Example 41 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class JwtTokenStore method remove.
private void remove(String token) {
if (approvalStore != null) {
OAuth2Authentication auth = readAuthentication(token);
String clientId = auth.getOAuth2Request().getClientId();
Authentication user = auth.getUserAuthentication();
if (user != null) {
Collection<Approval> approvals = new ArrayList<Approval>();
for (String scope : auth.getOAuth2Request().getScope()) {
approvals.add(new Approval(user.getName(), clientId, scope, new Date(), ApprovalStatus.APPROVED));
}
approvalStore.revokeApprovals(approvals);
}
}
}
Also used :
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Approval(org.springframework.security.oauth2.provider.approval.Approval)
Example 42 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class ApprovalStoreUserApprovalHandler method checkForPreApproval.
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
String clientId = authorizationRequest.getClientId();
Collection<String> requestedScopes = authorizationRequest.getScope();
Set<String> approvedScopes = new HashSet<String>();
Set<String> validUserApprovedScopes = new HashSet<String>();
if (clientDetailsService != null) {
try {
ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
for (String scope : requestedScopes) {
if (client.isAutoApprove(scope)) {
approvedScopes.add(scope);
}
}
if (approvedScopes.containsAll(requestedScopes)) {
// gh-877 - if all scopes are auto approved, approvals still need to be added to the approval store.
Set<Approval> approvals = new HashSet<Approval>();
Date expiry = computeExpiry();
for (String approvedScope : approvedScopes) {
approvals.add(new Approval(userAuthentication.getName(), authorizationRequest.getClientId(), approvedScope, expiry, ApprovalStatus.APPROVED));
}
approvalStore.addApprovals(approvals);
authorizationRequest.setApproved(true);
return authorizationRequest;
}
} catch (ClientRegistrationException e) {
logger.warn("Client registration problem prevent autoapproval check for client");
}
}
if (logger.isDebugEnabled()) {
StringBuilder builder = new StringBuilder("Looking up user approved authorizations for ");
builder.append("client_id=" + clientId);
builder.append(" and username=" + userAuthentication.getName());
logger.debug(builder.toString());
}
// Find the stored approvals for that user and client
Collection<Approval> userApprovals = approvalStore.getApprovals(userAuthentication.getName(), clientId);
// Look at the scopes and see if they have expired
Date today = new Date();
for (Approval approval : userApprovals) {
if (approval.getExpiresAt().after(today)) {
if (approval.getStatus() == ApprovalStatus.APPROVED) {
validUserApprovedScopes.add(approval.getScope());
approvedScopes.add(approval.getScope());
}
}
}
if (logger.isDebugEnabled()) {
logger.debug("Valid user approved/denied scopes are " + validUserApprovedScopes);
}
// this request is approved
if (validUserApprovedScopes.containsAll(requestedScopes)) {
approvedScopes.retainAll(requestedScopes);
// Set only the scopes that have been approved by the user
authorizationRequest.setScope(approvedScopes);
authorizationRequest.setApproved(true);
}
return authorizationRequest;
}
Also used :
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
ClientRegistrationException(org.springframework.security.oauth2.provider.ClientRegistrationException)
Date(java.util.Date)
HashSet(java.util.HashSet)
Example 43 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testApproveOrDenyWithOAuth2RequestWithoutRedirectUri.
/**
* Ensure that if the approval endpoint is called without a resolved redirect URI, the request fails.
* @throws Exception
*/
@Test(expected = InvalidRequestException.class)
public void testApproveOrDenyWithOAuth2RequestWithoutRedirectUri() throws Exception {
AuthorizationRequest request = getAuthorizationRequest("foo", null, null, null, Collections.singleton("code"));
request.setApproved(true);
Map<String, String> approvalParameters = new HashMap<String, String>();
approvalParameters.put("user_oauth_approval", "true");
model.put(AUTHORIZATION_REQUEST_ATTR_NAME, request);
model.put(ORIGINAL_AUTHORIZATION_REQUEST_ATTR_NAME, endpoint.unmodifiableMap(request));
endpoint.approveOrDeny(approvalParameters, model, sessionStatus, principal);
}
Also used :
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
HashMap(java.util.HashMap)
Test(org.junit.Test)
Example 44 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class JwtTokenStoreTests method testReadRefreshTokenForUnapprovedScope.
@Test
public void testReadRefreshTokenForUnapprovedScope() throws Exception {
tokenStore.setApprovalStore(approvalStore);
approvalStore.addApprovals(Collections.singleton(new Approval("test", "id", "write", new Date(), ApprovalStatus.APPROVED)));
assertEquals(1, approvalStore.getApprovals("test", "id").size());
assertEquals(null, tokenStore.readRefreshToken(expectedOAuth2RefreshToken.getValue()));
}Example 45 with Approval
use of org.springframework.security.oauth2.provider.approval.Approval in project spring-security-oauth by spring-projects.
the class JwtTokenStoreTests method removeAccessTokenFromRefreshToken.
@Test
public void removeAccessTokenFromRefreshToken() throws Exception {
tokenStore.setApprovalStore(approvalStore);
approvalStore.addApprovals(Collections.singleton(new Approval("test", "id", "read", new Date(), ApprovalStatus.APPROVED)));
assertEquals(1, approvalStore.getApprovals("test", "id").size());
tokenStore.removeAccessTokenUsingRefreshToken(new DefaultOAuth2RefreshToken(expectedOAuth2AccessToken.getValue()));
assertEquals(1, approvalStore.getApprovals("test", "id").size());
}
Also used :
DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)
Approval(org.springframework.security.oauth2.provider.approval.Approval)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)46
Approval (org.cloudfoundry.identity.uaa.approval.Approval)43
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)34
Authentication (org.springframework.security.core.Authentication)27
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)25
Test (org.junit.Test)24
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)22
Date (java.util.Date)21
Test (org.junit.jupiter.api.Test)19
IsEmptyString.isEmptyString (org.hamcrest.text.IsEmptyString.isEmptyString)16
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)15
Approval (org.springframework.security.oauth2.provider.approval.Approval)15
LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)9
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)9
Map (java.util.Map)8
HashMap (java.util.HashMap)7
BasicCookieStore (org.apache.http.impl.client.BasicCookieStore)7
BasicClientCookie (org.apache.http.impl.cookie.BasicClientCookie)7
AuthorizationCodeResourceDetails (org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails)7
