Examples of org.mitre.oauth2.model.ClientDetailsEntity

• org.mitre.oauth2.model.ClientDetailsEntity
  @author jricher

  @PreAuthorize("hasRole('ROLE_ADMIN')")
  @RequestMapping(value = "/client/{clientId}", method = RequestMethod.GET, produces = "application/json")
  public String getAccessTokensByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) {

    ClientDetailsEntity client = clientService.loadClientByClientId(clientId);

    if (client != null) {
      List<OAuth2AccessTokenEntity> tokens = tokenService.getAccessTokensForClient(client);
      m.put("entity", tokens);
      return TokenApiView.VIEWNAME;

  @PreAuthorize("hasRole('ROLE_ADMIN')")
  @RequestMapping(value = "/registration/{clientId}", method = RequestMethod.GET, produces = "application/json")
  public String getRegistrationTokenByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) {

    ClientDetailsEntity client = clientService.loadClientByClientId(clientId);

    if (client != null) {
      OAuth2AccessTokenEntity token = tokenService.getRegistrationAccessTokenForClient(client);
      if (token != null) {
        m.put("entity", token);

  }

  @PreAuthorize("hasRole('ROLE_ADMIN')")
  @RequestMapping(value = "/registration/{clientId}", method = RequestMethod.PUT, produces = "application/json")
  public String rotateRegistrationTokenByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) {
    ClientDetailsEntity client = clientService.loadClientByClientId(clientId);

    if (client != null) {
      OAuth2AccessTokenEntity token = oidcTokenService.rotateRegistrationAccessTokenForClient(client);
      token = tokenService.saveAccessToken(token);

      return HttpCodeView.VIEWNAME;
    }

    //AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");

    ClientDetailsEntity client = null;

    try {
      client = clientService.loadClientByClientId(authRequest.getClientId());
    } catch (OAuth2Exception e) {
      logger.error("confirmAccess: OAuth2Exception was thrown when attempting to load client", e);
      model.put("code", HttpStatus.BAD_REQUEST);
      return HttpCodeView.VIEWNAME;
    } catch (IllegalArgumentException e) {
      logger.error("confirmAccess: IllegalArgumentException was thrown when attempting to load client", e);
      model.put("code", HttpStatus.BAD_REQUEST);
      return HttpCodeView.VIEWNAME;
    }

    if (client == null) {
      logger.error("confirmAccess: could not find client " + authRequest.getClientId());
      model.put("code", HttpStatus.NOT_FOUND);
      return HttpCodeView.VIEWNAME;
    }

    model.put("auth_request", authRequest);
    model.put("client", client);

    String redirect_uri = authRequest.getRedirectUri();

    model.put("redirect_uri", redirect_uri);


    // pre-process the scopes
    Set<SystemScope> scopes = scopeService.fromStrings(authRequest.getScope());

    Set<SystemScope> sortedScopes = new LinkedHashSet<SystemScope>(scopes.size());
    Set<SystemScope> systemScopes = scopeService.getAll();

    // sort scopes for display based on the inherent order of system scopes
    for (SystemScope s : systemScopes) {
      if (scopes.contains(s)) {
        sortedScopes.add(s);
      }
    }

    // add in any scopes that aren't system scopes to the end of the list
    sortedScopes.addAll(Sets.difference(scopes, systemScopes));

    model.put("scopes", sortedScopes);

    // get the userinfo claims for each scope
    UserInfo user = userInfoService.getByUsername(p.getName());
    Map<String, Map<String, String>> claimsForScopes = new HashMap<String, Map<String, String>>();
    if (user != null) {
      JsonObject userJson = user.toJson();

      for (SystemScope systemScope : sortedScopes) {
        Map<String, String> claimValues = new HashMap<String, String>();

        Set<String> claims = scopeClaimTranslationService.getClaimsForScope(systemScope.getValue());
        for (String claim : claims) {
          if (userJson.has(claim) && userJson.get(claim).isJsonPrimitive()) {
            // TODO: this skips the address claim
            claimValues.put(claim, userJson.get(claim).getAsString());
          }
        }

        claimsForScopes.put(systemScope.getValue(), claimValues);
      }
    }

    model.put("claims", claimsForScopes);

    // client stats
    Integer count = statsService.getCountForClientId(client.getId());
    model.put("count", count);


    // contacts
    if (client.getContacts() != null) {
      String contacts = Joiner.on(", ").join(client.getContacts());
      model.put("contacts", contacts);
    }

    // if the client is over a week old and has more than one registration, don't give such a big warning
    // instead, tag as "Generally Recognized As Safe (gras)
    Date lastWeek = new Date(System.currentTimeMillis() + (60 * 60 * 24 * 7 * 1000));
    //Date lastWeek = new Date(System.currentTimeMillis() - (60 * 60 * 24 * 7 * 1000));
    if (count > 1 && client.getCreatedAt() != null && client.getCreatedAt().before(lastWeek)) {
      model.put("gras", true);
    } else {
      model.put("gras", false);
    }

   */
  @Test(expected = IllegalArgumentException.class)
  public void saveNewClient_badId() {

    // Set up a mock client.
    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(12345L); // doesn't matter what id it returns

    service.saveNewClient(client);
  }

   * Failure case of blacklisted client uri.
   */
  @Test(expected = IllegalArgumentException.class)
  public void saveNewClient_blacklisted() {

    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(null);

    String badUri = "badplace.xxx";

    Mockito.when(blacklistedSiteService.isBlacklisted(badUri)).thenReturn(true);
    Mockito.when(client.getRegisteredRedirectUri()).thenReturn(Sets.newHashSet(badUri));

    service.saveNewClient(client);
  }

  @Test
  public void saveNewClient_idWasAssigned() {

    // Set up a mock client.
    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(null);

    service.saveNewClient(client);

    Mockito.verify(client).setClientId(Matchers.anyString());
  }

   * Makes sure client has offline access granted scope if allowed refresh tokens.
   */
  @Test
  public void saveNewClient_yesOfflineAccess() {

    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(null);

    Mockito.when(client.isAllowRefresh()).thenReturn(true);

    // scopes returned by client entities are Strings
    @SuppressWarnings("unchecked")
    Set<String> scopes = Mockito.mock(Set.class);

    Mockito.when(client.getScope()).thenReturn(scopes);

    service.saveNewClient(client);

    Mockito.verify(scopes).add(SystemScopeService.OFFLINE_ACCESS);
  }

   * Makes sure client does not have offline access if not allowed to have refresh tokens.
   */
  @Test
  public void saveNewClient_noOfflineAccess() {

    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(null);

    Mockito.when(client.isAllowRefresh()).thenReturn(false);

    // scopes returned by client entities are Strings
    @SuppressWarnings("unchecked")
    Set<String> scopes = Mockito.mock(Set.class);

    Mockito.when(client.getScope()).thenReturn(scopes);

    service.saveNewClient(client);

    Mockito.verify(scopes).remove(SystemScopeService.OFFLINE_ACCESS);
  }

  @Test(expected = InvalidClientException.class)
  public void deleteClient_badId() {

    Long id = 12345L;
    ClientDetailsEntity client = Mockito.mock(ClientDetailsEntity.class);
    Mockito.when(client.getId()).thenReturn(id);
    Mockito.when(clientRepository.getById(id)).thenReturn(null);

    service.deleteClient(client);
  }