private void validateClient(ClientDetails client, boolean create) {
final Set<String> VALID_GRANTS =
new HashSet<String>(
Arrays.asList(
"implicit",
"password",
"client_credentials",
"authorization_code",
"refresh_token"));
for (String grant : client.getAuthorizedGrantTypes()) {
if (!VALID_GRANTS.contains(grant)) {
throw new InvalidClientDetailsException(
grant + " is not an allowed grant type. Must be one of: " + VALID_GRANTS.toString());
}
}
if (create) {
// Only check for missing secret if client is being created.
if (client.getAuthorizedGrantTypes().size() == 1
&& client.getAuthorizedGrantTypes().contains("implicit")) {
if (StringUtils.hasText(client.getClientSecret())) {
throw new InvalidClientDetailsException(
"implicit grant does not require a client_secret");
}
} else {
if (!StringUtils.hasText(client.getClientSecret())) {
throw new InvalidClientDetailsException(
"client_secret is required for non-implicit grant types");
}
}
}
}
private Object[] getFields(ClientDetails clientDetails) {
Object[] fieldsForUpdate = getFieldsForUpdate(clientDetails);
Object[] fields = new Object[fieldsForUpdate.length + 1];
System.arraycopy(fieldsForUpdate, 0, fields, 1, fieldsForUpdate.length);
fields[0] =
clientDetails.getClientSecret() != null
? passwordEncoder.encode(clientDetails.getClientSecret())
: null;
return fields;
}
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
System.out.println("loading client");
ClientDetails client = jdbcClientService.loadClientByClientId(clientId);
System.out.println(client.getClientId() + " " + client.getClientSecret());
return client;
}
private HttpHeaders getHeaders(ClientDetails config) {
HttpHeaders headers = new HttpHeaders();
String token =
new String(
Base64.encode((config.getClientId() + ":" + config.getClientSecret()).getBytes()));
headers.set("Authorization", "Basic " + token);
return headers;
}
@Test
public void testEnvironmentalOverrides() {
this.context = new AnnotationConfigEmbeddedWebApplicationContext();
EnvironmentTestUtils.addEnvironment(
this.context,
"security.oauth2.client.clientId:myclientid",
"security.oauth2.client.clientSecret:mysecret");
this.context.register(
AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class);
this.context.refresh();
ClientDetails config = this.context.getBean(ClientDetails.class);
assertThat(config.getClientId(), equalTo("myclientid"));
assertThat(config.getClientSecret(), equalTo("mysecret"));
verifyAuthentication(config);
}
@Override
public UserDetails loadUserByUsername(String clientId)
throws UsernameNotFoundException, DataAccessException {
ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
String password = client.getClientSecret();
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
GrantedAuthority roleClient = new SimpleGrantedAuthority("ROLE_CLIENT");
authorities.add(roleClient);
return new User(
clientId,
password,
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
authorities);
}
