Examples of AuthorizationRequest

• com.nimbusds.oauth2.sdk.AuthorizationRequest
  r.example.com/authorize? response_type=code &client_id=s6BhdRkqt3 &state=xyz &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

  Related specifications:

  • OAuth 2.0 (RFC 6749), sections 4.1.1 and 4.2.1.
• org.springframework.security.oauth2.provider.AuthorizationRequest
  A request for authorization by an OAuth 2 Client, normally received and processed by the AuthorizationEndpoint. This class is meant to be manipulated throughout the authorization process, and is therefore treated as ephemeral and not to be stored long term. For long term storage, use the read-only {@link OAuth2Request} class.HTTP request parameters are stored in the parameters map, and any processing the server makes throughout the lifecycle of a request are stored on individual properties. The original request parameters will remain available through the parameters map. For convenience, constants are defined in order to get at those original values. However, the parameters map is unmodifiable so that processing cannot drop the original values. This class is {@link Serializable} in order to support storage of theauthorization request as a {@link SessionAttributes} member while the enduser through the authorization process (which may span several page requests). @author Ryan Heaton @author Dave Syer @author Amanda Anganes
• org.surfnet.oaaas.model.AuthorizationRequest
  .ietf.org/html/draft-ietf-oauth-v2#section-4.1.1" >AuthorizationRequest.

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

  }

  @Test
  public void testCreateTokenThenOAuth2RequestWithGrantType() {
    factory.setCheckUserScopes(true);
    AuthorizationRequest auth = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    OAuth2Request request = factory.createTokenRequest(auth, "password").createOAuth2Request(client);
    assertEquals("password", request.getGrantType());
    assertEquals("[bar]", request.getResourceIds().toString());
  }

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

    SecurityContextHolder.getContext().setAuthentication(
        new UsernamePasswordAuthenticationToken("user", "N/A", AuthorityUtils
            .commaSeparatedStringToAuthorityList("ROLE_BAR")));
    factory.setCheckUserScopes(true);
    client.setScope(Collections.singleton("foo"));
    AuthorizationRequest request = factory.createAuthorizationRequest(Collections.singletonMap("client_id", "foo"));
    assertEquals("foo", request.getClientId());
    assertEquals("[]", request.getScope().toString());
  }

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

  private OAuth2MethodSecurityExpressionHandler handler = new OAuth2MethodSecurityExpressionHandler();

  @Test
  public void testScopesWithOr() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "",
        "client_credentials", "ROLE_CLIENT"));
    request.setApproved(true);
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass",
        AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(),
        "testOauthClient"));

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

    assertTrue((Boolean) expression.getValue(context));
  }

  @Test(expected = AccessDeniedException.class)
  public void testScopesInsufficient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "",
        "client_credentials", "ROLE_CLIENT"));
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass",
        AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(),
        "testOauthClient"));

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

    expression.getValue(context);
  }

  @Test
  public void testOauthClient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "", "",
        "client_credentials", "ROLE_CLIENT"));
    Authentication userAuthentication = null;

    OAuth2Request clientAuthentication = RequestTokenFactory
        .createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(),
            request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(),
            request.getResponseTypes(), request.getExtensions());

    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(),
        "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

  private ApprovalStore approvalStore;

  @RequestMapping("/oauth/confirm_access")
  public ModelAndView getAccessConfirmation(Map<String, Object> model, Principal principal) throws Exception {
    AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
    ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
    model.put("auth_request", clientAuth);
    model.put("client", client);
    Map<String, String> scopes = new LinkedHashMap<String, String>();
    for (String scope : clientAuth.getScope()) {
      scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
    }
    for (Approval approval : approvalStore.getApprovals(principal.getName(), client.getClientId())) {
      if (clientAuth.getScope().contains(approval.getScope())) {
        scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
            approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
      }
    }
    model.put("scopes", scopes);

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

 */
public class OAuth2SecurityExpressionMethodsTests {

  @Test
  public void testOauthClient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo",
        Collections.singleton("read"));
    request
        .setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "", "", "client_credentials", "ROLE_CLIENT"));
    Authentication userAuthentication = null;

    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(), request.isApproved(), request.getScope(), request.getResourceIds(),
        request.getRedirectUri(), request.getResponseTypes(), request.getExtensions());

    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertTrue(new OAuth2SecurityExpressionMethods(oAuth2Authentication).clientHasAnyRole("ROLE_CLIENT"));
  }

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

    @Override
    public void run() {
      // With no explicit approval store we still expect to see scopes in the user approval model
      UserApprovalHandler handler = (UserApprovalHandler) ReflectionTestUtils.getField(endpoint,
          "userApprovalHandler");
      AuthorizationRequest authorizationRequest = new AuthorizationRequest();
      authorizationRequest.setScope(Arrays.asList("read"));
      Map<String, Object> request = handler.getUserApprovalRequest(authorizationRequest,
          new UsernamePasswordAuthenticationToken("user", "password"));
      assertTrue(request.containsKey("scopes"));

      Map<String,Object> information = clientDetailsService.loadClientByClientId("my-trusted-client")

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

  private Map<String, String> parameters = new HashMap<String, String>();
  private MockHttpServletRequest request = new MockHttpServletRequest();
  private MockHttpServletResponse response = new MockHttpServletResponse();

  private AuthorizationRequest createFromParameters(Map<String, String> authorizationParameters) {
    AuthorizationRequest request = new AuthorizationRequest(authorizationParameters, Collections.<String, String> emptyMap(),
        authorizationParameters.get(OAuth2Utils.CLIENT_ID),
        OAuth2Utils.parseParameterList(authorizationParameters.get(OAuth2Utils.SCOPE)), null,
        null, false, authorizationParameters.get(OAuth2Utils.STATE),
        authorizationParameters.get(OAuth2Utils.REDIRECT_URI),
        OAuth2Utils.parseParameterList(authorizationParameters.get(OAuth2Utils.RESPONSE_TYPE)));

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

      parameters.put(OAuth2Utils.SCOPE, scope);
    }
    if (responseTypes != null) {
      parameters.put(OAuth2Utils.RESPONSE_TYPE, OAuth2Utils.formatParameterList(responseTypes));
    }
    return new AuthorizationRequest(parameters, Collections.<String, String> emptyMap(),
        parameters.get(OAuth2Utils.CLIENT_ID),
        OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE)), null, null, false,
        parameters.get(OAuth2Utils.STATE), parameters.get(OAuth2Utils.REDIRECT_URI),
        OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.RESPONSE_TYPE)));
  }