Package org.springframework.security.oauth2.provider.approval

Examples of org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler


       
        OAuth2Request req1 = new OAuth2Request(new HashMap<String, String>(), "client1", new ArrayList<GrantedAuthority>(),
                                               true, new HashSet<String>(), new HashSet<String>(), "http://foo.com",
                                               new HashSet<String>(), null);
        Authentication mockAuth1 = mock(Authentication.class, withSettings().serializable());
        OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1);
       
        AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity();
        holder1.setId(1L);
        holder1.setAuthentication(auth1);
       
        OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity();
        token1.setId(1L);
        token1.setClient(mockedClient1);
        token1.setExpiration(expirationDate1);
        token1.setValue("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ.");
        token1.setAuthenticationHolder(holder1);
       
        String expiration2 = "2015-01-07T18:31:50.079+0000";
        Date expirationDate2 = DateUtil.utcToDate(expiration2);
       
        ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class);
        when(mockedClient2.getClientId()).thenReturn("mocked_client_2");
       
        OAuth2Request req2 = new OAuth2Request(new HashMap<String, String>(), "client2", new ArrayList<GrantedAuthority>(),
                                               true, new HashSet<String>(), new HashSet<String>(), "http://bar.com",
                                               new HashSet<String>(), null);
        Authentication mockAuth2 = mock(Authentication.class, withSettings().serializable());
        OAuth2Authentication auth2 = new OAuth2Authentication(req2, mockAuth2);
       
        AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity();
        holder2.setId(2L);
        holder2.setAuthentication(auth2);
       
View Full Code Here


   * @throws       InvalidGrantException, if an AuthorizationCodeEntity is not found with the given value
   */
  @Override
  public OAuth2Authentication consumeAuthorizationCode(String code) throws InvalidGrantException {

    OAuth2Authentication auth = repository.consume(code);
    return auth;
  }
View Full Code Here

   * @see org.springframework.security.authentication.AuthenticationManager#authenticate(org.springframework.security.core.Authentication)
   */
  public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    String token = (String) authentication.getPrincipal();
    OAuth2Authentication auth = tokenServices.loadAuthentication(token);
    if (auth == null) {
      throw new InvalidTokenException("Invalid token: " + token);
    }

    Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds();
    if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) {
      throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceId + ")");
    }

    checkClientDetails(auth);

    if (authentication.getDetails() instanceof OAuth2AuthenticationDetails) {
      OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
      // Preserve the authentication details if any from the one loaded by token services
      details.setDecodedDetails(auth.getDetails());
    }
    auth.setDetails(authentication.getDetails());
    auth.setAuthenticated(true);
    return auth;

  }
View Full Code Here

public class OAuth2AuthenticationReadConverter implements Converter<DBObject, OAuth2Authentication> {

    @Override
    public OAuth2Authentication convert(DBObject source) {
        DBObject storedRequest = (DBObject)source.get("storedRequest");
        OAuth2Request oAuth2Request = new OAuth2Request((Map<String, String>)storedRequest.get("requestParameters"),
                (String)storedRequest.get("clientId"), null, true, new HashSet((List)storedRequest.get("scope")),
                null, null, null, null);

        DBObject userAuthorization = (DBObject)source.get("userAuthentication");
        Object principal = getPrincipalObject(userAuthorization.get("principal"));
View Full Code Here

                            currentId = reader.nextLong();
                        } else if (name.equals("ownerId")) {
                            //not needed
                            reader.skipValue();
                        } else if (name.equals("authentication")) {
                            OAuth2Request clientAuthorization = null;
                            Authentication userAuthentication = null;
                            reader.beginObject();
                            while (reader.hasNext()) {
                                switch (reader.peek()) {
                                    case END_OBJECT:
View Full Code Here

                    reader.skipValue();
                    continue;
            }
        }
        reader.endObject();
        return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);
    }
View Full Code Here

    }
   
    // create a new token
   
    Map<String, String> authorizationParameters = Maps.newHashMap();
    OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(),
        Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true,
        scope, null, null, null, null);
    OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null);

    OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
View Full Code Here

  public String revoke(@RequestParam("token") String tokenValue, @RequestParam(value = "token_type_hint", required = false) String tokenType, Principal principal, Model model) {

    // This is the token as passed in from OAuth (in case we need it some day)
    //OAuth2AccessTokenEntity tok = tokenServices.getAccessToken((OAuth2Authentication) principal);

    OAuth2Request authRequest = null;
    if (principal instanceof OAuth2Authentication) {
      // if the client is acting on its own behalf (the common case), pull out the client authorization request
      authRequest = ((OAuth2Authentication) principal).getOAuth2Request();
    }

    try {
      // check and handle access tokens first

      OAuth2AccessTokenEntity accessToken = tokenServices.readAccessToken(tokenValue);
      if (authRequest != null) {
        // client acting on its own, make sure it owns the token
        if (!accessToken.getClient().getClientId().equals(authRequest.getClientId())) {
          // trying to revoke a token we don't own, throw a 403
          model.addAttribute("code", HttpStatus.FORBIDDEN);
          return HttpCodeView.VIEWNAME;
        }
      }

      // if we got this far, we're allowed to do this
      tokenServices.revokeAccessToken(accessToken);
      model.addAttribute("code", HttpStatus.OK);
      return HttpCodeView.VIEWNAME;

    } catch (InvalidTokenException e) {

      // access token wasn't found, check the refresh token

      try {
        OAuth2RefreshTokenEntity refreshToken = tokenServices.getRefreshToken(tokenValue);
        if (authRequest != null) {
          // client acting on its own, make sure it owns the token
          if (!refreshToken.getClient().getClientId().equals(authRequest.getClientId())) {
            // trying to revoke a token we don't own, throw a 403
            model.addAttribute("code", HttpStatus.FORBIDDEN);
            return HttpCodeView.VIEWNAME;
          }
        }
View Full Code Here

                            currentId = reader.nextLong();
                        } else if (name.equals("ownerId")) {
                            //not needed
                            reader.skipValue();
                        } else if (name.equals("authentication")) {
                            OAuth2Request clientAuthorization = null;
                            Authentication userAuthentication = null;
                            reader.beginObject();
                            while (reader.hasNext()) {
                                switch (reader.peek()) {
                                    case END_OBJECT:
View Full Code Here

    Mockito.reset(tokenRepository, authenticationHolderRepository, clientDetailsService, tokenEnhancer);



    authentication = Mockito.mock(OAuth2Authentication.class);
    OAuth2Request clientAuth = new OAuth2Request(null, clientId, null, true, scope, null, null, null, null);
    Mockito.when(authentication.getOAuth2Request()).thenReturn(clientAuth);

    client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getClientId()).thenReturn(clientId);
    Mockito.when(clientDetailsService.loadClientByClientId(clientId)).thenReturn(client);
View Full Code Here

TOP

Related Classes of org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.