List of usage examples for org.springframework.security.oauth2.provider.client BaseClientDetails setScope
public void setScope(Collection<String> scope)
From source file:org.cloudfoundry.identity.uaa.api.client.test.UaaClientOperationTest.java
@Test public void testUpdate() throws Exception { ignoreIfUaaNotRunning();/* ww w . j a v a 2s. c om*/ BaseClientDetails toUpdate = createClient(); try { BaseClientDetails client = operations.findById(toUpdate.getClientId()); toUpdate.setScope(Arrays.asList("foo")); BaseClientDetails updated = operations.update(toUpdate); assertNotEquals(client.getScope(), updated.getScope()); assertEquals("foo", updated.getScope().iterator().next()); } finally { operations.delete(toUpdate.getClientId()); } }
From source file:com.katropine.oauth.ClientDetailsServiceImpl.java
@Override public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception { /**/*from ww w . j av a 2 s . c o m*/ * Request access * curl -v -X GET -H "Content-Type: application/json" 'http://localhost:8080/springmvcrest/oauth/token?username=user1&password=user1&client_id=client1&client_secret=client1&grant_type=password'\ * * Request To access protected resource getMyInfo: * curl -H "Authorization:Bearer 6fd0f4b7-ca03-49ff-ae46-eea5e6929325" "http://localhost:8080/springmvcrest/api/getMyInfo" * * Request To logout * curl -H "Authorization:Bearer 6fd0f4b7-ca03-49ff-ae46-eea5e6929325" "http://localhost:8080/springmvcrest/api/logou" * */ System.out.println("client: " + clientId); if (clientId.equals("client1")) { System.out.println("In client: " + clientId); List<String> authorizedGrantTypes = new ArrayList<>(); authorizedGrantTypes.add("password"); authorizedGrantTypes.add("refresh_token"); authorizedGrantTypes.add("client_credentials"); Collection<String> col = new ArrayList<>(); col.add("client1"); BaseClientDetails clientDetails = new BaseClientDetails(); clientDetails.setClientId("client1"); clientDetails.setClientSecret("client1"); clientDetails.setScope(col); clientDetails.setAuthorizedGrantTypes(authorizedGrantTypes); return clientDetails; } else if (clientId.equals("client2")) { System.out.println("In client: " + clientId); List<String> authorizedGrantTypes = new ArrayList<>(); authorizedGrantTypes.add("password"); authorizedGrantTypes.add("refresh_token"); authorizedGrantTypes.add("client_credentials"); BaseClientDetails clientDetails = new BaseClientDetails(); clientDetails.setClientId("client2"); clientDetails.setClientSecret("client2"); clientDetails.setAuthorizedGrantTypes(authorizedGrantTypes); return clientDetails; } else { throw new NoSuchClientException("No client with requested id: " + clientId); } }
From source file:org.meruvian.yama.web.security.oauth.DefaultClientDetailsService.java
@Override public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException { Application application = null;//from w ww .j a v a 2 s. c o m if (defaultOauthApplications.containsKey(clientId)) { application = defaultOauthApplications.get(clientId); } else { application = applicationRepository.findById(clientId); } if (application == null) return null; BaseClientDetails details = new BaseClientDetails(); details.setClientId(application.getId()); details.setClientSecret(application.getSecret()); details.setAuthorizedGrantTypes(authorizedGrantTypes); details.setScope(scopes); details.setResourceIds(resourceIds); details.setRegisteredRedirectUri(application.getRegisteredRedirectUris()); if (application.isAutoApprove()) details.setAutoApproveScopes(Arrays.asList("true")); details.setAccessTokenValiditySeconds(application.getAccessTokenValiditySeconds()); details.setRefreshTokenValiditySeconds(application.getRefreshTokenValiditySeconds()); return details; }
From source file:oauth2.authentication.clients.ClientDetailsBuilder.java
public ClientDetails build() { BaseClientDetails client = new BaseClientDetails(); client.setClientId(clientId);/* w ww . j a v a2s . co m*/ client.setClientSecret(clientSecret); client.setRegisteredRedirectUri(redirectUris.build()); client.setAuthorizedGrantTypes(authorizedGrantTypes.build()); client.setScope(scopes.build()); client.setAutoApproveScopes(autoApprovedScopes.build()); client.setResourceIds(resourceIds.build()); client.setAuthorities(authorities.build()); client.setAccessTokenValiditySeconds(accessTokenValiditySeconds); client.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds); return client; }
From source file:st.malike.auth.server.service.security.ClientDetailService.java
private BaseClientDetails getClientFromMongoDBClientDetails(ClientDetail clientDetails) { BaseClientDetails bc = new BaseClientDetails(); bc.setAccessTokenValiditySeconds(clientDetails.getAccessTokenValiditySeconds()); bc.setAuthorizedGrantTypes(clientDetails.getAuthorizedGrantTypes()); bc.setClientId(clientDetails.getClientId()); bc.setClientSecret(clientDetails.getClientSecret()); bc.setRefreshTokenValiditySeconds(clientDetails.getRefreshTokenValiditySeconds()); bc.setRegisteredRedirectUri(clientDetails.getRegisteredRedirectUri()); bc.setResourceIds(clientDetails.getResourceIds()); bc.setScope(clientDetails.getScope()); return bc;/*from w w w. j a v a 2s . c o m*/ }
From source file:com.tlantic.integration.authentication.service.security.ClientDetailService.java
private BaseClientDetails getClientFromMongoDBClientDetails(ClientDetail clientDetails) { BaseClientDetails bc = new BaseClientDetails(); bc.setAccessTokenValiditySeconds(clientDetails.getAccessTokenValiditySeconds()); bc.setAuthorizedGrantTypes(clientDetails.getAuthorizedGrantTypes()); bc.setClientId(clientDetails.getClientId()); bc.setClientSecret(clientDetails.getClientSecret()); bc.setRefreshTokenValiditySeconds(clientDetails.getRefreshTokenValiditySeconds()); bc.setRegisteredRedirectUri(clientDetails.getRegisteredRedirectUri()); bc.setResourceIds(clientDetails.getResourceIds()); bc.setScope(clientDetails.getScope()); List<SimpleGrantedAuthority> authorities = new LinkedList<>(); authorities.add(new SimpleGrantedAuthority("trust")); authorities.add(new SimpleGrantedAuthority("read")); authorities.add(new SimpleGrantedAuthority("write")); bc.setAuthorities(authorities);/*from w w w. j a v a2 s. c om*/ return bc; }
From source file:org.cloudfoundry.identity.uaa.client.ClientAdminBootstrap.java
private void addNewClients() throws Exception { for (Map.Entry<String, Map<String, Object>> entry : clients.entrySet()) { String clientId = entry.getKey(); Map<String, Object> map = entry.getValue(); BaseClientDetails client = new BaseClientDetails(clientId, (String) map.get("resource-ids"), (String) map.get("scope"), (String) map.get("authorized-grant-types"), (String) map.get("authorities"), getRedirectUris(map)); client.setClientSecret((String) map.get("secret")); Integer validity = (Integer) map.get("access-token-validity"); Boolean override = (Boolean) map.get("override"); if (override == null) { override = defaultOverride;//from w w w . j av a2s . c om } Map<String, Object> info = new HashMap<String, Object>(map); if (validity != null) { client.setAccessTokenValiditySeconds(validity); } validity = (Integer) map.get("refresh-token-validity"); if (validity != null) { client.setRefreshTokenValiditySeconds(validity); } // UAA does not use the resource ids in client registrations client.setResourceIds(Collections.singleton("none")); if (client.getScope().isEmpty()) { client.setScope(Collections.singleton("uaa.none")); } if (client.getAuthorities().isEmpty()) { client.setAuthorities(Collections.singleton(UaaAuthority.UAA_NONE)); } if (client.getAuthorizedGrantTypes().contains("authorization_code")) { client.getAuthorizedGrantTypes().add("refresh_token"); } for (String key : Arrays.asList("resource-ids", "scope", "authorized-grant-types", "authorities", "redirect-uri", "secret", "id", "override", "access-token-validity", "refresh-token-validity", "show-on-homepage", "app-launch-url", "app-icon")) { info.remove(key); } client.setAdditionalInformation(info); try { clientRegistrationService.addClientDetails(client); } catch (ClientAlreadyExistsException e) { if (override == null || override) { logger.debug("Overriding client details for " + clientId); clientRegistrationService.updateClientDetails(client); if (StringUtils.hasText(client.getClientSecret()) && didPasswordChange(clientId, client.getClientSecret())) { clientRegistrationService.updateClientSecret(clientId, client.getClientSecret()); } } else { // ignore it logger.debug(e.getMessage()); } } ClientMetadata clientMetadata = buildClientMetadata(map, clientId); clientMetadataProvisioning.update(clientMetadata); } }
From source file:org.cloudfoundry.identity.uaa.client.ClientAdminEndpoints.java
private ClientDetails syncWithExisting(ClientDetails existing, ClientDetails input) { BaseClientDetails details = new BaseClientDetails(input); if (input instanceof BaseClientDetails) { BaseClientDetails baseInput = (BaseClientDetails) input; if (baseInput.getAutoApproveScopes() != null) { details.setAutoApproveScopes(baseInput.getAutoApproveScopes()); } else {/*from w w w. j a v a 2s . co m*/ details.setAutoApproveScopes(new HashSet<String>()); if (existing instanceof BaseClientDetails) { BaseClientDetails existingDetails = (BaseClientDetails) existing; if (existingDetails.getAutoApproveScopes() != null) { for (String scope : existingDetails.getAutoApproveScopes()) { details.getAutoApproveScopes().add(scope); } } } } } if (details.getAccessTokenValiditySeconds() == null) { details.setAccessTokenValiditySeconds(existing.getAccessTokenValiditySeconds()); } if (details.getRefreshTokenValiditySeconds() == null) { details.setRefreshTokenValiditySeconds(existing.getRefreshTokenValiditySeconds()); } if (details.getAuthorities() == null || details.getAuthorities().isEmpty()) { details.setAuthorities(existing.getAuthorities()); } if (details.getAuthorizedGrantTypes() == null || details.getAuthorizedGrantTypes().isEmpty()) { details.setAuthorizedGrantTypes(existing.getAuthorizedGrantTypes()); } if (details.getRegisteredRedirectUri() == null || details.getRegisteredRedirectUri().isEmpty()) { details.setRegisteredRedirectUri(existing.getRegisteredRedirectUri()); } if (details.getResourceIds() == null || details.getResourceIds().isEmpty()) { details.setResourceIds(existing.getResourceIds()); } if (details.getScope() == null || details.getScope().isEmpty()) { details.setScope(existing.getScope()); } Map<String, Object> additionalInformation = new HashMap<String, Object>( existing.getAdditionalInformation()); additionalInformation.putAll(input.getAdditionalInformation()); for (String key : Collections.unmodifiableSet(additionalInformation.keySet())) { if (additionalInformation.get(key) == null) { additionalInformation.remove(key); } } details.setAdditionalInformation(additionalInformation); return details; }
From source file:org.cloudfoundry.identity.uaa.client.ClientAdminEndpointsValidator.java
public ClientDetails validate(ClientDetails prototype, boolean create, boolean checkAdmin) throws InvalidClientDetailsException { BaseClientDetails client = new BaseClientDetails(prototype); if (prototype instanceof BaseClientDetails) { Set<String> scopes = ((BaseClientDetails) prototype).getAutoApproveScopes(); if (scopes != null) { client.setAutoApproveScopes(((BaseClientDetails) prototype).getAutoApproveScopes()); }// ww w . j a v a 2 s.c o m } client.setAdditionalInformation(prototype.getAdditionalInformation()); String clientId = client.getClientId(); if (create && reservedClientIds.contains(clientId)) { throw new InvalidClientDetailsException("Not allowed: " + clientId + " is a reserved client_id"); } Set<String> requestedGrantTypes = client.getAuthorizedGrantTypes(); if (requestedGrantTypes.isEmpty()) { throw new InvalidClientDetailsException( "An authorized grant type must be provided. Must be one of: " + VALID_GRANTS.toString()); } checkRequestedGrantTypes(requestedGrantTypes); if ((requestedGrantTypes.contains("authorization_code") || requestedGrantTypes.contains("password")) && !requestedGrantTypes.contains("refresh_token")) { logger.debug("requested grant type missing refresh_token: " + clientId); requestedGrantTypes.add("refresh_token"); } if (checkAdmin && !(securityContextAccessor.isAdmin() || securityContextAccessor.getScopes().contains("clients.admin"))) { // Not admin, so be strict with grant types and scopes for (String grant : requestedGrantTypes) { if (NON_ADMIN_INVALID_GRANTS.contains(grant)) { throw new InvalidClientDetailsException( grant + " is not an allowed grant type for non-admin caller."); } } if (requestedGrantTypes.contains("implicit") && requestedGrantTypes.contains("authorization_code")) { throw new InvalidClientDetailsException( "Not allowed: implicit grant type is not allowed together with authorization_code"); } String callerId = securityContextAccessor.getClientId(); ClientDetails caller = null; try { caller = clientDetailsService.retrieve(callerId); } catch (Exception e) { // best effort to get the caller, but the caller might not belong to this zone. } if (callerId != null && caller != null) { // New scopes are allowed if they are for the caller or the new // client. String callerPrefix = callerId + "."; String clientPrefix = clientId + "."; Set<String> validScope = caller.getScope(); for (String scope : client.getScope()) { if (scope.startsWith(callerPrefix) || scope.startsWith(clientPrefix)) { // Allowed continue; } if (!validScope.contains(scope)) { throw new InvalidClientDetailsException(scope + " is not an allowed scope for caller=" + callerId + ". Must have prefix in [" + callerPrefix + "," + clientPrefix + "] or be one of: " + validScope.toString()); } } } else { // New scopes are allowed if they are for the caller or the new // client. String clientPrefix = clientId + "."; for (String scope : client.getScope()) { if (!scope.startsWith(clientPrefix)) { throw new InvalidClientDetailsException( scope + " is not an allowed scope for null caller and client_id=" + clientId + ". Must start with '" + clientPrefix + "'"); } } } Set<String> validAuthorities = new HashSet<String>(NON_ADMIN_VALID_AUTHORITIES); if (requestedGrantTypes.contains("client_credentials")) { // If client_credentials is used then the client might be a // resource server validAuthorities.add("uaa.resource"); } for (String authority : AuthorityUtils.authorityListToSet(client.getAuthorities())) { if (!validAuthorities.contains(authority)) { throw new InvalidClientDetailsException(authority + " is not an allowed authority for caller=" + callerId + ". Must be one of: " + validAuthorities.toString()); } } } if (client.getAuthorities().isEmpty()) { client.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("uaa.none")); } // The UAA does not allow or require resource ids to be registered // because they are determined dynamically client.setResourceIds(Collections.singleton("none")); if (client.getScope().isEmpty()) { client.setScope(Collections.singleton("uaa.none")); } if (requestedGrantTypes.contains("implicit")) { if (StringUtils.hasText(client.getClientSecret())) { throw new InvalidClientDetailsException("Implicit grant should not have a client_secret"); } } if (create) { // Only check for missing secret if client is being created. if ((requestedGrantTypes.contains("client_credentials") || requestedGrantTypes.contains("authorization_code")) && !StringUtils.hasText(client.getClientSecret())) { throw new InvalidClientDetailsException( "Client secret is required for client_credentials and authorization_code grant types"); } } return client; }
From source file:org.cloudfoundry.identity.uaa.oauth.ClientAdminBootstrap.java
private void addNewClients() throws Exception { for (String clientId : clients.keySet()) { Map<String, Object> map = clients.get(clientId); BaseClientDetails client = new BaseClientDetails(clientId, (String) map.get("resource-ids"), (String) map.get("scope"), (String) map.get("authorized-grant-types"), (String) map.get("authorities"), (String) map.get("redirect-uri")); client.setClientSecret((String) map.get("secret")); Integer validity = (Integer) map.get("access-token-validity"); Boolean override = (Boolean) map.get("override"); if (override == null) { override = defaultOverride;/* www. j a v a 2s .c o m*/ } Map<String, Object> info = new HashMap<String, Object>(map); if (validity != null) { client.setAccessTokenValiditySeconds(validity); } validity = (Integer) map.get("refresh-token-validity"); if (validity != null) { client.setRefreshTokenValiditySeconds(validity); } // UAA does not use the resource ids in client registrations client.setResourceIds(Collections.singleton("none")); if (client.getScope().isEmpty()) { client.setScope(Collections.singleton("uaa.none")); } if (client.getAuthorities().isEmpty()) { client.setAuthorities(Collections.singleton(UaaAuthority.UAA_NONE)); } if (client.getAuthorizedGrantTypes().contains("authorization_code")) { client.getAuthorizedGrantTypes().add("refresh_token"); } for (String key : Arrays.asList("resource-ids", "scope", "authorized-grant-types", "authorities", "redirect-uri", "secret", "id", "override", "access-token-validity", "refresh-token-validity")) { info.remove(key); } client.setAdditionalInformation(info); try { clientRegistrationService.addClientDetails(client); } catch (ClientAlreadyExistsException e) { if (override == null || override) { logger.debug("Overriding client details for " + clientId); clientRegistrationService.updateClientDetails(client); if (StringUtils.hasText(client.getClientSecret())) { clientRegistrationService.updateClientSecret(clientId, client.getClientSecret()); } } else { // ignore it logger.debug(e.getMessage()); } } } }