Exemple #1
0
 private AuthorizationRequest clientCredentialToken(AccessTokenRequest accessTokenRequest) {
   AuthorizationRequest request = new AuthorizationRequest();
   request.setClient(accessTokenRequest.getClient());
   // We have to construct a AuthenticatedPrincipal on-the-fly as there is only key-secret
   // authentication
   request.setPrincipal(new AuthenticatedPrincipal(request.getClient().getClientId()));
   // Get scopes (either from request or the client's default set)
   request.setGrantedScopes(accessTokenRequest.getScopeList());
   return request;
 }
Exemple #2
0
 private AuthorizationRequest refreshTokenToken(AccessTokenRequest accessTokenRequest) {
   AccessToken accessToken =
       accessTokenRepository.findByRefreshToken(accessTokenRequest.getRefreshToken());
   if (accessToken == null) {
     throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_REFRESH_TOKEN);
   }
   AuthorizationRequest request = new AuthorizationRequest();
   request.setClient(accessToken.getClient());
   request.setPrincipal(accessToken.getPrincipal());
   request.setGrantedScopes(accessToken.getScopes());
   accessTokenRepository.delete(accessToken);
   return request;
 }
Exemple #3
0
  private AuthorizationRequest passwordToken(AccessTokenRequest accessTokenRequest) {
    // Authenticate the resource owner
    AuthenticatedPrincipal principal =
        resourceOwnerAuthenticator.authenticate(
            accessTokenRequest.getUsername(), accessTokenRequest.getPassword());
    if (principal == null) {
      throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_PASSWORD);
    }

    AuthorizationRequest request = new AuthorizationRequest();
    request.setClient(accessTokenRequest.getClient());
    request.setPrincipal(principal);
    request.setGrantedScopes(accessTokenRequest.getScopeList());
    return request;
  }
Exemple #4
0
 private void storePrincipal(
     HttpServletRequest request,
     HttpServletResponse response,
     AuthorizationRequest authorizationRequest)
     throws IOException {
   AuthenticatedPrincipal principal =
       (AuthenticatedPrincipal) request.getAttribute(AbstractAuthenticator.PRINCIPAL);
   if (principal == null) {
     response.sendError(
         HttpServletResponse.SC_BAD_REQUEST,
         "No valid AbstractAuthenticator.PRINCIPAL on the Request");
   }
   authorizationRequest.setPrincipal(principal);
   authorizationRequestRepository.save(authorizationRequest);
 }