Package org.surfnet.oaaas.model

Examples of org.surfnet.oaaas.model.AuthorizationRequest


      // If another token is already present for this resource owner and client, no new consent should be requested
      List<String> grantedScopes = tokens.get(0).getScopes(); // take the scopes of the first access token found.
      setGrantedScopes(request, grantedScopes.toArray(new String[grantedScopes.size()]));
      chain.doFilter(request, response);
    } else {
      AuthorizationRequest authorizationRequest = authorizationRequestRepository.findByAuthState(authStateValue);
      request.setAttribute("requestedScopes", authorizationRequest.getRequestedScopes());
      request.setAttribute("client", client);
      request.setAttribute(AUTH_STATE, authStateValue);
      request.setAttribute("actionUri", returnUri);
      ((HttpServletResponse) response).setHeader("X-Frame-Options", "SAMEORIGIN");
      request.getRequestDispatcher(getUserConsentUrl()).forward(request, response);
View Full Code Here


    AccessToken at = new AccessToken("mytoken", new AuthenticatedPrincipal("username"), client, 0, null);
    at = accessTokenRepository.save(at);
    assertEquals(at, accessTokenRepository.findOne(at.getId()));

    // Create an authorization request
    AuthorizationRequest ar = new AuthorizationRequest("foo", "faa", "boo", null, "boo", "boo");
    ar.setClient(client);
    ar = authorizationRequestRepository.save(ar);
    assertEquals(ar, authorizationRequestRepository.findOne(ar.getId()));

    // Make sure things are saved; the relation between clients and access tokens is unidirectional; therefore a
    // delete would not work with attached entities.
    entityManager.clear();

    final long clientId = client.getId();
    repo.delete(client);
    assertNull(repo.findOne(clientId));

    assertNull(accessTokenRepository.findOne(at.getId()));
    assertNull(authorizationRequestRepository.findOne(ar.getId()));

  }
View Full Code Here

    MockitoAnnotations.initMocks(this);
  }

  @Test
  public void testPrincipalDisplayName() {
    AuthorizationRequest authRequest = createAuthRequest(OAuth2Validator.IMPLICIT_GRANT_RESPONSE_TYPE);
    authRequest.getClient().setIncludePrincipal(true);

    AccessToken accessToken = createAccessToken();

    when(authorizationRequestRepository.findByAuthState("auth_state")).thenReturn(authRequest);
    when(request.getAttribute(AbstractAuthenticator.AUTH_STATE)).thenReturn("auth_state");
    when(request.getAttribute(AbstractUserConsentHandler.GRANTED_SCOPES)).thenReturn(accessToken.getScopes().toArray());
    when(accessTokenRepository.save((AccessToken) any())).thenReturn(accessToken);

    URI uri = (URI) tokenResource.authorizeCallback(request).getMetadata().get("Location").get(0);


    long expiresIn = 1800;
    assertEquals("http://localhost:8080#access_token=ABCDEF&token_type=bearer&expires_in=" + expiresIn + "&scope=read,write&state=important&principal=sammy%20sammy", uri.toString());
    assertTrue(uri.getFragment().endsWith("principal=" + authRequest.getPrincipal().getDisplayName()));
  }
View Full Code Here

    return token;
  }


  private AuthorizationRequest createAuthRequest(String implicitGrantResponseType) {
    AuthorizationRequest authRequest = new AuthorizationRequest();
    Client client = new Client();
    authRequest.setClient(client);
    authRequest.setResponseType(implicitGrantResponseType);
    authRequest.setPrincipal(new AuthenticatedPrincipal("sammy sammy"));
    authRequest.setRedirectUri("http://localhost:8080");
    authRequest.setState("important");
    return authRequest;
  }
View Full Code Here

  @Test
  public void test() {
    AuthorizationRequestRepository repo = getRepository(AuthorizationRequestRepository.class);
    String authState = UUID.randomUUID().toString();
    AuthorizationRequest authReq = new AuthorizationRequest("code", "cool_app_id", "http://whatever",
        Arrays.asList("read","update"),
        "state", authState);
    ClientRepository clientRepo = getRepository(ClientRepository.class);
    Client client = clientRepo.findByClientId(authReq.getClientId());
    client.getAttributes();
    authReq.setClient(client);
    save(authReq, repo);
    authReq.setPrincipal(getPrincipal());
    repo.save(authReq);

    AuthorizationRequest authReqSaved = repo.findByAuthState(authState);
    AuthenticatedPrincipal principal = authReqSaved.getPrincipal();
    assertEquals("foo-university", principal.getAttributes().get("organization"));

  }
View Full Code Here

   * http://stackoverflow.com/questions/9123964/how-do-you-use-spring-data-jpa-
   * outside-of-a-spring-container
   */
  private AuthorizationRequest save(AuthorizationRequest authorizationRequest, AuthorizationRequestRepository repo) {
    getEntityManager().getTransaction().begin();
    AuthorizationRequest save = repo.save(authorizationRequest);
    getEntityManager().getTransaction().commit();
    return save;
  }
View Full Code Here

  /**
   * Get the Client
   */
  protected Client getClientByRequest(String authState) {
    AuthorizationRequest authorizationRequest = authorizationRequestRepository.findByAuthState(authState);
    return authorizationRequest.getClient();

  }
View Full Code Here

    ValidationResponse response = validator.validate(request);
    assertEquals(expected, response);
  }

  private AuthorizationRequest getAuthorizationRequest(Client client) {
    AuthorizationRequest request = new AuthorizationRequest();
    request.setClientId(client.getClientId());
    request.setRedirectUri("http://gothere.nl");
    request.setRequestedScopes(Arrays.asList("read", "update"));
    request.setResponseType(OAuth2ValidatorImpl.AUTHORIZATION_CODE_GRANT_RESPONSE_TYPE);
    return request;
  }
View Full Code Here

  @Override
  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    AuthorizationRequest authorizationRequest = findAuthorizationRequest(request);
    if (authorizationRequest == null) {
      response
          .sendError(HttpServletResponse.SC_BAD_REQUEST, "No valid AbstractAuthenticator.AUTH_STATE on the Request");
    }
    if (initialRequest(request)) {
      storePrincipal(request, response, authorizationRequest);
      request.setAttribute(AbstractAuthenticator.RETURN_URI, RETURN_URI);
      request.setAttribute(AbstractUserConsentHandler.CLIENT, authorizationRequest.getClient());
      if (!authorizationRequest.getClient().isSkipConsent()) {
        userConsentHandler.doFilter(request, response, chain);
      } else {
        chain.doFilter(request, response);
      }
    } else {
View Full Code Here

    /*
     * Create an authorizationRequest from the request parameters.
     * This can be either a valid or an invalid request, which will be determined by the oAuth2Validator.
     */
    AuthorizationRequest authorizationRequest = extractAuthorizationRequest(request);
    final ValidationResponse validationResponse = oAuth2Validator.validate(authorizationRequest);

    if (authenticator.canCommence(request)) {
      /*
      * Ok, the authenticator wants to have control again (because he stepped
View Full Code Here

TOP

Related Classes of org.surfnet.oaaas.model.AuthorizationRequest

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.