List of usage examples for org.springframework.security.oauth2.common OAuth2AccessToken isExpired
boolean isExpired();
From source file:org.apigw.authserver.svc.impl.TokenServicesImplTest.java
@Test @DirtiesContext//from w w w. jav a 2s . c om public void testBuildAuthorizationGrantExpiresCitizenIs13Today() { long validitySeconds = 60 * 60 * 12; // 12 hours DateTime dateOfBirth = now().minusYears(13); String residentIdentificationNumber = yyyyMMddFormatter.print(dateOfBirth) + "-9876"; services.setAccessTokenValiditySeconds(validitySeconds); OAuth2Authentication authentication = new OAuth2Authentication( createAuthorizationRequest(CLIENT, Collections.singleton(READ_SCOPE)), new TestAuthentication(false, residentIdentificationNumber)); OAuth2AccessToken accessToken = services.createAccessToken(authentication); assertTrue("token should be expired", accessToken.isExpired()); }
From source file:org.cloudfoundry.identity.uaa.oauth.CheckTokenEndpoint.java
@RequestMapping(value = "/check_token") @ResponseBody//from w w w. java 2s. c o m public Claims checkToken(@RequestParam("token") String value, @RequestParam(name = "scopes", required = false, defaultValue = "") List<String> scopes) { OAuth2AccessToken token = resourceServerTokenServices.readAccessToken(value); if (token == null) { throw new InvalidTokenException("Token was not recognised"); } if (token.isExpired()) { throw new InvalidTokenException("Token has expired"); } try { resourceServerTokenServices.loadAuthentication(value); } catch (AuthenticationException x) { throw new InvalidTokenException((x.getMessage())); } Claims response = getClaimsForToken(token.getValue()); List<String> claimScopes = response.getScope().stream().map(String::toLowerCase) .collect(Collectors.toList()); List<String> missingScopes = new ArrayList<>(); for (String expectedScope : scopes) { if (!claimScopes.contains(expectedScope.toLowerCase())) { missingScopes.add(expectedScope); } } if (!missingScopes.isEmpty()) { throw new InvalidScopeException( "Some requested scopes are missing: " + String.join(",", missingScopes)); } return response; }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaUserApprovalHandler.java
@Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; String clientId = authorizationRequest.getClientId(); Set<String> scopes = authorizationRequest.getScope(); if (clientDetailsService != null) { try {/* w w w . ja va 2 s.c o m*/ ClientDetails client = clientDetailsService.loadClientByClientId(clientId); approved = true; for (String scope : scopes) { if (!client.isAutoApprove(scope)) { approved = false; } } if (approved) { authorizationRequest.setApproved(true); return authorizationRequest; } } catch (ClientRegistrationException e) { logger.warn("Client registration problem prevent autoapproval check for client=" + clientId); } } OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest); OAuth2Authentication authentication = new OAuth2Authentication(storedOAuth2Request, userAuthentication); if (logger.isDebugEnabled()) { StringBuilder builder = new StringBuilder("Looking up existing token for "); builder.append("client_id=" + clientId); builder.append(", scope=" + scopes); builder.append(" and username=" + userAuthentication.getName()); logger.debug(builder.toString()); } OAuth2AccessToken accessToken = tokenServices.getAccessToken(authentication); logger.debug("Existing access token=" + accessToken); if (accessToken != null && !accessToken.isExpired()) { logger.debug("User already approved with token=" + accessToken); // A token was already granted and is still valid, so this is already approved approved = true; } else { logger.debug("Checking explicit approval"); approved = userAuthentication.isAuthenticated() && approved; } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler.java
/** * Basic implementation just requires the authorization request to be explicitly approved and the user to be * authenticated.// w ww . j a va 2 s .c o m * * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return Whether the specified request has been approved by the current user. */ public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { String flag = authorizationRequest.getApprovalParameters().get(approvalParameter); boolean approved = flag != null && flag.toLowerCase().equals("true"); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); if (logger.isDebugEnabled()) { StringBuilder builder = new StringBuilder("Looking up existing token for "); builder.append("client_id=" + authorizationRequest.getClientId()); builder.append(", scope=" + authorizationRequest.getScope()); builder.append(" and username=" + userAuthentication.getName()); logger.debug(builder.toString()); } OAuth2AccessToken accessToken = tokenServices.getAccessToken(authentication); logger.debug("Existing access token=" + accessToken); if (accessToken != null && !accessToken.isExpired()) { logger.debug("User already approved with token=" + accessToken); // A token was already granted and is still valid, so this is already approved approved = true; } else { logger.debug("Checking explicit approval"); approved = userAuthentication.isAuthenticated() && approved; } return approved; }
From source file:org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler.java
@Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; String clientId = authorizationRequest.getClientId(); Set<String> scopes = authorizationRequest.getScope(); if (clientDetailsService != null) { try {/*from www. ja v a2 s . c o m*/ ClientDetails client = clientDetailsService.loadClientByClientId(clientId); approved = true; for (String scope : scopes) { if (!client.isAutoApprove(scope)) { approved = false; } } if (approved) { authorizationRequest.setApproved(true); return authorizationRequest; } } catch (ClientRegistrationException e) { logger.warn("Client registration problem prevent autoapproval check for client=" + clientId); } } OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest); OAuth2Authentication authentication = new OAuth2Authentication(storedOAuth2Request, userAuthentication); if (logger.isDebugEnabled()) { StringBuilder builder = new StringBuilder("Looking up existing token for "); builder.append("client_id=" + clientId); builder.append(", scope=" + scopes); builder.append(" and username=" + userAuthentication.getName()); logger.debug(builder.toString()); } OAuth2AccessToken accessToken = tokenStore.getAccessToken(authentication); logger.debug("Existing access token=" + accessToken); if (accessToken != null && !accessToken.isExpired()) { logger.debug("User already approved with token=" + accessToken); // A token was already granted and is still valid, so this is already approved approved = true; } else { logger.debug("Checking explicit approval"); approved = userAuthentication.isAuthenticated() && approved; } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint.java
@RequestMapping(value = "/oauth/check_token") @ResponseBody//from www . j ava2s . c om public Map<String, ?> checkToken(@RequestParam("token") String value) { OAuth2AccessToken token = resourceServerTokenServices.readAccessToken(value); if (token == null) { throw new InvalidTokenException("Token was not recognised"); } if (token.isExpired()) { throw new InvalidTokenException("Token has expired"); } OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue()); Map<String, ?> response = accessTokenConverter.convertAccessToken(token, authentication); return response; }