Search in sources :

Example 1 with UserApprovalRequiredException

use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.

the class AuthorizationCodeProviderTests method approveAccessTokenGrant.

private void approveAccessTokenGrant(String currentUri, boolean approved) {
    AccessTokenRequest request = context.getAccessTokenRequest();
    AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();
    request.setCookie(cookie);
    if (currentUri != null) {
        request.setCurrentUri(currentUri);
    }
    String location = null;
    try {
        // First try to obtain the access token...
        assertNotNull(context.getAccessToken());
        fail("Expected UserRedirectRequiredException");
    } catch (UserRedirectRequiredException e) {
        // Expected and necessary, so that the correct state is set up in the request...
        location = e.getRedirectUri();
    }
    assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
    assertNull(request.getAuthorizationCode());
    try {
        // Now try again and the token provider will redirect for user approval...
        assertNotNull(context.getAccessToken());
        fail("Expected UserRedirectRequiredException");
    } catch (UserApprovalRequiredException e) {
        // Expected and necessary, so that the user can approve the grant...
        location = e.getApprovalUri();
    }
    assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
    assertNull(request.getAuthorizationCode());
    // The approval (will be processed on the next attempt to obtain an access token)...
    request.set(OAuth2Utils.USER_OAUTH_APPROVAL, "" + approved);
}
Also used : UserApprovalRequiredException(org.springframework.security.oauth2.client.resource.UserApprovalRequiredException) AuthorizationCodeResourceDetails(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails) AccessTokenRequest(org.springframework.security.oauth2.client.token.AccessTokenRequest) UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)

Example 2 with UserApprovalRequiredException

use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.

the class AuthorizationCodeAccessTokenProvider method obtainAuthorizationCode.

public String obtainAuthorizationCode(OAuth2ProtectedResourceDetails details, AccessTokenRequest request) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
    AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) details;
    HttpHeaders headers = getHeadersForAuthorizationRequest(request);
    MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
    if (request.containsKey(OAuth2Utils.USER_OAUTH_APPROVAL)) {
        form.set(OAuth2Utils.USER_OAUTH_APPROVAL, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
        for (String scope : details.getScope()) {
            form.set(scopePrefix + scope, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
        }
    } else {
        form.putAll(getParametersForAuthorizeRequest(resource, request));
    }
    authorizationRequestEnhancer.enhance(request, resource, form, headers);
    final AccessTokenRequest copy = request;
    final ResponseExtractor<ResponseEntity<Void>> delegate = getAuthorizationResponseExtractor();
    ResponseExtractor<ResponseEntity<Void>> extractor = new ResponseExtractor<ResponseEntity<Void>>() {

        @Override
        public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
            if (response.getHeaders().containsKey("Set-Cookie")) {
                copy.setCookie(response.getHeaders().getFirst("Set-Cookie"));
            }
            return delegate.extractData(response);
        }
    };
    // Instead of using restTemplate.exchange we use an explicit response extractor here so it can be overridden by
    // subclasses
    ResponseEntity<Void> response = getRestTemplate().execute(resource.getUserAuthorizationUri(), HttpMethod.POST, getRequestCallback(resource, form, headers), extractor, form.toSingleValueMap());
    if (response.getStatusCode() == HttpStatus.OK) {
        // Need to re-submit with approval...
        throw getUserApprovalSignal(resource, request);
    }
    URI location = response.getHeaders().getLocation();
    String query = location.getQuery();
    Map<String, String> map = OAuth2Utils.extractMap(query);
    if (map.containsKey("state")) {
        request.setStateKey(map.get("state"));
        if (request.getPreservedState() == null) {
            String redirectUri = resource.getRedirectUri(request);
            if (redirectUri != null) {
                request.setPreservedState(redirectUri);
            } else {
                request.setPreservedState(new Object());
            }
        }
    }
    String code = map.get("code");
    if (code == null) {
        throw new UserRedirectRequiredException(location.toString(), form.toSingleValueMap());
    }
    request.set("code", code);
    return code;
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) ResponseExtractor(org.springframework.web.client.ResponseExtractor) URI(java.net.URI) UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException) ResponseEntity(org.springframework.http.ResponseEntity) AccessTokenRequest(org.springframework.security.oauth2.client.token.AccessTokenRequest) ClientHttpResponse(org.springframework.http.client.ClientHttpResponse)

Example 3 with UserApprovalRequiredException

use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.

the class AbstractEmptyAuthorizationCodeProviderTests method verifyAuthorizationPage.

private void verifyAuthorizationPage(OAuth2RestTemplate restTemplate, String location) {
    final AtomicReference<String> confirmationPage = new AtomicReference<String>();
    AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider() {

        @Override
        protected ResponseExtractor<ResponseEntity<Void>> getAuthorizationResponseExtractor() {
            return new ResponseExtractor<ResponseEntity<Void>>() {

                public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
                    confirmationPage.set(StreamUtils.copyToString(response.getBody(), Charset.forName("UTF-8")));
                    return new ResponseEntity<Void>(response.getHeaders(), response.getStatusCode());
                }
            };
        }
    };
    try {
        provider.obtainAuthorizationCode(restTemplate.getResource(), restTemplate.getOAuth2ClientContext().getAccessTokenRequest());
    } catch (UserApprovalRequiredException e) {
    // ignore
    }
    String page = confirmationPage.get();
    verifyAuthorizationPage(page);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) AuthorizationCodeAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider) UserApprovalRequiredException(org.springframework.security.oauth2.client.resource.UserApprovalRequiredException) AtomicReference(java.util.concurrent.atomic.AtomicReference) ResponseExtractor(org.springframework.web.client.ResponseExtractor) ClientHttpResponse(org.springframework.http.client.ClientHttpResponse)

Example 4 with UserApprovalRequiredException

use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.

the class AbstractEmptyAuthorizationCodeProviderTests method approveAccessTokenGrant.

protected void approveAccessTokenGrant(String currentUri, boolean approved) {
    AccessTokenRequest request = context.getAccessTokenRequest();
    request.setHeaders(getAuthenticatedHeaders());
    AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();
    if (currentUri != null) {
        request.setCurrentUri(currentUri);
    }
    String location = null;
    try {
        // First try to obtain the access token...
        assertNotNull(context.getAccessToken());
        fail("Expected UserRedirectRequiredException");
    } catch (UserRedirectRequiredException e) {
        // Expected and necessary, so that the correct state is set up in the request...
        location = e.getRedirectUri();
    }
    assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
    assertNull(request.getAuthorizationCode());
    verifyAuthorizationPage(context.getRestTemplate(), location);
    try {
        // Now try again and the token provider will redirect for user approval...
        assertNotNull(context.getAccessToken());
        fail("Expected UserRedirectRequiredException");
    } catch (UserApprovalRequiredException e) {
        // Expected and necessary, so that the user can approve the grant...
        location = e.getApprovalUri();
    }
    assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
    assertNull(request.getAuthorizationCode());
    // The approval (will be processed on the next attempt to obtain an access token)...
    request.set(OAuth2Utils.USER_OAUTH_APPROVAL, "" + approved);
}
Also used : UserApprovalRequiredException(org.springframework.security.oauth2.client.resource.UserApprovalRequiredException) AuthorizationCodeResourceDetails(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails) AccessTokenRequest(org.springframework.security.oauth2.client.token.AccessTokenRequest) UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)

Example 5 with UserApprovalRequiredException

use of org.springframework.security.oauth2.client.resource.UserApprovalRequiredException in project spring-security-oauth by spring-projects.

the class AbstractAuthorizationCodeProviderTests method verifyAuthorizationPage.

private void verifyAuthorizationPage(OAuth2RestTemplate restTemplate, String location) {
    final AtomicReference<String> confirmationPage = new AtomicReference<String>();
    AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider() {

        @Override
        protected ResponseExtractor<ResponseEntity<Void>> getAuthorizationResponseExtractor() {
            return new ResponseExtractor<ResponseEntity<Void>>() {

                public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
                    confirmationPage.set(StreamUtils.copyToString(response.getBody(), Charset.forName("UTF-8")));
                    return new ResponseEntity<Void>(response.getHeaders(), response.getStatusCode());
                }
            };
        }
    };
    try {
        provider.obtainAuthorizationCode(restTemplate.getResource(), restTemplate.getOAuth2ClientContext().getAccessTokenRequest());
    } catch (UserApprovalRequiredException e) {
    // ignore
    }
    String page = confirmationPage.get();
    verifyAuthorizationPage(page);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) AuthorizationCodeAccessTokenProvider(org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider) UserApprovalRequiredException(org.springframework.security.oauth2.client.resource.UserApprovalRequiredException) AtomicReference(java.util.concurrent.atomic.AtomicReference) ResponseExtractor(org.springframework.web.client.ResponseExtractor) ClientHttpResponse(org.springframework.http.client.ClientHttpResponse)

Aggregations

UserApprovalRequiredException (org.springframework.security.oauth2.client.resource.UserApprovalRequiredException)5 UserRedirectRequiredException (org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)4 AccessTokenRequest (org.springframework.security.oauth2.client.token.AccessTokenRequest)4 ResponseEntity (org.springframework.http.ResponseEntity)3 ClientHttpResponse (org.springframework.http.client.ClientHttpResponse)3 AuthorizationCodeResourceDetails (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails)3 ResponseExtractor (org.springframework.web.client.ResponseExtractor)3 AtomicReference (java.util.concurrent.atomic.AtomicReference)2 AuthorizationCodeAccessTokenProvider (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider)2 URI (java.net.URI)1 HttpHeaders (org.springframework.http.HttpHeaders)1 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)1