List of usage examples for org.springframework.security.oauth2.provider AuthorizationRequest getApprovalParameters
public Map<String, String> getApprovalParameters()
From source file:org.osiam.security.authorization.OsiamUserApprovalHandler.java
/** * Is called if OsiamUserApprovalHandler.isApproved() returns false and AccessConfirmation is done by the user. Than * it will save the approve date to be able to check it as long as user accepts approval. So the user is not * bothered every time to approve the client. * * @param authorizationRequest/*from ww w . j a v a 2s . c o m*/ * spring authorizationRequest * @param userAuthentication * spring userAuthentication * @return the authorizationRequest */ @Override public AuthorizationRequest updateBeforeApproval(final AuthorizationRequest authorizationRequest, final Authentication userAuthentication) { // check if "user_oauth_approval" is in the authorizationRequests approvalParameters and the (size != 0) // -> true for accessConfirmation -> save actual date if (authorizationRequest.getApprovalParameters().containsKey("user_oauth_approval") && authorizationRequest.getApprovalParameters().get("user_oauth_approval").equals("true")) { final OsiamClientDetails client = getClientDetails(authorizationRequest); final Date date = new Date(System.currentTimeMillis() + client.getValidityInSeconds() * MILLISECONDS); client.setExpiry(date); osiamClientDetailsService.updateClientExpiry(authorizationRequest.getClientId(), client.getExpiry()); } return super.updateBeforeApproval(authorizationRequest, userAuthentication); }
From source file:com.example.oauth2.loginprovider.oauth.OauthUserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * /*from w w w . ja va 2 s. co m*/ * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return Whether the specified request has been approved by the current user. */ @Override public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { // If we are allowed to check existing approvals this will short circuit the decision if (useTokenServices && super.isApproved(authorizationRequest, userAuthentication)) { return true; } if (!userAuthentication.isAuthenticated()) { return false; } String flag = authorizationRequest.getApprovalParameters().get(AuthorizationRequest.USER_OAUTH_APPROVAL); boolean approved = flag != null && flag.toLowerCase().equals("true"); return approved || (authorizationRequest.getResponseTypes().contains("token") && autoApproveClients.contains(authorizationRequest.getClientId())); }
From source file:eu.trentorise.smartcampus.permissionprovider.oauth.UserApprovalHandler.java
/** * Allows automatic approval for trusted clients. * // ww w . j a v a 2s. com * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return Whether the specified request has been approved by the current user. */ @Override public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { // If we are allowed to check existing approvals this will short circuit the decision if (super.isApproved(authorizationRequest, userAuthentication)) { return true; } if (!userAuthentication.isAuthenticated()) { return false; } String flag = authorizationRequest.getApprovalParameters().get(AuthorizationRequest.USER_OAUTH_APPROVAL); boolean approved = flag != null && flag.toLowerCase().equals("true"); if (approved) return true; // or trusted client if (authorizationRequest.getAuthorities() != null) { for (GrantedAuthority ga : authorizationRequest.getAuthorities()) if (Config.AUTHORITY.ROLE_CLIENT_TRUSTED.toString().equals(ga.getAuthority())) return true; } // or test token redirect uri // or accesses only own resources return authorizationRequest.getRedirectUri().equals(ExtRedirectResolver.testTokenPath(servletContext)) || useOwnResourcesOnly(authorizationRequest.getClientId(), authorizationRequest.getScope()); }
From source file:org.smartplatforms.openid.connect.token.SmartTofuUserApprovalHandler.java
/** * Check if the user has already stored a positive approval decision for this site; or if the * site is whitelisted, approve it automatically. * /*from ww w . j a v a 2 s . co m*/ * Otherwise, return false so that the user will see the approval page and can make their own decision. * * @param authorizationRequest the incoming authorization request * @param userAuthentication the Principal representing the currently-logged-in user * * @return true if the site is approved, false otherwise */ @Override public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { // if this request is already approved, pass that info through // (this flag may be set by updateBeforeApproval, which can also do funny things with scopes, etc) if (authorizationRequest.isApproved()) { return true; } else { // if not, check to see if the user has approved it if (Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval"))) { // TODO: make parameter name configurable? // check the value of the CSRF parameter if (authorizationRequest.getExtensions().get(CSRF) != null) { if (authorizationRequest.getExtensions().get(CSRF) .equals(authorizationRequest.getApprovalParameters().get(CSRF))) { // make sure the user is actually authenticated return userAuthentication.isAuthenticated(); } } } // if the above doesn't pass, it's not yet approved return false; } }
From source file:org.mitre.openid.connect.token.TofuUserApprovalHandler.java
@Override public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { String userId = userAuthentication.getName(); String clientId = authorizationRequest.getClientId(); ClientDetails client = clientDetailsService.loadClientByClientId(clientId); // This must be re-parsed here because SECOAUTH forces us to call things in a strange order if (Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval"))) { authorizationRequest.setApproved(true); // process scopes from user input Set<String> allowedScopes = Sets.newHashSet(); Map<String, String> approvalParams = authorizationRequest.getApprovalParameters(); Set<String> keys = approvalParams.keySet(); for (String key : keys) { if (key.startsWith("scope_")) { //This is a scope parameter from the approval page. The value sent back should //be the scope string. Check to make sure it is contained in the client's //registered allowed scopes. String scope = approvalParams.get(key); Set<String> approveSet = Sets.newHashSet(scope); //Make sure this scope is allowed for the given client if (systemScopes.scopesMatch(client.getScope(), approveSet)) { // If it's structured, assign the user-specified parameter SystemScope systemScope = systemScopes.getByValue(scope); if (systemScope != null && systemScope.isStructured()) { String paramValue = approvalParams.get("scopeparam_" + scope); allowedScopes.add(scope + ":" + paramValue); // .. and if it's unstructured, we're all set } else { allowedScopes.add(scope); }//from ww w .j a v a 2 s.co m } } } // inject the user-allowed scopes into the auth request authorizationRequest.setScope(allowedScopes); //Only store an ApprovedSite if the user has checked "remember this decision": String remember = authorizationRequest.getApprovalParameters().get("remember"); if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) { Date timeout = null; if (remember.equals("one-hour")) { // set the timeout to one hour from now Calendar cal = Calendar.getInstance(); cal.add(Calendar.HOUR, 1); timeout = cal.getTime(); } ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes); String newSiteId = newSite.getId().toString(); authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId); } setAuthTime(authorizationRequest); } return authorizationRequest; }
From source file:org.smartplatforms.openid.connect.token.SmartTofuUserApprovalHandler.java
@Override public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { String userId = userAuthentication.getName(); String clientId = authorizationRequest.getClientId(); ClientDetails client = clientDetailsService.loadClientByClientId(clientId); // This must be re-parsed here because SECOAUTH forces us to call things in a strange order if (Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval")) && authorizationRequest.getExtensions().get(CSRF) != null && authorizationRequest.getExtensions() .get(CSRF).equals(authorizationRequest.getApprovalParameters().get(CSRF))) { authorizationRequest.setApproved(true); // process scopes from user input Set<String> allowedScopes = Sets.newHashSet(); Map<String, String> approvalParams = authorizationRequest.getApprovalParameters(); Set<String> keys = approvalParams.keySet(); for (String key : keys) { if (key.startsWith("scope_")) { //This is a scope parameter from the approval page. The value sent back should //be the scope string. Check to make sure it is contained in the client's //registered allowed scopes. String scope = approvalParams.get(key); Set<String> approveSet = Sets.newHashSet(scope); //Make sure this scope is allowed for the given client if (systemScopes.scopesMatch(client.getScope(), approveSet)) { // If it's structured, assign the user-specified parameter SystemScope systemScope = systemScopes.getByValue(scope); if (systemScope != null && systemScope.isStructured()) { String paramValue = approvalParams.get("scopeparam_" + scope); if (!Strings.isNullOrEmpty(paramValue)) { allowedScopes.add(scope + ":" + paramValue); } else { allowedScopes.add(scope); }/* www . ja va 2s .com*/ // .. and if it's unstructured, we're all set } else { allowedScopes.add(scope); } } } } // inject the user-allowed scopes into the auth request authorizationRequest.setScope(allowedScopes); //Only store an ApprovedSite if the user has checked "remember this decision": String remember = authorizationRequest.getApprovalParameters().get("remember"); if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) { Date timeout = null; if (remember.equals("one-hour")) { // set the timeout to one hour from now Calendar cal = Calendar.getInstance(); cal.add(Calendar.HOUR, 1); timeout = cal.getTime(); } ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes); String newSiteId = newSite.getId().toString(); authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId); } setAuthTime(authorizationRequest); } return authorizationRequest; }
From source file:org.mitre.openid.connect.token.TofuUserApprovalHandler.java
/** * Check if the user has already stored a positive approval decision for this site; or if the * site is whitelisted, approve it automatically. * /* w w w. j av a 2 s . c om*/ * Otherwise, return false so that the user will see the approval page and can make their own decision. * * @param authorizationRequest the incoming authorization request * @param userAuthentication the Principal representing the currently-logged-in user * * @return true if the site is approved, false otherwise */ @Override public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { // if this request is already approved, pass that info through // (this flag may be set by updateBeforeApproval, which can also do funny things with scopes, etc) if (authorizationRequest.isApproved()) { return true; } else { // if not, check to see if the user has approved it // TODO: make parameter name configurable? return Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval")); } }
From source file:com.blstream.patronage.ctf.security.TokenHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return Whether the specified request has been approved by the current user. *//*from w w w . ja v a2 s.c o m*/ @Override public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { if (logger.isDebugEnabled()) { logger.debug("---- isApproved"); } // If we are allowed to check existing approvals this will short circuit the decision if (useTokenServices && super.isApproved(authorizationRequest, userAuthentication)) { if (logger.isInfoEnabled()) { logger.info("return: true"); } return true; } if (!userAuthentication.isAuthenticated()) { if (logger.isInfoEnabled()) { logger.info("return: false"); } return false; } String flag = authorizationRequest.getApprovalParameters().get(AuthorizationRequest.USER_OAUTH_APPROVAL); boolean approved = flag != null && flag.toLowerCase().equals("true"); return approved || (authorizationRequest.getResponseTypes().contains("token") && autoApproveClients.contains(authorizationRequest.getClientId())); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaUserApprovalHandler.java
@Override public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { Map<String, String> approvalParameters = authorizationRequest.getApprovalParameters(); String flag = approvalParameters.get(approvalParameter); boolean approved = flag != null && flag.toLowerCase().equals("true"); authorizationRequest.setApproved(approved); return authorizationRequest; }