Examples with OrcidOauth2UserAuthentication org.orcid.core.oauth.OrcidOauth2UserAuthentication used on opensource projects

Search in sources :

Example 1 with OrcidOauth2UserAuthentication

use of org.orcid.core.oauth.OrcidOauth2UserAuthentication in project ORCID-Source by ORCID.

the class DefaultOAuthClientVisibilityTest method testCheckClientPermissionsAllowOnlyPublicAndLimitedVisibility.

@Test
@Transactional
@Rollback
public void testCheckClientPermissionsAllowOnlyPublicAndLimitedVisibility() throws Exception {
    Set<String> resourceIds = new HashSet<String>(Arrays.asList("orcid"));
    HashSet<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>(Arrays.asList(new SimpleGrantedAuthority("ROLE_CLIENT")));
    AuthorizationRequest request = new AuthorizationRequest("4444-4444-4444-4446", Arrays.asList("/orcid-bio/external-identifiers/create"));
    request.setAuthorities(grantedAuthorities);
    request.setResourceIds(resourceIds);
    ProfileEntity entity = new ProfileEntity("4444-4444-4444-4446");
    OrcidOauth2UserAuthentication oauth2UserAuthentication = new OrcidOauth2UserAuthentication(entity, true);
    // we care only that an OAuth client request results in the correct
    // visibilities
    OrcidOAuth2Authentication oAuth2Authentication = new OrcidOAuth2Authentication(request, oauth2UserAuthentication, "made-up-token");
    OrcidOauth2TokenDetail tokenDetail = new OrcidOauth2TokenDetail();
    tokenDetail.setScope("/orcid-bio/external-identifiers/create");
    tokenDetail.setDateCreated(new Date());
    when(orcidOauth2TokenDetailService.findNonDisabledByTokenValue(any(String.class))).thenReturn(tokenDetail);
    ScopePathType scopePathType = ScopePathType.ORCID_BIO_EXTERNAL_IDENTIFIERS_CREATE;
    Set<Visibility> visibilitiesForClient = permissionChecker.obtainVisibilitiesForAuthentication(oAuth2Authentication, scopePathType, getOrcidMessage());
    assertTrue(visibilitiesForClient.size() == 3);
    assertTrue(visibilitiesForClient.contains(Visibility.LIMITED));
    assertTrue(visibilitiesForClient.contains(Visibility.REGISTERED_ONLY));
    assertTrue(visibilitiesForClient.contains(Visibility.PUBLIC));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) Date(java.util.Date) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) ScopePathType(org.orcid.jaxb.model.message.ScopePathType) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) Visibility(org.orcid.jaxb.model.message.Visibility) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) HashSet(java.util.HashSet) Test(org.junit.Test) BaseTest(org.orcid.core.BaseTest) Rollback(org.springframework.test.annotation.Rollback) Transactional(org.springframework.transaction.annotation.Transactional)

Example 2 with OrcidOauth2UserAuthentication

use of org.orcid.core.oauth.OrcidOauth2UserAuthentication in project ORCID-Source by ORCID.

the class DefaultPermissionCheckerTest method testCheckUserPermissionsAuthenticationScopesOrcidAndOrcidMessageWhenWrongUser.

@Test(expected = AccessControlException.class)
@Transactional
@Rollback
public void testCheckUserPermissionsAuthenticationScopesOrcidAndOrcidMessageWhenWrongUser() throws Exception {
    Set<String> resourceIds = new HashSet<String>(Arrays.asList("orcid"));
    HashSet<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>(Arrays.asList(new SimpleGrantedAuthority("ROLE_CLIENT")));
    AuthorizationRequest request = new AuthorizationRequest("4444-4444-4444-4441", Arrays.asList("/orcid-bio/external-identifiers/create"));
    request.setAuthorities(grantedAuthorities);
    request.setResourceIds(resourceIds);
    ProfileEntity entity = profileEntityManager.findByOrcid("4444-4444-4444-4445");
    OrcidOauth2UserAuthentication oauth2UserAuthentication = new OrcidOauth2UserAuthentication(entity, true);
    OAuth2Authentication oAuth2Authentication = new OrcidOAuth2Authentication(request, oauth2UserAuthentication, "made-up-token");
    ScopePathType requiredScope = ScopePathType.ORCID_BIO_EXTERNAL_IDENTIFIERS_CREATE;
    OrcidMessage orcidMessage = getOrcidMessage();
    String messageOrcid = orcidMessage.getOrcidProfile().getOrcidIdentifier().getPath();
    defaultPermissionChecker.checkPermissions(oAuth2Authentication, requiredScope, messageOrcid, orcidMessage);
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) ScopePathType(org.orcid.jaxb.model.message.ScopePathType) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) OrcidMessage(org.orcid.jaxb.model.message.OrcidMessage) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) HashSet(java.util.HashSet) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test) Rollback(org.springframework.test.annotation.Rollback) Transactional(org.springframework.transaction.annotation.Transactional)

Example 3 with OrcidOauth2UserAuthentication

use of org.orcid.core.oauth.OrcidOauth2UserAuthentication in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesImpl method refreshAccessToken.

@Override
@Transactional
public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenRequest tokenRequest) throws AuthenticationException {
    String parentTokenValue = tokenRequest.getRequestParameters().get(OrcidOauth2Constants.AUTHORIZATION);
    String clientId = tokenRequest.getClientId();
    String scopes = tokenRequest.getRequestParameters().get(OAuth2Utils.SCOPE);
    Long expiresIn = tokenRequest.getRequestParameters().containsKey(OrcidOauth2Constants.EXPIRES_IN) ? Long.valueOf(tokenRequest.getRequestParameters().get(OrcidOauth2Constants.EXPIRES_IN)) : 0L;
    Boolean revokeOld = tokenRequest.getRequestParameters().containsKey(OrcidOauth2Constants.REVOKE_OLD) ? Boolean.valueOf(tokenRequest.getRequestParameters().get(OrcidOauth2Constants.REVOKE_OLD)) : true;
    // Check if the refresh token is enabled
    if (!customSupportRefreshToken) {
        throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
    }
    // Check if the client support refresh token
    ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
    if (!clientDetails.getAuthorizedGrantTypes().contains(OrcidOauth2Constants.REFRESH_TOKEN)) {
        throw new InvalidGrantException("Client " + clientId + " doesnt have refresh token enabled");
    }
    OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailDao.findByRefreshTokenValue(refreshTokenValue);
    ProfileEntity profileEntity = new ProfileEntity(parentToken.getProfile().getId());
    OrcidOauth2TokenDetail newToken = new OrcidOauth2TokenDetail();
    newToken.setApproved(true);
    newToken.setClientDetailsId(clientId);
    newToken.setDateCreated(new Date());
    newToken.setLastModified(new Date());
    newToken.setPersistent(parentToken.isPersistent());
    newToken.setProfile(profileEntity);
    newToken.setRedirectUri(parentToken.getRedirectUri());
    newToken.setRefreshTokenValue(UUID.randomUUID().toString());
    newToken.setResourceId(parentToken.getResourceId());
    newToken.setResponseType(parentToken.getResponseType());
    newToken.setState(parentToken.getState());
    newToken.setTokenDisabled(false);
    if (expiresIn <= 0) {
        // If expiresIn is 0 or less, set the parent token
        newToken.setTokenExpiration(parentToken.getTokenExpiration());
    } else {
        // Assumes expireIn already contains the real expired time expressed in millis
        newToken.setTokenExpiration(new Date(expiresIn));
    }
    newToken.setTokenType(parentToken.getTokenType());
    newToken.setTokenValue(UUID.randomUUID().toString());
    newToken.setVersion(parentToken.getVersion());
    if (PojoUtil.isEmpty(scopes)) {
        newToken.setScope(parentToken.getScope());
    } else {
        newToken.setScope(scopes);
    }
    // Generate an authentication object to be able to generate the authentication key
    Set<String> scopesSet = OAuth2Utils.parseParameterList(newToken.getScope());
    AuthorizationRequest request = new AuthorizationRequest(clientId, scopesSet);
    request.setApproved(true);
    Authentication authentication = new OrcidOauth2UserAuthentication(profileEntity, true);
    OrcidOAuth2Authentication orcidAuthentication = new OrcidOAuth2Authentication(request, authentication, newToken.getTokenValue());
    newToken.setAuthenticationKey(authenticationKeyGenerator.extractKey(orcidAuthentication));
    // Store the new token and return it
    orcidOauth2TokenDetailDao.persist(newToken);
    // Revoke the old token when required
    if (revokeOld) {
        orcidOauth2TokenDetailDao.disableAccessToken(parentTokenValue);
    }
    // Save the changes
    orcidOauth2TokenDetailDao.flush();
    // and return it
    return toOAuth2AccessToken(newToken);
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) Date(java.util.Date) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail) Transactional(org.springframework.transaction.annotation.Transactional)

Example 4 with OrcidOauth2UserAuthentication

use of org.orcid.core.oauth.OrcidOauth2UserAuthentication in project ORCID-Source by ORCID.

the class OrcidTokenStoreServiceImpl method getOAuth2AuthenticationFromDetails.

private OAuth2Authentication getOAuth2AuthenticationFromDetails(OrcidOauth2TokenDetail details) {
    if (details != null) {
        ClientDetailsEntity clientDetailsEntity = clientDetailsEntityCacheManager.retrieve(details.getClientDetailsId());
        Authentication authentication = null;
        AuthorizationRequest request = null;
        if (clientDetailsEntity != null) {
            // Check member is not locked
            orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetailsEntity);
            Set<String> scopes = OAuth2Utils.parseParameterList(details.getScope());
            request = new AuthorizationRequest(clientDetailsEntity.getClientId(), scopes);
            request.setAuthorities(clientDetailsEntity.getAuthorities());
            Set<String> resourceIds = new HashSet<>();
            resourceIds.add(details.getResourceId());
            request.setResourceIds(resourceIds);
            request.setApproved(details.isApproved());
            ProfileEntity profile = details.getProfile();
            if (profile != null) {
                authentication = new OrcidOauth2UserAuthentication(profile, details.isApproved());
            }
        }
        return new OrcidOAuth2Authentication(request, authentication, details.getTokenValue());
    }
    throw new InvalidTokenException("Token not found");
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) HashSet(java.util.HashSet)

Example 5 with OrcidOauth2UserAuthentication

use of org.orcid.core.oauth.OrcidOauth2UserAuthentication in project ORCID-Source by ORCID.

the class OrcidTokenStoreServiceTest method testStoreAccessToken.

@Test
@Transactional
public void testStoreAccessToken() throws Exception {
    String clientId = "4444-4444-4444-4441";
    DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("some-long-oauth2-token-value-9");
    ExpiringOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("some-long-oauth2-refresh-value-9", new Date());
    token.setRefreshToken(refreshToken);
    token.setScope(new HashSet<String>(Arrays.asList("/orcid-bio/read", "/orcid-works/read")));
    token.setTokenType("bearer");
    token.setExpiration(new Date());
    token.setAdditionalInformation(new HashMap<String, Object>());
    Map<String, String> parameters = new HashMap<String, String>();
    parameters.put("client_id", clientId);
    parameters.put("state", "read");
    parameters.put("scope", "/orcid-profile/write");
    parameters.put("redirect_uri", "http://www.google.com/");
    parameters.put("response_type", "bearer");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ProfileEntity profileEntity = profileEntityManager.findByOrcid("4444-4444-4444-4444");
    OrcidOauth2UserAuthentication userAuthentication = new OrcidOauth2UserAuthentication(profileEntity, true);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    orcidTokenStoreService.storeAccessToken(token, authentication);
    OAuth2AccessToken oAuth2AccessToken = orcidTokenStoreService.readAccessToken("some-long-oauth2-token-value-9");
    assertNotNull(oAuth2AccessToken);
}
Also used : HashMap(java.util.HashMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

OrcidOauth2UserAuthentication (org.orcid.core.oauth.OrcidOauth2UserAuthentication)7 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)7 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6 Transactional (org.springframework.transaction.annotation.Transactional)6 Test (org.junit.Test)5 OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)5 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)5 Date (java.util.Date)4 HashSet (java.util.HashSet)4 DBUnitTest (org.orcid.test.DBUnitTest)4 ScopePathType (org.orcid.jaxb.model.message.ScopePathType)3 GrantedAuthority (org.springframework.security.core.GrantedAuthority)3 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)3 Rollback (org.springframework.test.annotation.Rollback)3 HashMap (java.util.HashMap)2 OrcidMessage (org.orcid.jaxb.model.message.OrcidMessage)2 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)2 OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)2 Authentication (org.springframework.security.core.Authentication)2 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial