Example 41 with AuthorizationRequest
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class DefaultOAuth2RequestValidatorTests method testNotPermittedForEmpty.
@Test(expected = InvalidScopeException.class)
public void testNotPermittedForEmpty() {
AuthorizationRequest request = factory.createAuthorizationRequest(params);
request.setScope(Collections.<String>emptySet());
validator.validateScope(request, client);
;
}
Also used :
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
Test(org.junit.Test)
Example 42 with AuthorizationRequest
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class DefaultOAuth2RequestValidatorTests method testNotPermittedForScope.
@Test(expected = InvalidScopeException.class)
public void testNotPermittedForScope() {
AuthorizationRequest request = factory.createAuthorizationRequest(params);
TokenRequest tokenRequest = factory.createTokenRequest(request, "authorization_code");
tokenRequest.setScope(Collections.singleton("foo"));
validator.validateScope(tokenRequest, client);
;
}
Also used :
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
TokenRequest(org.springframework.security.oauth2.provider.TokenRequest)
Test(org.junit.Test)
Example 43 with AuthorizationRequest
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class OAuth2RequestTests method testImplicitGrantType.
@Test
public void testImplicitGrantType() throws Exception {
parameters.put("response_type", "token");
OAuth2Request authorizationRequest = createFromParameters(parameters);
assertEquals("implicit", authorizationRequest.getGrantType());
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
Test(org.junit.Test)
Example 44 with AuthorizationRequest
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class AccessConfirmationController method getAccessConfirmation.
@RequestMapping("/oauth/confirm_access")
public ModelAndView getAccessConfirmation(Map<String, Object> model, Principal principal) throws Exception {
AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
model.put("auth_request", clientAuth);
model.put("client", client);
Map<String, String> scopes = new LinkedHashMap<String, String>();
for (String scope : clientAuth.getScope()) {
scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
}
for (Approval approval : approvalStore.getApprovals(principal.getName(), client.getClientId())) {
if (clientAuth.getScope().contains(approval.getScope())) {
scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(), approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
}
}
model.put("scopes", scopes);
return new ModelAndView("access_confirmation", model);
}
Also used :
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
ModelAndView(org.springframework.web.servlet.ModelAndView)
Approval(org.springframework.security.oauth2.provider.approval.Approval)
LinkedHashMap(java.util.LinkedHashMap)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 45 with AuthorizationRequest
use of org.springframework.security.oauth2.provider.AuthorizationRequest in project spring-security-oauth by spring-projects.
the class TokenEndpointAuthenticationFilter method doFilter.
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
final boolean debug = logger.isDebugEnabled();
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
try {
Authentication credentials = extractCredentials(request);
if (credentials != null) {
if (debug) {
logger.debug("Authentication credentials found for '" + credentials.getName() + "'");
}
Authentication authResult = authenticationManager.authenticate(credentials);
if (debug) {
logger.debug("Authentication success: " + authResult.getName());
}
Authentication clientAuth = SecurityContextHolder.getContext().getAuthentication();
if (clientAuth == null) {
throw new BadCredentialsException("No client authentication found. Remember to put a filter upstream of the TokenEndpointAuthenticationFilter.");
}
Map<String, String> map = getSingleValueMap(request);
map.put(OAuth2Utils.CLIENT_ID, clientAuth.getName());
AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(map);
authorizationRequest.setScope(getScope(request));
if (clientAuth.isAuthenticated()) {
// Ensure the OAuth2Authentication is authenticated
authorizationRequest.setApproved(true);
}
OAuth2Request storedOAuth2Request = oAuth2RequestFactory.createOAuth2Request(authorizationRequest);
SecurityContextHolder.getContext().setAuthentication(new OAuth2Authentication(storedOAuth2Request, authResult));
onSuccessfulAuthentication(request, response, authResult);
}
} catch (AuthenticationException failed) {
SecurityContextHolder.clearContext();
if (debug) {
logger.debug("Authentication request for failed: " + failed);
}
onUnsuccessfulAuthentication(request, response, failed);
authenticationEntryPoint.commence(request, response, failed);
return;
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
AuthenticationException(org.springframework.security.core.AuthenticationException)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Aggregations
OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)101
Test (org.junit.jupiter.api.Test)87
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)69
Test (org.junit.Test)58
Authentication (org.springframework.security.core.Authentication)58
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)52
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)51
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)48
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)42
HashMap (java.util.HashMap)36
OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)21
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)19
OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)19
ModelAndView (org.springframework.web.servlet.ModelAndView)18
ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)16
HashSet (java.util.HashSet)15
OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)15
RedirectView (org.springframework.web.servlet.view.RedirectView)14
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)13
LinkedHashMap (java.util.LinkedHashMap)12
