List of usage examples for org.springframework.security.oauth2.provider ClientDetails isAutoApprove
boolean isAutoApprove(String scope);
From source file:org.energyos.espi.datacustodian.oauth.EspiUserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * /*from w ww . j a va2s . c o m*/ * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return An updated request if it has already been approved by the current user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope) || client.isAutoApprove("all")) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:cn.ifast.oauth2server.oauth.SparklrUserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * /*w w w.ja v a2s . c o m*/ * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return An updated request if it has already been approved by the current user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope) || client.isAutoApprove("all")) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:com.cmz.web1.oauth.MyWebUserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * /* w w w .j a va2 s . co m*/ * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return An updated request if it has already been approved by the current user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope)) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:com.kopetto.sample.oauth.WebAppUserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit grant case. * /* w ww. j ava 2 s . co m*/ * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return An updated request if it has already been approved by the current user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); // this is set up in OAuth2ServerConfiguration::configure (autoApprove) approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope) || client.isAutoApprove("all")) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:org.springsecurity.oauth2.oauth.OAuth2UserApprovalHandler.java
/** * Allows automatic approval for a white list of clients in the implicit * grant case./*from w ww . jav a 2 s . c om*/ * * @param authorizationRequest * The authorization request. * @param userAuthentication * the current user authentication * * @return An updated request if it has already been approved by the current * user. */ @Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; // If we are allowed to check existing approvals this will short circuit // the decision if (useApprovalStore) { authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication); approved = authorizationRequest.isApproved(); } else { if (clientDetailsService != null) { Collection<String> requestedScopes = authorizationRequest.getScope(); try { ClientDetails client = clientDetailsService .loadClientByClientId(authorizationRequest.getClientId()); for (String scope : requestedScopes) { if (client.isAutoApprove(scope) || client.isAutoApprove("all")) { approved = true; break; } } } catch (ClientRegistrationException e) { } } } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:org.springframework.security.oauth2.provider.client.JdbcClientDetailsService.java
private String getAutoApproveScopes(ClientDetails clientDetails) { if (clientDetails.isAutoApprove("true")) { return "true"; // all scopes autoapproved }/*from ww w.java 2 s . co m*/ Set<String> scopes = new HashSet<String>(); for (String scope : clientDetails.getScope()) { if (clientDetails.isAutoApprove(scope)) { scopes.add(scope); } } return StringUtils.collectionToCommaDelimitedString(scopes); }
From source file:com.cedac.security.oauth2.provider.client.MongoClientDetailsService.java
private void updateDBObject(DBObject dbo, ClientDetails clientDetails) { dbo.put(resourceIdsFieldName, clientDetails.getResourceIds()); dbo.put(scopeFieldName, clientDetails.getScope()); dbo.put(authorizedGrantTypesFieldName, clientDetails.getAuthorizedGrantTypes()); dbo.put(registeredRedirectUrisFieldName, clientDetails.getRegisteredRedirectUri()); dbo.put(authoritiesFieldName, AuthorityUtils.authorityListToSet(clientDetails.getAuthorities())); dbo.put(accessTokenValidityFieldName, clientDetails.getAccessTokenValiditySeconds()); dbo.put(refreshTokenValidityFieldName, clientDetails.getRefreshTokenValiditySeconds()); dbo.put(additionalInformationFieldName, clientDetails.getAdditionalInformation()); Set<String> autoApprove = new HashSet<String>(); for (String scope : clientDetails.getScope()) { if (clientDetails.isAutoApprove(scope)) { autoApprove.add(scope);//from w ww. j ava 2 s . co m } } dbo.put(autoApproveFieldName, autoApprove.size() == 1 ? autoApprove.iterator().next() : autoApprove); }
From source file:com.cedac.security.oauth2.provider.client.MongoClientDetailsServiceTests.java
@Test public void testLoadingClientIdWithMultipleDetails() { collection.insert(new BasicDBObject("clientId", "clientIdWithMultipleDetails") .append("clientSecret", "mySecret") .append("resourceIds", Arrays.asList("myResource1", "myResource2")) .append("scope", Arrays.asList("myScope1", "myScope2")) .append("authorizedGrantTypes", Arrays.asList("myAuthorizedGrantType1", "myAuthorizedGrantType2")) .append("registeredRedirectUris", Arrays.asList("myRedirectUri1", "myRedirectUri2")) .append("authorities", Arrays.asList("myAuthority1", "myAuthority2")) .append("accessTokenValidity", 100).append("refreshTokenValidity", 200) .append("autoapprove", Arrays.asList("read", "write"))); ClientDetails clientDetails = fixture.loadClientByClientId("clientIdWithMultipleDetails"); assertEquals("clientIdWithMultipleDetails", clientDetails.getClientId()); assertTrue(clientDetails.isSecretRequired()); assertEquals("mySecret", clientDetails.getClientSecret()); assertTrue(clientDetails.isScoped()); assertEquals(2, clientDetails.getResourceIds().size()); Iterator<String> resourceIds = clientDetails.getResourceIds().iterator(); assertEquals("myResource1", resourceIds.next()); assertEquals("myResource2", resourceIds.next()); assertEquals(2, clientDetails.getScope().size()); Iterator<String> scope = clientDetails.getScope().iterator(); assertEquals("myScope1", scope.next()); assertEquals("myScope2", scope.next()); assertEquals(2, clientDetails.getAuthorizedGrantTypes().size()); Iterator<String> grantTypes = clientDetails.getAuthorizedGrantTypes().iterator(); assertEquals("myAuthorizedGrantType1", grantTypes.next()); assertEquals("myAuthorizedGrantType2", grantTypes.next()); assertEquals(2, clientDetails.getRegisteredRedirectUri().size()); Iterator<String> redirectUris = clientDetails.getRegisteredRedirectUri().iterator(); assertEquals("myRedirectUri1", redirectUris.next()); assertEquals("myRedirectUri2", redirectUris.next()); assertEquals(2, clientDetails.getAuthorities().size()); Iterator<GrantedAuthority> authorities = clientDetails.getAuthorities().iterator(); assertEquals("myAuthority1", authorities.next().getAuthority()); assertEquals("myAuthority2", authorities.next().getAuthority()); assertEquals(new Integer(100), clientDetails.getAccessTokenValiditySeconds()); assertEquals(new Integer(200), clientDetails.getRefreshTokenValiditySeconds()); assertTrue(clientDetails.isAutoApprove("read")); }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaUserApprovalHandler.java
@Override public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { boolean approved = false; String clientId = authorizationRequest.getClientId(); Set<String> scopes = authorizationRequest.getScope(); if (clientDetailsService != null) { try {/*from ww w . j a va2 s .com*/ ClientDetails client = clientDetailsService.loadClientByClientId(clientId); approved = true; for (String scope : scopes) { if (!client.isAutoApprove(scope)) { approved = false; } } if (approved) { authorizationRequest.setApproved(true); return authorizationRequest; } } catch (ClientRegistrationException e) { logger.warn("Client registration problem prevent autoapproval check for client=" + clientId); } } OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest); OAuth2Authentication authentication = new OAuth2Authentication(storedOAuth2Request, userAuthentication); if (logger.isDebugEnabled()) { StringBuilder builder = new StringBuilder("Looking up existing token for "); builder.append("client_id=" + clientId); builder.append(", scope=" + scopes); builder.append(" and username=" + userAuthentication.getName()); logger.debug(builder.toString()); } OAuth2AccessToken accessToken = tokenServices.getAccessToken(authentication); logger.debug("Existing access token=" + accessToken); if (accessToken != null && !accessToken.isExpired()) { logger.debug("User already approved with token=" + accessToken); // A token was already granted and is still valid, so this is already approved approved = true; } else { logger.debug("Checking explicit approval"); approved = userAuthentication.isAuthenticated() && approved; } authorizationRequest.setApproved(approved); return authorizationRequest; }
From source file:org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler.java
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { String clientId = authorizationRequest.getClientId(); Collection<String> requestedScopes = authorizationRequest.getScope(); Set<String> approvedScopes = new HashSet<String>(); Set<String> validUserApprovedScopes = new HashSet<String>(); if (clientDetailsService != null) { try {//w w w . j av a2 s .c o m ClientDetails client = clientDetailsService.loadClientByClientId(clientId); for (String scope : requestedScopes) { if (client.isAutoApprove(scope) || client.isAutoApprove("all")) { approvedScopes.add(scope); } } if (approvedScopes.containsAll(requestedScopes)) { authorizationRequest.setApproved(true); return authorizationRequest; } } catch (ClientRegistrationException e) { logger.warn("Client registration problem prevent autoapproval check for client=" + clientId); } } if (logger.isDebugEnabled()) { StringBuilder builder = new StringBuilder("Looking up user approved authorizations for "); builder.append("client_id=" + clientId); builder.append(" and username=" + userAuthentication.getName()); logger.debug(builder.toString()); } // Find the stored approvals for that user and client Collection<Approval> userApprovals = approvalStore.getApprovals(userAuthentication.getName(), clientId); // Look at the scopes and see if they have expired Date today = new Date(); for (Approval approval : userApprovals) { if (approval.getExpiresAt().after(today)) { validUserApprovedScopes.add(approval.getScope()); if (approval.getStatus() == ApprovalStatus.APPROVED) { approvedScopes.add(approval.getScope()); } } } if (logger.isDebugEnabled()) { logger.debug("Valid user approved/denied scopes are " + validUserApprovedScopes); } // If the requested scopes have already been acted upon by the user, // this request is approved if (validUserApprovedScopes.containsAll(requestedScopes)) { approvedScopes.retainAll(requestedScopes); // Set only the scopes that have been approved by the user authorizationRequest.setScope(approvedScopes); authorizationRequest.setApproved(true); } return authorizationRequest; }