Example 41 with ScopePathType
use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class JpaJaxbClientAdapterTest method getClient.
private Client getClient() {
Client client = new Client();
client.setAllowAutoDeprecate(true);
client.setPersistentTokensEnabled(true);
client.setClientType(ClientType.CREATOR);
client.setDescription("description");
client.setGroupProfileId("group-profile-id");
client.setId("id");
client.setName("client-name");
client.setWebsite("client-website");
client.setAuthenticationProviderId("authentication-provider-id");
Set<ClientRedirectUri> clientRedirectUris = new HashSet<ClientRedirectUri>();
ClientRedirectUri rUri1 = new ClientRedirectUri();
Set<ScopePathType> scopes1 = new HashSet<ScopePathType>();
scopes1.add(ScopePathType.ACTIVITIES_READ_LIMITED);
rUri1.setPredefinedClientScopes(scopes1);
rUri1.setRedirectUri("redirect-uri-1");
rUri1.setRedirectUriType("type-1");
rUri1.setUriActType("uri-act-type-1");
rUri1.setUriGeoArea("uri-geo-area-1");
ClientRedirectUri rUri2 = new ClientRedirectUri();
Set<ScopePathType> scopes2 = new HashSet<ScopePathType>();
scopes2.add(ScopePathType.ACTIVITIES_UPDATE);
rUri2.setPredefinedClientScopes(scopes2);
rUri2.setRedirectUri("redirect-uri-2");
rUri2.setRedirectUriType("type-2");
rUri2.setUriActType("uri-act-type-2");
rUri2.setUriGeoArea("uri-geo-area-2");
ClientRedirectUri rUri3 = new ClientRedirectUri();
Set<ScopePathType> scopes3 = new HashSet<ScopePathType>();
scopes3.add(ScopePathType.AFFILIATIONS_CREATE);
rUri3.setPredefinedClientScopes(scopes3);
rUri3.setRedirectUri("redirect-uri-3");
rUri3.setRedirectUriType("type-3");
rUri3.setUriActType("uri-act-type-3");
rUri3.setUriGeoArea("uri-geo-area-3");
clientRedirectUris.add(rUri1);
clientRedirectUris.add(rUri2);
clientRedirectUris.add(rUri3);
client.setClientRedirectUris(clientRedirectUris);
return client;
}
Also used :
ClientRedirectUri(org.orcid.jaxb.model.v3.dev1.client.ClientRedirectUri)
ScopePathType(org.orcid.jaxb.model.message.ScopePathType)
Client(org.orcid.jaxb.model.v3.dev1.client.Client)
HashSet(java.util.HashSet)
Example 42 with ScopePathType
use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class ClientManagerTest method getClient.
private Client getClient(String randomString, String memberId) {
Client client = new Client();
client.setAllowAutoDeprecate(true);
client.setAuthenticationProviderId("authentication-provider-id " + randomString);
client.setClientType(ClientType.CREATOR);
client.setDescription("description " + randomString);
client.setEmailAccessReason("email-access-reason " + randomString);
client.setGroupProfileId(memberId);
client.setId(randomString);
client.setName("client-name " + randomString);
client.setPersistentTokensEnabled(true);
client.setWebsite("client-website " + randomString);
Set<ClientRedirectUri> clientRedirectUris = new HashSet<ClientRedirectUri>();
ClientRedirectUri rUri1 = new ClientRedirectUri();
Set<ScopePathType> scopes1 = new HashSet<ScopePathType>();
scopes1.add(ScopePathType.ACTIVITIES_READ_LIMITED);
rUri1.setPredefinedClientScopes(scopes1);
rUri1.setRedirectUri("redirect-uri-1 " + randomString);
rUri1.setRedirectUriType("type-1 " + randomString);
rUri1.setUriActType("uri-act-type-1 " + randomString);
rUri1.setUriGeoArea("uri-geo-area-1 " + randomString);
ClientRedirectUri rUri2 = new ClientRedirectUri();
Set<ScopePathType> scopes2 = new HashSet<ScopePathType>();
scopes2.add(ScopePathType.ACTIVITIES_UPDATE);
rUri2.setPredefinedClientScopes(scopes2);
rUri2.setRedirectUri("redirect-uri-2 " + randomString);
rUri2.setRedirectUriType("type-2 " + randomString);
rUri2.setUriActType("uri-act-type-2 " + randomString);
rUri2.setUriGeoArea("uri-geo-area-2 " + randomString);
ClientRedirectUri rUri3 = new ClientRedirectUri();
Set<ScopePathType> scopes3 = new HashSet<ScopePathType>();
scopes3.add(ScopePathType.AFFILIATIONS_CREATE);
rUri3.setPredefinedClientScopes(scopes3);
rUri3.setRedirectUri("redirect-uri-3 " + randomString);
rUri3.setRedirectUriType("type-3 " + randomString);
rUri3.setUriActType("uri-act-type-3 " + randomString);
rUri3.setUriGeoArea("uri-geo-area-3 " + randomString);
clientRedirectUris.add(rUri1);
clientRedirectUris.add(rUri2);
clientRedirectUris.add(rUri3);
client.setClientRedirectUris(clientRedirectUris);
return client;
}
Also used :
ClientRedirectUri(org.orcid.jaxb.model.client_v2.ClientRedirectUri)
ScopePathType(org.orcid.jaxb.model.message.ScopePathType)
Client(org.orcid.jaxb.model.client_v2.Client)
HashSet(java.util.HashSet)
Example 43 with ScopePathType
use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method isNonClientCredentialScope.
private boolean isNonClientCredentialScope(OAuth2Authentication oAuth2Authentication) {
OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
Set<String> requestedScopes = ScopePathType.getCombinedScopesFromStringsAsStrings(authorizationRequest.getScope());
for (String scopeName : requestedScopes) {
ScopePathType scopePathType = ScopePathType.fromValue(scopeName);
if (!scopePathType.isClientCreditalScope()) {
return true;
}
}
return false;
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
ScopePathType(org.orcid.jaxb.model.message.ScopePathType)
Example 44 with ScopePathType
use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method checkScopes.
@Override
public void checkScopes(ScopePathType... requiredScopes) {
// Verify the client is not a public client
checkClientType();
OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
Set<ScopePathType> requestedScopes = ScopePathType.getScopesFromStrings(authorizationRequest.getScope());
for (ScopePathType scope : requestedScopes) {
for (ScopePathType requiredScope : requiredScopes) if (scope.hasScope(requiredScope)) {
return;
}
}
throw new OrcidAccessControlException();
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
ScopePathType(org.orcid.jaxb.model.message.ScopePathType)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)
Example 45 with ScopePathType
use of org.orcid.jaxb.model.message.ScopePathType in project ORCID-Source by ORCID.
the class OrcidClientCredentialEndPointDelegatorImpl method obtainOauth2Token.
@Transactional
public Response obtainOauth2Token(String authorization, MultivaluedMap<String, String> formParams) {
String code = formParams.getFirst("code");
String clientId = formParams.getFirst(OrcidOauth2Constants.CLIENT_ID_PARAM);
String state = formParams.getFirst(OrcidOauth2Constants.STATE_PARAM);
String redirectUri = formParams.getFirst(OrcidOauth2Constants.REDIRECT_URI_PARAM);
String refreshToken = formParams.getFirst(OrcidOauth2Constants.REFRESH_TOKEN);
String scopeList = formParams.getFirst(OrcidOauth2Constants.SCOPE_PARAM);
String grantType = formParams.getFirst(OrcidOauth2Constants.GRANT_TYPE);
Boolean revokeOld = formParams.containsKey(OrcidOauth2Constants.REVOKE_OLD) ? Boolean.valueOf(formParams.getFirst(OrcidOauth2Constants.REVOKE_OLD)) : true;
Long expiresIn = calculateExpiresIn(formParams);
String bearerToken = null;
Set<String> scopes = new HashSet<String>();
if (StringUtils.isNotEmpty(scopeList)) {
scopes = OAuth2Utils.parseParameterList(scopeList);
}
if (OrcidOauth2Constants.REFRESH_TOKEN.equals(grantType)) {
if (!PojoUtil.isEmpty(authorization)) {
if ((authorization.toLowerCase().startsWith(OAuth2AccessToken.BEARER_TYPE.toLowerCase()))) {
String authHeaderValue = authorization.substring(OAuth2AccessToken.BEARER_TYPE.length()).trim();
int commaIndex = authHeaderValue.indexOf(',');
if (commaIndex > 0) {
authHeaderValue = authHeaderValue.substring(0, commaIndex);
}
bearerToken = authHeaderValue;
if (PojoUtil.isEmpty(bearerToken)) {
throw new IllegalArgumentException("Refresh token request doesnt include the authorization");
}
}
}
}
Authentication client = getClientAuthentication();
if (!client.isAuthenticated()) {
LOGGER.error("Not authenticated for OAuth2: clientId={}, grantType={}, refreshToken={}, code={}, scopes={}, state={}, redirectUri={}", new Object[] { clientId, grantType, refreshToken, code, scopes, state, redirectUri });
throw new InsufficientAuthenticationException(localeManager.resolveMessage("apiError.client_not_authenticated.exception"));
}
/**
* Patch, update any orcid-grants scope to funding scope
*/
for (String scope : scopes) {
if (scope.contains("orcid-grants")) {
String newScope = scope.replace("orcid-grants", "funding");
LOGGER.info("Client {} provided a grants scope {} which will be updated to {}", new Object[] { clientId, scope, newScope });
scopes.remove(scope);
scopes.add(newScope);
}
}
try {
if (scopes != null) {
List<String> toRemove = new ArrayList<String>();
for (String scope : scopes) {
ScopePathType scopeType = ScopePathType.fromValue(scope);
if (scopeType.isInternalScope()) {
// You should not allow any internal scope here! go away!
String message = localeManager.resolveMessage("apiError.9015.developerMessage", new Object[] {});
throw new OrcidInvalidScopeException(message);
} else if (OrcidOauth2Constants.GRANT_TYPE_CLIENT_CREDENTIALS.equals(grantType)) {
if (!scopeType.isClientCreditalScope())
toRemove.add(scope);
} else {
if (scopeType.isClientCreditalScope())
toRemove.add(scope);
}
}
for (String remove : toRemove) {
scopes.remove(remove);
}
}
} catch (IllegalArgumentException iae) {
String message = localeManager.resolveMessage("apiError.9015.developerMessage", new Object[] {});
throw new OrcidInvalidScopeException(message);
}
try {
OAuth2AccessToken token = generateToken(client, scopes, code, redirectUri, grantType, refreshToken, state, bearerToken, revokeOld, expiresIn);
return getResponse(token);
} catch (InvalidGrantException e) {
// this needs to be caught here so the transaction doesn't roll back
OAuthError error = OAuthErrorUtils.getOAuthError(e);
Status status = Status.fromStatusCode(error.getResponseStatus().getStatusCode());
return Response.status(status).entity(error).build();
}
}
Also used :
Status(com.sun.jersey.api.client.ClientResponse.Status)
OrcidInvalidScopeException(org.orcid.core.exception.OrcidInvalidScopeException)
ArrayList(java.util.ArrayList)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
AbstractEndpoint(org.springframework.security.oauth2.provider.endpoint.AbstractEndpoint)
InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException)
OAuthError(org.orcid.core.oauth.OAuthError)
ScopePathType(org.orcid.jaxb.model.message.ScopePathType)
Authentication(org.springframework.security.core.Authentication)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
HashSet(java.util.HashSet)
Transactional(org.springframework.transaction.annotation.Transactional)
Aggregations
ScopePathType (org.orcid.jaxb.model.message.ScopePathType)47
HashSet (java.util.HashSet)25
Test (org.junit.Test)12
OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)9
ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)9
ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)9
Transactional (org.springframework.transaction.annotation.Transactional)9
ArrayList (java.util.ArrayList)7
ClientRedirectUri (org.orcid.jaxb.model.v3.dev1.client.ClientRedirectUri)7
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)7
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)7
Date (java.util.Date)6
RedirectUri (org.orcid.jaxb.model.clientgroup.RedirectUri)6
GrantedAuthority (org.springframework.security.core.GrantedAuthority)6
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)6
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)6
BaseTest (org.orcid.core.BaseTest)5
Client (org.orcid.jaxb.model.client_v2.Client)5
ClientRedirectUri (org.orcid.jaxb.model.client_v2.ClientRedirectUri)5
OrcidMessage (org.orcid.jaxb.model.message.OrcidMessage)5
