Search in sources :

Example 36 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class ClientScopeVoter method vote.

public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
    int result = ACCESS_ABSTAIN;
    if (!(authentication instanceof OAuth2Authentication)) {
        return result;
    }
    OAuth2Authentication oauth2Authentication = (OAuth2Authentication) authentication;
    OAuth2Request clientAuthentication = oauth2Authentication.getOAuth2Request();
    ClientDetails client = clientDetailsService.loadClientByClientId(clientAuthentication.getClientId());
    Set<String> scopes = clientAuthentication.getScope();
    if (oauth2Authentication.isClientOnly() && clientAuthoritiesAreScopes) {
        scopes = AuthorityUtils.authorityListToSet(clientAuthentication.getAuthorities());
    }
    for (ConfigAttribute attribute : attributes) {
        if (this.supports(attribute)) {
            result = ACCESS_GRANTED;
            for (String scope : scopes) {
                if (!client.getScope().contains(scope)) {
                    result = ACCESS_DENIED;
                    break;
                }
            }
            if (result == ACCESS_DENIED && throwException) {
                InsufficientScopeException failure = new InsufficientScopeException("Insufficient scope for this resource", client.getScope());
                throw new AccessDeniedException(failure.getMessage(), failure);
            }
            return result;
        }
    }
    return result;
}
Also used : InsufficientScopeException(org.springframework.security.oauth2.common.exceptions.InsufficientScopeException) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AccessDeniedException(org.springframework.security.access.AccessDeniedException) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) ConfigAttribute(org.springframework.security.access.ConfigAttribute) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)

Example 37 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class DefaultAuthenticationKeyGenerator method extractKey.

public String extractKey(OAuth2Authentication authentication) {
    Map<String, String> values = new LinkedHashMap<String, String>();
    OAuth2Request authorizationRequest = authentication.getOAuth2Request();
    if (!authentication.isClientOnly()) {
        values.put(USERNAME, authentication.getName());
    }
    values.put(CLIENT_ID, authorizationRequest.getClientId());
    if (authorizationRequest.getScope() != null) {
        values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet<String>(authorizationRequest.getScope())));
    }
    return generateKey(values);
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) TreeSet(java.util.TreeSet) LinkedHashMap(java.util.LinkedHashMap)

Example 38 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class DefaultTokenServices method getClientId.

public String getClientId(String tokenValue) {
    OAuth2Authentication authentication = tokenStore.readAuthentication(tokenValue);
    if (authentication == null) {
        throw new InvalidTokenException("Invalid access token: " + tokenValue);
    }
    OAuth2Request clientAuth = authentication.getOAuth2Request();
    if (clientAuth == null) {
        throw new InvalidTokenException("Invalid access token (no client id): " + tokenValue);
    }
    return clientAuth.getClientId();
}
Also used : InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)

Example 39 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class OAuth2ExpressionUtils method hasAnyScope.

public static boolean hasAnyScope(Authentication authentication, String[] scopes) {
    if (authentication instanceof OAuth2Authentication) {
        OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
        Collection<String> assigned = clientAuthentication.getScope();
        if (assigned != null) {
            for (String scope : scopes) {
                if (assigned.contains(scope)) {
                    return true;
                }
            }
        }
    }
    return false;
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)

Example 40 with OAuth2Request

use of org.springframework.security.oauth2.provider.OAuth2Request in project spring-security-oauth by spring-projects.

the class ImplicitTokenGranter method getOAuth2Authentication.

@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest clientToken) {
    Authentication userAuth = SecurityContextHolder.getContext().getAuthentication();
    if (userAuth == null || !userAuth.isAuthenticated()) {
        throw new InsufficientAuthenticationException("There is no currently logged in user");
    }
    Assert.state(clientToken instanceof ImplicitTokenRequest, "An ImplicitTokenRequest is required here. Caller needs to wrap the TokenRequest.");
    OAuth2Request requestForStorage = ((ImplicitTokenRequest) clientToken).getOAuth2Request();
    return new OAuth2Authentication(requestForStorage, userAuth);
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)

Aggregations

OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)99 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)77 Authentication (org.springframework.security.core.Authentication)57 Test (org.junit.Test)56 HashMap (java.util.HashMap)21 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)16 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)15 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)14 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)13 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)12 Date (java.util.Date)11 HashSet (java.util.HashSet)11 Expression (org.springframework.expression.Expression)10 DBUnitTest (org.orcid.test.DBUnitTest)8 EvaluationContext (org.springframework.expression.EvaluationContext)8 MethodInvocation (org.aopalliance.intercept.MethodInvocation)7 OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)7 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)7 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)7 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)7