@Override public OAuth2Request createOAuth2Request(AuthorizationRequest request) { return requestFactory.createOAuth2Request(request); }
@Override public OAuth2Request createOAuth2Request(ClientDetails client, TokenRequest tokenRequest) { return requestFactory.createOAuth2Request(client, tokenRequest); }
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(client, tokenRequest); return new OAuth2Authentication(storedOAuth2Request, null); }
@Override protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { Authentication userAuth = validateRequest(tokenRequest); OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest); return new OAuth2Authentication(storedOAuth2Request, userAuth); }
@Override protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { Authentication userAuth = validateRequest(tokenRequest); OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest); return new OAuth2Authentication(storedOAuth2Request, userAuth); }
@Override protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { Authentication userAuth = validateRequest(tokenRequest); OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest); return new OAuth2Authentication(storedOAuth2Request, userAuth); } }
OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest);
OAuth2Request storedOAuth2Request = oAuth2RequestFactory.createOAuth2Request(authorizationRequest);
@Override protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters()); String username = parameters.get("username"); String password = parameters.get("password"); // Protect from downstream leaks of password parameters.remove("password"); Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password); ((AbstractAuthenticationToken) userAuth).setDetails(parameters); try { userAuth = authenticationManager.authenticate(userAuth); } catch (AccountStatusException ase) { //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31) throw new InvalidGrantException(ase.getMessage()); } catch (BadCredentialsException e) { // If the username/password are wrong the spec says we should send 400/invalid grant throw new InvalidGrantException(e.getMessage()); } if (userAuth == null || !userAuth.isAuthenticated()) { throw new InvalidGrantException("Could not authenticate user: " + username); } OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest); return new OAuth2Authentication(storedOAuth2Request, userAuth); } }
OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest);
private String generateCode(AuthorizationRequest authorizationRequest, Authentication authentication) throws AuthenticationException { try { OAuth2Request storedOAuth2Request = getOAuth2RequestFactory().createOAuth2Request(authorizationRequest); OAuth2Authentication combinedAuth = new OAuth2Authentication(storedOAuth2Request, authentication); String code = authorizationCodeServices.createAuthorizationCode(combinedAuth); return code; } catch (OAuth2Exception e) { if (authorizationRequest.getState() != null) { e.addAdditionalInformation("state", authorizationRequest.getState()); } throw e; } }
private ModelAndView getImplicitGrantResponse(AuthorizationRequest authorizationRequest) { try { TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(authorizationRequest, "implicit"); OAuth2Request storedOAuth2Request = getOAuth2RequestFactory().createOAuth2Request(authorizationRequest); OAuth2AccessToken accessToken = getAccessTokenForImplicitGrant(tokenRequest, storedOAuth2Request); if (accessToken == null) { throw new UnsupportedResponseTypeException("Unsupported response type: token"); } return new ModelAndView(new RedirectView(appendAccessToken(authorizationRequest, accessToken), false, true, false)); } catch (OAuth2Exception e) { return new ModelAndView(new RedirectView(getUnsuccessfulRedirect(authorizationRequest, e, true), false, true, false)); } }
OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());
private String generateCode(AuthorizationRequest authorizationRequest, Authentication authentication) throws AuthenticationException { try { OAuth2Request storedOAuth2Request = getOAuth2RequestFactory().createOAuth2Request(authorizationRequest); OAuth2Authentication combinedAuth = new OAuth2Authentication(storedOAuth2Request, authentication); String code = authorizationCodeServices.createAuthorizationCode(combinedAuth); return code; } catch (OAuth2Exception e) { if (authorizationRequest.getState() != null) { e.addAdditionalInformation("state", authorizationRequest.getState()); } throw e; } }
@Test public void get_oauth2_authentication() throws Exception { SecurityContextHolder.getContext().setAuthentication(uaaAuthentication); OAuth2Request request = mock(OAuth2Request.class); when(requestFactory.createOAuth2Request(same(client), same(tokenRequest))).thenReturn(request); OAuth2Authentication result = granter.getOAuth2Authentication(client, tokenRequest); assertSame(request, result.getOAuth2Request()); assertSame(uaaAuthentication, result.getUserAuthentication()); } }
private ModelAndView getImplicitGrantOrHybridResponse( AuthorizationRequest authorizationRequest, Authentication authentication, String grantType ) { OAuth2AccessToken accessToken; try { TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(authorizationRequest, GRANT_TYPE_IMPLICIT); Map<String, String> requestParameters = new HashMap<>(authorizationRequest.getRequestParameters()); requestParameters.put(GRANT_TYPE, grantType); authorizationRequest.setRequestParameters(requestParameters); OAuth2Request storedOAuth2Request = getOAuth2RequestFactory().createOAuth2Request(authorizationRequest); accessToken = getAccessTokenForImplicitGrantOrHybrid(tokenRequest, storedOAuth2Request, grantType); if (accessToken == null) { throw new UnsupportedResponseTypeException("Unsupported response type: token or id_token"); } return new ModelAndView( new RedirectView( buildRedirectURI(authorizationRequest, accessToken, authentication), false, true, false ) ); } catch (OAuth2Exception e) { return new ModelAndView(new RedirectView(getUnsuccessfulRedirect(authorizationRequest, e, true), false, true, false)); } }
@Test public void test_getAccessToken() { Collection me = AuthorityUtils.commaSeparatedStringToAuthorityList("openid,foo.bar,uaa.user,one.read"); OAuth2Request myReq = new OAuth2Request(requestParameters, receivingClient.getClientId(), receivingClient.getAuthorities(), true, receivingClient.getScope(), receivingClient.getResourceIds(), null, null, null); requestingClient.setScope(StringUtils.commaDelimitedListToSet("openid,foo.bar")); when(userAuthentication.getAuthorities()).thenReturn(me); tokenRequest.setClientId(receivingClient.getClientId()); when(authentication.isAuthenticated()).thenReturn(true); when(authentication.getUserAuthentication()).thenReturn(null); when(authentication.getUserAuthentication()).thenReturn(userAuthentication); when(userAuthentication.isAuthenticated()).thenReturn(true); when(requestFactory.createOAuth2Request(receivingClient, tokenRequest)).thenReturn(myReq); ReflectionTestUtils.setField(granter, "requestFactory", requestFactory); granter.getAccessToken(receivingClient, tokenRequest); }
@Test public void test_oauth2_authentication_with_empty_allowed() { OAuth2Request myReq = new OAuth2Request(requestParameters, receivingClient.getClientId(), receivingClient.getAuthorities(), true, receivingClient.getScope(), receivingClient.getResourceIds(), null, null, null); BaseClientDetails myClient = new BaseClientDetails(requestingClient); List<String> allowedProviders = new LinkedList<String>(); Map<String, Object> additionalInformation = new LinkedHashMap<>(); Collection me = AuthorityUtils.commaSeparatedStringToAuthorityList("openid,foo.bar,uaa.user,one.read"); //when(new DefaultSecurityContextAccessor()).thenReturn((DefaultSecurityContextAccessor) securityContextAccessor); mockedgranter = mock(Saml2TokenGranter.class); when(mockedgranter.getRequestFactory()).thenReturn(requestFactory); when(mockedgranter.validateRequest(tokenRequest)).thenReturn(userAuthentication); when(mockedgranter.getOAuth2Authentication(myClient, tokenRequest)).thenCallRealMethod(); myClient.setScope(StringUtils.commaDelimitedListToSet("openid,foo.bar")); additionalInformation.put(ClientConstants.ALLOWED_PROVIDERS, allowedProviders); myClient.setAdditionalInformation(additionalInformation); when(userAuthentication.getAuthorities()).thenReturn(me); when(requestFactory.createOAuth2Request(receivingClient, tokenRequest)).thenReturn(myReq); mockedgranter.getOAuth2Authentication(myClient, tokenRequest); }
@Override protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) { String deviceCode = tokenRequest.getRequestParameters().get("device_code"); // look up the device code and consume it DeviceCode dc = deviceCodeService.findDeviceCode(deviceCode, client); if (dc != null) { // make sure the code hasn't expired yet if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) { deviceCodeService.clearDeviceCode(deviceCode, client); throw new DeviceCodeExpiredException("Device code has expired " + deviceCode); } else if (!dc.isApproved()) { // still waiting for approval throw new AuthorizationPendingException("Authorization pending for code " + deviceCode); } else { // inherit the (approved) scopes from the original request tokenRequest.setScope(dc.getScope()); OAuth2Authentication auth = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), dc.getAuthenticationHolder().getUserAuth()); deviceCodeService.clearDeviceCode(deviceCode, client); return auth; } } else { throw new InvalidGrantException("Invalid device code: " + deviceCode); } }
accessToken.setExpiration(Calendar.getInstance().getTime()); OAuth2Request storedOAuth2Request = mock(OAuth2Request.class); when(oAuth2RequestFactory.createOAuth2Request(any())).thenReturn(storedOAuth2Request); when(authorizationCodeServices.createAuthorizationCode(any())).thenReturn("ABCD");