Package org.springframework.security.oauth2.provider.endpoint

Examples of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping


   */
  private void validateScope(Set<String> requestedScopes, Set<String> clientScopes) throws InvalidScopeException {
    if (requestedScopes != null && !requestedScopes.isEmpty()) {
      if (clientScopes != null && !clientScopes.isEmpty()) {
        if (!scopeService.scopesMatch(clientScopes, requestedScopes)) {
          throw new InvalidScopeException("Invalid scope", clientScopes);
        }
      }
    }
  }
View Full Code Here


        // set the scope of the new access token if requested
        token.setScope(scope);
      } else {
        String errorMsg = "Up-scoping is not allowed.";
        logger.error(errorMsg);
        throw new InvalidScopeException(errorMsg);
      }
    } else {
      // otherwise inherit the scope of the refresh token (if it's there -- this can return a null scope set)
      token.setScope(refreshScopes);
    }
View Full Code Here

  public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, TokenRequest authRequest) throws AuthenticationException {

    OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue);

    if (refreshToken == null) {
      throw new InvalidTokenException("Invalid refresh token: " + refreshTokenValue);
    }

    ClientDetailsEntity client = refreshToken.getClient();

    AuthenticationHolderEntity authHolder = refreshToken.getAuthenticationHolder();

    //Make sure this client allows access token refreshing
    if (!client.isAllowRefresh()) {
      throw new InvalidClientException("Client does not allow refreshing access token!");
    }

    // clear out any access tokens
    // TODO: make this a configurable option
    tokenRepository.clearAccessTokensForRefreshToken(refreshToken);

    if (refreshToken.isExpired()) {
      tokenRepository.removeRefreshToken(refreshToken);
      throw new InvalidTokenException("Expired refresh token: " + refreshTokenValue);
    }

    // TODO: have the option to recycle the refresh token here, too
    // for now, we just reuse it as long as it's valid, which is the original intent
View Full Code Here

  public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException {

    OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenByValue(accessTokenValue);

    if (accessToken == null) {
      throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
    }

    if (accessToken.isExpired()) {
      //tokenRepository.removeAccessToken(accessToken);
      revokeAccessToken(accessToken);
      throw new InvalidTokenException("Expired access token: " + accessTokenValue);
    }

    return accessToken.getAuthenticationHolder().getAuthentication();
  }
View Full Code Here

   */
  @Override
  public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue) throws AuthenticationException {
    OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenByValue(accessTokenValue);
    if (accessToken == null) {
      throw new InvalidTokenException("Access token for value " + accessTokenValue + " was not found");
    }
    else {
      return accessToken;
    }
  }
View Full Code Here

   */
  @Override
  public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue) throws AuthenticationException {
    OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue);
    if (refreshToken == null) {
      throw new InvalidTokenException("Refresh token for value " + refreshTokenValue + " was not found");
    }
    else {
      return refreshToken;
    }
  }
View Full Code Here

  public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    String token = (String) authentication.getPrincipal();
    OAuth2Authentication auth = tokenServices.loadAuthentication(token);
    if (auth == null) {
      throw new InvalidTokenException("Invalid token: " + token);
    }

    Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds();
    if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) {
      throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceId + ")");
View Full Code Here

    for (String redirectUri : redirectUris) {
      if (requestedRedirect != null && redirectMatches(requestedRedirect, redirectUri)) {
        return requestedRedirect;
      }
    }
    throw new RedirectMismatchException("Invalid redirect: " + requestedRedirect
        + " does not match one of the registered values: " + redirectUris.toString());
  }
View Full Code Here

  @Override
  public AuthorizationRequest createAuthorizationRequest(Map<String, String> inputParams) {


    AuthorizationRequest request = new AuthorizationRequest(inputParams, Collections.<String, String> emptyMap(),
        inputParams.get(OAuth2Utils.CLIENT_ID),
        OAuth2Utils.parseParameterList(inputParams.get(OAuth2Utils.SCOPE)), null,
        null, false, inputParams.get(OAuth2Utils.STATE),
        inputParams.get(OAuth2Utils.REDIRECT_URI),
        OAuth2Utils.parseParameterList(inputParams.get(OAuth2Utils.RESPONSE_TYPE)));

    //Add extension parameters to the 'extensions' map

    if (inputParams.containsKey("prompt")) {
      request.getExtensions().put("prompt", inputParams.get("prompt"));
    }
    if (inputParams.containsKey("nonce")) {
      request.getExtensions().put("nonce", inputParams.get("nonce"));
    }

    if (inputParams.containsKey("claims")) {
      JsonObject claimsRequest = parseClaimRequest(inputParams.get("claims"));
      if (claimsRequest != null) {
        request.getExtensions().put("claims", claimsRequest.toString());
      }
    }

    if (inputParams.containsKey("max_age")) {
      request.getExtensions().put("max_age", inputParams.get("max_age"));
    }

    if (inputParams.containsKey("request")) {
      request.getExtensions().put("request", inputParams.get("request"));
      processRequestObject(inputParams.get("request"), request);
    }

    if (request.getClientId() != null) {
      try {
        ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId());

        if ((request.getScope() == null || request.getScope().isEmpty())) {
          Set<String> clientScopes = client.getScope();
          request.setScope(clientScopes);
        }

        if (request.getExtensions().get("max_age") == null && client.getDefaultMaxAge() != null) {
          request.getExtensions().put("max_age", client.getDefaultMaxAge().toString());
        }
      } catch (OAuth2Exception e) {
        logger.error("Caught OAuth2 exception trying to test client scopes and max age:", e);
      }
    }


    // add CSRF protection to the request on first parse
    String csrf = UUID.randomUUID().toString();
    request.getExtensions().put("csrf", csrf);



    return request;
  }
View Full Code Here

      chain.doFilter(req, res);
      return;
    }

    // we have to create our own auth request in order to get at all the parmeters appropriately
    AuthorizationRequest authRequest = authRequestFactory.createAuthorizationRequest(createRequestMap(request.getParameterMap()));

    ClientDetailsEntity client = null;

    try {
      client = clientService.loadClientByClientId(authRequest.getClientId());
    } catch (InvalidClientException e) {
      // no need to worry about this here, it would be caught elsewhere
    } catch (IllegalArgumentException e) {
      // no need to worry about this here, it would be caught elsewhere
    }

    if (authRequest.getExtensions().get("prompt") != null) {
      // we have a "prompt" parameter
      String prompt = (String)authRequest.getExtensions().get("prompt");
      List<String> prompts = Splitter.on(" ").splitToList(Strings.nullToEmpty(prompt));

      if (prompts.contains("none")) {
        logger.info("Client requested no prompt");
        // see if the user's logged in
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        if (auth != null) {
          // user's been logged in already (by session management)
          // we're OK, continue without prompting
          chain.doFilter(req, res);
        } else {
          // user hasn't been logged in, we need to "return an error"
          logger.info("User not logged in, no prompt requested, returning 403 from filter");
          response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
          return;
        }
      } else if (prompts.contains("login")) {

        // first see if the user's already been prompted in this session
        HttpSession session = request.getSession();
        if (session.getAttribute(PROMPTED) == null) {
          // user hasn't been PROMPTED yet, we need to check

          session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE);

          // see if the user's logged in
          Authentication auth = SecurityContextHolder.getContext().getAuthentication();
          if (auth != null) {
            // user's been logged in already (by session management)
            // log them out and continue
            SecurityContextHolder.getContext().setAuthentication(null);
            chain.doFilter(req, res);
          } else {
            // user hasn't been logged in yet, we can keep going since we'll get there
            chain.doFilter(req, res);
          }
        } else {
          // user has been PROMPTED, we're fine

          // but first, undo the prompt tag
          session.removeAttribute(PROMPTED);
          chain.doFilter(req, res);
        }
      } else {
        // prompt parameter is a value we don't care about, not our business
        chain.doFilter(req, res);
      }

    } else if (authRequest.getExtensions().get("max_age") != null ||
        (client != null && client.getDefaultMaxAge() != null)) {

      // default to the client's stored value, check the string parameter
      Integer max = (client != null ? client.getDefaultMaxAge() : null);
      String maxAge = (String) authRequest.getExtensions().get("max_age");
      if (maxAge != null) {
        max = Integer.parseInt(maxAge);
      }

      if (max != null) {
View Full Code Here

TOP

Related Classes of org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.