Examples with AuthorizationRequest org.springframework.security.oauth2.provider.AuthorizationRequest used on opensource projects

Example 61 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class TokenTargetFilterTest method setUpSecurityContext.

private void setUpSecurityContext(String userOrcid, String clientId, ScopePathType... scopePathTypes) {
    SecurityContextImpl securityContext = new SecurityContextImpl();
    OrcidOAuth2Authentication mockedAuthentication = mock(OrcidOAuth2Authentication.class);
    securityContext.setAuthentication(mockedAuthentication);
    SecurityContextHolder.setContext(securityContext);
    if (userOrcid != null) {
        ProfileEntity userProfileEntity = new ProfileEntity(userOrcid);
        when(mockedAuthentication.getPrincipal()).thenReturn(userProfileEntity);
        Authentication userAuthentication = mock(Authentication.class);
        when(userAuthentication.getPrincipal()).thenReturn(userProfileEntity);
        when(mockedAuthentication.getUserAuthentication()).thenReturn(userAuthentication);
    } else {
        when(mockedAuthentication.getPrincipal()).thenReturn(clientId);
    }
    Set<String> scopes = new HashSet<String>();
    if (scopePathTypes != null) {
        for (ScopePathType scopePathType : scopePathTypes) {
            scopes.add(scopePathType.value());
        }
    }
    OAuth2Request authorizationRequest = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, scopes, Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    when(mockedAuthentication.getOAuth2Request()).thenReturn(authorizationRequest);
    when(mockedAuthentication.isAuthenticated()).thenReturn(true);
}

Example 62 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class SourceManagerImpl method retrieveSourceEntity.

@Override
public SourceEntity retrieveSourceEntity() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        return null;
    }
    // API
    if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
        OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
        String clientId = authorizationRequest.getClientId();
        ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
        SourceEntity sourceEntity = new SourceEntity();
        sourceEntity.setSourceClient(new ClientDetailsEntity(clientId, clientDetails.getClientName()));
        sourceEntity.getSourceName();
        return sourceEntity;
    }
    String userOrcid = retrieveEffectiveOrcid(authentication);
    if (userOrcid == null) {
        // Must be system role
        return null;
    }
    // Normal web user
    SourceEntity sourceEntity = new SourceEntity();
    sourceEntity.setSourceProfile(new ProfileEntity(userOrcid));
    return sourceEntity;
}

Example 63 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class NotificationsApiServiceDelegatorImpl method findPermissionNotifications.

@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response findPermissionNotifications(String orcid) {
    // Get the client profile information
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    String clientId = null;
    if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
        OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
        clientId = authorizationRequest.getClientId();
    }
    NotificationPermissions notifications = notificationManager.findPermissionsByOrcidAndClient(orcid, clientId, 0, MAX_NOTIFICATIONS_AVAILABLE);
    return Response.ok(notifications).build();
}

Example 64 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class OrcidClientCredentialsChecker method validateCredentials.

public OAuth2Request validateCredentials(String grantType, TokenRequest tokenRequest) {
    String clientId = tokenRequest.getClientId();
    String scopesString = tokenRequest.getRequestParameters().get(OrcidOauth2Constants.SCOPE_PARAM);
    Set<String> scopes = new HashSet<String>();
    if (!PojoUtil.isEmpty(scopesString)) {
        scopes = OAuth2Utils.parseParameterList(scopesString);
    }
    ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
    orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails);
    validateGrantType(grantType, clientDetails);
    if (scopes != null) {
        validateScope(clientDetails, scopes);
    }
    Map<String, String> authorizationParams = new HashMap<String, String>();
    authorizationParams.putAll(tokenRequest.getRequestParameters());
    authorizationParams.put(OrcidOauth2Constants.GRANT_TYPE, grantType);
    authorizationParams.put(OAuth2Utils.SCOPE, StringUtils.join(scopes, ' '));
    authorizationParams.put(OAuth2Utils.CLIENT_ID, clientId);
    AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(authorizationParams);
    authorizationRequest.setAuthorities(clientDetails.getAuthorities());
    authorizationRequest.setResourceIds(clientDetails.getResourceIds());
    authorizationRequest.setApproved(true);
    return oAuth2RequestFactory.createOAuth2Request(authorizationRequest);
}

Example 65 with AuthorizationRequest

use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.

the class DefaultPermissionChecker method getVisibilitiesForOauth2Authentication.

private Set<Visibility> getVisibilitiesForOauth2Authentication(OAuth2Authentication oAuth2Authentication, OrcidMessage orcidMessage, ScopePathType requiredScope) {
    Set<Visibility> visibilities = new HashSet<Visibility>();
    visibilities.add(Visibility.PUBLIC);
    String orcid = orcidMessage.getOrcidProfile().getOrcidIdentifier().getPath();
    // effectively means that the user can only see the public data
    try {
        checkScopes(oAuth2Authentication, requiredScope);
    } catch (AccessControlException e) {
        return visibilities;
    }
    // we can allow for access of protected data
    if (!oAuth2Authentication.isClientOnly() && oAuth2Authentication.getPrincipal() != null && ProfileEntity.class.isAssignableFrom(oAuth2Authentication.getPrincipal().getClass())) {
        ProfileEntity principal = (ProfileEntity) oAuth2Authentication.getPrincipal();
        visibilities.add(Visibility.REGISTERED_ONLY);
        if (principal != null && principal.getId().equals(orcid)) {
            Set<String> requestedScopes = oAuth2Authentication.getOAuth2Request().getScope();
            for (String scope : requestedScopes) {
                if (ScopePathType.hasStringScope(scope, requiredScope)) {
                    visibilities.add(Visibility.LIMITED);
                    break;
                }
            }
        }
    // This is a client credential authenticated client. If the profile
    // was created using this client and it
    // hasn't been claimed, it's theirs to read
    } else if (oAuth2Authentication.isClientOnly()) {
        OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
        String clientId = authorizationRequest.getClientId();
        String sponsorOrcid = getSponsorOrcid(orcidMessage);
        if (StringUtils.isNotBlank(sponsorOrcid) && clientId.equals(sponsorOrcid) && !orcidMessage.getOrcidProfile().getOrcidHistory().isClaimed()) {
            visibilities.add(Visibility.LIMITED);
            visibilities.add(Visibility.PRIVATE);
        }
    }
    return visibilities;
}