use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.
the class DefaultPermissionChecker method performClientChecks.
private void performClientChecks(OAuth2Authentication oAuth2Authentication, ScopePathType requiredScope, OrcidMessage orcidMessage, String orcid) {
OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
// as an update
if (orcidMessage != null && orcidMessage.getOrcidProfile() != null && StringUtils.isNotBlank(orcid)) {
OrcidIdentifier orcidOb = orcidMessage.getOrcidProfile().getOrcidIdentifier();
String messageOrcid = orcidOb != null ? orcidOb.getPath() : orcid;
if (StringUtils.isNotBlank(messageOrcid) && !orcid.equals(messageOrcid)) {
throw new IllegalArgumentException("The ORCID in the body and the URI do NOT match. Body ORCID: " + messageOrcid + " URI ORCID: " + orcid + " do NOT match.");
}
profileEntityCacheManager.retrieve(messageOrcid);
if (!profileEntityManager.existsAndNotClaimedAndBelongsTo(messageOrcid, authorizationRequest.getClientId())) {
throw new AccessControlException("You cannot update this profile as it has been claimed, or you are not the owner.");
}
}
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project ORCID-Source by ORCID.
the class OrcidTokenStoreServiceImpl method populatePropertiesFromTokenAndAuthentication.
private OrcidOauth2TokenDetail populatePropertiesFromTokenAndAuthentication(OAuth2AccessToken token, OAuth2Authentication authentication, OrcidOauth2TokenDetail detail) {
OAuth2Request authorizationRequest = authentication.getOAuth2Request();
if (detail == null) {
detail = new OrcidOauth2TokenDetail();
}
String clientId = authorizationRequest.getClientId();
String authKey = authenticationKeyGenerator.extractKey(authentication);
detail.setAuthenticationKey(authKey);
detail.setClientDetailsId(clientId);
OAuth2RefreshToken refreshToken = token.getRefreshToken();
if (refreshToken != null && StringUtils.isNotBlank(refreshToken.getValue())) {
if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
// Override the refresh token expiration from the client
// details, and make it the same as the token itself
detail.setRefreshTokenExpiration(token.getExpiration());
}
detail.setRefreshTokenValue(refreshToken.getValue());
}
if (!authentication.isClientOnly()) {
Object principal = authentication.getPrincipal();
if (principal instanceof ProfileEntity) {
ProfileEntity profileEntity = (ProfileEntity) authentication.getPrincipal();
profileEntity = profileEntityCacheManager.retrieve(profileEntity.getId());
detail.setProfile(profileEntity);
}
}
detail.setTokenValue(token.getValue());
detail.setTokenType(token.getTokenType());
detail.setTokenExpiration(token.getExpiration());
detail.setApproved(authorizationRequest.isApproved());
detail.setRedirectUri(authorizationRequest.getRedirectUri());
Set<String> resourceIds = authorizationRequest.getResourceIds();
if (resourceIds == null || resourceIds.isEmpty()) {
ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
resourceIds = clientDetails.getResourceIds();
}
detail.setResourceId(OAuth2Utils.formatParameterList(resourceIds));
detail.setResponseType(OAuth2Utils.formatParameterList(authorizationRequest.getResponseTypes()));
detail.setScope(OAuth2Utils.formatParameterList(authorizationRequest.getScope()));
Map<String, Object> additionalInfo = token.getAdditionalInformation();
if (additionalInfo != null) {
if (additionalInfo.containsKey(OrcidOauth2Constants.TOKEN_VERSION)) {
String sVersion = String.valueOf(additionalInfo.get(OrcidOauth2Constants.TOKEN_VERSION));
detail.setVersion(Long.valueOf(sVersion));
} else {
// TODO: As of Jan 2015 all tokens will be new tokens, so, we
// will have to remove the token version code and
// treat all tokens as new tokens
detail.setVersion(Long.valueOf(OrcidOauth2Constants.PERSISTENT_TOKEN));
}
if (additionalInfo.containsKey(OrcidOauth2Constants.PERSISTENT)) {
boolean isPersistentKey = (Boolean) additionalInfo.get(OrcidOauth2Constants.PERSISTENT);
detail.setPersistent(isPersistentKey);
} else {
detail.setPersistent(false);
}
} else {
detail.setPersistent(false);
}
return detail;
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class SparklrUserApprovalHandler method checkForPreApproval.
/**
* Allows automatic approval for a white list of clients in the implicit grant case.
*
* @param authorizationRequest The authorization request.
* @param userAuthentication the current user authentication
*
* @return An updated request if it has already been approved by the current user.
*/
@Override
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
boolean approved = false;
// If we are allowed to check existing approvals this will short circuit the decision
if (useApprovalStore) {
authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication);
approved = authorizationRequest.isApproved();
} else {
if (clientDetailsService != null) {
Collection<String> requestedScopes = authorizationRequest.getScope();
try {
ClientDetails client = clientDetailsService.loadClientByClientId(authorizationRequest.getClientId());
for (String scope : requestedScopes) {
if (client.isAutoApprove(scope)) {
approved = true;
break;
}
}
} catch (ClientRegistrationException e) {
}
}
}
authorizationRequest.setApproved(approved);
return authorizationRequest;
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class AuthorizationEndpoint method getImplicitGrantResponse.
// We can grant a token and return it with implicit approval.
private ModelAndView getImplicitGrantResponse(AuthorizationRequest authorizationRequest) {
try {
TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(authorizationRequest, "implicit");
OAuth2Request storedOAuth2Request = getOAuth2RequestFactory().createOAuth2Request(authorizationRequest);
OAuth2AccessToken accessToken = getAccessTokenForImplicitGrant(tokenRequest, storedOAuth2Request);
if (accessToken == null) {
throw new UnsupportedResponseTypeException("Unsupported response type: token");
}
return new ModelAndView(new RedirectView(appendAccessToken(authorizationRequest, accessToken), false, true, false));
} catch (OAuth2Exception e) {
return new ModelAndView(new RedirectView(getUnsuccessfulRedirect(authorizationRequest, e, true), false, true, false));
}
}
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class AuthorizationEndpoint method generateCode.
private String generateCode(AuthorizationRequest authorizationRequest, Authentication authentication) throws AuthenticationException {
try {
OAuth2Request storedOAuth2Request = getOAuth2RequestFactory().createOAuth2Request(authorizationRequest);
OAuth2Authentication combinedAuth = new OAuth2Authentication(storedOAuth2Request, authentication);
String code = authorizationCodeServices.createAuthorizationCode(combinedAuth);
return code;
} catch (OAuth2Exception e) {
if (authorizationRequest.getState() != null) {
e.addAdditionalInformation("state", authorizationRequest.getState());
}
throw e;
}
}
Aggregations