Examples of AuthorizationRequest

• com.nimbusds.oauth2.sdk.AuthorizationRequest
  r.example.com/authorize? response_type=code &client_id=s6BhdRkqt3 &state=xyz &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

  Related specifications:

  • OAuth 2.0 (RFC 6749), sections 4.1.1 and 4.2.1.
• org.springframework.security.oauth2.provider.AuthorizationRequest
  A request for authorization by an OAuth 2 Client, normally received and processed by the AuthorizationEndpoint. This class is meant to be manipulated throughout the authorization process, and is therefore treated as ephemeral and not to be stored long term. For long term storage, use the read-only {@link OAuth2Request} class.HTTP request parameters are stored in the parameters map, and any processing the server makes throughout the lifecycle of a request are stored on individual properties. The original request parameters will remain available through the parameters map. For convenience, constants are defined in order to get at those original values. However, the parameters map is unmodifiable so that processing cannot drop the original values. This class is {@link Serializable} in order to support storage of theauthorization request as a {@link SessionAttributes} member while the enduser through the authorization process (which may span several page requests). @author Ryan Heaton @author Dave Syer @author Amanda Anganes
• org.surfnet.oaaas.model.AuthorizationRequest
  .ietf.org/html/draft-ietf-oauth-v2#section-4.1.1" >AuthorizationRequest.

Examples of org.springframework.security.oauth2.provider.AuthorizationRequest

  @Test
  public void testBasicApproval() {
    HashMap<String, String> parameters = new HashMap<String, String>();
    parameters.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true");
    AuthorizationRequest request = new AuthorizationRequest(parameters, null, null, null, null, null, false, null, null, null);
    request.setApproved(true); // This is enough to be explicitly approved
    assertTrue(handler.isApproved(request , new TestAuthentication("marissa", true)));
  }

Examples of org.surfnet.oaaas.model.AuthorizationRequest

      // If another token is already present for this resource owner and client, no new consent should be requested
      List<String> grantedScopes = tokens.get(0).getScopes(); // take the scopes of the first access token found.
      setGrantedScopes(request, grantedScopes.toArray(new String[grantedScopes.size()]));
      chain.doFilter(request, response);
    } else {
      AuthorizationRequest authorizationRequest = authorizationRequestRepository.findByAuthState(authStateValue);
      request.setAttribute("requestedScopes", authorizationRequest.getRequestedScopes());
      request.setAttribute("client", client);
      request.setAttribute(AUTH_STATE, authStateValue);
      request.setAttribute("actionUri", returnUri);
      ((HttpServletResponse) response).setHeader("X-Frame-Options", "SAMEORIGIN");
      request.getRequestDispatcher(getUserConsentUrl()).forward(request, response);

Examples of org.surfnet.oaaas.model.AuthorizationRequest

    AccessToken at = new AccessToken("mytoken", new AuthenticatedPrincipal("username"), client, 0, null);
    at = accessTokenRepository.save(at);
    assertEquals(at, accessTokenRepository.findOne(at.getId()));

    // Create an authorization request
    AuthorizationRequest ar = new AuthorizationRequest("foo", "faa", "boo", null, "boo", "boo");
    ar.setClient(client);
    ar = authorizationRequestRepository.save(ar);
    assertEquals(ar, authorizationRequestRepository.findOne(ar.getId()));

    // Make sure things are saved; the relation between clients and access tokens is unidirectional; therefore a
    // delete would not work with attached entities.
    entityManager.clear();

    final long clientId = client.getId();
    repo.delete(client);
    assertNull(repo.findOne(clientId));

    assertNull(accessTokenRepository.findOne(at.getId()));
    assertNull(authorizationRequestRepository.findOne(ar.getId()));

  }

Examples of org.surfnet.oaaas.model.AuthorizationRequest

    MockitoAnnotations.initMocks(this);
  }

  @Test
  public void testPrincipalDisplayName() {
    AuthorizationRequest authRequest = createAuthRequest(OAuth2Validator.IMPLICIT_GRANT_RESPONSE_TYPE);
    authRequest.getClient().setIncludePrincipal(true);

    AccessToken accessToken = createAccessToken();

    when(authorizationRequestRepository.findByAuthState("auth_state")).thenReturn(authRequest);
    when(request.getAttribute(AbstractAuthenticator.AUTH_STATE)).thenReturn("auth_state");
    when(request.getAttribute(AbstractUserConsentHandler.GRANTED_SCOPES)).thenReturn(accessToken.getScopes().toArray());
    when(accessTokenRepository.save((AccessToken) any())).thenReturn(accessToken);

    URI uri = (URI) tokenResource.authorizeCallback(request).getMetadata().get("Location").get(0);


    long expiresIn = 1800;
    assertEquals("http://localhost:8080#access_token=ABCDEF&token_type=bearer&expires_in=" + expiresIn + "&scope=read,write&state=important&principal=sammy%20sammy", uri.toString());
    assertTrue(uri.getFragment().endsWith("principal=" + authRequest.getPrincipal().getDisplayName()));
  }

Examples of org.surfnet.oaaas.model.AuthorizationRequest

    return token;
  }


  private AuthorizationRequest createAuthRequest(String implicitGrantResponseType) {
    AuthorizationRequest authRequest = new AuthorizationRequest();
    Client client = new Client();
    authRequest.setClient(client);
    authRequest.setResponseType(implicitGrantResponseType);
    authRequest.setPrincipal(new AuthenticatedPrincipal("sammy sammy"));
    authRequest.setRedirectUri("http://localhost:8080");
    authRequest.setState("important");
    return authRequest;
  }

Examples of org.surfnet.oaaas.model.AuthorizationRequest

  @Test
  public void test() {
    AuthorizationRequestRepository repo = getRepository(AuthorizationRequestRepository.class);
    String authState = UUID.randomUUID().toString();
    AuthorizationRequest authReq = new AuthorizationRequest("code", "cool_app_id", "http://whatever",
        Arrays.asList("read","update"),
        "state", authState);
    ClientRepository clientRepo = getRepository(ClientRepository.class);
    Client client = clientRepo.findByClientId(authReq.getClientId());
    client.getAttributes();
    authReq.setClient(client);
    save(authReq, repo);
    authReq.setPrincipal(getPrincipal());
    repo.save(authReq);

    AuthorizationRequest authReqSaved = repo.findByAuthState(authState);
    AuthenticatedPrincipal principal = authReqSaved.getPrincipal();
    assertEquals("foo-university", principal.getAttributes().get("organization"));

  }

Examples of org.surfnet.oaaas.model.AuthorizationRequest

   * http://stackoverflow.com/questions/9123964/how-do-you-use-spring-data-jpa-
   * outside-of-a-spring-container
   */
  private AuthorizationRequest save(AuthorizationRequest authorizationRequest, AuthorizationRequestRepository repo) {
    getEntityManager().getTransaction().begin();
    AuthorizationRequest save = repo.save(authorizationRequest);
    getEntityManager().getTransaction().commit();
    return save;
  }

Examples of org.surfnet.oaaas.model.AuthorizationRequest

  /**
   * Get the Client
   */
  protected Client getClientByRequest(String authState) {
    AuthorizationRequest authorizationRequest = authorizationRequestRepository.findByAuthState(authState);
    return authorizationRequest.getClient();

  }

Examples of org.surfnet.oaaas.model.AuthorizationRequest

    ValidationResponse response = validator.validate(request);
    assertEquals(expected, response);
  }

  private AuthorizationRequest getAuthorizationRequest(Client client) {
    AuthorizationRequest request = new AuthorizationRequest();
    request.setClientId(client.getClientId());
    request.setRedirectUri("http://gothere.nl");
    request.setRequestedScopes(Arrays.asList("read", "update"));
    request.setResponseType(OAuth2ValidatorImpl.AUTHORIZATION_CODE_GRANT_RESPONSE_TYPE);
    return request;
  }

Examples of org.surfnet.oaaas.model.AuthorizationRequest

  @Override
  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    AuthorizationRequest authorizationRequest = findAuthorizationRequest(request);
    if (authorizationRequest == null) {
      response
          .sendError(HttpServletResponse.SC_BAD_REQUEST, "No valid AbstractAuthenticator.AUTH_STATE on the Request");
    }
    if (initialRequest(request)) {
      storePrincipal(request, response, authorizationRequest);
      request.setAttribute(AbstractAuthenticator.RETURN_URI, RETURN_URI);
      request.setAttribute(AbstractUserConsentHandler.CLIENT, authorizationRequest.getClient());
      if (!authorizationRequest.getClient().isSkipConsent()) {
        userConsentHandler.doFilter(request, response, chain);
      } else {
        chain.doFilter(request, response);
      }
    } else {