Examples with ClientRegistrationException org.springframework.security.oauth2.provider.ClientRegistrationException used on opensource projects

Example 1 with ClientRegistrationException

use of org.springframework.security.oauth2.provider.ClientRegistrationException in project spring-security-oauth by spring-projects.

the class ApprovalStoreUserApprovalHandler method checkForPreApproval.

public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
    String clientId = authorizationRequest.getClientId();
    Collection<String> requestedScopes = authorizationRequest.getScope();
    Set<String> approvedScopes = new HashSet<String>();
    Set<String> validUserApprovedScopes = new HashSet<String>();
    if (clientDetailsService != null) {
        try {
            ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
            for (String scope : requestedScopes) {
                if (client.isAutoApprove(scope)) {
                    approvedScopes.add(scope);
                }
            }
            if (approvedScopes.containsAll(requestedScopes)) {
                // gh-877 - if all scopes are auto approved, approvals still need to be added to the approval store.
                Set<Approval> approvals = new HashSet<Approval>();
                Date expiry = computeExpiry();
                for (String approvedScope : approvedScopes) {
                    approvals.add(new Approval(userAuthentication.getName(), authorizationRequest.getClientId(), approvedScope, expiry, ApprovalStatus.APPROVED));
                }
                approvalStore.addApprovals(approvals);
                authorizationRequest.setApproved(true);
                return authorizationRequest;
            }
        } catch (ClientRegistrationException e) {
            logger.warn("Client registration problem prevent autoapproval check for client=" + clientId);
        }
    }
    if (logger.isDebugEnabled()) {
        StringBuilder builder = new StringBuilder("Looking up user approved authorizations for ");
        builder.append("client_id=" + clientId);
        builder.append(" and username=" + userAuthentication.getName());
        logger.debug(builder.toString());
    }
    // Find the stored approvals for that user and client
    Collection<Approval> userApprovals = approvalStore.getApprovals(userAuthentication.getName(), clientId);
    // Look at the scopes and see if they have expired
    Date today = new Date();
    for (Approval approval : userApprovals) {
        if (approval.getExpiresAt().after(today)) {
            if (approval.getStatus() == ApprovalStatus.APPROVED) {
                validUserApprovedScopes.add(approval.getScope());
                approvedScopes.add(approval.getScope());
            }
        }
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Valid user approved/denied scopes are " + validUserApprovedScopes);
    }
    // this request is approved
    if (validUserApprovedScopes.containsAll(requestedScopes)) {
        approvedScopes.retainAll(requestedScopes);
        // Set only the scopes that have been approved by the user
        authorizationRequest.setScope(approvedScopes);
        authorizationRequest.setApproved(true);
    }
    return authorizationRequest;
}

Example 2 with ClientRegistrationException

use of org.springframework.security.oauth2.provider.ClientRegistrationException in project spring-security-oauth by spring-projects.

the class TokenStoreUserApprovalHandler method checkForPreApproval.

@Override
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
    boolean approved = false;
    String clientId = authorizationRequest.getClientId();
    Set<String> scopes = authorizationRequest.getScope();
    if (clientDetailsService != null) {
        try {
            ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
            approved = true;
            for (String scope : scopes) {
                if (!client.isAutoApprove(scope)) {
                    approved = false;
                }
            }
            if (approved) {
                authorizationRequest.setApproved(true);
                return authorizationRequest;
            }
        } catch (ClientRegistrationException e) {
            logger.warn("Client registration problem prevent autoapproval check for client=" + clientId);
        }
    }
    OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest);
    OAuth2Authentication authentication = new OAuth2Authentication(storedOAuth2Request, userAuthentication);
    if (logger.isDebugEnabled()) {
        StringBuilder builder = new StringBuilder("Looking up existing token for ");
        builder.append("client_id=" + clientId);
        builder.append(", scope=" + scopes);
        builder.append(" and username=" + userAuthentication.getName());
        logger.debug(builder.toString());
    }
    OAuth2AccessToken accessToken = tokenStore.getAccessToken(authentication);
    logger.debug("Existing access token=" + accessToken);
    if (accessToken != null && !accessToken.isExpired()) {
        logger.debug("User already approved with token=" + accessToken);
        // A token was already granted and is still valid, so this is already approved
        approved = true;
    } else {
        logger.debug("Checking explicit approval");
        approved = userAuthentication.isAuthenticated() && approved;
    }
    authorizationRequest.setApproved(approved);
    return authorizationRequest;
}

Example 3 with ClientRegistrationException

use of org.springframework.security.oauth2.provider.ClientRegistrationException in project spring-security-oauth by spring-projects.

the class OAuth2AuthenticationManager method checkClientDetails.

private void checkClientDetails(OAuth2Authentication auth) {
    if (clientDetailsService != null) {
        ClientDetails client;
        try {
            client = clientDetailsService.loadClientByClientId(auth.getOAuth2Request().getClientId());
        } catch (ClientRegistrationException e) {
            throw new OAuth2AccessDeniedException("Invalid token contains invalid client id");
        }
        Set<String> allowed = client.getScope();
        for (String scope : auth.getOAuth2Request().getScope()) {
            if (!allowed.contains(scope)) {
                throw new OAuth2AccessDeniedException("Invalid token contains disallowed scope (" + scope + ") for this client");
            }
        }
    }
}

Example 4 with ClientRegistrationException

use of org.springframework.security.oauth2.provider.ClientRegistrationException in project spring-security-oauth by spring-projects.

the class DefaultTokenServices method loadAuthentication.

public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException, InvalidTokenException {
    OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue);
    if (accessToken == null) {
        throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
    } else if (accessToken.isExpired()) {
        tokenStore.removeAccessToken(accessToken);
        throw new InvalidTokenException("Access token expired: " + accessTokenValue);
    }
    OAuth2Authentication result = tokenStore.readAuthentication(accessToken);
    if (result == null) {
        // in case of race condition
        throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
    }
    if (clientDetailsService != null) {
        String clientId = result.getOAuth2Request().getClientId();
        try {
            clientDetailsService.loadClientByClientId(clientId);
        } catch (ClientRegistrationException e) {
            throw new InvalidTokenException("Client not valid: " + clientId, e);
        }
    }
    return result;
}

Example 5 with ClientRegistrationException

use of org.springframework.security.oauth2.provider.ClientRegistrationException in project spring-security-oauth by spring-projects.

the class SparklrUserApprovalHandler method checkForPreApproval.

/**
	 * Allows automatic approval for a white list of clients in the implicit grant case.
	 * 
	 * @param authorizationRequest The authorization request.
	 * @param userAuthentication the current user authentication
	 * 
	 * @return An updated request if it has already been approved by the current user.
	 */
@Override
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
    boolean approved = false;
    // If we are allowed to check existing approvals this will short circuit the decision
    if (useApprovalStore) {
        authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication);
        approved = authorizationRequest.isApproved();
    } else {
        if (clientDetailsService != null) {
            Collection<String> requestedScopes = authorizationRequest.getScope();
            try {
                ClientDetails client = clientDetailsService.loadClientByClientId(authorizationRequest.getClientId());
                for (String scope : requestedScopes) {
                    if (client.isAutoApprove(scope)) {
                        approved = true;
                        break;
                    }
                }
            } catch (ClientRegistrationException e) {
            }
        }
    }
    authorizationRequest.setApproved(approved);
    return authorizationRequest;
}