List of usage examples for org.springframework.security.oauth2.provider AuthorizationRequest setApproved
public void setApproved(boolean approved)
From source file:org.mitre.openid.connect.token.TofuUserApprovalHandler.java
@Override public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { String userId = userAuthentication.getName(); String clientId = authorizationRequest.getClientId(); ClientDetails client = clientDetailsService.loadClientByClientId(clientId); // This must be re-parsed here because SECOAUTH forces us to call things in a strange order if (Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval"))) { authorizationRequest.setApproved(true); // process scopes from user input Set<String> allowedScopes = Sets.newHashSet(); Map<String, String> approvalParams = authorizationRequest.getApprovalParameters(); Set<String> keys = approvalParams.keySet(); for (String key : keys) { if (key.startsWith("scope_")) { //This is a scope parameter from the approval page. The value sent back should //be the scope string. Check to make sure it is contained in the client's //registered allowed scopes. String scope = approvalParams.get(key); Set<String> approveSet = Sets.newHashSet(scope); //Make sure this scope is allowed for the given client if (systemScopes.scopesMatch(client.getScope(), approveSet)) { // If it's structured, assign the user-specified parameter SystemScope systemScope = systemScopes.getByValue(scope); if (systemScope != null && systemScope.isStructured()) { String paramValue = approvalParams.get("scopeparam_" + scope); allowedScopes.add(scope + ":" + paramValue); // .. and if it's unstructured, we're all set } else { allowedScopes.add(scope); }/*w w w . ja va 2s . c o m*/ } } } // inject the user-allowed scopes into the auth request authorizationRequest.setScope(allowedScopes); //Only store an ApprovedSite if the user has checked "remember this decision": String remember = authorizationRequest.getApprovalParameters().get("remember"); if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) { Date timeout = null; if (remember.equals("one-hour")) { // set the timeout to one hour from now Calendar cal = Calendar.getInstance(); cal.add(Calendar.HOUR, 1); timeout = cal.getTime(); } ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes); String newSiteId = newSite.getId().toString(); authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId); } setAuthTime(authorizationRequest); } return authorizationRequest; }
From source file:org.smartplatforms.openid.connect.token.SmartTofuUserApprovalHandler.java
@Override public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { String userId = userAuthentication.getName(); String clientId = authorizationRequest.getClientId(); ClientDetails client = clientDetailsService.loadClientByClientId(clientId); // This must be re-parsed here because SECOAUTH forces us to call things in a strange order if (Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval")) && authorizationRequest.getExtensions().get(CSRF) != null && authorizationRequest.getExtensions() .get(CSRF).equals(authorizationRequest.getApprovalParameters().get(CSRF))) { authorizationRequest.setApproved(true); // process scopes from user input Set<String> allowedScopes = Sets.newHashSet(); Map<String, String> approvalParams = authorizationRequest.getApprovalParameters(); Set<String> keys = approvalParams.keySet(); for (String key : keys) { if (key.startsWith("scope_")) { //This is a scope parameter from the approval page. The value sent back should //be the scope string. Check to make sure it is contained in the client's //registered allowed scopes. String scope = approvalParams.get(key); Set<String> approveSet = Sets.newHashSet(scope); //Make sure this scope is allowed for the given client if (systemScopes.scopesMatch(client.getScope(), approveSet)) { // If it's structured, assign the user-specified parameter SystemScope systemScope = systemScopes.getByValue(scope); if (systemScope != null && systemScope.isStructured()) { String paramValue = approvalParams.get("scopeparam_" + scope); if (!Strings.isNullOrEmpty(paramValue)) { allowedScopes.add(scope + ":" + paramValue); } else { allowedScopes.add(scope); }//from ww w .java 2 s .c o m // .. and if it's unstructured, we're all set } else { allowedScopes.add(scope); } } } } // inject the user-allowed scopes into the auth request authorizationRequest.setScope(allowedScopes); //Only store an ApprovedSite if the user has checked "remember this decision": String remember = authorizationRequest.getApprovalParameters().get("remember"); if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) { Date timeout = null; if (remember.equals("one-hour")) { // set the timeout to one hour from now Calendar cal = Calendar.getInstance(); cal.add(Calendar.HOUR, 1); timeout = cal.getTime(); } ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes); String newSiteId = newSite.getId().toString(); authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId); } setAuthTime(authorizationRequest); } return authorizationRequest; }
From source file:com.cmz.web1.oauth.MyWebUserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * /* w w w. java2 s.com*/ * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return An updated request if it has already been approved by the current user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope)) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:org.energyos.espi.datacustodian.oauth.EspiUserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * //from www . j a v a 2s.c o m * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return An updated request if it has already been approved by the current user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope) || client.isAutoApprove("all")) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:cn.ifast.oauth2server.oauth.SparklrUserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * /* w w w .jav a2 s . c o m*/ * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return An updated request if it has already been approved by the current user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope) || client.isAutoApprove("all")) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:org.springsecurity.oauth2.oauth.OAuth2UserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit * grant case./*from ww w . j a v a2 s . com*/ * * @param authorizationRequest * The authorization request. * @param userAuthentication * the current user authentication * * @return An updated request if it has already been approved by the current * user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit // the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope) || client.isAutoApprove("all")) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:com.kopetto.sample.oauth.WebAppUserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * /*from w ww . j a v a 2 s.c om*/ * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return An updated request if it has already been approved by the current user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); // this is set up in OAuth2ServerConfiguration::configure (autoApprove) approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope) || client.isAutoApprove("all")) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:com.ecsteam.sample.oauth2.configuration.util.SampleApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit * grant case.// www . j a v a2 s .co m * * @param authorizationRequest * The authorization request. * @param userAuthentication * the current user authentication * * @return An updated request if it has already been approved by the current * user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { // boolean approved = false; // // If we are allowed to check existing approvals this will short circuit // // the decision // if (useApprovalStore) { // authorizationRequest = super.checkForPreApproval( // authorizationRequest, userAuthentication); // approved = authorizationRequest.isApproved(); // } else { // if (clientDetailsService != null) { // Collection<String> requestedScopes = authorizationRequest // .getScope(); // try { // ClientDetails client = clientDetailsService // .loadClientByClientId(authorizationRequest // .getClientId()); // for (String scope : requestedScopes) { // if (client.isAutoApprove(scope) // || client.isAutoApprove("all")) { // approved = true; // break; // } // } // } catch (ClientRegistrationException e) { // } // } // } authorizationRequest.setApproved(true); return authorizationRequest; }
From source file:org.joyrest.oauth2.endpoint.AuthorizationEndpoint.java
@Override protected void configure() { setControllerPath("oauth"); get("authorize", (req, resp) -> { Map<String, String> parameters = MapUtils.createOneDimMap(req.getQueryParams()); AuthorizationRequest authorizationRequest = requestFactory.createAuthorizationRequest(parameters); Set<String> responseTypes = authorizationRequest.getResponseTypes(); if (!responseTypes.contains("token") && !responseTypes.contains("code")) { throw new UnsupportedResponseTypeException("Unsupported response types: " + responseTypes); }//from w w w . j a va 2 s. c o m if (isNull(authorizationRequest.getClientId())) { throw new InvalidClientException("A client id must be provided"); } ClientDetails client = clientDetailsService.loadClientByClientId(authorizationRequest.getClientId()); String redirectUriParameter = authorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI); String resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client); if (isEmpty(resolvedRedirect)) { throw new RedirectMismatchException( "A redirectUri must be either supplied or preconfigured in the ClientDetails"); } authorizationRequest.setRedirectUri(resolvedRedirect); requestValidator.validateScope(authorizationRequest, client); authorizationRequest = userApprovalHandler.checkForPreApproval(authorizationRequest, null); boolean approved = userApprovalHandler.isApproved(authorizationRequest, null); authorizationRequest.setApproved(approved); if (authorizationRequest.isApproved()) { if (responseTypes.contains("token")) { resp.status(HttpStatus.FOUND); resp.header(HeaderName.LOCATION, getImplicitGrantResponse(authorizationRequest)); } if (responseTypes.contains("code")) { resp.status(HttpStatus.FOUND); resp.header(HeaderName.LOCATION, getAuthorizationCodeResponse(authorizationRequest)); } } }); }
From source file:org.mitre.openid.connect.token.TofuUserApprovalHandler.java
/** * Check if the user has already stored a positive approval decision for this site; or if the * site is whitelisted, approve it automatically. * //from www . j ava2 s . co m * Otherwise the user will be directed to the approval page and can make their own decision. * * @param authorizationRequest the incoming authorization request * @param userAuthentication the Principal representing the currently-logged-in user * * @return the updated AuthorizationRequest */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { //First, check database to see if the user identified by the userAuthentication has stored an approval decision String userId = userAuthentication.getName(); String clientId = authorizationRequest.getClientId(); //lookup ApprovedSites by userId and clientId boolean alreadyApproved = false; // find out if we're supposed to force a prompt on the user or not String prompt = (String) authorizationRequest.getExtensions().get(PROMPT); List<String> prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt)); if (!prompts.contains(PROMPT_CONSENT)) { // if the prompt parameter is set to "consent" then we can't use approved sites or whitelisted sites // otherwise, we need to check them below Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId); for (ApprovedSite ap : aps) { if (!ap.isExpired()) { // if we find one that fits... if (systemScopes.scopesMatch(ap.getAllowedScopes(), authorizationRequest.getScope())) { //We have a match; update the access date on the AP entry and return true. ap.setAccessDate(new Date()); approvedSiteService.save(ap); String apId = ap.getId().toString(); authorizationRequest.getExtensions().put(APPROVED_SITE, apId); authorizationRequest.setApproved(true); alreadyApproved = true; setAuthTime(authorizationRequest); } } } if (!alreadyApproved) { WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId); if (ws != null && systemScopes.scopesMatch(ws.getAllowedScopes(), authorizationRequest.getScope())) { authorizationRequest.setApproved(true); setAuthTime(authorizationRequest); } } } return authorizationRequest; }