Examples with AuthorizationRequest org.springframework.security.oauth2.provider.AuthorizationRequest used on opensource projects

Search in sources :

Example 1 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class OauthAuthorizeController method authorize.

@RequestMapping(value = { "/oauth/custom/authorize.json" }, method = RequestMethod.POST)
@ResponseBody
public RequestInfoForm authorize(HttpServletRequest request, HttpServletResponse response, @RequestBody OauthAuthorizeForm form) {
    RequestInfoForm requestInfoForm = (RequestInfoForm) request.getSession().getAttribute(REQUEST_INFO_FORM);
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    AuthorizationRequest authorizationRequest = (AuthorizationRequest) request.getSession().getAttribute("authorizationRequest");
    Map<String, String> requestParams = new HashMap<String, String>(authorizationRequest.getRequestParameters());
    Map<String, String> approvalParams = new HashMap<String, String>();
    // Add the persistent token information
    if (form.getApproved()) {
        requestParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true");
        approvalParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true");
    } else {
        requestParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "false");
        approvalParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "false");
    }
    requestParams.put(OrcidOauth2Constants.TOKEN_VERSION, OrcidOauth2Constants.PERSISTENT_TOKEN);
    // Check if the client have persistent tokens enabled
    requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "false");
    if (hasPersistenTokensEnabled(requestInfoForm.getClientId()))
        // Then check if the client granted the persistent token
        if (form.getPersistentTokenEnabled())
            requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "true");
    // strip /email/read-private scope if user has not consented
    if (requestInfoForm.containsEmailReadPrivateScope() && !form.isEmailAccessAllowed()) {
        requestInfoForm.removeEmailReadPrivateScope();
        requestParams.put(OrcidOauth2Constants.SCOPE_PARAM, requestInfoForm.getScopesAsString());
    }
    // Session status
    SimpleSessionStatus status = new SimpleSessionStatus();
    authorizationRequest.setRequestParameters(requestParams);
    // Authorization request model
    Map<String, Object> model = new HashMap<String, Object>();
    model.put("authorizationRequest", authorizationRequest);
    // Approve
    RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth);
    requestInfoForm.setRedirectUrl(view.getUrl());
    if (new HttpSessionRequestCache().getRequest(request, response) != null)
        new HttpSessionRequestCache().removeRequest(request, response);
    LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + requestInfoForm.getRedirectUrl());
    return requestInfoForm;
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) HashMap(java.util.HashMap) Authentication(org.springframework.security.core.Authentication) HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache) RedirectView(org.springframework.web.servlet.view.RedirectView) RequestInfoForm(org.orcid.pojo.ajaxForm.RequestInfoForm) SimpleSessionStatus(org.springframework.web.bind.support.SimpleSessionStatus) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 2 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class T2OrcidApiServiceDelegatorImpl method setSponsorFromAuthentication.

public void setSponsorFromAuthentication(OrcidProfile profile) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (profile.getOrcidHistory() == null) {
        OrcidHistory orcidHistory = new OrcidHistory();
        orcidHistory.setCreationMethod(CreationMethod.API);
        profile.setOrcidHistory(orcidHistory);
    }
    profile.getOrcidHistory().setSubmissionDate(new SubmissionDate(DateUtils.convertToXMLGregorianCalendar(new Date())));
    if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
        OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
        Source sponsor = new Source();
        String sponsorId = authorizationRequest.getClientId();
        ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(sponsorId);
        if (clientDetails != null) {
            sponsor.setSourceName(new SourceName(clientDetails.getClientName()));
            if (OrcidStringUtils.isClientId(sponsorId)) {
                sponsor.setSourceClientId(new SourceClientId(sponsorId));
            } else {
                sponsor.setSourceOrcid(new SourceOrcid(sponsorId));
            }
        }
        profile.getOrcidHistory().setSource(sponsor);
    }
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OrcidHistory(org.orcid.jaxb.model.message.OrcidHistory) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) SourceClientId(org.orcid.jaxb.model.message.SourceClientId) SourceName(org.orcid.jaxb.model.message.SourceName) SourceOrcid(org.orcid.jaxb.model.message.SourceOrcid) SubmissionDate(org.orcid.jaxb.model.message.SubmissionDate) Date(java.util.Date) SubmissionDate(org.orcid.jaxb.model.message.SubmissionDate) Source(org.orcid.jaxb.model.message.Source)

Example 3 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class OrcidAuthorizationCodeServiceTest method testCreateAuthorizationCodeWithValidClient.

@Test
@Rollback
@Transactional
public void testCreateAuthorizationCodeWithValidClient() {
    AuthorizationRequest request = getAuthorizationRequest("4444-4444-4444-4441");
    OAuth2Authentication oauth2Authentication = new OAuth2Authentication(oAuth2RequestFactory.createOAuth2Request(request), getUserAuthentication());
    String authorizationCode = authorizationCodeServices.createAuthorizationCode(oauth2Authentication);
    assertNotNull(authorizationCode);
    oauth2Authentication = authorizationCodeServices.consumeAuthorizationCode(authorizationCode);
    assertNotNull(oauth2Authentication);
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test) Rollback(org.springframework.test.annotation.Rollback) Transactional(org.springframework.transaction.annotation.Transactional)

Example 4 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class OrcidAuthorizationCodeServiceTest method testCreateAuthorizationCodeWithInvalidClient.

@Test(expected = InvalidClientException.class)
@Rollback
@Transactional
public void testCreateAuthorizationCodeWithInvalidClient() {
    AuthorizationRequest request = getAuthorizationRequest("6444-4444-4444-4441");
    OAuth2Authentication auth = new OAuth2Authentication(oAuth2RequestFactory.createOAuth2Request(request), getUserAuthentication());
    authorizationCodeServices.createAuthorizationCode(auth);
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test) Rollback(org.springframework.test.annotation.Rollback) Transactional(org.springframework.transaction.annotation.Transactional)

Example 5 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class OrcidAuthorizationCodeServiceTest method getAuthorizationRequest.

public AuthorizationRequest getAuthorizationRequest(String clientId) {
    Set<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>(Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
    Set<String> resourceIds = new HashSet<>();
    resourceIds.add("orcid");
    Map<String, String> params = new HashMap<String, String>();
    params.put(OAuth2Utils.CLIENT_ID, clientId);
    params.put(OAuth2Utils.SCOPE, "a-scope");
    AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(params);
    authorizationRequest.setAuthorities(grantedAuthorities);
    authorizationRequest.setResourceIds(resourceIds);
    return authorizationRequest;
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) HashMap(java.util.HashMap) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) HashSet(java.util.HashSet)

Aggregations

OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)101 Test (org.junit.jupiter.api.Test)87 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)69 Test (org.junit.Test)58 Authentication (org.springframework.security.core.Authentication)58 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)52 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)51 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)48 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)42 HashMap (java.util.HashMap)36 OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)21 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)19 OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)19 ModelAndView (org.springframework.web.servlet.ModelAndView)18 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)16 HashSet (java.util.HashSet)15 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)15 RedirectView (org.springframework.web.servlet.view.RedirectView)14 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)13 LinkedHashMap (java.util.LinkedHashMap)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial