Examples with AuthorizationRequest org.springframework.security.oauth2.provider.AuthorizationRequest used on opensource projects

Search in sources :

Example 11 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class SecurityContextTestUtils method setUpSecurityContext.

public static void setUpSecurityContext(String userOrcid, String clientId, ScopePathType... scopePathTypes) {
    SecurityContextImpl securityContext = new SecurityContextImpl();
    OrcidOAuth2Authentication mockedAuthentication = mock(OrcidOAuth2Authentication.class);
    securityContext.setAuthentication(mockedAuthentication);
    SecurityContextHolder.setContext(securityContext);
    ProfileEntity userProfileEntity = new ProfileEntity(userOrcid);
    when(mockedAuthentication.getPrincipal()).thenReturn(userProfileEntity);
    Authentication userAuthentication = mock(Authentication.class);
    when(userAuthentication.getPrincipal()).thenReturn(userProfileEntity);
    when(mockedAuthentication.getUserAuthentication()).thenReturn(userAuthentication);
    Set<String> scopes = new HashSet<String>();
    if (scopePathTypes != null) {
        for (ScopePathType scopePathType : scopePathTypes) {
            scopes.add(scopePathType.value());
        }
    }
    OAuth2Request authorizationRequest = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, scopes, Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    when(mockedAuthentication.getOAuth2Request()).thenReturn(authorizationRequest);
    when(mockedAuthentication.isAuthenticated()).thenReturn(true);
}
Also used : SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ScopePathType(org.orcid.jaxb.model.message.ScopePathType) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) HashSet(java.util.HashSet)

Example 12 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class SecurityContextTestUtils method setUpSecurityContextForClientOnly.

public static void setUpSecurityContextForClientOnly(String clientId, Set<String> scopes) {
    SecurityContextImpl securityContext = new SecurityContextImpl();
    OrcidOAuth2Authentication mockedAuthentication = mock(OrcidOAuth2Authentication.class);
    securityContext.setAuthentication(mockedAuthentication);
    SecurityContextHolder.setContext(securityContext);
    when(mockedAuthentication.getPrincipal()).thenReturn(new ProfileEntity(clientId));
    when(mockedAuthentication.isClientOnly()).thenReturn(true);
    OAuth2Request authorizationRequest = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, scopes, Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    when(mockedAuthentication.getOAuth2Request()).thenReturn(authorizationRequest);
    when(mockedAuthentication.isAuthenticated()).thenReturn(true);
    when(mockedAuthentication.getName()).thenReturn(clientId);
}
Also used : SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)

Example 13 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class SourceManagerImpl method retrieveRealUserOrcid.

@Override
public String retrieveRealUserOrcid() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        return null;
    }
    // API
    if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
        OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
        return authorizationRequest.getClientId();
    }
    // Delegation mode
    String realUserIfInDelegationMode = getRealUserIfInDelegationMode(authentication);
    if (realUserIfInDelegationMode != null) {
        return realUserIfInDelegationMode;
    }
    // Normal web user
    return retrieveEffectiveOrcid(authentication);
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)

Example 14 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class DefaultPermissionChecker method checkScopes.

private void checkScopes(OAuth2Authentication oAuth2Authentication, ScopePathType requiredScope) {
    OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
    Set<String> requestedScopes = authorizationRequest.getScope();
    if (requiredScope.isUserGrantWriteScope()) {
        OrcidOAuth2Authentication orcidOauth2Authentication = (OrcidOAuth2Authentication) oAuth2Authentication;
        String activeToken = orcidOauth2Authentication.getActiveToken();
        if (activeToken != null) {
            OrcidOauth2TokenDetail tokenDetail = orcidOauthTokenDetailService.findNonDisabledByTokenValue(activeToken);
            if (removeUserGrantWriteScopePastValitity(tokenDetail)) {
                throw new AccessControlException("Write scopes for this token have expired ");
            }
        }
    }
    if (!hasRequiredScope(requestedScopes, requiredScope)) {
        throw new AccessControlException("Insufficient or wrong scope " + requestedScopes);
    }
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AccessControlException(java.security.AccessControlException) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)

Example 15 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class TokenTargetFilterTest method setUpSecurityContext.

private void setUpSecurityContext(String userOrcid, String clientId, ScopePathType... scopePathTypes) {
    SecurityContextImpl securityContext = new SecurityContextImpl();
    OrcidOAuth2Authentication mockedAuthentication = mock(OrcidOAuth2Authentication.class);
    securityContext.setAuthentication(mockedAuthentication);
    SecurityContextHolder.setContext(securityContext);
    if (userOrcid != null) {
        ProfileEntity userProfileEntity = new ProfileEntity(userOrcid);
        when(mockedAuthentication.getPrincipal()).thenReturn(userProfileEntity);
        Authentication userAuthentication = mock(Authentication.class);
        when(userAuthentication.getPrincipal()).thenReturn(userProfileEntity);
        when(mockedAuthentication.getUserAuthentication()).thenReturn(userAuthentication);
    } else {
        when(mockedAuthentication.getPrincipal()).thenReturn(clientId);
    }
    Set<String> scopes = new HashSet<String>();
    if (scopePathTypes != null) {
        for (ScopePathType scopePathType : scopePathTypes) {
            scopes.add(scopePathType.value());
        }
    }
    OAuth2Request authorizationRequest = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, scopes, Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    when(mockedAuthentication.getOAuth2Request()).thenReturn(authorizationRequest);
    when(mockedAuthentication.isAuthenticated()).thenReturn(true);
}
Also used : SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ScopePathType(org.orcid.jaxb.model.message.ScopePathType) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) HashSet(java.util.HashSet)

Aggregations

OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)101 Test (org.junit.jupiter.api.Test)87 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)69 Test (org.junit.Test)58 Authentication (org.springframework.security.core.Authentication)58 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)52 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)51 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)48 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)42 HashMap (java.util.HashMap)36 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)21 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)19 OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)19 ModelAndView (org.springframework.web.servlet.ModelAndView)18 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)16 HashSet (java.util.HashSet)15 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)15 RedirectView (org.springframework.web.servlet.view.RedirectView)14 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)13 LinkedHashMap (java.util.LinkedHashMap)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial