Search in sources :

Example 6 with TokenGranter

use of org.springframework.security.oauth2.provider.TokenGranter in project spring-security-oauth by spring-projects.

the class AbstractEndpoint method afterPropertiesSet.

public void afterPropertiesSet() throws Exception {
    Assert.state(tokenGranter != null, "TokenGranter must be provided");
    Assert.state(clientDetailsService != null, "ClientDetailsService must be provided");
    defaultOAuth2RequestFactory = new DefaultOAuth2RequestFactory(getClientDetailsService());
    if (oAuth2RequestFactory == null) {
        oAuth2RequestFactory = defaultOAuth2RequestFactory;
    }
}
Also used : DefaultOAuth2RequestFactory(org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory)

Example 7 with TokenGranter

use of org.springframework.security.oauth2.provider.TokenGranter in project spring-security-oauth by spring-projects.

the class AuthorizationServerEndpointsConfiguration method authorizationEndpoint.

@Bean
public AuthorizationEndpoint authorizationEndpoint() throws Exception {
    AuthorizationEndpoint authorizationEndpoint = new AuthorizationEndpoint();
    FrameworkEndpointHandlerMapping mapping = getEndpointsConfigurer().getFrameworkEndpointHandlerMapping();
    authorizationEndpoint.setUserApprovalPage(extractPath(mapping, "/oauth/confirm_access"));
    authorizationEndpoint.setProviderExceptionHandler(exceptionTranslator());
    authorizationEndpoint.setErrorPage(extractPath(mapping, "/oauth/error"));
    authorizationEndpoint.setTokenGranter(tokenGranter());
    authorizationEndpoint.setClientDetailsService(clientDetailsService);
    authorizationEndpoint.setAuthorizationCodeServices(authorizationCodeServices());
    authorizationEndpoint.setOAuth2RequestFactory(oauth2RequestFactory());
    authorizationEndpoint.setOAuth2RequestValidator(oauth2RequestValidator());
    authorizationEndpoint.setUserApprovalHandler(userApprovalHandler());
    return authorizationEndpoint;
}
Also used : FrameworkEndpointHandlerMapping(org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping) AuthorizationEndpoint(org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint) AbstractFactoryBean(org.springframework.beans.factory.config.AbstractFactoryBean) FactoryBean(org.springframework.beans.factory.FactoryBean) Bean(org.springframework.context.annotation.Bean)

Example 8 with TokenGranter

use of org.springframework.security.oauth2.provider.TokenGranter in project spring-security-oauth by spring-projects.

the class AuthorizationServerEndpointsConfigurer method getDefaultTokenGranters.

private List<TokenGranter> getDefaultTokenGranters() {
    ClientDetailsService clientDetails = clientDetailsService();
    AuthorizationServerTokenServices tokenServices = tokenServices();
    AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
    OAuth2RequestFactory requestFactory = requestFactory();
    List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>();
    tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetails, requestFactory));
    tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory));
    ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory);
    tokenGranters.add(implicit);
    tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory));
    if (authenticationManager != null) {
        tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices, clientDetails, requestFactory));
    }
    return tokenGranters;
}
Also used : AuthorizationCodeServices(org.springframework.security.oauth2.provider.code.AuthorizationCodeServices) InMemoryAuthorizationCodeServices(org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices) ImplicitTokenGranter(org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter) DefaultOAuth2RequestFactory(org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory) OAuth2RequestFactory(org.springframework.security.oauth2.provider.OAuth2RequestFactory) CompositeTokenGranter(org.springframework.security.oauth2.provider.CompositeTokenGranter) ImplicitTokenGranter(org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter) RefreshTokenGranter(org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter) AuthorizationCodeTokenGranter(org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter) ClientCredentialsTokenGranter(org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) ResourceOwnerPasswordTokenGranter(org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter) AuthorizationServerTokenServices(org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices) AuthorizationCodeTokenGranter(org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter) ResourceOwnerPasswordTokenGranter(org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter) ArrayList(java.util.ArrayList) ClientCredentialsTokenGranter(org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter) ClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService) InMemoryClientDetailsService(org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService) RefreshTokenGranter(org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter)

Example 9 with TokenGranter

use of org.springframework.security.oauth2.provider.TokenGranter in project spring-security-oauth by spring-projects.

the class AuthorizationServerCustomGrantParserTests method testCustomGrantRegistered.

@Test
public void testCustomGrantRegistered() {
    TokenGranter granter = context.getBean(CompositeTokenGranter.class);
    assertNotNull("Custom grant registration failed!", granter.grant("test-grant", null));
}
Also used : CompositeTokenGranter(org.springframework.security.oauth2.provider.CompositeTokenGranter) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) Test(org.junit.Test)

Example 10 with TokenGranter

use of org.springframework.security.oauth2.provider.TokenGranter in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitPreApproved.

@Test
public void testImplicitPreApproved() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
            token.setAdditionalInformation(Collections.singletonMap("foo", (Object) "bar"));
            return token;
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
    assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
    assertTrue("Wrong token: " + result, url.contains("access_token="));
    assertTrue("Wrong token: " + result, url.contains("foo=bar"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Aggregations

TokenGranter (org.springframework.security.oauth2.provider.TokenGranter)12 Test (org.junit.Test)10 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)9 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)9 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)9 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)8 ModelAndView (org.springframework.web.servlet.ModelAndView)8 Authentication (org.springframework.security.core.Authentication)7 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)7 DefaultUserApprovalHandler (org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler)7 RedirectView (org.springframework.web.servlet.view.RedirectView)7 CompositeTokenGranter (org.springframework.security.oauth2.provider.CompositeTokenGranter)3 FactoryBean (org.springframework.beans.factory.FactoryBean)2 AbstractFactoryBean (org.springframework.beans.factory.config.AbstractFactoryBean)2 Bean (org.springframework.context.annotation.Bean)2 ClientDetailsService (org.springframework.security.oauth2.provider.ClientDetailsService)2 DefaultOAuth2RequestFactory (org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory)2 ArrayList (java.util.ArrayList)1 LinkedHashSet (java.util.LinkedHashSet)1 Before (org.junit.Before)1