use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.
the class TokenTargetFilterTest method setUpSecurityContext.
private void setUpSecurityContext(String userOrcid, String clientId, ScopePathType... scopePathTypes) {
SecurityContextImpl securityContext = new SecurityContextImpl();
OrcidOAuth2Authentication mockedAuthentication = mock(OrcidOAuth2Authentication.class);
securityContext.setAuthentication(mockedAuthentication);
SecurityContextHolder.setContext(securityContext);
if (userOrcid != null) {
ProfileEntity userProfileEntity = new ProfileEntity(userOrcid);
when(mockedAuthentication.getPrincipal()).thenReturn(userProfileEntity);
Authentication userAuthentication = mock(Authentication.class);
when(userAuthentication.getPrincipal()).thenReturn(userProfileEntity);
when(mockedAuthentication.getUserAuthentication()).thenReturn(userAuthentication);
} else {
when(mockedAuthentication.getPrincipal()).thenReturn(clientId);
}
Set<String> scopes = new HashSet<String>();
if (scopePathTypes != null) {
for (ScopePathType scopePathType : scopePathTypes) {
scopes.add(scopePathType.value());
}
}
OAuth2Request authorizationRequest = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, scopes, Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
when(mockedAuthentication.getOAuth2Request()).thenReturn(authorizationRequest);
when(mockedAuthentication.isAuthenticated()).thenReturn(true);
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.
the class SourceManagerImpl method retrieveSourceEntity.
@Override
public SourceEntity retrieveSourceEntity() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
return null;
}
// API
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
String clientId = authorizationRequest.getClientId();
ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
SourceEntity sourceEntity = new SourceEntity();
sourceEntity.setSourceClient(new ClientDetailsEntity(clientId, clientDetails.getClientName()));
sourceEntity.getSourceName();
return sourceEntity;
}
String userOrcid = retrieveEffectiveOrcid(authentication);
if (userOrcid == null) {
// Must be system role
return null;
}
// Normal web user
SourceEntity sourceEntity = new SourceEntity();
sourceEntity.setSourceProfile(new ProfileEntity(userOrcid));
return sourceEntity;
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.
the class NotificationsApiServiceDelegatorImpl method findPermissionNotifications.
@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response findPermissionNotifications(String orcid) {
// Get the client profile information
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String clientId = null;
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
clientId = authorizationRequest.getClientId();
}
NotificationPermissions notifications = notificationManager.findPermissionsByOrcidAndClient(orcid, clientId, 0, MAX_NOTIFICATIONS_AVAILABLE);
return Response.ok(notifications).build();
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.
the class OrcidClientCredentialsChecker method validateCredentials.
public OAuth2Request validateCredentials(String grantType, TokenRequest tokenRequest) {
String clientId = tokenRequest.getClientId();
String scopesString = tokenRequest.getRequestParameters().get(OrcidOauth2Constants.SCOPE_PARAM);
Set<String> scopes = new HashSet<String>();
if (!PojoUtil.isEmpty(scopesString)) {
scopes = OAuth2Utils.parseParameterList(scopesString);
}
ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails);
validateGrantType(grantType, clientDetails);
if (scopes != null) {
validateScope(clientDetails, scopes);
}
Map<String, String> authorizationParams = new HashMap<String, String>();
authorizationParams.putAll(tokenRequest.getRequestParameters());
authorizationParams.put(OrcidOauth2Constants.GRANT_TYPE, grantType);
authorizationParams.put(OAuth2Utils.SCOPE, StringUtils.join(scopes, ' '));
authorizationParams.put(OAuth2Utils.CLIENT_ID, clientId);
AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(authorizationParams);
authorizationRequest.setAuthorities(clientDetails.getAuthorities());
authorizationRequest.setResourceIds(clientDetails.getResourceIds());
authorizationRequest.setApproved(true);
return oAuth2RequestFactory.createOAuth2Request(authorizationRequest);
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.
the class DefaultPermissionChecker method getVisibilitiesForOauth2Authentication.
private Set<Visibility> getVisibilitiesForOauth2Authentication(OAuth2Authentication oAuth2Authentication, OrcidMessage orcidMessage, ScopePathType requiredScope) {
Set<Visibility> visibilities = new HashSet<Visibility>();
visibilities.add(Visibility.PUBLIC);
String orcid = orcidMessage.getOrcidProfile().getOrcidIdentifier().getPath();
// effectively means that the user can only see the public data
try {
checkScopes(oAuth2Authentication, requiredScope);
} catch (AccessControlException e) {
return visibilities;
}
// we can allow for access of protected data
if (!oAuth2Authentication.isClientOnly() && oAuth2Authentication.getPrincipal() != null && ProfileEntity.class.isAssignableFrom(oAuth2Authentication.getPrincipal().getClass())) {
ProfileEntity principal = (ProfileEntity) oAuth2Authentication.getPrincipal();
visibilities.add(Visibility.REGISTERED_ONLY);
if (principal != null && principal.getId().equals(orcid)) {
Set<String> requestedScopes = oAuth2Authentication.getOAuth2Request().getScope();
for (String scope : requestedScopes) {
if (ScopePathType.hasStringScope(scope, requiredScope)) {
visibilities.add(Visibility.LIMITED);
break;
}
}
}
// This is a client credential authenticated client. If the profile
// was created using this client and it
// hasn't been claimed, it's theirs to read
} else if (oAuth2Authentication.isClientOnly()) {
OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
String clientId = authorizationRequest.getClientId();
String sponsorOrcid = getSponsorOrcid(orcidMessage);
if (StringUtils.isNotBlank(sponsorOrcid) && clientId.equals(sponsorOrcid) && !orcidMessage.getOrcidProfile().getOrcidHistory().isClaimed()) {
visibilities.add(Visibility.LIMITED);
visibilities.add(Visibility.PRIVATE);
}
}
return visibilities;
}
Aggregations