public OAuth2Request createOAuth2Request(ClientDetails client) { Map<String, String> requestParameters = getRequestParameters(); HashMap<String, String> modifiable = new HashMap<String, String>(requestParameters); // Remove password if present to prevent leaks modifiable.remove("password"); modifiable.remove("client_secret"); // Add grant type so it can be retrieved from OAuth2Request modifiable.put("grant_type", grantType); return new OAuth2Request(modifiable, client.getClientId(), client.getAuthorities(), true, this.getScope(), client.getResourceIds(), null, null, null); }
public void validateScope(TokenRequest tokenRequest, ClientDetails client) throws InvalidScopeException { validateScope(tokenRequest.getScope(), client.getScope()); }
@Override public void validateScope(TokenRequest tokenRequest, ClientDetails client) throws InvalidScopeException { validateScope(tokenRequest.getScope(), client.getScope()); }
public ImplicitTokenRequest(TokenRequest tokenRequest, OAuth2Request oauth2Request) { super(tokenRequest.getRequestParameters(), tokenRequest.getClientId(), tokenRequest.getScope(), tokenRequest.getGrantType()); this.oauth2Request = oauth2Request; }
public void validateScope(TokenRequest tokenRequest, ClientDetails client) throws InvalidScopeException { if (GRANT_TYPE_CLIENT_CREDENTIALS.equalsIgnoreCase(tokenRequest.getGrantType())) { validateScope(tokenRequest.getScope(), getAuthorities(client.getAuthorities()), false); } else if (GRANT_TYPE_USER_TOKEN.equalsIgnoreCase(tokenRequest.getGrantType())) { client = clientDetailsService.loadClientByClientId(tokenRequest.getRequestParameters().get(CLIENT_ID), IdentityZoneHolder.get().getId()); validateScope(tokenRequest.getScope(), client.getScope(), true); } else { validateScope(tokenRequest.getScope(), client.getScope(), true); } }
@Override public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) { //swap the client ID for the recipient //so that the rest of the flow continues as normal TokenRequest adjusted = new TokenRequest( tokenRequest.getRequestParameters(), tokenRequest.getRequestParameters().get(USER_TOKEN_REQUESTING_CLIENT_ID), tokenRequest.getScope(), tokenRequest.getGrantType() ); return super.grant(grantType, adjusted); }
/** * Create a refreshed authentication. * * @param authentication The authentication. * @param request The scope for the refreshed token. * @return The refreshed authentication. * @throws InvalidScopeException If the scope requested is invalid or wider than the original scope. */ private OAuth2Authentication createRefreshedAuthentication(OAuth2Authentication authentication, TokenRequest request) { OAuth2Authentication narrowed = authentication; Set<String> scope = request.getScope(); OAuth2Request clientAuth = authentication.getOAuth2Request().refresh(request); if (scope != null && !scope.isEmpty()) { Set<String> originalScope = clientAuth.getScope(); if (originalScope == null || !originalScope.containsAll(scope)) { throw new InvalidScopeException("Unable to narrow the scope of the client authentication to " + scope + ".", originalScope); } else { clientAuth = clientAuth.narrowScope(scope); } } narrowed = new OAuth2Authentication(clientAuth, authentication.getUserAuthentication()); return narrowed; }
@Override public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) { TokenRequest adjusted = new TokenRequest(tokenRequest.getRequestParameters(), tokenRequest.getClientId(), tokenRequest.getScope(), tokenRequest.getGrantType()); return super.grant(grantType, adjusted); }
Set<String> requestedScopes = tokenRequest.getScope();
if (!tokenRequest.getScope().isEmpty()) { logger.debug("Clearing scope of incoming token request"); tokenRequest.setScope(Collections.<String> emptySet());
@Override public void validateScope(TokenRequest tokenRequest, ClientDetails client) throws InvalidScopeException { validateScope(tokenRequest.getScope(), client.getScope()); }
public void validateScope(TokenRequest tokenRequest, ClientDetails client) throws InvalidScopeException { validateScope(tokenRequest.getScope(), client.getScope()); }
public OAuth2Request createOAuth2Request(ClientDetails client) { Map<String, String> requestParameters = getRequestParameters(); HashMap<String, String> modifiable = new HashMap<String, String>(requestParameters); // Remove password if present to prevent leaks modifiable.remove("password"); modifiable.remove("client_secret"); // Add grant type so it can be retrieved from OAuth2Request modifiable.put("grant_type", grantType); return new OAuth2Request(modifiable, client.getClientId(), client.getAuthorities(), true, this.getScope(), client.getResourceIds(), null, null, null); }
public ImplicitTokenRequest(TokenRequest tokenRequest, OAuth2Request oauth2Request) { super(tokenRequest.getRequestParameters(), tokenRequest.getClientId(), tokenRequest.getScope(), tokenRequest.getGrantType()); this.oauth2Request = oauth2Request; }
/** * Create a refreshed authentication. * * @param authentication The authentication. * @param request The scope for the refreshed token. * @return The refreshed authentication. * @throws InvalidScopeException If the scope requested is invalid or wider than the original scope. */ private OAuth2Authentication createRefreshedAuthentication(OAuth2Authentication authentication, TokenRequest request) { OAuth2Authentication narrowed = authentication; Set<String> scope = request.getScope(); OAuth2Request clientAuth = authentication.getOAuth2Request().refresh(request); if (scope != null && !scope.isEmpty()) { Set<String> originalScope = clientAuth.getScope(); if (originalScope == null || !originalScope.containsAll(scope)) { throw new InvalidScopeException("Unable to narrow the scope of the client authentication to " + scope + ".", originalScope); } else { clientAuth = clientAuth.narrowScope(scope); } } narrowed = new OAuth2Authentication(clientAuth, authentication.getUserAuthentication()); return narrowed; }
/** * Create a refreshed authentication. * * @param authentication The authentication. * @param request The scope for the refreshed token. * @return The refreshed authentication. * @throws InvalidScopeException If the scope requested is invalid or wider than the original scope. */ private OAuth2Authentication createRefreshedAuthentication(OAuth2Authentication authentication, TokenRequest request) { OAuth2Authentication narrowed = authentication; Set<String> scope = request.getScope(); OAuth2Request clientAuth = authentication.getOAuth2Request().refresh(request); if (scope != null && !scope.isEmpty()) { Set<String> originalScope = clientAuth.getScope(); if (originalScope == null || !originalScope.containsAll(scope)) { throw new InvalidScopeException("Unable to narrow the scope of the client authentication to " + scope + ".", originalScope); } else { clientAuth = clientAuth.narrowScope(scope); } } narrowed = new OAuth2Authentication(clientAuth, authentication.getUserAuthentication()); return narrowed; }
/** * Create a refreshed authentication. * * @param authentication The authentication. * @param request The scope for the refreshed token. * @return The refreshed authentication. * @throws InvalidScopeException If the scope requested is invalid or wider than the original scope. */ private OAuth2Authentication createRefreshedAuthentication(OAuth2Authentication authentication, TokenRequest request) { OAuth2Authentication narrowed = authentication; Set<String> scope = request.getScope(); OAuth2Request clientAuth = authentication.getOAuth2Request().refresh(request); if (scope != null && !scope.isEmpty()) { Set<String> originalScope = clientAuth.getScope(); if (originalScope == null || !originalScope.containsAll(scope)) { throw new InvalidScopeException("Unable to narrow the scope of the client authentication to " + scope + ".", originalScope); } else { clientAuth = clientAuth.narrowScope(scope); } } narrowed = new OAuth2Authentication(clientAuth, authentication.getUserAuthentication()); return narrowed; }
Set<String> requestedScopes = tokenRequest.getScope();