (clientDetailsService != null) {
      try {
        ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
        for (String scope : requestedScopes) {
          if (client.isAutoApprove(scope) || client.isAutoApprove("all")) {
            approvedScopes.add(scope);
          }
        }
        if (approvedScopes.containsAll(requestedScopes)) {
          authorizationRequest.setApproved(true);
View Full Code Here

      return result;
    }

    OAuth2Authentication oauth2Authentication = (OAuth2Authentication) authentication;
    OAuth2Request clientAuthentication = oauth2Authentication.getOAuth2Request();
    ClientDetails client = clientDetailsService.loadClientByClientId(clientAuthentication.getClientId());
    Set<String> scopes = clientAuthentication.getScope();
    if (oauth2Authentication.isClientOnly() && clientAuthoritiesAreScopes) {
      scopes = AuthorityUtils.authorityListToSet(clientAuthentication.getAuthorities());
    }

    for (ConfigAttribute attribute : attributes) {
      if (this.supports(attribute)) {

        result = ACCESS_GRANTED;

        for (String scope : scopes) {
          if (!client.getScope().contains(scope)) {
            result = ACCESS_DENIED;
            break;
          }
        }

        if (result == ACCESS_DENIED && throwException) {
          InsufficientScopeException failure = new InsufficientScopeException(
              "Insufficient scope for this resource", client.getScope());
          throw new AccessDeniedException(failure.getMessage(), failure);
        }

        return result;
      }
View Full Code Here

   
    AuthorizationRequest request = new AuthorizationRequest(authorizationParameters,
        Collections.<String, String> emptyMap(), clientId, scopes, null, null, false, state, redirectUri,
        responseTypes);

    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);   
    request.setResourceIdsAndAuthoritiesFromClientDetails(clientDetails);

    return request;

  }
View Full Code Here

TOP

Related Classes of org.springframework.security.oauth2.provider.ClientDetails

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.