List of usage examples for org.springframework.security.oauth2.provider AuthorizationRequest getRedirectUri
public String getRedirectUri()
From source file:net.shibboleth.idp.oidc.flow.BuildAuthorizationRequestContextAction.java
/** * Ensure redirect uri is authorized./*from w ww. j a v a2 s . c o m*/ * * @param authorizationRequest the authorization request * @param client the client */ private static void ensureRedirectUriIsAuthorized(final AuthorizationRequest authorizationRequest, final ClientDetailsEntity client) { if (!Strings.isNullOrEmpty(authorizationRequest.getRedirectUri())) { boolean found = false; final Iterator<String> it = client.getRedirectUris().iterator(); while (!found && it.hasNext()) { found = it.next().equals(authorizationRequest.getRedirectUri()); } if (!found) { throw new OIDCException( "Redirect uri in the authorization request " + authorizationRequest.getRedirectUri() + " is not registered for client " + client.getClientId()); } } }
From source file:org.joyrest.oauth2.endpoint.AuthorizationEndpoint.java
private String getUnsuccessfulRedirect(AuthorizationRequest authorizationRequest, OAuth2Exception failure, boolean fragment) { if (isNull(authorizationRequest) || isNull(authorizationRequest.getRedirectUri())) { // we have no redirect for the user. very sad. throw new UnapprovedClientAuthenticationException("Authorization failure, and no redirect URI.", failure);//ww w .j a va2s. c om } Map<String, String> query = new LinkedHashMap<>(); query.put("error", failure.getOAuth2ErrorCode()); query.put("error_description", failure.getMessage()); if (nonNull(authorizationRequest.getState())) { query.put("state", authorizationRequest.getState()); } if (nonNull(failure.getAdditionalInformation())) { for (Map.Entry<String, String> additionalInfo : failure.getAdditionalInformation().entrySet()) { query.put(additionalInfo.getKey(), additionalInfo.getValue()); } } return append(authorizationRequest.getRedirectUri(), query, fragment); }
From source file:org.osiam.security.helper.LessStrictRedirectUriAuthorizationCodeTokenGranter.java
private void validateRedirectUri(String redirectUri, AuthorizationRequest pendingAuthorizationRequest) { // https://jira.springsource.org/browse/SECOAUTH-333 // This might be null, if the authorization was done without the redirect_uri parameter String redirectUriApprovalParameter = pendingAuthorizationRequest.getAuthorizationParameters() .get(AuthorizationRequest.REDIRECT_URI); String uri = pendingAuthorizationRequest.getRedirectUri(); if ((redirectUriApprovalParameter != null && redirectUri == null) || (redirectUriApprovalParameter != null && (!uri.startsWith(redirectUri)))) { throw new RedirectMismatchException("Redirect URI mismatch."); }/* w w w . j ava 2 s. c om*/ }
From source file:org.mitre.openid.connect.ConnectOAuth2RequestFactory.java
@Override public OAuth2Request createOAuth2Request(AuthorizationRequest request) { return new OAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(), request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(), request.getExtensions());/*from w ww . j av a2 s. co m*/ }
From source file:net.shibboleth.idp.oidc.flow.PreAuthorizeUserApprovalAction.java
/** * Build open id connect response./* w w w . j a v a2 s . co m*/ * * @param authRequest the auth request * @param client the client * @return the open id connect response */ private OIDCResponse buildOpenIdConnectResponse(final AuthorizationRequest authRequest, final ClientDetailsEntity client) { final OIDCResponse response = new OIDCResponse(); response.setAuthorizationRequest(authRequest); response.setClient(client); response.setRedirectUri(authRequest.getRedirectUri()); log.debug("Built initial response for client {} and redirect uri {}", client, authRequest.getRedirectUri()); // pre-process the scopes final Set<SystemScope> scopes = scopeService.fromStrings(authRequest.getScope()); log.debug("System scopes retrieved based on the authorization request scope {} are {}", authRequest.getScope(), scopes); final Set<SystemScope> sortedScopes = getSystemScopes(scopes); response.setScopes(sortedScopes); log.debug("Response will contain the following scopes", sortedScopes); final Map<String, Map<String, String>> claimsForScopes = getUserInfoClaimsForScopes(sortedScopes); response.setClaims(claimsForScopes); log.debug("Response will contain the following claims for scopes", claimsForScopes.keySet()); // client stats final Integer count = statsService.getCountForClientId(client.getId()); response.setCount(count); if (client.getContacts() != null) { response.setContacts(client.getContacts()); } // if the client is over a week old and has more than one registration, don't give such a big warning // instead, tag as "Generally Recognized As Safe" (gras) final Date lastWeek = new Date(System.currentTimeMillis() - (60 * 60 * 24 * 7 * 1000)); response.setGras(count > 1 && client.getCreatedAt() != null && client.getCreatedAt().before(lastWeek)); return response; }
From source file:org.joyrest.oauth2.endpoint.AuthorizationEndpoint.java
private String getSuccessfulRedirect(AuthorizationRequest authorizationRequest, String authorizationCode) { if (isNull(authorizationCode)) { throw new IllegalStateException("No authorization code found in the current request scope."); }/*from w w w. j a va2s .c o m*/ Map<String, String> query = new LinkedHashMap<>(); query.put("code", authorizationCode); String state = authorizationRequest.getState(); if (nonNull(state)) { query.put("state", state); } return append(authorizationRequest.getRedirectUri(), query, false); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationEndpoint.java
private String getUnsuccessfulRedirect(AuthorizationRequest authorizationRequest, OAuth2Exception failure, boolean fragment) { if (authorizationRequest == null || authorizationRequest.getRedirectUri() == null) { // we have no redirect for the user. very sad. throw new UnapprovedClientAuthenticationException("Authorization failure, and no redirect URI.", failure);/*from w w w .j a va 2 s . c o m*/ } UriComponentsBuilder template = UriComponentsBuilder.fromUriString(authorizationRequest.getRedirectUri()); StringBuilder values = new StringBuilder(); values.append("error=" + encode(failure.getOAuth2ErrorCode())); values.append("&error_description=" + encode(failure.getMessage())); if (authorizationRequest.getState() != null) { values.append("&state=" + encode(authorizationRequest.getState())); } if (failure.getAdditionalInformation() != null) { for (Map.Entry<String, String> additionalInfo : failure.getAdditionalInformation().entrySet()) { values.append("&" + encode(additionalInfo.getKey()) + "=" + encode(additionalInfo.getValue())); } } if (fragment) { template.fragment(values.toString()); } else { template.query(values.toString()); } return template.build(true).toUriString(); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationEndpoint.java
public String buildRedirectURI(AuthorizationRequest authorizationRequest, OAuth2AccessToken accessToken, Authentication authUser) {//from ww w .ja v a2 s . co m String requestedRedirect = authorizationRequest.getRedirectUri(); if (accessToken == null) { throw new InvalidRequestException("An implicit grant could not be made"); } StringBuilder url = new StringBuilder(); url.append("token_type=").append(encode(accessToken.getTokenType())); //only append access token if grant_type is implicit //or token is part of the response type if (authorizationRequest.getResponseTypes().contains("token")) { url.append("&access_token=").append(encode(accessToken.getValue())); } if (accessToken instanceof CompositeToken && authorizationRequest.getResponseTypes().contains(CompositeToken.ID_TOKEN)) { url.append("&").append(CompositeToken.ID_TOKEN).append("=") .append(encode(((CompositeToken) accessToken).getIdTokenValue())); } if (authorizationRequest.getResponseTypes().contains("code")) { String code = generateCode(authorizationRequest, authUser); url.append("&code=").append(encode(code)); } String state = authorizationRequest.getState(); if (state != null) { url.append("&state=").append(encode(state)); } Date expiration = accessToken.getExpiration(); if (expiration != null) { long expires_in = (expiration.getTime() - System.currentTimeMillis()) / 1000; url.append("&expires_in=").append(expires_in); } String originalScope = authorizationRequest.getRequestParameters().get(OAuth2Utils.SCOPE); if (originalScope == null || !OAuth2Utils.parseParameterList(originalScope).equals(accessToken.getScope())) { url.append("&" + OAuth2Utils.SCOPE + "=") .append(encode(OAuth2Utils.formatParameterList(accessToken.getScope()))); } Map<String, Object> additionalInformation = accessToken.getAdditionalInformation(); for (String key : additionalInformation.keySet()) { Object value = additionalInformation.get(key); if (value != null) { url.append("&" + encode(key) + "=" + encode(value.toString())); } } if ("none".equals(authorizationRequest.getRequestParameters().get("prompt"))) { HttpHost httpHost = URIUtils.extractHost(URI.create(requestedRedirect)); String sessionState = openIdSessionStateCalculator.calculate( ((UaaPrincipal) authUser.getPrincipal()).getId(), authorizationRequest.getClientId(), httpHost.toURI()); url.append("&session_state=").append(sessionState); } UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(requestedRedirect); String existingFragment = builder.build(true).getFragment(); if (StringUtils.hasText(existingFragment)) { existingFragment = existingFragment + "&" + url.toString(); } else { existingFragment = url.toString(); } builder.fragment(existingFragment); // Do not include the refresh token (even if there is one) return builder.build(true).toUriString(); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationEndpoint.java
private String getSuccessfulRedirect(AuthorizationRequest authorizationRequest, String authorizationCode) { if (authorizationCode == null) { throw new IllegalStateException("No authorization code found in the current request scope."); }/*from w ww . j a va 2 s . co m*/ UriComponentsBuilder template = UriComponentsBuilder.fromUriString(authorizationRequest.getRedirectUri()); template.queryParam("code", encode(authorizationCode)); String state = authorizationRequest.getState(); if (state != null) { template.queryParam("state", encode(state)); } return template.build(true).toUriString(); }