protected static List<String> getProvidersForClient(ClientDetails client) { if (client==null) { return null; } else { return (List<String>) client.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS); } }
private ModelAndView switchIdp(Map<String, Object> model, ClientDetails client, String clientId, HttpServletRequest request) { Map<String, Object> additionalInfo = client.getAdditionalInformation(); String clientDisplayName = (String) additionalInfo.get(ClientConstants.CLIENT_NAME); model.put("client_display_name", (clientDisplayName != null) ? clientDisplayName : clientId); String queryString = UaaHttpRequestUtils.paramsToQueryString(request.getParameterMap()); String redirectUri = request.getRequestURL() + "?" + queryString; model.put("redirect", redirectUri); model.put("error", "The application is not authorized for your account."); model.put("error_message_code", "login.invalid_idp"); return new ModelAndView("switch_idp", model, HttpStatus.UNAUTHORIZED); }
protected Map<String, String> getClientNames(Map<String, List<DescribedApproval>> approvals) { Map<String, String> clientNames = new LinkedHashMap<>(); for (String clientId : approvals.keySet()) { ClientDetails details = clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); String name = details.getClientId(); if (details.getAdditionalInformation()!=null && details.getAdditionalInformation().get(ClientConstants.CLIENT_NAME)!=null) { name = (String)details.getAdditionalInformation().get(ClientConstants.CLIENT_NAME); } clientNames.put(clientId, name); } return clientNames; }
private List<String> getAllowedProviders() { Authentication clientAuth = SecurityContextHolder.getContext().getAuthentication(); if (clientAuth == null) { throw new BadCredentialsException("No client authentication found."); } String clientId = clientAuth.getName(); ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); List<String> allowedProviders = (List<String>)clientDetails.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS); return allowedProviders; } }
private void validateRequiredUserGroups(UaaUser user, ClientDetails client) { Collection<String> requiredUserGroups = ofNullable((Collection<String>) client.getAdditionalInformation().get(REQUIRED_USER_GROUPS)).orElse(emptySet()); if (!UaaTokenUtils.hasRequiredUserAuthorities(requiredUserGroups, user.getAuthorities())) { throw new InvalidTokenException("User does not meet the client's required group criteria."); } }
public static String getRevocableTokenSignature(ClientDetails client, String clientSecret, UaaUser user) { String tokenSalt = (String) client.getAdditionalInformation().get(ClientConstants.TOKEN_SALT); String clientId = client.getClientId(); return getRevocableTokenSignature(user, tokenSalt, clientId, clientSecret); }
public Map<String, Object> getClientInfo(HttpSession session) { if (!hasSavedOauthAuthorizeRequest(session)) { return null; } SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); String[] client_ids = savedRequest.getParameterValues("client_id"); try { ClientDetails clientDetails = clientDetailsService.loadClientByClientId(client_ids[0], IdentityZoneHolder.get().getId()); return clientDetails.getAdditionalInformation(); } catch (NoSuchClientException x) { return null; } }
@Test public void testUaaPasswordGrant_allowedProvidersUaaAndLdap() { Authentication auth = mock(Authentication.class); when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(null); Map<String, Object> additionalInformation = new HashMap<>(); additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Arrays.asList("uaa","ldap")); when(clientDetails.getAdditionalInformation()).thenReturn(additionalInformation); instance.authenticate(auth); verify(zoneAwareAuthzAuthenticationManager, times(1)).authenticate(auth); ArgumentCaptor<UaaLoginHint> captor = ArgumentCaptor.forClass(UaaLoginHint.class); verify(zoneAwareAuthzAuthenticationManager, times(0)).setLoginHint(any(), any()); }
@Override public ClientDetails create(ClientDetails resource, String zoneId) { Map<String, Object> additionalInformation = new HashMap<>(resource.getAdditionalInformation()); additionalInformation.put("lastModified", 1463510591); BaseClientDetails altered = new BaseClientDetails(resource); altered.setAdditionalInformation(additionalInformation); return altered; } }
@Test public void testUaaPasswordGrant_allowedProvidersOnlyUaa() { Authentication auth = mock(Authentication.class); when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(null); Map<String, Object> additionalInformation = new HashMap<>(); additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, Arrays.asList("uaa")); when(clientDetails.getAdditionalInformation()).thenReturn(additionalInformation); instance.authenticate(auth); verify(zoneAwareAuthzAuthenticationManager, times(1)).authenticate(auth); ArgumentCaptor<UaaLoginHint> captor = ArgumentCaptor.forClass(UaaLoginHint.class); verify(zoneAwareAuthzAuthenticationManager, times(1)).setLoginHint(eq(auth), captor.capture()); assertNotNull(captor.getValue()); assertEquals("uaa", captor.getValue().getOrigin()); }
@Test public void testOIDCPasswordGrant_NoLoginHintDefaultNotAllowedChainedAuth() { IdentityZoneHolder.get().getConfig().setDefaultIdentityProvider("oidcprovider"); Authentication auth = mock(Authentication.class); when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(null); Map<String, Object> additionalInfo = Collections.singletonMap(ClientConstants.ALLOWED_PROVIDERS, Arrays.asList("uaa", "ldap")); when(clientDetails.getAdditionalInformation()).thenReturn(additionalInfo); instance.authenticate(auth); verify(zoneAwareAuthzAuthenticationManager, times(1)).authenticate(auth); verify(zoneAwareAuthzAuthenticationManager, times(0)).setLoginHint(any(), any()); }
@Test public void testOIDCPasswordGrant_NoLoginHintDefaultNotAllowedMultipleIdpsWithUaa() { IdentityZoneHolder.get().getConfig().setDefaultIdentityProvider("oidcprovider2"); Authentication auth = mock(Authentication.class); when(zoneAwareAuthzAuthenticationManager.extractLoginHint(auth)).thenReturn(null); Map<String, Object> additionalInfo = Collections.singletonMap(ClientConstants.ALLOWED_PROVIDERS, Arrays.asList("uaa", "oidcprovider")); when(clientDetails.getAdditionalInformation()).thenReturn(additionalInfo); instance.authenticate(auth); verify(zoneAwareAuthzAuthenticationManager, times(1)).authenticate(auth); ArgumentCaptor<UaaLoginHint> captor = ArgumentCaptor.forClass(UaaLoginHint.class); verify(zoneAwareAuthzAuthenticationManager, times(1)).setLoginHint(eq(auth), captor.capture()); assertNotNull(captor.getValue()); assertEquals("uaa", captor.getValue().getOrigin()); }
@Test void testCreateClient() throws Exception { ClientDetails client = createClient(adminToken, new RandomValueStringGenerator().generate(), SECRET, Collections.singleton("client_credentials")); verify(mockApplicationEventPublisher, times(1)).publishEvent(abstractUaaEventCaptor.capture()); assertEquals(AuditEventType.ClientCreateSuccess, abstractUaaEventCaptor.getValue().getAuditEvent().getType()); assertEquals("Client " + client.getClientId(), client.getAdditionalInformation().get("name")); }
@Test public void testCreateClientDetails() throws Exception { when(clientDetailsService.retrieve(anyString(), anyString())).thenReturn(input); ClientDetails result = endpoints.createClientDetails(input); assertNull(result.getClientSecret()); verify(clientDetailsService).create(detail, IdentityZoneHolder.get().getId()); assertEquals(1463510591, result.getAdditionalInformation().get("lastModified")); }
@Test public void testClientinfo() { Mockito.when(clientDetailsService.loadClientByClientId("foo", "uaa")).thenReturn(foo); ClientDetails client = endpoint.clientinfo(new UsernamePasswordAuthenticationToken("foo", "<NONE>")); assertEquals("foo", client.getClientId()); assertNull(client.getClientSecret()); assertTrue(client.getAdditionalInformation().isEmpty()); }
@Test public void revokeTokensForClient() throws Exception { assertEquals("pre-salt", getClient().getAdditionalInformation().get(TOKEN_SALT)); assertEquals(1, clientTokenCount()); endpoint.revokeTokensForClient(client.getClientId()); assertNotEquals("pre-salt", getClient().getAdditionalInformation().get(TOKEN_SALT)); assertEquals(0, clientTokenCount()); }
@Test public void additional_information_does_not_override_user_group_column() throws Exception { String[] groups = {"group1", "group2"}; List<String> requiredGroups = Arrays.asList(groups); clientDetails.addAdditionalInformation(REQUIRED_USER_GROUPS, requiredGroups); service.addClientDetails(clientDetails); assertEquals(1,jdbcTemplate.update("UPDATE oauth_client_details SET additional_information = ? WHERE client_id = ?", JsonUtils.writeValueAsString(clientDetails.getAdditionalInformation()), clientDetails.getClientId())); assertEquals(1,jdbcTemplate.update("UPDATE oauth_client_details SET required_user_groups = ? WHERE client_id = ?", "group1,group2,group3", clientDetails.getClientId())); ClientDetails updateClient = service.loadClientByClientId(clientDetails.getClientId()); assertThat((Collection<String>)updateClient.getAdditionalInformation().get(REQUIRED_USER_GROUPS), containsInAnyOrder("group1", "group2", "group3")); }
@Test public void testCreateClientDetails_With_Secret_Satisfying_Complex_Policy() throws Exception { testZone.getConfig().setClientSecretPolicy(new ClientSecretPolicy(6,255,1,1,1,1,6)); IdentityZoneHolder.set(testZone); String complexPolicySatisfyingSecret = "Secret1@"; input.setClientSecret(complexPolicySatisfyingSecret); detail.setClientSecret(complexPolicySatisfyingSecret); when(clientDetailsService.retrieve(anyString(), anyString())).thenReturn(input); ClientDetails result = endpoints.createClientDetails(input); assertNull(result.getClientSecret()); verify(clientDetailsService).create(detail, testZone.getId()); assertEquals(1463510591, result.getAdditionalInformation().get("lastModified")); }
@Test public void testGetClientDetails() throws Exception { Mockito.when(clientDetailsService.retrieve(input.getClientId(), IdentityZoneHolder.get().getId())).thenReturn(input); input.setScope(Arrays.asList(input.getClientId() + ".read")); input.setAdditionalInformation(Collections.singletonMap("foo", "bar")); ClientDetails result = endpoints.getClientDetails(input.getClientId()); assertNull(result.getClientSecret()); assertEquals(input.getAdditionalInformation(), result.getAdditionalInformation()); }
@Test public void testCreateLimitedClient() { BaseClientDetails clientDetails = new BaseClientDetails("valid-client", null, "openid", "authorization_code,password", "uaa.resource"); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ALLOWED_PROVIDERS, Collections.singletonList(OriginKeys.UAA)); ClientDetails validatedClientDetails = zoneEndpointsClientDetailsValidator.validate(clientDetails, Mode.CREATE); assertEquals(clientDetails.getClientId(), validatedClientDetails.getClientId()); assertEquals(clientDetails.getScope(), validatedClientDetails.getScope()); assertEquals(clientDetails.getAuthorizedGrantTypes(), validatedClientDetails.getAuthorizedGrantTypes()); assertEquals(clientDetails.getAuthorities(), validatedClientDetails.getAuthorities()); assertEquals(Collections.singleton("none"), validatedClientDetails.getResourceIds()); assertEquals(Collections.singletonList(OriginKeys.UAA), validatedClientDetails.getAdditionalInformation().get(ALLOWED_PROVIDERS)); }