/** * Construct an OAuth 2 authentication. Since some grant types don't require user authentication, the user * authentication may be null. * * @param storedRequest The authorization request (must not be null). * @param userAuthentication The user authentication (possibly null). */ public OAuth2Authentication(OAuth2Request storedRequest, Authentication userAuthentication) { super(userAuthentication == null ? storedRequest.getAuthorities() : userAuthentication.getAuthorities()); this.storedRequest = storedRequest; this.userAuthentication = userAuthentication; }
public static boolean clientHasAnyRole(Authentication authentication, String... roles) { if (authentication instanceof OAuth2Authentication) { OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request(); Collection<? extends GrantedAuthority> clientAuthorities = clientAuthentication.getAuthorities(); if (clientAuthorities != null) { Set<String> roleSet = AuthorityUtils.authorityListToSet(clientAuthorities); for (String role : roles) { if (roleSet.contains(role)) { return true; } } } } return false; }
response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication())); } else { if (clientToken.getAuthorities()!=null && !clientToken.getAuthorities().isEmpty()) { response.put(UserAuthenticationConverter.AUTHORITIES, AuthorityUtils.authorityListToSet(clientToken.getAuthorities()));
protected byte[] serializeOauth2Authentication(OAuth2Authentication auth2Authentication) { Authentication userAuthentication = auth2Authentication.getUserAuthentication(); HashMap<String, Object> data = new HashMap<>(); if (userAuthentication!=null) { if (userAuthentication instanceof UaaAuthentication) { data.put(USER_AUTHENTICATION_UAA_AUTHENTICATION, JsonUtils.writeValueAsString(userAuthentication)); } else { data.put(USER_AUTHENTICATION_UAA_PRINCIPAL, JsonUtils.writeValueAsString(userAuthentication.getPrincipal())); data.put(USER_AUTHENTICATION_AUTHORITIES, UaaStringUtils.getStringsFromAuthorities(userAuthentication.getAuthorities())); } } data.put(OAUTH2_REQUEST_PARAMETERS, auth2Authentication.getOAuth2Request().getRequestParameters()); data.put(OAUTH2_REQUEST_CLIENT_ID, auth2Authentication.getOAuth2Request().getClientId()); data.put(OAUTH2_REQUEST_AUTHORITIES, UaaStringUtils.getStringsFromAuthorities(auth2Authentication.getOAuth2Request().getAuthorities())); data.put(OAUTH2_REQUEST_APPROVED, auth2Authentication.getOAuth2Request().isApproved()); data.put(OAUTH2_REQUEST_SCOPE, auth2Authentication.getOAuth2Request().getScope()); data.put(OAUTH2_REQUEST_RESOURCE_IDS, auth2Authentication.getOAuth2Request().getResourceIds()); data.put(OAUTH2_REQUEST_REDIRECT_URI, auth2Authentication.getOAuth2Request().getRedirectUri()); data.put(OAUTH2_REQUEST_RESPONSE_TYPES, auth2Authentication.getOAuth2Request().getResponseTypes()); //currently not serializing any of the //Map<String, Serializable > extensionProperties if (auth2Authentication.getOAuth2Request().getExtensions() != null && auth2Authentication.getOAuth2Request().getExtensions().size()>0) { logger.warn("[oauth_code] Unable to serialize extensions:"+auth2Authentication.getOAuth2Request().getExtensions()); } return JsonUtils.writeValueAsBytes(data); }
@Test public void testTokenRetrievalWithClientAuthorities() throws Exception { body.put("client_authorities", Collections.singleton("uaa.none")); OAuth2Authentication result = services.loadAuthentication("FOO"); assertNotNull(result); assertEquals("[uaa.none]", result.getOAuth2Request().getAuthorities().toString()); }
protected OAuth2Request(OAuth2Request other) { this(other.getRequestParameters(), other.getClientId(), other.getAuthorities(), other.isApproved(), other .getScope(), other.getResourceIds(), other.getRedirectUri(), other.getResponseTypes(), other .getExtensions()); }
public void setAuthentication(OAuth2Authentication authentication) { // pull apart the request and save its bits OAuth2Request o2Request = authentication.getOAuth2Request(); setAuthorities(o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities())); setClientId(o2Request.getClientId()); setExtensions(o2Request.getExtensions() == null ? null : new HashMap<>(o2Request.getExtensions())); setRedirectUri(o2Request.getRedirectUri()); setRequestParameters(o2Request.getRequestParameters() == null ? null : new HashMap<>(o2Request.getRequestParameters())); setResourceIds(o2Request.getResourceIds() == null ? null : new HashSet<>(o2Request.getResourceIds())); setResponseTypes(o2Request.getResponseTypes() == null ? null : new HashSet<>(o2Request.getResponseTypes())); setScope(o2Request.getScope() == null ? null : new HashSet<>(o2Request.getScope())); setApproved(o2Request.isApproved()); if (authentication.getUserAuthentication() != null) { this.userAuth = new SavedUserAuthentication(authentication.getUserAuthentication()); } else { this.userAuth = null; } }
Set<String> scopes = clientAuthentication.getScope(); if (oauth2Authentication.isClientOnly() && clientAuthoritiesAreScopes) { scopes = AuthorityUtils.authorityListToSet(clientAuthentication.getAuthorities());
Collection<String> requestAuthorities = UaaStringUtils.getStringsFromAuthorities(request.getAuthorities()); Set<String> clientScopes = new HashSet<>(); Set<String> clientAuthorities = new HashSet<>();
/** * Construct an OAuth 2 authentication. Since some grant types don't require user authentication, the user * authentication may be null. * * @param storedRequest The authorization request (must not be null). * @param userAuthentication The user authentication (possibly null). */ public OAuth2Authentication(OAuth2Request storedRequest, Authentication userAuthentication) { super(userAuthentication == null ? storedRequest.getAuthorities() : userAuthentication.getAuthorities()); this.storedRequest = storedRequest; this.userAuthentication = userAuthentication; }
public static boolean clientHasAnyRole(Authentication authentication, String... roles) { if (authentication instanceof OAuth2Authentication) { OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request(); Collection<? extends GrantedAuthority> clientAuthorities = clientAuthentication.getAuthorities(); if (clientAuthorities != null) { Set<String> roleSet = AuthorityUtils.authorityListToSet(clientAuthorities); for (String role : roles) { if (roleSet.contains(role)) { return true; } } } } return false; }
response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication())); } else { if (clientToken.getAuthorities()!=null && !clientToken.getAuthorities().isEmpty()) { response.put(UserAuthenticationConverter.AUTHORITIES, AuthorityUtils.authorityListToSet(clientToken.getAuthorities()));
protected OAuth2Request(OAuth2Request other) { this(other.getRequestParameters(), other.getClientId(), other.getAuthorities(), other.isApproved(), other .getScope(), other.getResourceIds(), other.getRedirectUri(), other.getResponseTypes(), other .getExtensions()); }
Set<String> scopes = clientAuthentication.getScope(); if (oauth2Authentication.isClientOnly() && clientAuthoritiesAreScopes) { scopes = AuthorityUtils.authorityListToSet(clientAuthentication.getAuthorities());