/** * Convenience constructor for unit tests, where client ID and scope are * often the only needed fields. * * @param clientId * @param scopes */ public AuthorizationRequest(String clientId, Collection<String> scopes) { setClientId(clientId); setScope(scopes); // in case we need to parse }
/** * Full constructor. */ public AuthorizationRequest(Map<String, String> authorizationParameters, Map<String, String> approvalParameters, String clientId, Set<String> scope, Set<String> resourceIds, Collection<? extends GrantedAuthority> authorities, boolean approved, String state, String redirectUri, Set<String> responseTypes) { setClientId(clientId); setRequestParameters(authorizationParameters); // in case we need to // wrap the collection setScope(scope); // in case we need to parse if (resourceIds != null) { this.resourceIds = new HashSet<String>(resourceIds); } if (authorities != null) { this.authorities = new HashSet<GrantedAuthority>(authorities); } this.approved = approved; this.resourceIds = resourceIds; this.redirectUri = redirectUri; if (responseTypes != null) { this.responseTypes = responseTypes; } this.state = state; }
authorizationRequest.setScope(approvedScopes); if (approvedScopes.isEmpty() && !requestedScopes.isEmpty()) { approved = false;
AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(map); authorizationRequest.setScope(getScope(request)); if (clientAuth.isAuthenticated()) {
approvedScopes.retainAll(requestedScopes); authorizationRequest.setScope(approvedScopes); authorizationRequest.setApproved(true);
authorizationRequest.setScope(allowedScopes);
@Test(expected = InvalidRequestException.class) public void testApproveWithModifiedScope() { AuthorizationRequest authorizationRequest = getAuthorizationRequest( "foo", "http://anywhere.com", "state-1234", "read", Collections.singleton("code")); model.put("authorizationRequest", authorizationRequest); model.put("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST", uaaAuthorizationEndpoint.unmodifiableMap(authorizationRequest)); authorizationRequest.setScope(Arrays.asList("read", "write")); // Modify authorization request Map<String, String> approvalParameters = new HashMap<>(); approvalParameters.put("user_oauth_approval", "true"); uaaAuthorizationEndpoint.approveOrDeny(approvalParameters, model, sessionStatus, principal); }
request.setScope(clientScopes);
@Test public void adminClientIsAdmin() throws Exception { AuthorizationRequest authorizationRequest = new AuthorizationRequest("admin", null); authorizationRequest.setScope(UaaAuthority.ADMIN_AUTHORITIES.stream().map(UaaAuthority::getAuthority).collect(Collectors.toList())); SecurityContextHolder.getContext().setAuthentication(new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null)); assertTrue(new DefaultSecurityContextAccessor().isAdmin()); }
); if (!scopes.isEmpty()) { request.setScope(scopes);
@Test public void zoneAdminClientIsAdmin() throws Exception { AuthorizationRequest authorizationRequest = new AuthorizationRequest("admin", null); authorizationRequest.setScope(Arrays.asList("zones." + IdentityZoneHolder.get().getId() + ".admin")); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null); MockHttpServletRequest request = new MockHttpServletRequest(); request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI2ZjIxOTFlYi1iODY2LTQxZDUtYTBjNy1kZTg0ZTE3OTQ3MjIiLCJzdWIiOiJhZG1pbiIsImF1dGhvcml0aWVzIjpbInNjaW0ucmVhZCIsInVhYS5hZG1pbiIsInpvbmVzLmU5ZmY4ZDJmLTk5ODEtNDhkNi04MmIzLWNjYTc0ZGY5YzFmZS5hZG1pbiIsInBhc3N3b3JkLndyaXRlIiwic2NpbS53cml0ZSIsImNsaWVudHMud3JpdGUiLCJjbGllbnRzLnJlYWQiLCJ6b25lcy5yZWFkIiwiY2xpZW50cy5zZWNyZXQiXSwic2NvcGUiOlsic2NpbS5yZWFkIiwidWFhLmFkbWluIiwiem9uZXMuZTlmZjhkMmYtOTk4MS00OGQ2LTgyYjMtY2NhNzRkZjljMWZlLmFkbWluIiwicGFzc3dvcmQud3JpdGUiLCJzY2ltLndyaXRlIiwiY2xpZW50cy53cml0ZSIsImNsaWVudHMucmVhZCIsInpvbmVzLnJlYWQiLCJjbGllbnRzLnNlY3JldCJdLCJjbGllbnRfaWQiOiJhZG1pbiIsImNpZCI6ImFkbWluIiwiYXpwIjoiYWRtaW4iLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6ImVjMWMzN2M0IiwiaWF0IjoxNDM2NTcwMjkzLCJleHAiOjE0MzY2MTM0OTMsImlzcyI6Imh0dHBzOi8vdWFhLmlkZW50aXR5LmNmLWFwcC5jb20vb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiYWRtaW4iLCJzY2ltIiwidWFhIiwiem9uZXMuZTlmZjhkMmYtOTk4MS00OGQ2LTgyYjMtY2NhNzRkZjljMWZlIiwicGFzc3dvcmQiLCJjbGllbnRzIiwiem9uZXMiXX0.ajpOTnvAvHWPEXEZI4XXDIO_Omp03VgQ64W2bfbrGSIVB0lBujegXvXe-61bRqiKKbbkk85Z6AXUfz6aZXb2hjKPeZr8P9ydy23bSCsl9QNsM9D_h3KHzTkJ9G-34aMTpVi8hxmfr_UQ6J-37zoTTIQrk5nxIiwxc4HcKkl_p68"); authentication.setDetails(new OAuth2AuthenticationDetails(request)); SecurityContextHolder.getContext().setAuthentication(authentication); assertTrue(new DefaultSecurityContextAccessor().isAdmin()); }
logger.info("Mismatch between request object and regular parameter for scope, using request object"); request.setScope(scope);
authorizationRequest.setClientId(clientId); authorizationRequest.setRedirectUri(TEST_REDIRECT_URI); authorizationRequest.setScope(new ArrayList<>(Arrays.asList("openid"))); authorizationRequest.setResponseTypes(new TreeSet<>(Arrays.asList("code", "id_token"))); authorizationRequest.setState(state);
authorizationRequest.setClientId(clientId); authorizationRequest.setRedirectUri(TEST_REDIRECT_URI); authorizationRequest.setScope(new ArrayList<>(Arrays.asList("openid"))); authorizationRequest.setResponseTypes(new TreeSet<>(Arrays.asList("code", "id_token"))); authorizationRequest.setState(state);
/** * Convenience constructor for unit tests, where client ID and scope are * often the only needed fields. * * @param clientId * @param scopes */ public AuthorizationRequest(String clientId, Collection<String> scopes) { setClientId(clientId); setScope(scopes); // in case we need to parse }
/** * Full constructor. */ public AuthorizationRequest(Map<String, String> authorizationParameters, Map<String, String> approvalParameters, String clientId, Set<String> scope, Set<String> resourceIds, Collection<? extends GrantedAuthority> authorities, boolean approved, String state, String redirectUri, Set<String> responseTypes) { setClientId(clientId); setRequestParameters(authorizationParameters); // in case we need to // wrap the collection setScope(scope); // in case we need to parse if (resourceIds != null) { this.resourceIds = new HashSet<String>(resourceIds); } if (authorities != null) { this.authorities = new HashSet<GrantedAuthority>(authorities); } this.approved = approved; this.resourceIds = resourceIds; this.redirectUri = redirectUri; if (responseTypes != null) { this.responseTypes = responseTypes; } this.state = state; }
authorizationRequest.setScope(approvedScopes); if (approvedScopes.isEmpty() && !requestedScopes.isEmpty()) { approved = false;
authorizationRequest.setScope(allowedScopes);
AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(map); authorizationRequest.setScope(getScope(request)); if (clientAuth.isAuthenticated()) {