List of usage examples for org.springframework.security.oauth2.provider ClientDetails getScope
Set<String> getScope();
From source file:org.mitre.oauth2.token.ScopeServiceAwareOAuth2RequestValidator.java
@Override public void validateScope(TokenRequest tokenRequest, ClientDetails client) throws InvalidScopeException { validateScope(tokenRequest.getScope(), client.getScope()); }
From source file:org.mitre.oauth2.service.impl.TestDefaultIntrospectionAuthorizer.java
private ClientDetails clientWithIdAndScope(String clientId, Set<String> scope) { ClientDetails client = clientWithId(clientId); given(client.getScope()).willReturn(scope); return client; }
From source file:org.mitre.oauth2.token.ScopeServiceAwareOAuth2RequestValidator.java
@Override public void validateScope(AuthorizationRequest authorizationRequest, ClientDetails client) throws InvalidScopeException { validateScope(authorizationRequest.getScope(), client.getScope()); }
From source file:org.apigw.authserver.svc.impl.CertifiedClientDetailsServiceImplTest.java
@Test @DirtiesContext/*www. ja v a 2s.com*/ public void loadClientByClientId() { ClientDetails client = clientDetails.loadClientByClientId("clientA"); assertEquals("[permission]", client.getScope().toString()); }
From source file:org.meruvian.yama.webapi.service.RestOauthClientService.java
@Override public Application findClientDetailsById(String id) { ClientDetails clientDetails = clientDetailsService.loadClientByClientId(id); if (clientDetails == null) { return null; }/*w w w .ja va2 s . c om*/ Application application = applicationRepository.findById(clientDetails.getClientId()); application.setScopes(clientDetails.getScope()); application.setAuthorizedGrantTypes(clientDetails.getAuthorizedGrantTypes()); return application; }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationRequestManager.java
/** * Apply UAA rules to validate the requested scope. For client credentials grants the valid scopes are actually in * the authorities of the client./* w w w . ja va2s . c o m*/ * * @see org.springframework.security.oauth2.provider.endpoint.ParametersValidator#validateParameters(java.util.Map, * org.springframework.security.oauth2.provider.ClientDetails) */ @Override public void validateParameters(Map<String, String> parameters, ClientDetails clientDetails) { if (parameters.containsKey("scope")) { Set<String> validScope = clientDetails.getScope(); if ("client_credentials".equals(parameters.get("grant_type"))) { validScope = AuthorityUtils.authorityListToSet(clientDetails.getAuthorities()); } for (String scope : OAuth2Utils.parseParameterList(parameters.get("scope"))) { if (!validScope.contains(scope)) { throw new InvalidScopeException( "Invalid scope: " + scope + ". Did you know that you can get default scopes by simply sending no value?", validScope); } } } }
From source file:org.socialhistoryservices.pid.controllers.KeysController.java
@RequestMapping("/admin/keys") public ModelAndView list(@RequestParam(value = "token", required = false) String refresh_token) { ModelAndView mav = new ModelAndView("keys"); final SecurityContext context = SecurityContextHolder.getContext(); Authentication authentication = context.getAuthentication(); List<String> nas = NamingAuthority.getNaRole(authentication); if (refresh_token != null) { mongoTokenStore.removeAccessTokenUsingRefreshToken(refresh_token); mongoTokenStore.removeRefreshToken(refresh_token); }/*from w ww . j ava 2s . c o m*/ OAuth2AccessToken token = mongoTokenStore.selectKeys(authentication.getName()); if (token == null) { final ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId); final ClientToken clientToken = new ClientToken(clientId, new HashSet<String>(clientDetails.getResourceIds()), clientDetails.getClientSecret(), new HashSet<String>(clientDetails.getScope()), clientDetails.getAuthorities()); final OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientToken, authentication); token = tokenServices.createAccessToken(oAuth2Authentication); } mav.addObject("token", token); mav.addObject("nas", nas); return mav; }
From source file:eu.trentorise.smartcampus.permissionprovider.controller.AccessConfirmationController.java
/** * Request the user confirmation for the resources enabled for the requesting client * @param model/*from w ww . j a va 2 s . c o m*/ * @return * @throws Exception */ @RequestMapping("/oauth/confirm_access") public ModelAndView getAccessConfirmation(Map<String, Object> model) throws Exception { AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest"); // load client information given the client credentials obtained from the request ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId()); ClientAppInfo info = ClientAppInfo.convert(client.getAdditionalInformation()); List<Resource> resources = new ArrayList<Resource>(); Set<String> all = client.getScope(); Set<String> requested = clientAuth.getScope(); if (requested == null || requested.isEmpty()) { requested = all; } else { requested = new HashSet<String>(requested); for (Iterator<String> iterator = requested.iterator(); iterator.hasNext();) { String r = iterator.next(); if (!all.contains(r)) iterator.remove(); } } for (String rUri : requested) { try { Resource r = resourceRepository.findByResourceUri(rUri); // ask the user only for the resources associated to the user role and not managed by this client if (r.getAuthority().equals(AUTHORITY.ROLE_USER) && !clientAuth.getClientId().equals(r.getClientId())) { resources.add(r); } } catch (Exception e) { logger.error("Error reading resource with uri " + rUri + ": " + e.getMessage()); } } model.put("resources", resources); model.put("auth_request", clientAuth); model.put("clientName", info.getName()); return new ModelAndView("access_confirmation", model); }
From source file:org.mitre.oauth2.service.impl.DefaultIntrospectionAuthorizer.java
@Override public boolean isIntrospectionPermitted(ClientDetails authClient, ClientDetails tokenClient, Set<String> tokenScope) { // permit introspection if it's the same client that the token was // issued to, or it at least has all the scopes the token was issued // with//from w w w. ja va 2 s . com return authClient.getClientId().equals(tokenClient.getClientId()) || scopeService.scopesMatch(authClient.getScope(), tokenScope); }
From source file:com.cedac.security.oauth2.provider.client.MongoClientDetailsService.java
private void updateDBObject(DBObject dbo, ClientDetails clientDetails) { dbo.put(resourceIdsFieldName, clientDetails.getResourceIds()); dbo.put(scopeFieldName, clientDetails.getScope()); dbo.put(authorizedGrantTypesFieldName, clientDetails.getAuthorizedGrantTypes()); dbo.put(registeredRedirectUrisFieldName, clientDetails.getRegisteredRedirectUri()); dbo.put(authoritiesFieldName, AuthorityUtils.authorityListToSet(clientDetails.getAuthorities())); dbo.put(accessTokenValidityFieldName, clientDetails.getAccessTokenValiditySeconds()); dbo.put(refreshTokenValidityFieldName, clientDetails.getRefreshTokenValiditySeconds()); dbo.put(additionalInformationFieldName, clientDetails.getAdditionalInformation()); Set<String> autoApprove = new HashSet<String>(); for (String scope : clientDetails.getScope()) { if (clientDetails.isAutoApprove(scope)) { autoApprove.add(scope);//from w w w . j av a 2 s. c o m } } dbo.put(autoApproveFieldName, autoApprove.size() == 1 ? autoApprove.iterator().next() : autoApprove); }