Search in sources :

Example 16 with ScopePathType

use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.

the class OrcidSecurityManagerImpl method checkScopes.

@Override
public void checkScopes(ScopePathType requiredScope) {
    //Verify the client is not a public client
    checkClientType();
    OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
    OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
    Set<ScopePathType> requestedScopes = ScopePathType.getScopesFromStrings(authorizationRequest.getScope());
    for (ScopePathType scope : requestedScopes) {
        if (scope.hasScope(requiredScope)) {
            return;
        }
    }
    throw new OrcidAccessControlException();
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ScopePathType(org.orcid.jaxb.model.message.ScopePathType) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)

Example 17 with ScopePathType

use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.

the class OrcidSecurityManagerImpl method isNonClientCredentialScope.

private boolean isNonClientCredentialScope(OAuth2Authentication oAuth2Authentication) {
    OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
    Set<String> requestedScopes = ScopePathType.getCombinedScopesFromStringsAsStrings(authorizationRequest.getScope());
    for (String scopeName : requestedScopes) {
        ScopePathType scopePathType = ScopePathType.fromValue(scopeName);
        if (!scopePathType.isClientCreditalScope()) {
            return true;
        }
    }
    return false;
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ScopePathType(org.orcid.jaxb.model.message.ScopePathType)

Example 18 with ScopePathType

use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.

the class SecurityContextTestUtils method setUpSecurityContext.

public static void setUpSecurityContext(String userOrcid, String clientId, ScopePathType... scopePathTypes) {
    SecurityContextImpl securityContext = new SecurityContextImpl();
    OrcidOAuth2Authentication mockedAuthentication = mock(OrcidOAuth2Authentication.class);
    securityContext.setAuthentication(mockedAuthentication);
    SecurityContextHolder.setContext(securityContext);
    ProfileEntity userProfileEntity = new ProfileEntity(userOrcid);
    when(mockedAuthentication.getPrincipal()).thenReturn(userProfileEntity);
    Authentication userAuthentication = mock(Authentication.class);
    when(userAuthentication.getPrincipal()).thenReturn(userProfileEntity);
    when(mockedAuthentication.getUserAuthentication()).thenReturn(userAuthentication);
    Set<String> scopes = new HashSet<String>();
    if (scopePathTypes != null) {
        for (ScopePathType scopePathType : scopePathTypes) {
            scopes.add(scopePathType.value());
        }
    }
    OAuth2Request authorizationRequest = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, scopes, Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    when(mockedAuthentication.getOAuth2Request()).thenReturn(authorizationRequest);
    when(mockedAuthentication.isAuthenticated()).thenReturn(true);
}
Also used : SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ScopePathType(org.orcid.jaxb.model.message.ScopePathType) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) HashSet(java.util.HashSet)

Example 19 with ScopePathType

use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.

the class SecurityContextTestUtils method setUpSecurityContextForClientOnly.

public static void setUpSecurityContextForClientOnly(String clientId, ScopePathType... scopePathTypes) {
    Set<String> scopes = new HashSet<String>();
    for (ScopePathType scope : scopePathTypes) {
        scopes.add(scope.value());
    }
    setUpSecurityContextForClientOnly(clientId, scopes);
}
Also used : ScopePathType(org.orcid.jaxb.model.message.ScopePathType) HashSet(java.util.HashSet)

Example 20 with ScopePathType

use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.

the class GroupAdministratorController method getAvailableRedirectUriScopes.

@RequestMapping(value = "/get-available-scopes.json", method = RequestMethod.GET)
@Produces(value = { MediaType.APPLICATION_JSON })
@ResponseBody
public List<String> getAvailableRedirectUriScopes() {
    List<String> scopes = new ArrayList<String>();
    // Ignore these scopes
    List<ScopePathType> ignoreScopes = new ArrayList<ScopePathType>(Arrays.asList(ScopePathType.ORCID_PATENTS_CREATE, ScopePathType.ORCID_PATENTS_READ_LIMITED, ScopePathType.ORCID_PATENTS_UPDATE, ScopePathType.WEBHOOK, ScopePathType.ORCID_PROFILE_CREATE, ScopePathType.FUNDING_READ_LIMITED, ScopePathType.AFFILIATIONS_READ_LIMITED, ScopePathType.READ_PUBLIC));
    for (ScopePathType t : ScopePathType.values()) {
        if (!ignoreScopes.contains(t))
            scopes.add(t.value());
    }
    Collections.sort(scopes);
    return scopes;
}
Also used : ScopePathType(org.orcid.jaxb.model.message.ScopePathType) ArrayList(java.util.ArrayList) Produces(javax.ws.rs.Produces) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Aggregations

ScopePathType (org.orcid.jaxb.model.message.ScopePathType)30 HashSet (java.util.HashSet)16 Test (org.junit.Test)9 OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)9 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)8 Transactional (org.springframework.transaction.annotation.Transactional)8 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)6 GrantedAuthority (org.springframework.security.core.GrantedAuthority)6 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)6 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)6 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6 ArrayList (java.util.ArrayList)5 RedirectUri (org.orcid.jaxb.model.clientgroup.RedirectUri)5 OrcidMessage (org.orcid.jaxb.model.message.OrcidMessage)5 DBUnitTest (org.orcid.test.DBUnitTest)5 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)5 Date (java.util.Date)4 OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)4 Authentication (org.springframework.security.core.Authentication)4 Rollback (org.springframework.test.annotation.Rollback)4