if (clientToken.getResourceIds() != null && !clientToken.getResourceIds().isEmpty()) { response.put(AUD, clientToken.getResourceIds());
protected byte[] serializeOauth2Authentication(OAuth2Authentication auth2Authentication) { Authentication userAuthentication = auth2Authentication.getUserAuthentication(); HashMap<String, Object> data = new HashMap<>(); if (userAuthentication!=null) { if (userAuthentication instanceof UaaAuthentication) { data.put(USER_AUTHENTICATION_UAA_AUTHENTICATION, JsonUtils.writeValueAsString(userAuthentication)); } else { data.put(USER_AUTHENTICATION_UAA_PRINCIPAL, JsonUtils.writeValueAsString(userAuthentication.getPrincipal())); data.put(USER_AUTHENTICATION_AUTHORITIES, UaaStringUtils.getStringsFromAuthorities(userAuthentication.getAuthorities())); } } data.put(OAUTH2_REQUEST_PARAMETERS, auth2Authentication.getOAuth2Request().getRequestParameters()); data.put(OAUTH2_REQUEST_CLIENT_ID, auth2Authentication.getOAuth2Request().getClientId()); data.put(OAUTH2_REQUEST_AUTHORITIES, UaaStringUtils.getStringsFromAuthorities(auth2Authentication.getOAuth2Request().getAuthorities())); data.put(OAUTH2_REQUEST_APPROVED, auth2Authentication.getOAuth2Request().isApproved()); data.put(OAUTH2_REQUEST_SCOPE, auth2Authentication.getOAuth2Request().getScope()); data.put(OAUTH2_REQUEST_RESOURCE_IDS, auth2Authentication.getOAuth2Request().getResourceIds()); data.put(OAUTH2_REQUEST_REDIRECT_URI, auth2Authentication.getOAuth2Request().getRedirectUri()); data.put(OAUTH2_REQUEST_RESPONSE_TYPES, auth2Authentication.getOAuth2Request().getResponseTypes()); //currently not serializing any of the //Map<String, Serializable > extensionProperties if (auth2Authentication.getOAuth2Request().getExtensions() != null && auth2Authentication.getOAuth2Request().getExtensions().size()>0) { logger.warn("[oauth_code] Unable to serialize extensions:"+auth2Authentication.getOAuth2Request().getExtensions()); } return JsonUtils.writeValueAsBytes(data); }
protected OAuth2Request(OAuth2Request other) { this(other.getRequestParameters(), other.getClientId(), other.getAuthorities(), other.isApproved(), other .getScope(), other.getResourceIds(), other.getRedirectUri(), other.getResponseTypes(), other .getExtensions()); }
public void setAuthentication(OAuth2Authentication authentication) { // pull apart the request and save its bits OAuth2Request o2Request = authentication.getOAuth2Request(); setAuthorities(o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities())); setClientId(o2Request.getClientId()); setExtensions(o2Request.getExtensions() == null ? null : new HashMap<>(o2Request.getExtensions())); setRedirectUri(o2Request.getRedirectUri()); setRequestParameters(o2Request.getRequestParameters() == null ? null : new HashMap<>(o2Request.getRequestParameters())); setResourceIds(o2Request.getResourceIds() == null ? null : new HashSet<>(o2Request.getResourceIds())); setResponseTypes(o2Request.getResponseTypes() == null ? null : new HashSet<>(o2Request.getResponseTypes())); setScope(o2Request.getScope() == null ? null : new HashSet<>(o2Request.getScope())); setApproved(o2Request.isApproved()); if (authentication.getUserAuthentication() != null) { this.userAuth = new SavedUserAuthentication(authentication.getUserAuthentication()); } else { this.userAuth = null; } }
Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds(); if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) { throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceId + ")");
request.isApproved(), clientScopes, request.getResourceIds(), request.getRedirectUri(), request.getResponseTypes(),
authenticationMethods, oAuth2Request.getRequestParameters().get(REQUEST_AUTHORITIES), oAuth2Request.getResourceIds(), oAuth2Request.getClientId(), isRefreshTokenRevocable, clientScopes, clientId, oAuth2Request.getResourceIds(), refreshTokenValue, additionalAuthorizationAttributes,
@Test public void testTokenRequestIncludesResourceIds() { SecurityContextAccessor securityContextAccessor = new StubSecurityContextAccessor() { @Override public boolean isUser() { return false; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { return AuthorityUtils.commaSeparatedStringToAuthorityList("aud1.test aud2.test"); } }; parameters.put("scope", "aud1.test aud2.test"); parameters.put("client_id", client.getClientId()); parameters.put(OAuth2Utils.GRANT_TYPE, "client_credentials"); IdentityZoneHolder.get().getConfig().getUserConfig().setDefaultGroups(Arrays.asList("aud1.test")); factory.setSecurityContextAccessor(securityContextAccessor); client.setScope(StringUtils.commaDelimitedListToSet("aud1.test,aud2.test")); OAuth2Request request = factory.createTokenRequest(parameters, client).createOAuth2Request(client); assertEquals(StringUtils.commaDelimitedListToSet("aud1.test,aud2.test"), new TreeSet<>(request.getScope())); assertEquals(StringUtils.commaDelimitedListToSet("aud1,aud2"), new TreeSet<>(request.getResourceIds())); }
assertEquals(client.getClientId(), request.getRequestParameters().get(TokenConstants.USER_TOKEN_REQUESTING_CLIENT_ID)); assertEquals(StringUtils.commaDelimitedListToSet("requested.scope"), new TreeSet<>(request.getScope())); assertEquals(StringUtils.commaDelimitedListToSet(recipient.getClientId()+",requested"), new TreeSet<>(request.getResourceIds())); assertEquals("44000", request.getRequestParameters().get("expires_in"));
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { OAuth2Authentication auth = (OAuth2Authentication) super.authenticate(authentication); Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds(); if (resourceIds != null && !resourceIds.isEmpty() && (resourceIdSupplier == null || !resourceIds.contains(resourceIdSupplier.get()))) { throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceIdSupplier.get() + ")"); } return auth; } });
if (clientToken.getResourceIds() != null && !clientToken.getResourceIds().isEmpty()) { response.put(AUD, clientToken.getResourceIds());
protected OAuth2Request(OAuth2Request other) { this(other.getRequestParameters(), other.getClientId(), other.getAuthorities(), other.isApproved(), other .getScope(), other.getResourceIds(), other.getRedirectUri(), other.getResponseTypes(), other .getExtensions()); }
Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds(); if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) { throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceId + ")");
detail.setRedirectUri(authorizationRequest.getRedirectUri()); Set<String> resourceIds = authorizationRequest.getResourceIds(); if(resourceIds == null || resourceIds.isEmpty()) { ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds(); if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) {