Examples with ClientAuthenticationMethod org.springframework.security.oauth2.core.ClientAuthenticationMethod used on opensource projects

Search in sources :

Example 11 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project midpoint by Evolveum.

the class OidcClientModuleWebSecurityConfiguration method buildInternal.

private static OidcClientModuleWebSecurityConfiguration buildInternal(OidcAuthenticationModuleType modelType, String prefixOfSequence, String publicHttpUrlPattern, ServletRequest request) {
    OidcClientModuleWebSecurityConfiguration configuration = new OidcClientModuleWebSecurityConfiguration();
    build(configuration, modelType, prefixOfSequence);
    List<OidcClientAuthenticationModuleType> clients = modelType.getClient();
    List<ClientRegistration> registrations = new ArrayList<>();
    clients.forEach(client -> {
        OidcOpenIdProviderType openIdProvider = client.getOpenIdProvider();
        Assert.notNull(openIdProvider, "openIdProvider cannot be null");
        ClientRegistration.Builder builder = null;
        try {
            builder = ClientRegistrations.fromOidcIssuerLocation(openIdProvider.getIssuerUri());
        } catch (Exception e) {
            LOGGER.debug("Couldn't create oidc client builder by issuer uri.");
        }
        Assert.hasText(client.getRegistrationId(), "registrationId cannot be empty");
        if (builder == null) {
            builder = ClientRegistration.withRegistrationId(client.getRegistrationId());
        } else {
            builder.registrationId(client.getRegistrationId());
        }
        builder.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE);
        builder.userInfoAuthenticationMethod(AuthenticationMethod.HEADER);
        UriComponentsBuilder redirectUri = UriComponentsBuilder.fromUriString(StringUtils.isNotBlank(publicHttpUrlPattern) ? publicHttpUrlPattern : getBasePath((HttpServletRequest) request));
        redirectUri.pathSegment(DEFAULT_PREFIX_OF_MODULE, AuthUtil.stripSlashes(prefixOfSequence), AuthUtil.stripSlashes(modelType.getName()), AuthUtil.stripSlashes(RemoteModuleAuthenticationImpl.AUTHENTICATION_REQUEST_PROCESSING_URL_SUFFIX), client.getRegistrationId());
        builder.redirectUri(redirectUri.toUriString());
        Assert.hasText(client.getClientId(), "clientId cannot be empty");
        builder.clientId(client.getClientId());
        if (client.getNameOfUsernameAttribute() != null) {
            builder.userNameAttributeName(client.getNameOfUsernameAttribute());
        }
        if (!Objects.isNull(client.getClientSecret())) {
            try {
                String clientSecret = protector.decryptString(client.getClientSecret());
                builder.clientSecret(clientSecret);
            } catch (EncryptionException e) {
                LOGGER.error("Couldn't obtain clear string for client secret");
            }
        }
        getOptionalIfNotEmpty(client.getClientName()).ifPresent(builder::clientName);
        getOptionalIfNotEmpty(openIdProvider.getAuthorizationUri()).ifPresent(builder::authorizationUri);
        getOptionalIfNotEmpty(openIdProvider.getTokenUri()).ifPresent(builder::tokenUri);
        getOptionalIfNotEmpty(openIdProvider.getUserInfoUri()).ifPresent(builder::userInfoUri);
        getOptionalIfNotEmpty(openIdProvider.getIssuerUri()).ifPresent(builder::issuerUri);
        ClientRegistration clientRegistration = builder.build();
        if (clientRegistration.getScopes() == null || !clientRegistration.getScopes().contains("openid")) {
            List<String> scopes = new ArrayList<>();
            if (clientRegistration.getScopes() != null) {
                scopes.addAll(clientRegistration.getScopes());
            }
            scopes.add("openid");
            builder.scope(scopes);
        }
        if (StringUtils.isNotEmpty(openIdProvider.getEndSessionUri())) {
            Map<String, Object> configurationMetadata = new HashMap<>(clientRegistration.getProviderDetails().getConfigurationMetadata());
            configurationMetadata.remove("end_session_endpoint");
            configurationMetadata.put("end_session_endpoint", openIdProvider.getEndSessionUri());
            builder.providerConfigurationMetadata(configurationMetadata);
        }
        if (client.getClientAuthenticationMethod() != null) {
            builder.clientAuthenticationMethod(new ClientAuthenticationMethod(client.getClientAuthenticationMethod().name().toLowerCase()));
        }
        clientRegistration = builder.build();
        Assert.hasText(clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri(), "UserInfoUri cannot be empty");
        registrations.add(clientRegistration);
        OidcAdditionalConfiguration.Builder additionalConfBuilder = OidcAdditionalConfiguration.builder().singingAlg(client.getClientSigningAlgorithm());
        if (client.getSimpleProofKey() != null) {
            initializeProofKey(client.getSimpleProofKey(), additionalConfBuilder);
        } else if (client.getKeyStoreProofKey() != null) {
            initializeProofKey(client.getKeyStoreProofKey(), additionalConfBuilder);
        }
        configuration.additionalConfiguration.put(client.getRegistrationId(), additionalConfBuilder.build());
    });
    configuration.clientRegistrationRepository = new InMemoryClientRegistrationRepository(registrations);
    return configuration;
}
Also used : InMemoryClientRegistrationRepository(org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) PKCSException(org.bouncycastle.pkcs.PKCSException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) Base64Exception(org.apache.cxf.common.util.Base64Exception) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException)

Example 12 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project spring-boot by spring-projects.

the class OAuth2ClientPropertiesRegistrationAdapter method getClientRegistration.

private static ClientRegistration getClientRegistration(String registrationId, OAuth2ClientProperties.Registration properties, Map<String, Provider> providers) {
    Builder builder = getBuilderFromIssuerIfPossible(registrationId, properties.getProvider(), providers);
    if (builder == null) {
        builder = getBuilder(registrationId, properties.getProvider(), providers);
    }
    PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
    map.from(properties::getClientId).to(builder::clientId);
    map.from(properties::getClientSecret).to(builder::clientSecret);
    map.from(properties::getClientAuthenticationMethod).as(ClientAuthenticationMethod::new).to(builder::clientAuthenticationMethod);
    map.from(properties::getAuthorizationGrantType).as(AuthorizationGrantType::new).to(builder::authorizationGrantType);
    map.from(properties::getRedirectUri).to(builder::redirectUri);
    map.from(properties::getScope).as(StringUtils::toStringArray).to(builder::scope);
    map.from(properties::getClientName).to(builder::clientName);
    return builder.build();
}
Also used : Builder(org.springframework.security.oauth2.client.registration.ClientRegistration.Builder) PropertyMapper(org.springframework.boot.context.properties.PropertyMapper)

Example 13 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project spring-security by spring-projects.

the class ClientRegistrationsBeanDefinitionParser method getClientRegistrations.

private List<ClientRegistration> getClientRegistrations(Element element, ParserContext parserContext, Map<String, Map<String, String>> providers) {
    List<Element> clientRegistrationElts = DomUtils.getChildElementsByTagName(element, ELT_CLIENT_REGISTRATION);
    List<ClientRegistration> clientRegistrations = new ArrayList<>();
    for (Element clientRegistrationElt : clientRegistrationElts) {
        String registrationId = clientRegistrationElt.getAttribute(ATT_REGISTRATION_ID);
        String providerId = clientRegistrationElt.getAttribute(ATT_PROVIDER_ID);
        ClientRegistration.Builder builder = getBuilderFromIssuerIfPossible(parserContext, registrationId, providerId, providers);
        if (builder == null) {
            builder = getBuilder(parserContext, registrationId, providerId, providers);
            if (builder == null) {
                Object source = parserContext.extractSource(element);
                parserContext.getReaderContext().error(getErrorMessage(providerId, registrationId), source);
                // error on the config skip to next element
                continue;
            }
        }
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_ID)).ifPresent(builder::clientId);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_SECRET)).ifPresent(builder::clientSecret);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_AUTHENTICATION_METHOD)).map(ClientAuthenticationMethod::new).ifPresent(builder::clientAuthenticationMethod);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_AUTHORIZATION_GRANT_TYPE)).map(AuthorizationGrantType::new).ifPresent(builder::authorizationGrantType);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_REDIRECT_URI)).ifPresent(builder::redirectUri);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_SCOPE)).map(StringUtils::commaDelimitedListToSet).ifPresent(builder::scope);
        getOptionalIfNotEmpty(parserContext, clientRegistrationElt.getAttribute(ATT_CLIENT_NAME)).ifPresent(builder::clientName);
        clientRegistrations.add(builder.build());
    }
    return clientRegistrations;
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList)

Example 14 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project spring-security by spring-projects.

the class NimbusJwtClientAuthenticationParametersConverterTests method convertWhenJwkNotResolvedThenThrowOAuth2AuthorizationException.

@Test
public void convertWhenJwkNotResolvedThenThrowOAuth2AuthorizationException() {
    // @formatter:off
    ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().clientAuthenticationMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT).build();
    // @formatter:on
    OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
    assertThatExceptionOfType(OAuth2AuthorizationException.class).isThrownBy(() -> this.converter.convert(clientCredentialsGrantRequest)).withMessage("[invalid_key] Failed to resolve JWK signing key for client registration '" + clientRegistration.getRegistrationId() + "'.");
}
Also used : ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Test(org.junit.jupiter.api.Test)

Example 15 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project spring-security by spring-projects.

the class NimbusAuthorizationCodeTokenResponseClientTests method setUp.

@BeforeEach
public void setUp() {
    this.clientRegistrationBuilder = TestClientRegistrations.clientRegistration().clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
    this.authorizationRequest = TestOAuth2AuthorizationRequests.request().build();
    this.authorizationResponse = TestOAuth2AuthorizationResponses.success().build();
    this.authorizationExchange = new OAuth2AuthorizationExchange(this.authorizationRequest, this.authorizationResponse);
}
Also used : OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange) BeforeEach(org.junit.jupiter.api.BeforeEach)

Aggregations

Test (org.junit.jupiter.api.Test)12 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)11 BeforeEach (org.junit.jupiter.api.BeforeEach)7 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)5 InMemoryClientRegistrationRepository (org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository)4 Jwt (org.springframework.security.oauth2.jwt.Jwt)4 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 Authentication (org.springframework.security.core.Authentication)3 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)3 NimbusJwtDecoder (org.springframework.security.oauth2.jwt.NimbusJwtDecoder)3 RSAKey (com.nimbusds.jose.jwk.RSAKey)2 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2 OAuth2AccessTokenResponseClient (org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient)2 ClientAuthenticationMethod (org.springframework.security.oauth2.core.ClientAuthenticationMethod)2 OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)2 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)2 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)1 OctetSequenceKey (com.nimbusds.jose.jwk.OctetSequenceKey)1 FilterChain (jakarta.servlet.FilterChain)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial