Search in sources :

Example 31 with Builder

use of org.springframework.security.oauth2.client.registration.ClientRegistration.Builder in project spring-security-oauth by spring-projects.

the class WhitelabelApprovalEndpoint method createTemplate.

protected String createTemplate(Map<String, Object> model, HttpServletRequest request) {
    AuthorizationRequest authorizationRequest = (AuthorizationRequest) model.get("authorizationRequest");
    String clientId = authorizationRequest.getClientId();
    StringBuilder builder = new StringBuilder();
    builder.append("<html><body><h1>OAuth Approval</h1>");
    builder.append("<p>Do you authorize \"").append(HtmlUtils.htmlEscape(clientId));
    builder.append("\" to access your protected resources?</p>");
    builder.append("<form id=\"confirmationForm\" name=\"confirmationForm\" action=\"");
    String requestPath = ServletUriComponentsBuilder.fromContextPath(request).build().getPath();
    if (requestPath == null) {
        requestPath = "";
    }
    builder.append(requestPath).append("/oauth/authorize\" method=\"post\">");
    builder.append("<input name=\"user_oauth_approval\" value=\"true\" type=\"hidden\"/>");
    String csrfTemplate = null;
    CsrfToken csrfToken = (CsrfToken) (model.containsKey("_csrf") ? model.get("_csrf") : request.getAttribute("_csrf"));
    if (csrfToken != null) {
        csrfTemplate = "<input type=\"hidden\" name=\"" + HtmlUtils.htmlEscape(csrfToken.getParameterName()) + "\" value=\"" + HtmlUtils.htmlEscape(csrfToken.getToken()) + "\" />";
    }
    if (csrfTemplate != null) {
        builder.append(csrfTemplate);
    }
    String authorizeInputTemplate = "<label><input name=\"authorize\" value=\"Authorize\" type=\"submit\"/></label></form>";
    if (model.containsKey("scopes") || request.getAttribute("scopes") != null) {
        builder.append(createScopes(model, request));
        builder.append(authorizeInputTemplate);
    } else {
        builder.append(authorizeInputTemplate);
        builder.append("<form id=\"denialForm\" name=\"denialForm\" action=\"");
        builder.append(requestPath).append("/oauth/authorize\" method=\"post\">");
        builder.append("<input name=\"user_oauth_approval\" value=\"false\" type=\"hidden\"/>");
        if (csrfTemplate != null) {
            builder.append(csrfTemplate);
        }
        builder.append("<label><input name=\"deny\" value=\"Deny\" type=\"submit\"/></label></form>");
    }
    builder.append("</body></html>");
    return builder.toString();
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) CsrfToken(org.springframework.security.web.csrf.CsrfToken)

Example 32 with Builder

use of org.springframework.security.oauth2.client.registration.ClientRegistration.Builder in project spring-security-oauth by spring-projects.

the class AuthorizationServerSecurityConfigurer method init.

@Override
public void init(HttpSecurity http) throws Exception {
    registerDefaultAuthenticationEntryPoint(http);
    AuthenticationManagerBuilder builder = http.getSharedObject(AuthenticationManagerBuilder.class);
    if (authenticationEventPublisher != null) {
        builder.authenticationEventPublisher(authenticationEventPublisher);
    }
    if (authenticationProviders.isEmpty()) {
        if (passwordEncoder != null) {
            builder.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService())).passwordEncoder(passwordEncoder());
        } else {
            builder.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService()));
        }
    } else {
        for (AuthenticationProvider provider : authenticationProviders) {
            builder.authenticationProvider(provider);
        }
    }
    http.securityContext().securityContextRepository(new NullSecurityContextRepository()).and().csrf().disable().httpBasic().authenticationEntryPoint(this.authenticationEntryPoint).realmName(realm);
    if (sslOnly) {
        http.requiresChannel().anyRequest().requiresSecure();
    }
}
Also used : AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) NullSecurityContextRepository(org.springframework.security.web.context.NullSecurityContextRepository) AuthenticationProvider(org.springframework.security.authentication.AuthenticationProvider) DaoAuthenticationProvider(org.springframework.security.authentication.dao.DaoAuthenticationProvider) ClientDetailsUserDetailsService(org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService)

Example 33 with Builder

use of org.springframework.security.oauth2.client.registration.ClientRegistration.Builder in project spring-security-oauth by spring-projects.

the class AuthorizationCodeAccessTokenProvider method getRedirectForAuthorization.

private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails resource, AccessTokenRequest request) {
    // we don't have an authorization code yet. So first get that.
    TreeMap<String, String> requestParameters = new TreeMap<String, String>();
    // oauth2 spec, section 3
    requestParameters.put("response_type", "code");
    requestParameters.put("client_id", resource.getClientId());
    // Client secret is not required in the initial authorization request
    String redirectUri = resource.getRedirectUri(request);
    if (redirectUri != null) {
        requestParameters.put("redirect_uri", redirectUri);
    }
    if (resource.isScoped()) {
        StringBuilder builder = new StringBuilder();
        List<String> scope = resource.getScope();
        if (scope != null) {
            Iterator<String> scopeIt = scope.iterator();
            while (scopeIt.hasNext()) {
                builder.append(scopeIt.next());
                if (scopeIt.hasNext()) {
                    builder.append(' ');
                }
            }
        }
        requestParameters.put("scope", builder.toString());
    }
    UserRedirectRequiredException redirectException = new UserRedirectRequiredException(resource.getUserAuthorizationUri(), requestParameters);
    String stateKey = stateKeyGenerator.generateKey(resource);
    redirectException.setStateKey(stateKey);
    request.setStateKey(stateKey);
    redirectException.setStateToPreserve(redirectUri);
    request.setPreservedState(redirectUri);
    return redirectException;
}
Also used : TreeMap(java.util.TreeMap) UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)

Aggregations

Test (org.junit.jupiter.api.Test)9 Jwt (org.springframework.security.oauth2.jwt.Jwt)8 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)6 GrantedAuthority (org.springframework.security.core.GrantedAuthority)5 Authentication (org.springframework.security.core.Authentication)3 Builder (org.springframework.security.oauth2.client.registration.ClientRegistration.Builder)3 ClientRegistrationException (org.springframework.security.oauth2.provider.ClientRegistrationException)3 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)2 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2 HashMap (java.util.HashMap)2 Base64Exception (org.apache.cxf.common.util.Base64Exception)2 CommonOAuth2Provider (org.springframework.security.config.oauth2.client.CommonOAuth2Provider)2 AuthenticationException (org.springframework.security.core.AuthenticationException)2 OAuth2AuthorizeRequest (org.springframework.security.oauth2.client.OAuth2AuthorizeRequest)2 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)2 UriComponentsBuilder (org.springframework.web.util.UriComponentsBuilder)2 DefaultExceptionMessageBuilder (com.epam.ta.reportportal.commons.exception.message.DefaultExceptionMessageBuilder)1 DefaultErrorResolver (com.epam.ta.reportportal.commons.exception.rest.DefaultErrorResolver)1 ReportPortalExceptionResolver (com.epam.ta.reportportal.commons.exception.rest.ReportPortalExceptionResolver)1