use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.
the class AuthorizationCodeProviderTests method approveAccessTokenGrant.
private void approveAccessTokenGrant(String currentUri, boolean approved) {
AccessTokenRequest request = context.getAccessTokenRequest();
AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();
request.setCookie(cookie);
if (currentUri != null) {
request.setCurrentUri(currentUri);
}
String location = null;
try {
// First try to obtain the access token...
assertNotNull(context.getAccessToken());
fail("Expected UserRedirectRequiredException");
} catch (UserRedirectRequiredException e) {
// Expected and necessary, so that the correct state is set up in the request...
location = e.getRedirectUri();
}
assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
assertNull(request.getAuthorizationCode());
try {
// Now try again and the token provider will redirect for user approval...
assertNotNull(context.getAccessToken());
fail("Expected UserRedirectRequiredException");
} catch (UserApprovalRequiredException e) {
// Expected and necessary, so that the user can approve the grant...
location = e.getApprovalUri();
}
assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
assertNull(request.getAuthorizationCode());
// The approval (will be processed on the next attempt to obtain an access token)...
request.set(OAuth2Utils.USER_OAUTH_APPROVAL, "" + approved);
}
use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.
the class AuthorizationCodeAccessTokenProvider method obtainAuthorizationCode.
public String obtainAuthorizationCode(OAuth2ProtectedResourceDetails details, AccessTokenRequest request) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) details;
HttpHeaders headers = getHeadersForAuthorizationRequest(request);
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
if (request.containsKey(OAuth2Utils.USER_OAUTH_APPROVAL)) {
form.set(OAuth2Utils.USER_OAUTH_APPROVAL, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
for (String scope : details.getScope()) {
form.set(scopePrefix + scope, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
}
} else {
form.putAll(getParametersForAuthorizeRequest(resource, request));
}
authorizationRequestEnhancer.enhance(request, resource, form, headers);
final AccessTokenRequest copy = request;
final ResponseExtractor<ResponseEntity<Void>> delegate = getAuthorizationResponseExtractor();
ResponseExtractor<ResponseEntity<Void>> extractor = new ResponseExtractor<ResponseEntity<Void>>() {
@Override
public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
if (response.getHeaders().containsKey("Set-Cookie")) {
copy.setCookie(response.getHeaders().getFirst("Set-Cookie"));
}
return delegate.extractData(response);
}
};
// Instead of using restTemplate.exchange we use an explicit response extractor here so it can be overridden by
// subclasses
ResponseEntity<Void> response = getRestTemplate().execute(resource.getUserAuthorizationUri(), HttpMethod.POST, getRequestCallback(resource, form, headers), extractor, form.toSingleValueMap());
if (response.getStatusCode() == HttpStatus.OK) {
// Need to re-submit with approval...
throw getUserApprovalSignal(resource, request);
}
URI location = response.getHeaders().getLocation();
String query = location.getQuery();
Map<String, String> map = OAuth2Utils.extractMap(query);
if (map.containsKey("state")) {
request.setStateKey(map.get("state"));
if (request.getPreservedState() == null) {
String redirectUri = resource.getRedirectUri(request);
if (redirectUri != null) {
request.setPreservedState(redirectUri);
} else {
request.setPreservedState(new Object());
}
}
}
String code = map.get("code");
if (code == null) {
throw new UserRedirectRequiredException(location.toString(), form.toSingleValueMap());
}
request.set("code", code);
return code;
}
use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.
the class AbstractEmptyAuthorizationCodeProviderTests method verifyAuthorizationPage.
private void verifyAuthorizationPage(OAuth2RestTemplate restTemplate, String location) {
final AtomicReference<String> confirmationPage = new AtomicReference<String>();
AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider() {
@Override
protected ResponseExtractor<ResponseEntity<Void>> getAuthorizationResponseExtractor() {
return new ResponseExtractor<ResponseEntity<Void>>() {
public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
confirmationPage.set(StreamUtils.copyToString(response.getBody(), Charset.forName("UTF-8")));
return new ResponseEntity<Void>(response.getHeaders(), response.getStatusCode());
}
};
}
};
try {
provider.obtainAuthorizationCode(restTemplate.getResource(), restTemplate.getOAuth2ClientContext().getAccessTokenRequest());
} catch (UserApprovalRequiredException e) {
// ignore
}
String page = confirmationPage.get();
verifyAuthorizationPage(page);
}
use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.
the class AbstractEmptyAuthorizationCodeProviderTests method approveAccessTokenGrant.
protected void approveAccessTokenGrant(String currentUri, boolean approved) {
AccessTokenRequest request = context.getAccessTokenRequest();
request.setHeaders(getAuthenticatedHeaders());
AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();
if (currentUri != null) {
request.setCurrentUri(currentUri);
}
String location = null;
try {
// First try to obtain the access token...
assertNotNull(context.getAccessToken());
fail("Expected UserRedirectRequiredException");
} catch (UserRedirectRequiredException e) {
// Expected and necessary, so that the correct state is set up in the request...
location = e.getRedirectUri();
}
assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
assertNull(request.getAuthorizationCode());
verifyAuthorizationPage(context.getRestTemplate(), location);
try {
// Now try again and the token provider will redirect for user approval...
assertNotNull(context.getAccessToken());
fail("Expected UserRedirectRequiredException");
} catch (UserApprovalRequiredException e) {
// Expected and necessary, so that the user can approve the grant...
location = e.getApprovalUri();
}
assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
assertNull(request.getAuthorizationCode());
// The approval (will be processed on the next attempt to obtain an access token)...
request.set(OAuth2Utils.USER_OAUTH_APPROVAL, "" + approved);
}
use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.
the class AbstractAuthorizationCodeProviderTests method verifyAuthorizationPage.
private void verifyAuthorizationPage(OAuth2RestTemplate restTemplate, String location) {
final AtomicReference<String> confirmationPage = new AtomicReference<String>();
AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider() {
@Override
protected ResponseExtractor<ResponseEntity<Void>> getAuthorizationResponseExtractor() {
return new ResponseExtractor<ResponseEntity<Void>>() {
public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
confirmationPage.set(StreamUtils.copyToString(response.getBody(), Charset.forName("UTF-8")));
return new ResponseEntity<Void>(response.getHeaders(), response.getStatusCode());
}
};
}
};
try {
provider.obtainAuthorizationCode(restTemplate.getResource(), restTemplate.getOAuth2ClientContext().getAccessTokenRequest());
} catch (UserApprovalRequiredException e) {
// ignore
}
String page = confirmationPage.get();
verifyAuthorizationPage(page);
}
Aggregations