use of org.springframework.security.oauth2.provider.OAuth2RequestFactory in project spring-security-oauth by spring-projects.
the class TokenEndpointAuthenticationFilterTests method testPasswordGrantWithUnAuthenticatedClient.
@Test
public void testPasswordGrantWithUnAuthenticatedClient() throws Exception {
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("client", "secret"));
request.setParameter("grant_type", "password");
Mockito.when(authenticationManager.authenticate(Mockito.<Authentication>any())).thenReturn(new UsernamePasswordAuthenticationToken("foo", "bar", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")));
TokenEndpointAuthenticationFilter filter = new TokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory);
filter.doFilter(request, response, chain);
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
assertTrue(authentication instanceof OAuth2Authentication);
assertFalse(authentication.isAuthenticated());
}
use of org.springframework.security.oauth2.provider.OAuth2RequestFactory in project spring-security-oauth by spring-projects.
the class AuthorizationServerEndpointsConfiguration method tokenEndpoint.
@Bean
public TokenEndpoint tokenEndpoint() throws Exception {
TokenEndpoint tokenEndpoint = new TokenEndpoint();
tokenEndpoint.setClientDetailsService(clientDetailsService);
tokenEndpoint.setProviderExceptionHandler(exceptionTranslator());
tokenEndpoint.setTokenGranter(tokenGranter());
tokenEndpoint.setOAuth2RequestFactory(oauth2RequestFactory());
tokenEndpoint.setOAuth2RequestValidator(oauth2RequestValidator());
tokenEndpoint.setAllowedRequestMethods(allowedTokenEndpointRequestMethods());
return tokenEndpoint;
}
use of org.springframework.security.oauth2.provider.OAuth2RequestFactory in project spring-security-oauth by spring-projects.
the class AbstractEndpoint method afterPropertiesSet.
public void afterPropertiesSet() throws Exception {
Assert.state(tokenGranter != null, "TokenGranter must be provided");
Assert.state(clientDetailsService != null, "ClientDetailsService must be provided");
defaultOAuth2RequestFactory = new DefaultOAuth2RequestFactory(getClientDetailsService());
if (oAuth2RequestFactory == null) {
oAuth2RequestFactory = defaultOAuth2RequestFactory;
}
}
use of org.springframework.security.oauth2.provider.OAuth2RequestFactory in project spring-security-oauth by spring-projects.
the class AuthorizationEndpoint method authorize.
@RequestMapping(value = "/oauth/authorize")
public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters, SessionStatus sessionStatus, Principal principal) {
// Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
// query off of the authorization request instead of referring back to the parameters map. The contents of the
// parameters map will be stored without change in the AuthorizationRequest object once it is created.
AuthorizationRequest authorizationRequest = getOAuth2RequestFactory().createAuthorizationRequest(parameters);
Set<String> responseTypes = authorizationRequest.getResponseTypes();
if (!responseTypes.contains("token") && !responseTypes.contains("code")) {
throw new UnsupportedResponseTypeException("Unsupported response types: " + responseTypes);
}
if (authorizationRequest.getClientId() == null) {
throw new InvalidClientException("A client id must be provided");
}
try {
if (!(principal instanceof Authentication) || !((Authentication) principal).isAuthenticated()) {
throw new InsufficientAuthenticationException("User must be authenticated with Spring Security before authorization can be completed.");
}
ClientDetails client = getClientDetailsService().loadClientByClientId(authorizationRequest.getClientId());
// The resolved redirect URI is either the redirect_uri from the parameters or the one from
// clientDetails. Either way we need to store it on the AuthorizationRequest.
String redirectUriParameter = authorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI);
String resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client);
if (!StringUtils.hasText(resolvedRedirect)) {
throw new RedirectMismatchException("A redirectUri must be either supplied or preconfigured in the ClientDetails");
}
authorizationRequest.setRedirectUri(resolvedRedirect);
// We intentionally only validate the parameters requested by the client (ignoring any data that may have
// been added to the request by the manager).
oauth2RequestValidator.validateScope(authorizationRequest, client);
// Some systems may allow for approval decisions to be remembered or approved by default. Check for
// such logic here, and set the approved flag on the authorization request accordingly.
authorizationRequest = userApprovalHandler.checkForPreApproval(authorizationRequest, (Authentication) principal);
// TODO: is this call necessary?
boolean approved = userApprovalHandler.isApproved(authorizationRequest, (Authentication) principal);
authorizationRequest.setApproved(approved);
// Validation is all done, so we can check for auto approval...
if (authorizationRequest.isApproved()) {
if (responseTypes.contains("token")) {
return getImplicitGrantResponse(authorizationRequest);
}
if (responseTypes.contains("code")) {
return new ModelAndView(getAuthorizationCodeResponse(authorizationRequest, (Authentication) principal));
}
}
// Place auth request into the model so that it is stored in the session
// for approveOrDeny to use. That way we make sure that auth request comes from the session,
// so any auth request parameters passed to approveOrDeny will be ignored and retrieved from the session.
model.put("authorizationRequest", authorizationRequest);
return getUserApprovalPageResponse(model, authorizationRequest, (Authentication) principal);
} catch (RuntimeException e) {
sessionStatus.setComplete();
throw e;
}
}
use of org.springframework.security.oauth2.provider.OAuth2RequestFactory in project ORCID-Source by ORCID.
the class OrcidClientCredentialsCheckerTest method setup.
@Before
public void setup() {
MockitoAnnotations.initMocks(this);
oAuth2RequestFactory = new DefaultOAuth2RequestFactory(clientDetailsService);
checker = new OrcidClientCredentialsChecker(oAuth2RequestFactory);
checker.setClientDetailsEntityCacheManager(clientDetailsEntityCacheManager);
checker.setOrcidOAuth2RequestValidator(orcidOAuth2RequestValidator);
}
Aggregations