List of usage examples for org.springframework.security.oauth2.provider.client BaseClientDetails setResourceIds
public void setResourceIds(Collection<String> resourceIds)
From source file:org.meruvian.yama.web.security.oauth.DefaultClientDetailsService.java
@Override public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException { Application application = null;/* w ww .j a v a 2 s .c o m*/ if (defaultOauthApplications.containsKey(clientId)) { application = defaultOauthApplications.get(clientId); } else { application = applicationRepository.findById(clientId); } if (application == null) return null; BaseClientDetails details = new BaseClientDetails(); details.setClientId(application.getId()); details.setClientSecret(application.getSecret()); details.setAuthorizedGrantTypes(authorizedGrantTypes); details.setScope(scopes); details.setResourceIds(resourceIds); details.setRegisteredRedirectUri(application.getRegisteredRedirectUris()); if (application.isAutoApprove()) details.setAutoApproveScopes(Arrays.asList("true")); details.setAccessTokenValiditySeconds(application.getAccessTokenValiditySeconds()); details.setRefreshTokenValiditySeconds(application.getRefreshTokenValiditySeconds()); return details; }
From source file:com.ge.predix.test.utils.UaaTestUtil.java
private void createClientWithAuthorities(final String clientId, final String clientSecret, final Collection<? extends GrantedAuthority> authorities) { BaseClientDetails client = new BaseClientDetails(); client.setAuthorities(authorities);//from www . j a va 2 s. c o m client.setAuthorizedGrantTypes(Arrays.asList(new String[] { "client_credentials" })); client.setClientId(clientId); client.setClientSecret(clientSecret); client.setResourceIds(Arrays.asList(new String[] { "uaa.none" })); createOrUpdateClient(client); }
From source file:oauth2.authentication.clients.ClientDetailsBuilder.java
public ClientDetails build() { BaseClientDetails client = new BaseClientDetails(); client.setClientId(clientId);/* w ww. j a v a 2s. c om*/ client.setClientSecret(clientSecret); client.setRegisteredRedirectUri(redirectUris.build()); client.setAuthorizedGrantTypes(authorizedGrantTypes.build()); client.setScope(scopes.build()); client.setAutoApproveScopes(autoApprovedScopes.build()); client.setResourceIds(resourceIds.build()); client.setAuthorities(authorities.build()); client.setAccessTokenValiditySeconds(accessTokenValiditySeconds); client.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds); return client; }
From source file:com.ge.predix.uaa.token.lib.FastTokenServices.java
@Override public OAuth2Authentication loadAuthentication(final String accessToken) throws AuthenticationException { Map<String, Object> claims; try {//from w w w . ja v a2 s . c om claims = getTokenClaims(accessToken); } catch (IllegalArgumentException e) { LOG.error("Malformed Access Token: " + accessToken); LOG.error(e); throw new InvalidTokenException("Malformed Access Token", e); } String iss = getIssuerFromClaims(claims); verifyIssuer(iss); // check if the singerProvider for that issuer has already in the cache SignatureVerifier verifier = this.tokenKeys.get(iss); if (null == verifier) { String tokenKey = getTokenKey(iss); verifier = getVerifier(tokenKey); this.tokenKeys.put(iss, verifier); } JwtHelper.decodeAndVerify(accessToken, verifier); verifyTimeWindow(claims); Assert.state(claims.containsKey("client_id"), "Client id must be present in response from auth server"); String remoteClientId = (String) claims.get("client_id"); Set<String> scope = new HashSet<>(); if (claims.containsKey("scope")) { @SuppressWarnings("unchecked") Collection<String> values = (Collection<String>) claims.get("scope"); scope.addAll(values); } AuthorizationRequest clientAuthentication = new AuthorizationRequest(remoteClientId, scope); if (claims.containsKey("resource_ids") || claims.containsKey("client_authorities")) { Set<String> resourceIds = new HashSet<>(); if (claims.containsKey("resource_ids")) { @SuppressWarnings("unchecked") Collection<String> values = (Collection<String>) claims.get("resource_ids"); resourceIds.addAll(values); } Set<GrantedAuthority> clientAuthorities = new HashSet<>(); if (claims.containsKey("client_authorities")) { @SuppressWarnings("unchecked") Collection<String> values = (Collection<String>) claims.get("client_authorities"); clientAuthorities.addAll(getAuthorities(values)); } BaseClientDetails clientDetails = new BaseClientDetails(); clientDetails.setClientId(remoteClientId); clientDetails.setResourceIds(resourceIds); clientDetails.setAuthorities(clientAuthorities); clientAuthentication.setResourceIdsAndAuthoritiesFromClientDetails(clientDetails); } Map<String, String> requestParameters = new HashMap<>(); if (isStoreClaims()) { for (Map.Entry<String, Object> entry : claims.entrySet()) { if (entry.getValue() != null && entry.getValue() instanceof String) { requestParameters.put(entry.getKey(), (String) entry.getValue()); } } } if (claims.containsKey(Claims.ADDITIONAL_AZ_ATTR)) { try { requestParameters.put(Claims.ADDITIONAL_AZ_ATTR, JsonUtils.writeValueAsString(claims.get(Claims.ADDITIONAL_AZ_ATTR))); } catch (JsonUtils.JsonUtilException e) { throw new IllegalStateException("Cannot convert access token to JSON", e); } } clientAuthentication.setRequestParameters(Collections.unmodifiableMap(requestParameters)); Authentication userAuthentication = getUserAuthentication(claims, scope); clientAuthentication.setApproved(true); return new OAuth2Authentication(clientAuthentication.createOAuth2Request(), userAuthentication); }
From source file:st.malike.auth.server.service.security.ClientDetailService.java
private BaseClientDetails getClientFromMongoDBClientDetails(ClientDetail clientDetails) { BaseClientDetails bc = new BaseClientDetails(); bc.setAccessTokenValiditySeconds(clientDetails.getAccessTokenValiditySeconds()); bc.setAuthorizedGrantTypes(clientDetails.getAuthorizedGrantTypes()); bc.setClientId(clientDetails.getClientId()); bc.setClientSecret(clientDetails.getClientSecret()); bc.setRefreshTokenValiditySeconds(clientDetails.getRefreshTokenValiditySeconds()); bc.setRegisteredRedirectUri(clientDetails.getRegisteredRedirectUri()); bc.setResourceIds(clientDetails.getResourceIds()); bc.setScope(clientDetails.getScope()); return bc;//from w w w . ja v a2 s .c o m }
From source file:com.tlantic.integration.authentication.service.security.ClientDetailService.java
private BaseClientDetails getClientFromMongoDBClientDetails(ClientDetail clientDetails) { BaseClientDetails bc = new BaseClientDetails(); bc.setAccessTokenValiditySeconds(clientDetails.getAccessTokenValiditySeconds()); bc.setAuthorizedGrantTypes(clientDetails.getAuthorizedGrantTypes()); bc.setClientId(clientDetails.getClientId()); bc.setClientSecret(clientDetails.getClientSecret()); bc.setRefreshTokenValiditySeconds(clientDetails.getRefreshTokenValiditySeconds()); bc.setRegisteredRedirectUri(clientDetails.getRegisteredRedirectUri()); bc.setResourceIds(clientDetails.getResourceIds()); bc.setScope(clientDetails.getScope()); List<SimpleGrantedAuthority> authorities = new LinkedList<>(); authorities.add(new SimpleGrantedAuthority("trust")); authorities.add(new SimpleGrantedAuthority("read")); authorities.add(new SimpleGrantedAuthority("write")); bc.setAuthorities(authorities);//from w ww .j a v a 2s . com return bc; }
From source file:com.ge.predix.test.utils.UaaTestUtil.java
private void createAcsZoneClient(final String acsZone, final String clientId, final String clientSecret) { BaseClientDetails acsZoneAdminClient = new BaseClientDetails(); ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>(); authorities.add(new SimpleGrantedAuthority("acs.attributes.read")); authorities.add(new SimpleGrantedAuthority("acs.attributes.write")); authorities.add(new SimpleGrantedAuthority("acs.policies.read")); authorities.add(new SimpleGrantedAuthority("acs.policies.write")); authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZone + ".admin")); authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZone + ".user")); acsZoneAdminClient.setAuthorities(authorities); acsZoneAdminClient.setAuthorizedGrantTypes(Arrays.asList(new String[] { "client_credentials" })); acsZoneAdminClient.setClientId(clientId); acsZoneAdminClient.setClientSecret(clientSecret); acsZoneAdminClient.setResourceIds(Arrays.asList(new String[] { "uaa.none" })); createOrUpdateClient(acsZoneAdminClient); }
From source file:com.ge.predix.test.utils.UaaTestUtil.java
private void createAcsAdminClient(final List<String> acsZones, final String clientId, final String clientSecret) { BaseClientDetails acsAdminClient = new BaseClientDetails(); ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>(); authorities.add(new SimpleGrantedAuthority("acs.zones.admin")); authorities.add(new SimpleGrantedAuthority("acs.attributes.read")); authorities.add(new SimpleGrantedAuthority("acs.attributes.write")); authorities.add(new SimpleGrantedAuthority("acs.policies.read")); authorities.add(new SimpleGrantedAuthority("acs.policies.write")); for (int i = 0; i < acsZones.size(); i++) { authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(i) + ".admin")); authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(i) + ".user")); }/* w ww . ja v a 2 s . co m*/ acsAdminClient.setAuthorities(authorities); acsAdminClient.setAuthorizedGrantTypes(Arrays.asList(new String[] { "client_credentials" })); acsAdminClient.setClientId(clientId); acsAdminClient.setClientSecret(clientSecret); acsAdminClient.setResourceIds(Arrays.asList(new String[] { "uaa.none" })); createOrUpdateClient(acsAdminClient); }
From source file:org.cloudfoundry.identity.uaa.client.ClientAdminBootstrap.java
private void addNewClients() throws Exception { for (Map.Entry<String, Map<String, Object>> entry : clients.entrySet()) { String clientId = entry.getKey(); Map<String, Object> map = entry.getValue(); BaseClientDetails client = new BaseClientDetails(clientId, (String) map.get("resource-ids"), (String) map.get("scope"), (String) map.get("authorized-grant-types"), (String) map.get("authorities"), getRedirectUris(map)); client.setClientSecret((String) map.get("secret")); Integer validity = (Integer) map.get("access-token-validity"); Boolean override = (Boolean) map.get("override"); if (override == null) { override = defaultOverride;//w w w . ja v a2s .co m } Map<String, Object> info = new HashMap<String, Object>(map); if (validity != null) { client.setAccessTokenValiditySeconds(validity); } validity = (Integer) map.get("refresh-token-validity"); if (validity != null) { client.setRefreshTokenValiditySeconds(validity); } // UAA does not use the resource ids in client registrations client.setResourceIds(Collections.singleton("none")); if (client.getScope().isEmpty()) { client.setScope(Collections.singleton("uaa.none")); } if (client.getAuthorities().isEmpty()) { client.setAuthorities(Collections.singleton(UaaAuthority.UAA_NONE)); } if (client.getAuthorizedGrantTypes().contains("authorization_code")) { client.getAuthorizedGrantTypes().add("refresh_token"); } for (String key : Arrays.asList("resource-ids", "scope", "authorized-grant-types", "authorities", "redirect-uri", "secret", "id", "override", "access-token-validity", "refresh-token-validity", "show-on-homepage", "app-launch-url", "app-icon")) { info.remove(key); } client.setAdditionalInformation(info); try { clientRegistrationService.addClientDetails(client); } catch (ClientAlreadyExistsException e) { if (override == null || override) { logger.debug("Overriding client details for " + clientId); clientRegistrationService.updateClientDetails(client); if (StringUtils.hasText(client.getClientSecret()) && didPasswordChange(clientId, client.getClientSecret())) { clientRegistrationService.updateClientSecret(clientId, client.getClientSecret()); } } else { // ignore it logger.debug(e.getMessage()); } } ClientMetadata clientMetadata = buildClientMetadata(map, clientId); clientMetadataProvisioning.update(clientMetadata); } }
From source file:org.cloudfoundry.identity.uaa.client.ClientAdminEndpoints.java
private ClientDetails syncWithExisting(ClientDetails existing, ClientDetails input) { BaseClientDetails details = new BaseClientDetails(input); if (input instanceof BaseClientDetails) { BaseClientDetails baseInput = (BaseClientDetails) input; if (baseInput.getAutoApproveScopes() != null) { details.setAutoApproveScopes(baseInput.getAutoApproveScopes()); } else {/*from www. jav a2 s . c om*/ details.setAutoApproveScopes(new HashSet<String>()); if (existing instanceof BaseClientDetails) { BaseClientDetails existingDetails = (BaseClientDetails) existing; if (existingDetails.getAutoApproveScopes() != null) { for (String scope : existingDetails.getAutoApproveScopes()) { details.getAutoApproveScopes().add(scope); } } } } } if (details.getAccessTokenValiditySeconds() == null) { details.setAccessTokenValiditySeconds(existing.getAccessTokenValiditySeconds()); } if (details.getRefreshTokenValiditySeconds() == null) { details.setRefreshTokenValiditySeconds(existing.getRefreshTokenValiditySeconds()); } if (details.getAuthorities() == null || details.getAuthorities().isEmpty()) { details.setAuthorities(existing.getAuthorities()); } if (details.getAuthorizedGrantTypes() == null || details.getAuthorizedGrantTypes().isEmpty()) { details.setAuthorizedGrantTypes(existing.getAuthorizedGrantTypes()); } if (details.getRegisteredRedirectUri() == null || details.getRegisteredRedirectUri().isEmpty()) { details.setRegisteredRedirectUri(existing.getRegisteredRedirectUri()); } if (details.getResourceIds() == null || details.getResourceIds().isEmpty()) { details.setResourceIds(existing.getResourceIds()); } if (details.getScope() == null || details.getScope().isEmpty()) { details.setScope(existing.getScope()); } Map<String, Object> additionalInformation = new HashMap<String, Object>( existing.getAdditionalInformation()); additionalInformation.putAll(input.getAdditionalInformation()); for (String key : Collections.unmodifiableSet(additionalInformation.keySet())) { if (additionalInformation.get(key) == null) { additionalInformation.remove(key); } } details.setAdditionalInformation(additionalInformation); return details; }