Search in sources :

Example 46 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project ORCID-Source by ORCID.

the class OrcidAuthorizationCodeServiceImpl method getDetailFromAuthorization.

private OrcidOauth2AuthoriziationCodeDetail getDetailFromAuthorization(String code, OAuth2Authentication authentication) {
    OAuth2Request oAuth2Request = authentication.getOAuth2Request();
    OrcidOauth2AuthoriziationCodeDetail detail = new OrcidOauth2AuthoriziationCodeDetail();
    Map<String, String> requestParameters = oAuth2Request.getRequestParameters();
    if (requestParameters != null && !requestParameters.isEmpty()) {
        String clientId = (String) requestParameters.get(CLIENT_ID);
        ClientDetailsEntity clientDetails = getClientDetails(clientId);
        if (clientDetails == null) {
            return null;
        }
        detail.setScopes(OAuth2Utils.parseParameterList((String) requestParameters.get(SCOPE)));
        detail.setState((String) requestParameters.get(STATE));
        detail.setRedirectUri((String) requestParameters.get(REDIRECT_URI));
        detail.setResponseType((String) requestParameters.get(RESPONSE_TYPE));
        detail.setClientDetailsEntity(clientDetails);
        //persist the openID params if present
        if (requestParameters.get(OrcidOauth2Constants.NONCE) != null)
            detail.setNonce((String) requestParameters.get(OrcidOauth2Constants.NONCE));
    }
    detail.setId(code);
    detail.setApproved(authentication.getOAuth2Request().isApproved());
    Authentication userAuthentication = authentication.getUserAuthentication();
    Object principal = userAuthentication.getPrincipal();
    ProfileEntity entity = null;
    if (principal instanceof OrcidProfileUserDetails) {
        OrcidProfileUserDetails userDetails = (OrcidProfileUserDetails) principal;
        String effectiveOrcid = userDetails.getOrcid();
        if (effectiveOrcid != null) {
            entity = profileEntityCacheManager.retrieve(effectiveOrcid);
        }
    }
    if (entity == null) {
        return null;
    }
    detail.setProfileEntity(entity);
    detail.setAuthenticated(userAuthentication.isAuthenticated());
    Set<String> authorities = getStringSetFromGrantedAuthorities(authentication.getAuthorities());
    detail.setAuthorities(authorities);
    Object authenticationDetails = userAuthentication.getDetails();
    if (authenticationDetails instanceof WebAuthenticationDetails) {
        detail.setSessionId(((WebAuthenticationDetails) authenticationDetails).getSessionId());
    }
    boolean isPersistentTokenEnabledByUser = false;
    //Set token version to persistent token
    //TODO: As of Jan 2015 all tokens will be new tokens, so, we will have to remove the token version code and 
    //treat all tokens as new tokens
    detail.setVersion(Long.valueOf(OrcidOauth2Constants.PERSISTENT_TOKEN));
    if (requestParameters.containsKey(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN)) {
        String grantPersitentToken = (String) requestParameters.get(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN);
        if (Boolean.parseBoolean(grantPersitentToken)) {
            isPersistentTokenEnabledByUser = true;
        }
    }
    detail.setPersistent(isPersistentTokenEnabledByUser);
    return detail;
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OrcidOauth2AuthoriziationCodeDetail(org.orcid.persistence.jpa.entities.OrcidOauth2AuthoriziationCodeDetail) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) OrcidProfileUserDetails(org.orcid.core.oauth.OrcidProfileUserDetails) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)

Example 47 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project ORCID-Source by ORCID.

the class OrcidTokenStoreServiceTest method testStoreAccessToken.

@Test
@Transactional
public void testStoreAccessToken() throws Exception {
    String clientId = "4444-4444-4444-4441";
    DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("some-long-oauth2-token-value-9");
    ExpiringOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("some-long-oauth2-refresh-value-9", new Date());
    token.setRefreshToken(refreshToken);
    token.setScope(new HashSet<String>(Arrays.asList("/orcid-bio/read", "/orcid-works/read")));
    token.setTokenType("bearer");
    token.setExpiration(new Date());
    Map<String, String> parameters = new HashMap<String, String>();
    parameters.put("client_id", clientId);
    parameters.put("state", "read");
    parameters.put("scope", "/orcid-profile/write");
    parameters.put("redirect_uri", "http://www.google.com/");
    parameters.put("response_type", "bearer");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ProfileEntity profileEntity = profileEntityManager.findByOrcid("4444-4444-4444-4444");
    OrcidOauth2UserAuthentication userAuthentication = new OrcidOauth2UserAuthentication(profileEntity, true);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    orcidTokenStoreService.storeAccessToken(token, authentication);
    OAuth2AccessToken oAuth2AccessToken = orcidTokenStoreService.readAccessToken("some-long-oauth2-token-value-9");
    assertNotNull(oAuth2AccessToken);
}
Also used : HashMap(java.util.HashMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 48 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method testReissuedAccessTokenHasUpdatedExpiration.

@Test
public void testReissuedAccessTokenHasUpdatedExpiration() throws InterruptedException {
    Date earliestExpiry = oneHoursTime();
    Map<String, String> authorizationParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    authorizationParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    authorizationParameters.put(OAuth2Utils.SCOPE, "/orcid-works/create");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date latestExpiry = oneHoursTime();
    assertNotNull(oauth2AccessToken);
    assertFalse(oauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(oauth2AccessToken.getExpiration().after(latestExpiry));
    Thread.sleep(1000);
    earliestExpiry = oneHoursTime();
    OAuth2AccessToken reissuedOauth2AccessToken = tokenServices.createAccessToken(authentication);
    latestExpiry = oneHoursTime();
    assertNotNull(reissuedOauth2AccessToken);
    assertFalse(reissuedOauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(reissuedOauth2AccessToken.getExpiration().after(latestExpiry));
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) HashMap(java.util.HashMap) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 49 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method tokenExpireIn20YearsTest.

/**
     * Check that the token created with a persistent code will expire within 20 years
     * */
@Test
public void tokenExpireIn20YearsTest() throws InterruptedException {
    Date in20years = twentyYearsTime();
    Thread.sleep(2000);
    Map<String, String> requestParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    requestParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    requestParameters.put(OAuth2Utils.SCOPE, "/orcid-works/create");
    requestParameters.put("code", "code1");
    requestParameters.put(OrcidOauth2Constants.IS_PERSISTENT, "true");
    OAuth2Request request = new OAuth2Request(requestParameters, clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date tokenExpiration = oauth2AccessToken.getExpiration();
    //The token expires in 20 years
    assertFalse(in20years.after(tokenExpiration));
    in20years = twentyYearsTime();
    //Confirm the token expires in 20 years
    assertFalse(tokenExpiration.after(in20years));
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) HashMap(java.util.HashMap) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 50 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method testCreateAddWorkAccessToken.

@Test
public void testCreateAddWorkAccessToken() {
    Date earliestExpiry = oneHoursTime();
    Map<String, String> authorizationParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    authorizationParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    authorizationParameters.put(OAuth2Utils.SCOPE, "/orcid-works/create");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date latestExpiry = oneHoursTime();
    assertNotNull(oauth2AccessToken);
    assertFalse(oauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(oauth2AccessToken.getExpiration().after(latestExpiry));
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) HashMap(java.util.HashMap) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) Authentication(org.springframework.security.core.Authentication) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) OrcidOauth2ClientAuthentication(org.orcid.core.oauth.OrcidOauth2ClientAuthentication) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Aggregations

OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)99 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)77 Authentication (org.springframework.security.core.Authentication)57 Test (org.junit.Test)56 HashMap (java.util.HashMap)21 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)16 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)15 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)14 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)13 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)12 Date (java.util.Date)11 HashSet (java.util.HashSet)11 Expression (org.springframework.expression.Expression)10 DBUnitTest (org.orcid.test.DBUnitTest)8 EvaluationContext (org.springframework.expression.EvaluationContext)8 MethodInvocation (org.aopalliance.intercept.MethodInvocation)7 OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)7 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)7 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)7 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)7