List of usage examples for org.springframework.security.oauth2.provider AuthorizationRequest getResourceIds
public Set<String> getResourceIds()
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationRequestManagerTests.java
@Test public void testResourecIdsDoNotIncludeUaa() { client.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("uaa.none,spam.baz")); parameters.put("grant_type", "client_credentials"); AuthorizationRequest request = factory.createAuthorizationRequest(parameters); assertEquals(StringUtils.commaDelimitedListToSet("spam"), request.getResourceIds()); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationRequestManagerTests.java
@Test public void testResourecIdsExtracted() { client.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("foo.bar,spam.baz")); parameters.put("grant_type", "client_credentials"); AuthorizationRequest request = factory.createAuthorizationRequest(parameters); assertEquals(StringUtils.commaDelimitedListToSet("foo,spam"), request.getResourceIds()); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationRequestManagerTests.java
@Test public void testResourceIdsWithCustomSeparator() { factory.setScopeSeparator("--"); client.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("foo--bar,spam--baz")); parameters.put("grant_type", "client_credentials"); AuthorizationRequest request = factory.createAuthorizationRequest(parameters); assertEquals(StringUtils.commaDelimitedListToSet("foo,spam"), request.getResourceIds()); }
From source file:org.mitre.openid.connect.ConnectOAuth2RequestFactory.java
@Override public OAuth2Request createOAuth2Request(AuthorizationRequest request) { return new OAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(), request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(), request.getExtensions());// w ww. j a va 2 s. c o m }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationRequestManagerTests.java
@Test public void testOpenidScopeIncludeIsAResourceId() { SecurityContextAccessor securityContextAccessor = new StubSecurityContextAccessor() { @Override// w ww .ja v a 2s .c om public boolean isUser() { return true; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { return AuthorityUtils.commaSeparatedStringToAuthorityList("foo.bar,spam.baz"); } }; parameters.put("scope", "openid foo.bar"); factory.setDefaultScopes(Arrays.asList("openid")); factory.setSecurityContextAccessor(securityContextAccessor); client.setScope(StringUtils.commaDelimitedListToSet("openid,foo.bar")); AuthorizationRequest request = factory.createAuthorizationRequest(parameters); assertEquals(StringUtils.commaDelimitedListToSet("openid,foo.bar"), new TreeSet<String>(request.getScope())); assertEquals(StringUtils.commaDelimitedListToSet("openid,foo"), new TreeSet<String>(request.getResourceIds())); }
From source file:org.cloudfoundry.identity.uaa.oauth.DefaultTokenConverter.java
@Override public Map<String, ?> convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { Map<String, Object> response = new HashMap<String, Object>(); AuthorizationRequest clientToken = authentication.getAuthorizationRequest(); if (!authentication.isClientOnly()) { response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication())); }//from ww w . j a v a 2 s . c om response.put(OAuth2AccessToken.SCOPE, token.getScope()); if (token.getAdditionalInformation().containsKey(JwtTokenEnhancer.TOKEN_ID)) { response.put(JwtTokenEnhancer.TOKEN_ID, token.getAdditionalInformation().get(JwtTokenEnhancer.TOKEN_ID)); } if (token.getExpiration() != null) { response.put("exp", token.getExpiration().getTime() / 1000); } response.putAll(token.getAdditionalInformation()); response.put("client_id", clientToken.getClientId()); if (clientToken.getResourceIds() != null && !clientToken.getResourceIds().isEmpty()) { response.put("aud", clientToken.getResourceIds()); } return response; }
From source file:org.apigw.authserver.web.controller.AccessConfirmationController.java
@RequestMapping("/oauth/confirm_access") public ModelAndView getAccessConfirmation( @ModelAttribute("authorizationRequest") AuthorizationRequest clientAuth) throws Exception { log.debug("getAccessConfirmation"); CertifiedClient client = (CertifiedClient) clientDetailsService .loadClientByClientId(clientAuth.getClientId()); TreeMap<String, Object> model = new TreeMap<String, Object>(); UserDetails user = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); log.debug("Logged in user is: {}", citizenLoggingUtil.getLogsafeSSN(user.getUsername())); for (GrantedAuthority role : user.getAuthorities()) { log.debug("---> User has role: {}", role.getAuthority()); }//from w w w . j ava2 s . co m if (clientAuth.getClientId() != null) { log.debug("The request holds the following client id:{}", clientAuth.getClientId()); } else { log.warn("No client id on the request"); } if (clientAuth.getResourceIds() != null) { log.debug("The following resourceIds were requested:"); for (String resourceId : clientAuth.getResourceIds()) { log.debug("Resource id:{}", resourceId); } } else { log.warn("No resource ids on the request"); } int validity = 0; List<String> scopes = new ArrayList<String>(); if (clientAuth.getScope() != null) { log.debug("The following scopes were requested:"); for (String permissionName : clientAuth.getScope()) { log.debug("Scope:{}", permissionName); Permission permission = permissionServices.getPermissionByName(permissionName); if (permission != null) { scopes.add(permission.getDescription()); if (validity == 0 || permission.getAccessTokenValiditySeconds() < validity) { validity = permission.getAccessTokenValiditySeconds(); } } else { log.warn("Unknown permission provided for client {}: {}", clientAuth.getClientId(), permissionName); } } } else { log.warn("The request holds no scope parameter"); } String clientName = client.getName(); model.put("hsaId", clientAuth.getClientId()); model.put("auth_request", clientAuth); model.put("scopes", scopes); model.put("client", client); model.put("clientName", clientName); model.put("organization", client.getOrganization()); log.debug("returning from getAccessConfirmation"); return new ModelAndView(".access_confirmation", model); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationEndpoint.java
Map<String, Object> unmodifiableMap(AuthorizationRequest authorizationRequest) { Map<String, Object> authorizationRequestMap = new HashMap<>(); authorizationRequestMap.put(OAuth2Utils.CLIENT_ID, authorizationRequest.getClientId()); authorizationRequestMap.put(OAuth2Utils.STATE, authorizationRequest.getState()); authorizationRequestMap.put(OAuth2Utils.REDIRECT_URI, authorizationRequest.getRedirectUri()); if (authorizationRequest.getResponseTypes() != null) { authorizationRequestMap.put(OAuth2Utils.RESPONSE_TYPE, Collections.unmodifiableSet(new HashSet<>(authorizationRequest.getResponseTypes()))); }/*from w w w. j a v a2 s .c o m*/ if (authorizationRequest.getScope() != null) { authorizationRequestMap.put(OAuth2Utils.SCOPE, Collections.unmodifiableSet(new HashSet<>(authorizationRequest.getScope()))); } authorizationRequestMap.put("approved", authorizationRequest.isApproved()); if (authorizationRequest.getResourceIds() != null) { authorizationRequestMap.put("resourceIds", Collections.unmodifiableSet(new HashSet<>(authorizationRequest.getResourceIds()))); } if (authorizationRequest.getAuthorities() != null) { authorizationRequestMap.put("authorities", Collections .unmodifiableSet(new HashSet<GrantedAuthority>(authorizationRequest.getAuthorities()))); } return authorizationRequestMap; }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationEndpoint.java
private boolean isAuthorizationRequestModified(AuthorizationRequest authorizationRequest, Map<String, Object> originalAuthorizationRequest) { if (!ObjectUtils.nullSafeEquals(authorizationRequest.getClientId(), originalAuthorizationRequest.get(OAuth2Utils.CLIENT_ID))) { return true; }/*from w w w . jav a2 s. c o m*/ if (!ObjectUtils.nullSafeEquals(authorizationRequest.getState(), originalAuthorizationRequest.get(OAuth2Utils.STATE))) { return true; } if (!ObjectUtils.nullSafeEquals(authorizationRequest.getRedirectUri(), originalAuthorizationRequest.get(OAuth2Utils.REDIRECT_URI))) { return true; } if (!ObjectUtils.nullSafeEquals(authorizationRequest.getResponseTypes(), originalAuthorizationRequest.get(OAuth2Utils.RESPONSE_TYPE))) { return true; } if (!ObjectUtils.nullSafeEquals(authorizationRequest.isApproved(), originalAuthorizationRequest.get("approved"))) { return true; } if (!ObjectUtils.nullSafeEquals(authorizationRequest.getResourceIds(), originalAuthorizationRequest.get("resourceIds"))) { return true; } if (!ObjectUtils.nullSafeEquals(authorizationRequest.getAuthorities(), originalAuthorizationRequest.get("authorities"))) { return true; } return !ObjectUtils.nullSafeEquals(authorizationRequest.getScope(), originalAuthorizationRequest.get(OAuth2Utils.SCOPE)); }