Example 16 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class JwtTokenStore method remove.
private void remove(String token) {
if (approvalStore != null) {
OAuth2Authentication auth = readAuthentication(token);
String clientId = auth.getOAuth2Request().getClientId();
Authentication user = auth.getUserAuthentication();
if (user != null) {
Collection<Approval> approvals = new ArrayList<Approval>();
for (String scope : auth.getOAuth2Request().getScope()) {
approvals.add(new Approval(user.getName(), clientId, scope, new Date(), ApprovalStatus.APPROVED));
}
approvalStore.revokeApprovals(approvals);
}
}
}
Also used :
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Approval(org.springframework.security.oauth2.provider.approval.Approval)
Example 17 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class AbstractImplicitProviderTests method testPostForNonAutomaticApprovalToken.
@Test
@OAuth2ContextConfiguration(resource = NonAutoApproveImplicit.class, initialize = false)
public void testPostForNonAutomaticApprovalToken() throws Exception {
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Basic " + new String(Base64.encode("user:password".getBytes())));
context.getAccessTokenRequest().setHeaders(headers);
try {
assertNotNull(context.getAccessToken());
fail("Expected UserRedirectRequiredException");
} catch (UserRedirectRequiredException e) {
// ignore
}
// add user approval parameter for the second request
context.getAccessTokenRequest().add(OAuth2Utils.USER_OAUTH_APPROVAL, "true");
context.getAccessTokenRequest().add("scope.read", "true");
assertNotNull(context.getAccessToken());
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)
OAuth2ContextConfiguration(org.springframework.security.oauth2.client.test.OAuth2ContextConfiguration)
Test(org.junit.Test)
Example 18 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class SparklrUserApprovalHandler method checkForPreApproval.
/**
* Allows automatic approval for a white list of clients in the implicit grant case.
*
* @param authorizationRequest The authorization request.
* @param userAuthentication the current user authentication
*
* @return An updated request if it has already been approved by the current user.
*/
@Override
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
boolean approved = false;
// If we are allowed to check existing approvals this will short circuit the decision
if (useApprovalStore) {
authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication);
approved = authorizationRequest.isApproved();
} else {
if (clientDetailsService != null) {
Collection<String> requestedScopes = authorizationRequest.getScope();
try {
ClientDetails client = clientDetailsService.loadClientByClientId(authorizationRequest.getClientId());
for (String scope : requestedScopes) {
if (client.isAutoApprove(scope)) {
approved = true;
break;
}
}
} catch (ClientRegistrationException e) {
}
}
}
authorizationRequest.setApproved(approved);
return authorizationRequest;
}
Also used :
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
ClientRegistrationException(org.springframework.security.oauth2.provider.ClientRegistrationException)
Example 19 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class AuthorizationCodeGrantTests method testCannotConnectWithoutToken.
@Test
public void testCannotConnectWithoutToken() throws Exception {
OAuth2RestTemplate template = new OAuth2RestTemplate(resource);
resource.setPreEstablishedRedirectUri("http://anywhere.com");
try {
template.getForObject(serverRunning.getUrl("/tonr2/photos"), String.class);
fail("Expected UserRedirectRequiredException");
} catch (UserRedirectRequiredException e) {
String message = e.getMessage();
assertTrue("Wrong message: " + message, message.contains("A redirect is required to get the users approval"));
}
}
Also used :
OAuth2RestTemplate(org.springframework.security.oauth2.client.OAuth2RestTemplate)
UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)
Test(org.junit.Test)
Example 20 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class AuthorizationCodeAccessTokenProvider method obtainAuthorizationCode.
public String obtainAuthorizationCode(OAuth2ProtectedResourceDetails details, AccessTokenRequest request) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) details;
HttpHeaders headers = getHeadersForAuthorizationRequest(request);
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
if (request.containsKey(OAuth2Utils.USER_OAUTH_APPROVAL)) {
form.set(OAuth2Utils.USER_OAUTH_APPROVAL, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
for (String scope : details.getScope()) {
form.set(scopePrefix + scope, request.getFirst(OAuth2Utils.USER_OAUTH_APPROVAL));
}
} else {
form.putAll(getParametersForAuthorizeRequest(resource, request));
}
authorizationRequestEnhancer.enhance(request, resource, form, headers);
final AccessTokenRequest copy = request;
final ResponseExtractor<ResponseEntity<Void>> delegate = getAuthorizationResponseExtractor();
ResponseExtractor<ResponseEntity<Void>> extractor = new ResponseExtractor<ResponseEntity<Void>>() {
@Override
public ResponseEntity<Void> extractData(ClientHttpResponse response) throws IOException {
if (response.getHeaders().containsKey("Set-Cookie")) {
copy.setCookie(response.getHeaders().getFirst("Set-Cookie"));
}
return delegate.extractData(response);
}
};
// Instead of using restTemplate.exchange we use an explicit response extractor here so it can be overridden by
// subclasses
ResponseEntity<Void> response = getRestTemplate().execute(resource.getUserAuthorizationUri(), HttpMethod.POST, getRequestCallback(resource, form, headers), extractor, form.toSingleValueMap());
if (response.getStatusCode() == HttpStatus.OK) {
// Need to re-submit with approval...
throw getUserApprovalSignal(resource, request);
}
URI location = response.getHeaders().getLocation();
String query = location.getQuery();
Map<String, String> map = OAuth2Utils.extractMap(query);
if (map.containsKey("state")) {
request.setStateKey(map.get("state"));
if (request.getPreservedState() == null) {
String redirectUri = resource.getRedirectUri(request);
if (redirectUri != null) {
request.setPreservedState(redirectUri);
} else {
request.setPreservedState(new Object());
}
}
}
String code = map.get("code");
if (code == null) {
throw new UserRedirectRequiredException(location.toString(), form.toSingleValueMap());
}
request.set("code", code);
return code;
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)
ResponseExtractor(org.springframework.web.client.ResponseExtractor)
URI(java.net.URI)
UserRedirectRequiredException(org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)
ResponseEntity(org.springframework.http.ResponseEntity)
AccessTokenRequest(org.springframework.security.oauth2.client.token.AccessTokenRequest)
ClientHttpResponse(org.springframework.http.client.ClientHttpResponse)
Aggregations
Test (org.junit.Test)12
Date (java.util.Date)10
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)9
Approval (org.springframework.security.oauth2.provider.approval.Approval)7
UserRedirectRequiredException (org.springframework.security.oauth2.client.resource.UserRedirectRequiredException)6
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)5
AccessTokenRequest (org.springframework.security.oauth2.client.token.AccessTokenRequest)4
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)4
HashSet (java.util.HashSet)3
Authentication (org.springframework.security.core.Authentication)3
UserApprovalRequiredException (org.springframework.security.oauth2.client.resource.UserApprovalRequiredException)3
AuthorizationCodeResourceDetails (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails)3
DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)3
ClientRegistrationException (org.springframework.security.oauth2.provider.ClientRegistrationException)3
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)3
ModelAndView (org.springframework.web.servlet.ModelAndView)3
HashMap (java.util.HashMap)2
HttpHeaders (org.springframework.http.HttpHeaders)2
UnsupportedResponseTypeException (org.springframework.security.oauth2.common.exceptions.UnsupportedResponseTypeException)2
