Example 21 with ClientDetails
use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.
the class ResourceServerSecurityConfigurer method oauthAuthenticationManager.
private AuthenticationManager oauthAuthenticationManager(HttpSecurity http) {
OAuth2AuthenticationManager oauthAuthenticationManager = new OAuth2AuthenticationManager();
if (authenticationManager != null) {
if (authenticationManager instanceof OAuth2AuthenticationManager) {
oauthAuthenticationManager = (OAuth2AuthenticationManager) authenticationManager;
} else {
return authenticationManager;
}
}
oauthAuthenticationManager.setResourceId(resourceId);
oauthAuthenticationManager.setTokenServices(resourceTokenServices(http));
oauthAuthenticationManager.setClientDetailsService(clientDetails());
return oauthAuthenticationManager;
}
Also used :
OAuth2AuthenticationManager(org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager)
Example 22 with ClientDetails
use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.
the class TokenStoreUserApprovalHandler method checkForPreApproval.
@Override
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
boolean approved = false;
String clientId = authorizationRequest.getClientId();
Set<String> scopes = authorizationRequest.getScope();
if (clientDetailsService != null) {
try {
ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
approved = true;
for (String scope : scopes) {
if (!client.isAutoApprove(scope)) {
approved = false;
}
}
if (approved) {
authorizationRequest.setApproved(true);
return authorizationRequest;
}
} catch (ClientRegistrationException e) {
logger.warn("Client registration problem prevent autoapproval check for client=" + clientId);
}
}
OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest);
OAuth2Authentication authentication = new OAuth2Authentication(storedOAuth2Request, userAuthentication);
if (logger.isDebugEnabled()) {
StringBuilder builder = new StringBuilder("Looking up existing token for ");
builder.append("client_id=" + clientId);
builder.append(", scope=" + scopes);
builder.append(" and username=" + userAuthentication.getName());
logger.debug(builder.toString());
}
OAuth2AccessToken accessToken = tokenStore.getAccessToken(authentication);
logger.debug("Existing access token=" + accessToken);
if (accessToken != null && !accessToken.isExpired()) {
logger.debug("User already approved with token=" + accessToken);
// A token was already granted and is still valid, so this is already approved
approved = true;
} else {
logger.debug("Checking explicit approval");
approved = userAuthentication.isAuthenticated() && approved;
}
authorizationRequest.setApproved(approved);
return authorizationRequest;
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
ClientRegistrationException(org.springframework.security.oauth2.provider.ClientRegistrationException)
Example 23 with ClientDetails
use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.
the class OAuth2AuthenticationManager method checkClientDetails.
private void checkClientDetails(OAuth2Authentication auth) {
if (clientDetailsService != null) {
ClientDetails client;
try {
client = clientDetailsService.loadClientByClientId(auth.getOAuth2Request().getClientId());
} catch (ClientRegistrationException e) {
throw new OAuth2AccessDeniedException("Invalid token contains invalid client id");
}
Set<String> allowed = client.getScope();
for (String scope : auth.getOAuth2Request().getScope()) {
if (!allowed.contains(scope)) {
throw new OAuth2AccessDeniedException("Invalid token contains disallowed scope (" + scope + ") for this client");
}
}
}
}
Also used :
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
OAuth2AccessDeniedException(org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException)
ClientRegistrationException(org.springframework.security.oauth2.provider.ClientRegistrationException)
Example 24 with ClientDetails
use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.
the class AuthorizationCodeTokenGranter method getOAuth2Authentication.
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = tokenRequest.getRequestParameters();
String authorizationCode = parameters.get("code");
String redirectUri = parameters.get(OAuth2Utils.REDIRECT_URI);
if (authorizationCode == null) {
throw new InvalidRequestException("An authorization code must be supplied.");
}
OAuth2Authentication storedAuth = authorizationCodeServices.consumeAuthorizationCode(authorizationCode);
if (storedAuth == null) {
throw new InvalidGrantException("Invalid authorization code: " + authorizationCode);
}
OAuth2Request pendingOAuth2Request = storedAuth.getOAuth2Request();
// https://jira.springsource.org/browse/SECOAUTH-333
// This might be null, if the authorization was done without the redirect_uri parameter
String redirectUriApprovalParameter = pendingOAuth2Request.getRequestParameters().get(OAuth2Utils.REDIRECT_URI);
if ((redirectUri != null || redirectUriApprovalParameter != null) && !pendingOAuth2Request.getRedirectUri().equals(redirectUri)) {
throw new RedirectMismatchException("Redirect URI mismatch.");
}
String pendingClientId = pendingOAuth2Request.getClientId();
String clientId = tokenRequest.getClientId();
if (clientId != null && !clientId.equals(pendingClientId)) {
// just a sanity check.
throw new InvalidClientException("Client ID mismatch");
}
// Secret is not required in the authorization request, so it won't be available
// in the pendingAuthorizationRequest. We do want to check that a secret is provided
// in the token request, but that happens elsewhere.
Map<String, String> combinedParameters = new HashMap<String, String>(pendingOAuth2Request.getRequestParameters());
// Combine the parameters adding the new ones last so they override if there are any clashes
combinedParameters.putAll(parameters);
// Make a new stored request with the combined parameters
OAuth2Request finalStoredOAuth2Request = pendingOAuth2Request.createOAuth2Request(combinedParameters);
Authentication userAuth = storedAuth.getUserAuthentication();
return new OAuth2Authentication(finalStoredOAuth2Request, userAuth);
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
HashMap(java.util.HashMap)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
RedirectMismatchException(org.springframework.security.oauth2.common.exceptions.RedirectMismatchException)
InvalidClientException(org.springframework.security.oauth2.common.exceptions.InvalidClientException)
InvalidRequestException(org.springframework.security.oauth2.common.exceptions.InvalidRequestException)
InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException)
Example 25 with ClientDetails
use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.
the class ClientScopeVoter method vote.
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
int result = ACCESS_ABSTAIN;
if (!(authentication instanceof OAuth2Authentication)) {
return result;
}
OAuth2Authentication oauth2Authentication = (OAuth2Authentication) authentication;
OAuth2Request clientAuthentication = oauth2Authentication.getOAuth2Request();
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuthentication.getClientId());
Set<String> scopes = clientAuthentication.getScope();
if (oauth2Authentication.isClientOnly() && clientAuthoritiesAreScopes) {
scopes = AuthorityUtils.authorityListToSet(clientAuthentication.getAuthorities());
}
for (ConfigAttribute attribute : attributes) {
if (this.supports(attribute)) {
result = ACCESS_GRANTED;
for (String scope : scopes) {
if (!client.getScope().contains(scope)) {
result = ACCESS_DENIED;
break;
}
}
if (result == ACCESS_DENIED && throwException) {
InsufficientScopeException failure = new InsufficientScopeException("Insufficient scope for this resource", client.getScope());
throw new AccessDeniedException(failure.getMessage(), failure);
}
return result;
}
}
return result;
}
Also used :
InsufficientScopeException(org.springframework.security.oauth2.common.exceptions.InsufficientScopeException)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Aggregations
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)44
Test (org.junit.Test)36
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)30
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27
Authentication (org.springframework.security.core.Authentication)21
ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)20
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)19
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)19
Date (java.util.Date)13
HashMap (java.util.HashMap)12
TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)8
ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)7
ClientDetailsService (org.springframework.security.oauth2.provider.ClientDetailsService)7
DBUnitTest (org.orcid.test.DBUnitTest)6
AnnotationConfigServletWebServerApplicationContext (org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)6
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)6
OAuth2Exception (org.springframework.security.oauth2.common.exceptions.OAuth2Exception)6
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)6
OrcidOauth2ClientAuthentication (org.orcid.core.oauth.OrcidOauth2ClientAuthentication)5
InvalidClientException (org.springframework.security.oauth2.common.exceptions.InvalidClientException)5
