Examples with ResourceServerTokenServices org.springframework.security.oauth2.provider.token.ResourceServerTokenServices used on opensource projects

Example 1 with ResourceServerTokenServices

use of org.springframework.security.oauth2.provider.token.ResourceServerTokenServices in project spring-boot by spring-projects.

the class SsoSecurityConfigurer method oauth2SsoFilter.

private OAuth2ClientAuthenticationProcessingFilter oauth2SsoFilter(OAuth2SsoProperties sso) {
    OAuth2RestOperations restTemplate = this.applicationContext.getBean(UserInfoRestTemplateFactory.class).getUserInfoRestTemplate();
    ResourceServerTokenServices tokenServices = this.applicationContext.getBean(ResourceServerTokenServices.class);
    OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(sso.getLoginPath());
    filter.setRestTemplate(restTemplate);
    filter.setTokenServices(tokenServices);
    filter.setApplicationEventPublisher(this.applicationContext);
    return filter;
}

Example 2 with ResourceServerTokenServices

use of org.springframework.security.oauth2.provider.token.ResourceServerTokenServices in project spring-security-oauth by spring-projects.

the class ResourceServerConfiguration method configure.

@Override
protected void configure(HttpSecurity http) throws Exception {
    ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
    ResourceServerTokenServices services = resolveTokenServices();
    if (services != null) {
        resources.tokenServices(services);
    } else {
        if (tokenStore != null) {
            resources.tokenStore(tokenStore);
        } else if (endpoints != null) {
            resources.tokenStore(endpoints.getEndpointsConfigurer().getTokenStore());
        }
    }
    if (eventPublisher != null) {
        resources.eventPublisher(eventPublisher);
    }
    for (ResourceServerConfigurer configurer : configurers) {
        configurer.configure(resources);
    }
    // @formatter:off
    http.authenticationProvider(new AnonymousAuthenticationProvider("default")).exceptionHandling().accessDeniedHandler(resources.getAccessDeniedHandler()).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();
    // @formatter:on
    http.apply(resources);
    if (endpoints != null) {
        // Assume we are in an Authorization Server
        http.requestMatcher(new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
    }
    for (ResourceServerConfigurer configurer : configurers) {
        // Delegates can add authorizeRequests() here
        configurer.configure(http);
    }
    if (configurers.isEmpty()) {
        // Add anyRequest() last as a fall back. Spring Security would
        // replace an existing anyRequest() matcher with this one, so to
        // avoid that we only add it if the user hasn't configured anything.
        http.authorizeRequests().anyRequest().authenticated();
    }
}

Example 3 with ResourceServerTokenServices

use of org.springframework.security.oauth2.provider.token.ResourceServerTokenServices in project spring-security-oauth by spring-projects.

the class ResourceServerConfiguration method resolveTokenServices.

private ResourceServerTokenServices resolveTokenServices() {
    if (tokenServices == null || tokenServices.size() == 0) {
        return null;
    }
    if (tokenServices.size() == 1) {
        return tokenServices.values().iterator().next();
    }
    if (tokenServices.size() == 2) {
        // Maybe they are the ones provided natively
        Iterator<ResourceServerTokenServices> iter = tokenServices.values().iterator();
        ResourceServerTokenServices one = iter.next();
        ResourceServerTokenServices two = iter.next();
        if (elementsEqual(one, two)) {
            return one;
        }
    }
    return context.getBean(ResourceServerTokenServices.class);
}

Example 4 with ResourceServerTokenServices

use of org.springframework.security.oauth2.provider.token.ResourceServerTokenServices in project spring-security-oauth by spring-projects.

the class ResourceServerSecurityConfigurer method tokenServices.

private ResourceServerTokenServices tokenServices(HttpSecurity http) {
    if (resourceTokenServices != null) {
        return resourceTokenServices;
    }
    DefaultTokenServices tokenServices = new DefaultTokenServices();
    tokenServices.setTokenStore(tokenStore());
    tokenServices.setSupportRefreshToken(true);
    tokenServices.setClientDetailsService(clientDetails());
    this.resourceTokenServices = tokenServices;
    return tokenServices;
}

Example 5 with ResourceServerTokenServices

use of org.springframework.security.oauth2.provider.token.ResourceServerTokenServices in project spring-security-oauth by spring-projects.

the class OAuth2AuthenticationManager method authenticate.

/**
	 * Expects the incoming authentication request to have a principal value that is an access token value (e.g. from an
	 * authorization header). Loads an authentication from the {@link ResourceServerTokenServices} and checks that the
	 * resource id is contained in the {@link AuthorizationRequest} (if one is specified). Also copies authentication
	 * details over from the input to the output (e.g. typically so that the access token value and request details can
	 * be reported later).
	 * 
	 * @param authentication an authentication request containing an access token value as the principal
	 * @return an {@link OAuth2Authentication}
	 * 
	 * @see org.springframework.security.authentication.AuthenticationManager#authenticate(org.springframework.security.core.Authentication)
	 */
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (authentication == null) {
        throw new InvalidTokenException("Invalid token (token not found)");
    }
    String token = (String) authentication.getPrincipal();
    OAuth2Authentication auth = tokenServices.loadAuthentication(token);
    if (auth == null) {
        throw new InvalidTokenException("Invalid token: " + token);
    }
    Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds();
    if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) {
        throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceId + ")");
    }
    checkClientDetails(auth);
    if (authentication.getDetails() instanceof OAuth2AuthenticationDetails) {
        OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
        // Guard against a cached copy of the same details
        if (!details.equals(auth.getDetails())) {
            // Preserve the authentication details from the one loaded by token services
            details.setDecodedDetails(auth.getDetails());
        }
    }
    auth.setDetails(authentication.getDetails());
    auth.setAuthenticated(true);
    return auth;
}