List of usage examples for org.springframework.security.oauth2.provider.client BaseClientDetails setAuthorities
@org.codehaus.jackson.annotate.JsonIgnore
@com.fasterxml.jackson.annotation.JsonIgnore
public void setAuthorities(Collection<? extends GrantedAuthority> authorities)
From source file:com.create.application.configuration.security.ClientConfiguration.java
@Bean @ConfigurationProperties("security.oauth2.client") public BaseClientDetails oauth2ClientDetails(OAuth2ClientProperties client) { BaseClientDetails details = new BaseClientDetails(); details.setClientId(client.getClientId()); details.setClientSecret(client.getClientSecret()); details.setAuthorities(getAuthorities()); details.setRegisteredRedirectUri(Collections.emptySet()); return details; }
From source file:com.ge.predix.test.utils.UaaTestUtil.java
private void createClientWithAuthorities(final String clientId, final String clientSecret, final Collection<? extends GrantedAuthority> authorities) { BaseClientDetails client = new BaseClientDetails(); client.setAuthorities(authorities); client.setAuthorizedGrantTypes(Arrays.asList(new String[] { "client_credentials" })); client.setClientId(clientId);//from w w w . java 2s. co m client.setClientSecret(clientSecret); client.setResourceIds(Arrays.asList(new String[] { "uaa.none" })); createOrUpdateClient(client); }
From source file:org.cloudfoundry.identity.uaa.api.client.test.UaaClientOperationTest.java
private BaseClientDetails createClient() { BaseClientDetails client = new BaseClientDetails(); client.setClientId("test"); client.setClientSecret("testsecret"); client.setAccessTokenValiditySeconds(3600); client.setAuthorizedGrantTypes(Arrays.asList(UaaTokenGrantType.authorization_code.toString(), UaaTokenGrantType.client_credentials.toString())); client.setRefreshTokenValiditySeconds(86400); client.setAuthorities(AuthorityUtils.createAuthorityList("uaa.resource")); return operations.create(client); }
From source file:oauth2.authentication.clients.ClientDetailsBuilder.java
public ClientDetails build() { BaseClientDetails client = new BaseClientDetails(); client.setClientId(clientId);//from ww w. ja va 2 s . co m client.setClientSecret(clientSecret); client.setRegisteredRedirectUri(redirectUris.build()); client.setAuthorizedGrantTypes(authorizedGrantTypes.build()); client.setScope(scopes.build()); client.setAutoApproveScopes(autoApprovedScopes.build()); client.setResourceIds(resourceIds.build()); client.setAuthorities(authorities.build()); client.setAccessTokenValiditySeconds(accessTokenValiditySeconds); client.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds); return client; }
From source file:com.ge.predix.uaa.token.lib.FastTokenServices.java
@Override public OAuth2Authentication loadAuthentication(final String accessToken) throws AuthenticationException { Map<String, Object> claims; try {// w w w . j a va 2 s. c o m claims = getTokenClaims(accessToken); } catch (IllegalArgumentException e) { LOG.error("Malformed Access Token: " + accessToken); LOG.error(e); throw new InvalidTokenException("Malformed Access Token", e); } String iss = getIssuerFromClaims(claims); verifyIssuer(iss); // check if the singerProvider for that issuer has already in the cache SignatureVerifier verifier = this.tokenKeys.get(iss); if (null == verifier) { String tokenKey = getTokenKey(iss); verifier = getVerifier(tokenKey); this.tokenKeys.put(iss, verifier); } JwtHelper.decodeAndVerify(accessToken, verifier); verifyTimeWindow(claims); Assert.state(claims.containsKey("client_id"), "Client id must be present in response from auth server"); String remoteClientId = (String) claims.get("client_id"); Set<String> scope = new HashSet<>(); if (claims.containsKey("scope")) { @SuppressWarnings("unchecked") Collection<String> values = (Collection<String>) claims.get("scope"); scope.addAll(values); } AuthorizationRequest clientAuthentication = new AuthorizationRequest(remoteClientId, scope); if (claims.containsKey("resource_ids") || claims.containsKey("client_authorities")) { Set<String> resourceIds = new HashSet<>(); if (claims.containsKey("resource_ids")) { @SuppressWarnings("unchecked") Collection<String> values = (Collection<String>) claims.get("resource_ids"); resourceIds.addAll(values); } Set<GrantedAuthority> clientAuthorities = new HashSet<>(); if (claims.containsKey("client_authorities")) { @SuppressWarnings("unchecked") Collection<String> values = (Collection<String>) claims.get("client_authorities"); clientAuthorities.addAll(getAuthorities(values)); } BaseClientDetails clientDetails = new BaseClientDetails(); clientDetails.setClientId(remoteClientId); clientDetails.setResourceIds(resourceIds); clientDetails.setAuthorities(clientAuthorities); clientAuthentication.setResourceIdsAndAuthoritiesFromClientDetails(clientDetails); } Map<String, String> requestParameters = new HashMap<>(); if (isStoreClaims()) { for (Map.Entry<String, Object> entry : claims.entrySet()) { if (entry.getValue() != null && entry.getValue() instanceof String) { requestParameters.put(entry.getKey(), (String) entry.getValue()); } } } if (claims.containsKey(Claims.ADDITIONAL_AZ_ATTR)) { try { requestParameters.put(Claims.ADDITIONAL_AZ_ATTR, JsonUtils.writeValueAsString(claims.get(Claims.ADDITIONAL_AZ_ATTR))); } catch (JsonUtils.JsonUtilException e) { throw new IllegalStateException("Cannot convert access token to JSON", e); } } clientAuthentication.setRequestParameters(Collections.unmodifiableMap(requestParameters)); Authentication userAuthentication = getUserAuthentication(claims, scope); clientAuthentication.setApproved(true); return new OAuth2Authentication(clientAuthentication.createOAuth2Request(), userAuthentication); }
From source file:com.ge.predix.test.utils.UaaTestUtil.java
private void createAcsZoneClient(final String acsZone, final String clientId, final String clientSecret) { BaseClientDetails acsZoneAdminClient = new BaseClientDetails(); ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>(); authorities.add(new SimpleGrantedAuthority("acs.attributes.read")); authorities.add(new SimpleGrantedAuthority("acs.attributes.write")); authorities.add(new SimpleGrantedAuthority("acs.policies.read")); authorities.add(new SimpleGrantedAuthority("acs.policies.write")); authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZone + ".admin")); authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZone + ".user")); acsZoneAdminClient.setAuthorities(authorities); acsZoneAdminClient.setAuthorizedGrantTypes(Arrays.asList(new String[] { "client_credentials" })); acsZoneAdminClient.setClientId(clientId); acsZoneAdminClient.setClientSecret(clientSecret); acsZoneAdminClient.setResourceIds(Arrays.asList(new String[] { "uaa.none" })); createOrUpdateClient(acsZoneAdminClient); }
From source file:com.ge.predix.test.utils.UaaTestUtil.java
private void createAcsAdminClient(final List<String> acsZones, final String clientId, final String clientSecret) { BaseClientDetails acsAdminClient = new BaseClientDetails(); ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>(); authorities.add(new SimpleGrantedAuthority("acs.zones.admin")); authorities.add(new SimpleGrantedAuthority("acs.attributes.read")); authorities.add(new SimpleGrantedAuthority("acs.attributes.write")); authorities.add(new SimpleGrantedAuthority("acs.policies.read")); authorities.add(new SimpleGrantedAuthority("acs.policies.write")); for (int i = 0; i < acsZones.size(); i++) { authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(i) + ".admin")); authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(i) + ".user")); }/* w ww .ja va2 s. c om*/ acsAdminClient.setAuthorities(authorities); acsAdminClient.setAuthorizedGrantTypes(Arrays.asList(new String[] { "client_credentials" })); acsAdminClient.setClientId(clientId); acsAdminClient.setClientSecret(clientSecret); acsAdminClient.setResourceIds(Arrays.asList(new String[] { "uaa.none" })); createOrUpdateClient(acsAdminClient); }
From source file:com.tlantic.integration.authentication.service.security.ClientDetailService.java
private BaseClientDetails getClientFromMongoDBClientDetails(ClientDetail clientDetails) { BaseClientDetails bc = new BaseClientDetails(); bc.setAccessTokenValiditySeconds(clientDetails.getAccessTokenValiditySeconds()); bc.setAuthorizedGrantTypes(clientDetails.getAuthorizedGrantTypes()); bc.setClientId(clientDetails.getClientId()); bc.setClientSecret(clientDetails.getClientSecret()); bc.setRefreshTokenValiditySeconds(clientDetails.getRefreshTokenValiditySeconds()); bc.setRegisteredRedirectUri(clientDetails.getRegisteredRedirectUri()); bc.setResourceIds(clientDetails.getResourceIds()); bc.setScope(clientDetails.getScope()); List<SimpleGrantedAuthority> authorities = new LinkedList<>(); authorities.add(new SimpleGrantedAuthority("trust")); authorities.add(new SimpleGrantedAuthority("read")); authorities.add(new SimpleGrantedAuthority("write")); bc.setAuthorities(authorities); return bc;//from w w w.jav a2 s . co m }
From source file:it.smartcommunitylab.aac.model.ClientDetailsRowMapper.java
public ClientDetails mapRow(ResultSet rs, int rowNum) throws SQLException { BaseClientDetails details = new BaseClientDetails(rs.getString("client_id"), rs.getString("resource_ids"), rs.getString("scope"), rs.getString("authorized_grant_types"), rs.getString("authorities"), rs.getString("web_server_redirect_uri")); details.setClientSecret(rs.getString("client_secret")); if (rs.getObject("access_token_validity") != null) { details.setAccessTokenValiditySeconds(rs.getInt("access_token_validity")); }//from w ww.j a va2 s . com if (rs.getObject("refresh_token_validity") != null) { details.setRefreshTokenValiditySeconds(rs.getInt("refresh_token_validity")); } String json = rs.getString("additional_information"); if (json != null) { try { @SuppressWarnings("unchecked") Map<String, Object> additionalInformation = mapper.readValue(json, Map.class); details.setAdditionalInformation(additionalInformation); } catch (Exception e) { logger.warn("Could not decode JSON for additional information: " + details, e); } } else { details.setAdditionalInformation(new HashMap<String, Object>()); } // merge developer roles into authorities it.smartcommunitylab.aac.model.User developer = userRepository.findOne(rs.getLong("developerId")); if (developer != null) { List<GrantedAuthority> list = new LinkedList<GrantedAuthority>(); if (details.getAuthorities() != null) list.addAll(details.getAuthorities()); list.addAll(developer.getRoles().stream().filter(r -> !StringUtils.isEmpty(r.getContext())) .collect(Collectors.toList())); details.setAuthorities(list); } return details; }
From source file:org.cloudfoundry.identity.uaa.client.ClientAdminBootstrap.java
private void addNewClients() throws Exception { for (Map.Entry<String, Map<String, Object>> entry : clients.entrySet()) { String clientId = entry.getKey(); Map<String, Object> map = entry.getValue(); BaseClientDetails client = new BaseClientDetails(clientId, (String) map.get("resource-ids"), (String) map.get("scope"), (String) map.get("authorized-grant-types"), (String) map.get("authorities"), getRedirectUris(map)); client.setClientSecret((String) map.get("secret")); Integer validity = (Integer) map.get("access-token-validity"); Boolean override = (Boolean) map.get("override"); if (override == null) { override = defaultOverride;//from ww w. j ava 2s .c o m } Map<String, Object> info = new HashMap<String, Object>(map); if (validity != null) { client.setAccessTokenValiditySeconds(validity); } validity = (Integer) map.get("refresh-token-validity"); if (validity != null) { client.setRefreshTokenValiditySeconds(validity); } // UAA does not use the resource ids in client registrations client.setResourceIds(Collections.singleton("none")); if (client.getScope().isEmpty()) { client.setScope(Collections.singleton("uaa.none")); } if (client.getAuthorities().isEmpty()) { client.setAuthorities(Collections.singleton(UaaAuthority.UAA_NONE)); } if (client.getAuthorizedGrantTypes().contains("authorization_code")) { client.getAuthorizedGrantTypes().add("refresh_token"); } for (String key : Arrays.asList("resource-ids", "scope", "authorized-grant-types", "authorities", "redirect-uri", "secret", "id", "override", "access-token-validity", "refresh-token-validity", "show-on-homepage", "app-launch-url", "app-icon")) { info.remove(key); } client.setAdditionalInformation(info); try { clientRegistrationService.addClientDetails(client); } catch (ClientAlreadyExistsException e) { if (override == null || override) { logger.debug("Overriding client details for " + clientId); clientRegistrationService.updateClientDetails(client); if (StringUtils.hasText(client.getClientSecret()) && didPasswordChange(clientId, client.getClientSecret())) { clientRegistrationService.updateClientSecret(clientId, client.getClientSecret()); } } else { // ignore it logger.debug(e.getMessage()); } } ClientMetadata clientMetadata = buildClientMetadata(map, clientId); clientMetadataProvisioning.update(clientMetadata); } }