Example 81 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.
the class OAuth2ExpressionUtils method hasAnyScope.
public static boolean hasAnyScope(Authentication authentication, String[] scopes) {
if (authentication instanceof OAuth2Authentication) {
OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
Collection<String> assigned = clientAuthentication.getScope();
if (assigned != null) {
for (String scope : scopes) {
if (assigned.contains(scope)) {
return true;
}
}
}
}
return false;
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Example 82 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.
the class ImplicitTokenGranter method getOAuth2Authentication.
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest clientToken) {
Authentication userAuth = SecurityContextHolder.getContext().getAuthentication();
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InsufficientAuthenticationException("There is no currently logged in user");
}
Assert.state(clientToken instanceof ImplicitTokenRequest, "An ImplicitTokenRequest is required here. Caller needs to wrap the TokenRequest.");
OAuth2Request requestForStorage = ((ImplicitTokenRequest) clientToken).getOAuth2Request();
return new OAuth2Authentication(requestForStorage, userAuth);
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
Example 83 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.
the class ResourceOwnerPasswordTokenGranter method getOAuth2Authentication.
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
String username = parameters.get("username");
String password = parameters.get("password");
// Protect from downstream leaks of password
parameters.remove("password");
Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
} catch (BadCredentialsException e) {
// If the username/password are wrong the spec says we should send 400/invalid grant
throw new InvalidGrantException(e.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException("Could not authenticate user: " + username);
}
OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
Also used :
AccountStatusException(org.springframework.security.authentication.AccountStatusException)
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException)
LinkedHashMap(java.util.LinkedHashMap)
Example 84 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project ORCID-Source by ORCID.
the class T2OrcidApiServiceDelegatorImpl method addExternalIdentifiers.
/**
* Add new external identifiers to the profile. As with all calls, if the
* message contains any other elements, a 400 Bad Request will be returned.
*
* @param orcidMessage
* the message congtaining the external ids
* @return If successful, returns a 200 OK with the updated content.
*/
@Override
@AccessControl(requiredScope = ScopePathType.ORCID_BIO_EXTERNAL_IDENTIFIERS_CREATE)
public Response addExternalIdentifiers(UriInfo uriInfo, String orcid, OrcidMessage orcidMessage) {
OrcidProfile orcidProfile = orcidMessage.getOrcidProfile();
try {
ExternalIdentifiers updatedExternalIdentifiers = orcidProfile.getOrcidBio().getExternalIdentifiers();
// Get the client profile information
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String clientId = null;
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
clientId = authorizationRequest.getClientId();
}
for (ExternalIdentifier ei : updatedExternalIdentifiers.getExternalIdentifier()) {
// Set the client profile to each external identifier
if (ei.getSource() == null) {
Source source = new Source();
source.setSourceClientId(new SourceClientId(clientId));
ei.setSource(source);
} else {
// Check if the provided external orcid exists
Source source = ei.getSource();
String sourceOrcid = source.retrieveSourcePath();
if (sourceOrcid != null) {
if (StringUtils.isBlank(sourceOrcid) || (!profileEntityManager.orcidExists(sourceOrcid) && !clientDetailsManager.exists(sourceOrcid))) {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", sourceOrcid);
throw new OrcidNotFoundException(params);
}
}
}
}
orcidProfile = orcidProfileManager.addExternalIdentifiers(orcidProfile);
return getOrcidMessageResponse(orcidProfile, orcid);
} catch (DataAccessException e) {
throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_createorcid.exception"));
}
}
Also used :
ExternalIdentifier(org.orcid.jaxb.model.message.ExternalIdentifier)
HashMap(java.util.HashMap)
SourceClientId(org.orcid.jaxb.model.message.SourceClientId)
Source(org.orcid.jaxb.model.message.Source)
OrcidProfile(org.orcid.jaxb.model.message.OrcidProfile)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OrcidBadRequestException(org.orcid.core.exception.OrcidBadRequestException)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
OrcidNotFoundException(org.orcid.core.exception.OrcidNotFoundException)
ExternalIdentifiers(org.orcid.jaxb.model.message.ExternalIdentifiers)
DataAccessException(org.springframework.dao.DataAccessException)
AccessControl(org.orcid.core.security.visibility.aop.AccessControl)
Example 85 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project ORCID-Source by ORCID.
the class T2OrcidApiServiceDelegatorImpl method registerWebhook.
/**
* Register a new webhook to the profile. As with all calls, if the message
* contains any other elements, a 400 Bad Request will be returned.
*
* @param orcid
* the identifier of the profile to add the webhook
* @param uriInfo
* an uri object containing the webhook
* @return If successful, returns a 2xx.
* */
@Override
@AccessControl(requiredScope = ScopePathType.WEBHOOK)
public Response registerWebhook(UriInfo uriInfo, String orcid, String webhookUri) {
@SuppressWarnings("unused") URI validatedWebhookUri = null;
try {
validatedWebhookUri = new URI(webhookUri);
} catch (URISyntaxException e) {
Object[] params = { webhookUri };
throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_incorrect_webhook.exception", params));
}
ProfileEntity profile = profileEntityCacheManager.retrieve(orcid);
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
ClientDetailsEntity clientDetails = null;
String clientId = null;
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
clientId = authorizationRequest.getClientId();
clientDetails = clientDetailsManager.findByClientId(clientId);
}
if (profile != null && clientDetails != null) {
WebhookEntityPk webhookPk = new WebhookEntityPk(profile, webhookUri);
WebhookEntity webhook = webhookManager.find(webhookPk);
boolean isNew = webhook == null;
if (isNew) {
webhook = new WebhookEntity();
webhook.setProfile(profile);
webhook.setDateCreated(new Date());
webhook.setEnabled(true);
webhook.setUri(webhookUri);
webhook.setClientDetails(clientDetails);
}
webhookManager.update(webhook);
return isNew ? Response.created(uriInfo.getAbsolutePath()).build() : Response.noContent().build();
} else if (profile == null) {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", orcid);
throw new OrcidNotFoundException(params);
} else {
Map<String, String> params = new HashMap<String, String>();
params.put("client", clientId);
throw new OrcidClientNotFoundException(params);
}
}
Also used :
ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity)
WebhookEntityPk(org.orcid.persistence.jpa.entities.keys.WebhookEntityPk)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)
Date(java.util.Date)
SubmissionDate(org.orcid.jaxb.model.message.SubmissionDate)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OrcidBadRequestException(org.orcid.core.exception.OrcidBadRequestException)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
WebhookEntity(org.orcid.persistence.jpa.entities.WebhookEntity)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
OrcidNotFoundException(org.orcid.core.exception.OrcidNotFoundException)
Map(java.util.Map)
HashMap(java.util.HashMap)
OrcidClientNotFoundException(org.orcid.core.exception.OrcidClientNotFoundException)
AccessControl(org.orcid.core.security.visibility.aop.AccessControl)
Aggregations
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)167
Test (org.junit.Test)116
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)84
Authentication (org.springframework.security.core.Authentication)69
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)58
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)50
Date (java.util.Date)34
HashMap (java.util.HashMap)23
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)21
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)20
DBUnitTest (org.orcid.test.DBUnitTest)17
ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)15
DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)15
DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)15
HashSet (java.util.HashSet)13
ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)13
ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)13
OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)13
TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)13
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)12
