List of usage examples for org.springframework.security.oauth2.provider ClientDetails getAuthorities
Collection<GrantedAuthority> getAuthorities();
From source file:org.cloudfoundry.identity.uaa.login.util.LocalUaaRestTemplate.java
@Override protected OAuth2AccessToken acquireAccessToken(OAuth2ClientContext oauth2Context) throws UserRedirectRequiredException { ClientDetails client = clientDetailsService.loadClientByClientId(getClientId()); Set<String> scopes = new HashSet<>(); for (GrantedAuthority authority : client.getAuthorities()) { scopes.add(authority.getAuthority()); }//from w w w. ja v a2 s .c o m Set<String> resourceIds = new HashSet<>(); resourceIds.add(Origin.UAA); Set<String> responseTypes = new HashSet<>(); responseTypes.add("token"); Map<String, String> requestParameters = new HashMap<>(); requestParameters.put(OAuth2Utils.CLIENT_ID, "login"); requestParameters.put(OAuth2Utils.GRANT_TYPE, "client_credentials"); OAuth2Request request = new OAuth2Request(requestParameters, "login", (Collection<? extends GrantedAuthority>) Collections.EMPTY_SET, true, scopes, resourceIds, null, responseTypes, Collections.EMPTY_MAP); OAuth2Authentication authentication = new OAuth2Authentication(request, null); OAuth2AccessToken result = tokenServices.createAccessToken(authentication); oauth2Context.setAccessToken(result); return result; }
From source file:org.socialhistoryservices.pid.controllers.KeysController.java
@RequestMapping("/admin/keys") public ModelAndView list(@RequestParam(value = "token", required = false) String refresh_token) { ModelAndView mav = new ModelAndView("keys"); final SecurityContext context = SecurityContextHolder.getContext(); Authentication authentication = context.getAuthentication(); List<String> nas = NamingAuthority.getNaRole(authentication); if (refresh_token != null) { mongoTokenStore.removeAccessTokenUsingRefreshToken(refresh_token); mongoTokenStore.removeRefreshToken(refresh_token); }//from w w w .ja va 2s. c om OAuth2AccessToken token = mongoTokenStore.selectKeys(authentication.getName()); if (token == null) { final ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId); final ClientToken clientToken = new ClientToken(clientId, new HashSet<String>(clientDetails.getResourceIds()), clientDetails.getClientSecret(), new HashSet<String>(clientDetails.getScope()), clientDetails.getAuthorities()); final OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientToken, authentication); token = tokenServices.createAccessToken(oAuth2Authentication); } mav.addObject("token", token); mav.addObject("nas", nas); return mav; }
From source file:org.mitre.oauth2.assertion.impl.DirectCopyRequestFactory.java
@Override public OAuth2Request createOAuth2Request(ClientDetails client, TokenRequest tokenRequest, JWT assertion) { try {/*from w w w . j a v a 2s . c o m*/ JWTClaimsSet claims = assertion.getJWTClaimsSet(); Set<String> scope = OAuth2Utils.parseParameterList(claims.getStringClaim("scope")); Set<String> resources = Sets.newHashSet(claims.getAudience()); return new OAuth2Request(tokenRequest.getRequestParameters(), client.getClientId(), client.getAuthorities(), true, scope, resources, null, null, null); } catch (ParseException e) { return null; } }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationRequestManager.java
/** * Apply UAA rules to validate the requested scope. For client credentials grants the valid scopes are actually in * the authorities of the client.//from ww w . j a v a2 s . c om * * @see org.springframework.security.oauth2.provider.endpoint.ParametersValidator#validateParameters(java.util.Map, * org.springframework.security.oauth2.provider.ClientDetails) */ @Override public void validateParameters(Map<String, String> parameters, ClientDetails clientDetails) { if (parameters.containsKey("scope")) { Set<String> validScope = clientDetails.getScope(); if ("client_credentials".equals(parameters.get("grant_type"))) { validScope = AuthorityUtils.authorityListToSet(clientDetails.getAuthorities()); } for (String scope : OAuth2Utils.parseParameterList(parameters.get("scope"))) { if (!validScope.contains(scope)) { throw new InvalidScopeException( "Invalid scope: " + scope + ". Did you know that you can get default scopes by simply sending no value?", validScope); } } } }
From source file:com.cedac.security.oauth2.provider.client.MongoClientDetailsService.java
private void updateDBObject(DBObject dbo, ClientDetails clientDetails) { dbo.put(resourceIdsFieldName, clientDetails.getResourceIds()); dbo.put(scopeFieldName, clientDetails.getScope()); dbo.put(authorizedGrantTypesFieldName, clientDetails.getAuthorizedGrantTypes()); dbo.put(registeredRedirectUrisFieldName, clientDetails.getRegisteredRedirectUri()); dbo.put(authoritiesFieldName, AuthorityUtils.authorityListToSet(clientDetails.getAuthorities())); dbo.put(accessTokenValidityFieldName, clientDetails.getAccessTokenValiditySeconds()); dbo.put(refreshTokenValidityFieldName, clientDetails.getRefreshTokenValiditySeconds()); dbo.put(additionalInformationFieldName, clientDetails.getAdditionalInformation()); Set<String> autoApprove = new HashSet<String>(); for (String scope : clientDetails.getScope()) { if (clientDetails.isAutoApprove(scope)) { autoApprove.add(scope);// www . ja v a 2 s. c o m } } dbo.put(autoApproveFieldName, autoApprove.size() == 1 ? autoApprove.iterator().next() : autoApprove); }
From source file:com.cedac.security.oauth2.provider.client.MongoClientDetailsServiceTests.java
@Test public void testLoadingClientIdWithNoDetails() { collection.insert(new BasicDBObject("clientId", "clientIdWithNoDetails")); ClientDetails clientDetails = fixture.loadClientByClientId("clientIdWithNoDetails"); assertEquals("clientIdWithNoDetails", clientDetails.getClientId()); assertFalse(clientDetails.isSecretRequired()); assertNull(clientDetails.getClientSecret()); assertFalse(clientDetails.isScoped()); assertEquals(0, clientDetails.getScope().size()); assertEquals(2, clientDetails.getAuthorizedGrantTypes().size()); assertNull(clientDetails.getRegisteredRedirectUri()); assertEquals(0, clientDetails.getAuthorities().size()); assertEquals(null, clientDetails.getAccessTokenValiditySeconds()); assertEquals(null, clientDetails.getAccessTokenValiditySeconds()); }
From source file:com.vivastream.security.oauth2.provider.DynamoDBClientDetailsService.java
public void saveOrUpdateClient(ClientDetails clientDetails) { Map<String, AttributeValueUpdate> updates = new HashMap<String, AttributeValueUpdate>(); DynamoDBUtils.nullSafeUpdateS(updates, schema.getColumnResourceIds(), StringUtils.collectionToCommaDelimitedString(clientDetails.getResourceIds())); DynamoDBUtils.nullSafeUpdateS(updates, schema.getColumnScopes(), StringUtils.collectionToCommaDelimitedString(clientDetails.getScope())); DynamoDBUtils.nullSafeUpdateS(updates, schema.getColumnAuthorizedGrantTypes(), StringUtils.collectionToCommaDelimitedString(clientDetails.getAuthorizedGrantTypes())); DynamoDBUtils.nullSafeUpdateS(updates, schema.getColumnAuthorities(), StringUtils.collectionToCommaDelimitedString( AuthorityUtils.authorityListToSet(clientDetails.getAuthorities()))); DynamoDBUtils.nullSafeUpdateS(updates, schema.getColumnRegisteredRedirectUris(), StringUtils.collectionToCommaDelimitedString(clientDetails.getRegisteredRedirectUri())); DynamoDBUtils.nullSafeUpdateS(updates, schema.getColumnClientSecret(), clientDetails.getClientSecret()); enrichUpdates(updates, clientDetails); client.updateItem(schema.getTableName(), Collections.singletonMap(schema.getColumnClientId(), new AttributeValue(clientDetails.getClientId())), updates); }
From source file:com.cedac.security.oauth2.provider.client.MongoClientDetailsServiceTests.java
@Test public void testLoadingClientIdWithSingleDetails() { collection.insert(new BasicDBObject("clientId", "clientIdWithSingleDetails") .append("clientSecret", "mySecret").append("resourceIds", Arrays.asList("myResource")) .append("scope", Arrays.asList("myScope")) .append("authorizedGrantTypes", Arrays.asList("myAuthorizedGrantType")) .append("registeredRedirectUris", Arrays.asList("myRedirectUri")) .append("authorities", Arrays.asList("myAuthority")).append("accessTokenValidity", 100) .append("refreshTokenValidity", 200).append("autoapprove", "true")); ClientDetails clientDetails = fixture.loadClientByClientId("clientIdWithSingleDetails"); assertEquals("clientIdWithSingleDetails", clientDetails.getClientId()); assertTrue(clientDetails.isSecretRequired()); assertEquals("mySecret", clientDetails.getClientSecret()); assertTrue(clientDetails.isScoped()); assertEquals(1, clientDetails.getScope().size()); assertEquals("myScope", clientDetails.getScope().iterator().next()); assertEquals(1, clientDetails.getResourceIds().size()); assertEquals("myResource", clientDetails.getResourceIds().iterator().next()); assertEquals(1, clientDetails.getAuthorizedGrantTypes().size()); assertEquals("myAuthorizedGrantType", clientDetails.getAuthorizedGrantTypes().iterator().next()); assertEquals("myRedirectUri", clientDetails.getRegisteredRedirectUri().iterator().next()); assertEquals(1, clientDetails.getAuthorities().size()); assertEquals("myAuthority", clientDetails.getAuthorities().iterator().next().getAuthority()); assertEquals(new Integer(100), clientDetails.getAccessTokenValiditySeconds()); assertEquals(new Integer(200), clientDetails.getRefreshTokenValiditySeconds()); }
From source file:org.cloudfoundry.identity.uaa.oauth.ClientAdminEndpoints.java
private ClientDetails syncWithExisting(ClientDetails existing, ClientDetails input) { BaseClientDetails details = new BaseClientDetails(input); if (details.getAccessTokenValiditySeconds() == null) { details.setAccessTokenValiditySeconds(existing.getAccessTokenValiditySeconds()); }//from w w w .j av a 2 s . co m if (details.getRefreshTokenValiditySeconds() == null) { details.setRefreshTokenValiditySeconds(existing.getRefreshTokenValiditySeconds()); } if (details.getAuthorities() == null || details.getAuthorities().isEmpty()) { details.setAuthorities(existing.getAuthorities()); } if (details.getAuthorizedGrantTypes() == null || details.getAuthorizedGrantTypes().isEmpty()) { details.setAuthorizedGrantTypes(existing.getAuthorizedGrantTypes()); } if (details.getRegisteredRedirectUri() == null || details.getRegisteredRedirectUri().isEmpty()) { details.setRegisteredRedirectUri(existing.getRegisteredRedirectUri()); } if (details.getResourceIds() == null || details.getResourceIds().isEmpty()) { details.setResourceIds(existing.getResourceIds()); } if (details.getScope() == null || details.getScope().isEmpty()) { details.setScope(existing.getScope()); } Map<String, Object> additionalInformation = new HashMap<String, Object>( existing.getAdditionalInformation()); additionalInformation.putAll(input.getAdditionalInformation()); for (String key : Collections.unmodifiableSet(additionalInformation.keySet())) { if (additionalInformation.get(key) == null) { additionalInformation.remove(key); } } details.setAdditionalInformation(additionalInformation); return details; }