Examples with UaaOauth2Authentication org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication used on opensource projects

Search in sources :

Example 1 with UaaOauth2Authentication

use of org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication in project uaa by cloudfoundry.

the class MultitenantJdbcClientDetailsServiceTests method authenticateAsClient.

private static void authenticateAsClient(final String currentZoneId) {
    UaaOauth2Authentication authentication = mock(UaaOauth2Authentication.class);
    when(authentication.getZoneId()).thenReturn(currentZoneId);
    when(authentication.getPrincipal()).thenReturn("client1");
    SecurityContextHolder.getContext().setAuthentication(authentication);
}
Also used : UaaOauth2Authentication(org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication)

Example 2 with UaaOauth2Authentication

use of org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication in project uaa by cloudfoundry.

the class UserTokenGranter method validateRequest.

protected Authentication validateRequest(TokenRequest request) {
    // things to validate
    // 1. Authentication must exist and be authenticated
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null || !authentication.isAuthenticated() || !(authentication instanceof UaaOauth2Authentication)) {
        throw new InsufficientAuthenticationException("Invalid authentication object:" + authentication);
    }
    UaaOauth2Authentication oauth2Authentication = (UaaOauth2Authentication) authentication;
    // 2. authentication must be a user, and authenticated
    if (oauth2Authentication.getUserAuthentication() == null || !oauth2Authentication.getUserAuthentication().isAuthenticated()) {
        throw new InsufficientAuthenticationException("Authentication containing a user is required");
    }
    // 3. parameter requesting_client_id must be present
    if (request.getRequestParameters() == null || request.getRequestParameters().get(USER_TOKEN_REQUESTING_CLIENT_ID) == null) {
        throw new InvalidGrantException("Parameter " + USER_TOKEN_REQUESTING_CLIENT_ID + " is required.");
    }
    // 4. grant_type must be user_token
    if (!TokenConstants.GRANT_TYPE_USER_TOKEN.equals(request.getGrantType())) {
        throw new InvalidGrantException("Invalid grant type");
    }
    // 5. requesting client must have user_token grant type
    ClientDetails requesting = clientDetailsService.loadClientByClientId(request.getRequestParameters().get(USER_TOKEN_REQUESTING_CLIENT_ID), IdentityZoneHolder.get().getId());
    super.validateGrantType(GRANT_TYPE_USER_TOKEN, requesting);
    // 6. receiving client must have refresh_token grant type
    ClientDetails receiving = clientDetailsService.loadClientByClientId(request.getRequestParameters().get(CLIENT_ID), IdentityZoneHolder.get().getId());
    super.validateGrantType(GRANT_TYPE_REFRESH_TOKEN, receiving);
    return oauth2Authentication.getUserAuthentication();
}
Also used : UaaOauth2Authentication(org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) UaaOauth2Authentication(org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException)

Example 3 with UaaOauth2Authentication

use of org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication in project uaa by cloudfoundry.

the class AbstractUaaEvent method appendTokenDetails.

protected void appendTokenDetails(Authentication caller, StringBuilder builder) {
    String tokenValue = null;
    if (caller instanceof UaaOauth2Authentication) {
        tokenValue = ((UaaOauth2Authentication) caller).getTokenValue();
    } else if (caller.getDetails() instanceof OAuth2AuthenticationDetails) {
        tokenValue = ((OAuth2AuthenticationDetails) authentication.getDetails()).getTokenValue();
    }
    if (hasText(tokenValue)) {
        if (isJwtToken(tokenValue)) {
            try {
                Jwt token = JwtHelper.decode(tokenValue);
                Map<String, Object> claims = JsonUtils.readValue(token.getClaims(), new TypeReference<Map<String, Object>>() {
                });
                String issuer = claims.get(ClaimConstants.ISS).toString();
                String subject = claims.get(ClaimConstants.SUB).toString();
                builder.append(", sub=").append(subject).append(", ").append("iss=").append(issuer);
            } catch (Exception e) {
                builder.append(", <token extraction failed>");
            }
        } else {
            builder.append(", opaque-token=present");
        }
    }
}
Also used : UaaOauth2Authentication(org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication) Jwt(org.springframework.security.jwt.Jwt) OAuth2AuthenticationDetails(org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails) Map(java.util.Map)

Example 4 with UaaOauth2Authentication

use of org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication in project uaa by cloudfoundry.

the class IdentityZoneSwitchingFilter method getAuthenticationForZone.

protected OAuth2Authentication getAuthenticationForZone(String identityZoneId, HttpServletRequest servletRequest) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (!(authentication instanceof OAuth2Authentication)) {
        return null;
    }
    OAuth2Authentication oa = (OAuth2Authentication) authentication;
    Object oaDetails = oa.getDetails();
    // strip client scopes
    OAuth2Request request = oa.getOAuth2Request();
    Collection<String> requestAuthorities = UaaStringUtils.getStringsFromAuthorities(request.getAuthorities());
    Set<String> clientScopes = new HashSet<>();
    Set<String> clientAuthorities = new HashSet<>();
    for (String s : getZoneSwitchingScopes(identityZoneId)) {
        String scope = stripPrefix(s, identityZoneId);
        if (request.getScope().contains(s)) {
            clientScopes.add(scope);
        }
        if (requestAuthorities.contains(s)) {
            clientAuthorities.add(scope);
        }
    }
    request = new OAuth2Request(request.getRequestParameters(), request.getClientId(), UaaStringUtils.getAuthoritiesFromStrings(clientAuthorities), request.isApproved(), clientScopes, request.getResourceIds(), request.getRedirectUri(), request.getResponseTypes(), request.getExtensions());
    UaaAuthentication userAuthentication = (UaaAuthentication) oa.getUserAuthentication();
    if (userAuthentication != null) {
        userAuthentication = new UaaAuthentication(userAuthentication.getPrincipal(), null, UaaStringUtils.getAuthoritiesFromStrings(clientScopes), new UaaAuthenticationDetails(servletRequest), true, userAuthentication.getAuthenticatedTime());
    }
    oa = new UaaOauth2Authentication(((UaaOauth2Authentication) oa).getTokenValue(), IdentityZoneHolder.get().getId(), request, userAuthentication);
    oa.setDetails(oaDetails);
    return oa;
}
Also used : UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) UaaOauth2Authentication(org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) UaaAuthenticationDetails(org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails) UaaOauth2Authentication(org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) HashSet(java.util.HashSet)

Aggregations

UaaOauth2Authentication (org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication)4 Authentication (org.springframework.security.core.Authentication)2 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)2 HashSet (java.util.HashSet)1 Map (java.util.Map)1 UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)1 UaaAuthenticationDetails (org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails)1 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1 Jwt (org.springframework.security.jwt.Jwt)1 InvalidGrantException (org.springframework.security.oauth2.common.exceptions.InvalidGrantException)1 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)1 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)1 OAuth2AuthenticationDetails (org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial