Example 1 with ClientPrincipal
use of com.hccake.ballcat.common.security.userdetails.ClientPrincipal in project ballcat by ballcat-projects.
the class RemoteOpaqueTokenIntrospector method buildClient.
@SuppressWarnings("unchecked")
private ClientPrincipal buildClient(Map<String, Object> claims) {
String clientId = (String) claims.get(OAuth2TokenIntrospectionClaimNames.CLIENT_ID);
List<String> scopes = null;
Object scopeValue = claims.get(OAuth2TokenIntrospectionClaimNames.SCOPE);
if (scopeValue instanceof List) {
scopes = (List<String>) scopeValue;
}
Collection<GrantedAuthority> authorities = new ArrayList<>();
if (CollectionUtil.isNotEmpty(scopes)) {
for (String scope : scopes) {
authorities.add(new SimpleGrantedAuthority(AUTHORITY_SCOPE_PREFIX + scope));
}
}
ClientPrincipal clientPrincipal = new ClientPrincipal(clientId, claims, authorities);
clientPrincipal.setScope(scopes);
return clientPrincipal;
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject)
JSONObject(net.minidev.json.JSONObject)
ArrayList(java.util.ArrayList)
List(java.util.List)
ClientPrincipal(com.hccake.ballcat.common.security.userdetails.ClientPrincipal)
Example 2 with ClientPrincipal
use of com.hccake.ballcat.common.security.userdetails.ClientPrincipal in project ballcat by ballcat-projects.
the class SharedStoredOpaqueTokenIntrospector method introspect.
/**
* @see DefaultTokenServices#loadAuthentication(java.lang.String)
* @param accessTokenValue token
* @return OAuth2User
*/
@Override
public OAuth2AuthenticatedPrincipal introspect(String accessTokenValue) {
OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue);
if (accessToken == null) {
throw new BadOpaqueTokenException("Invalid access token: " + accessTokenValue);
} else if (accessToken.isExpired()) {
tokenStore.removeAccessToken(accessToken);
throw new BadOpaqueTokenException("Access token expired: " + accessTokenValue);
}
OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(accessToken);
if (oAuth2Authentication == null) {
// in case of race condition
throw new BadOpaqueTokenException("Invalid access token: " + accessTokenValue);
}
ClientPrincipal clientPrincipal = getClientPrincipal(oAuth2Authentication);
if (clientPrincipal != null) {
return clientPrincipal;
}
return (OAuth2User) oAuth2Authentication.getPrincipal();
}
Also used :
OAuth2User(org.springframework.security.oauth2.core.user.OAuth2User)
BadOpaqueTokenException(org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
ClientPrincipal(com.hccake.ballcat.common.security.userdetails.ClientPrincipal)
Example 3 with ClientPrincipal
use of com.hccake.ballcat.common.security.userdetails.ClientPrincipal in project ballcat by ballcat-projects.
the class SecurityUtils method getClientPrincipal.
/**
* 获取客户端信息
*/
public ClientPrincipal getClientPrincipal() {
Authentication authentication = getAuthentication();
if (authentication == null) {
return null;
}
Object principal = authentication.getPrincipal();
if (principal instanceof ClientPrincipal) {
return (ClientPrincipal) principal;
}
return null;
}
Also used :
Authentication(org.springframework.security.core.Authentication)
ClientPrincipal(com.hccake.ballcat.common.security.userdetails.ClientPrincipal)
Example 4 with ClientPrincipal
use of com.hccake.ballcat.common.security.userdetails.ClientPrincipal in project ballcat by ballcat-projects.
the class CustomClientCredentialsTokenGranter method getOAuth2Authentication.
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
OAuth2Request oAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
ClientPrincipal clientPrincipal = new ClientPrincipal(oAuth2Request.getClientId(), new HashMap<>(8), client.getAuthorities());
clientPrincipal.setScope(client.getScope());
OAuth2ClientAuthenticationToken userAuthentication = new OAuth2ClientAuthenticationToken(clientPrincipal, null);
return new OAuth2Authentication(oAuth2Request, userAuthentication);
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
ClientPrincipal(com.hccake.ballcat.common.security.userdetails.ClientPrincipal)
Example 5 with ClientPrincipal
use of com.hccake.ballcat.common.security.userdetails.ClientPrincipal in project ballcat by ballcat-projects.
the class SharedStoredOpaqueTokenIntrospector method getClientPrincipal.
private ClientPrincipal getClientPrincipal(OAuth2Authentication oAuth2Authentication) {
ClientPrincipal clientPrincipal = null;
OAuth2Request oAuth2Request = oAuth2Authentication.getOAuth2Request();
if (oAuth2Request != null && CLIENT_CREDENTIALS.equals(oAuth2Request.getGrantType())) {
Collection<? extends GrantedAuthority> requestAuthorities = oAuth2Request.getAuthorities();
Collection<GrantedAuthority> authorities = new ArrayList<>(requestAuthorities);
Set<String> scopes = oAuth2Request.getScope();
if (CollectionUtil.isNotEmpty(scopes)) {
for (String scope : scopes) {
authorities.add(new SimpleGrantedAuthority(AUTHORITY_SCOPE_PREFIX + scope));
}
}
clientPrincipal = new ClientPrincipal(oAuth2Request.getClientId(), new HashMap<>(8), authorities);
clientPrincipal.setScope(scopes);
}
return clientPrincipal;
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
HashMap(java.util.HashMap)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
ClientPrincipal(com.hccake.ballcat.common.security.userdetails.ClientPrincipal)
Aggregations
ClientPrincipal (com.hccake.ballcat.common.security.userdetails.ClientPrincipal)5
ArrayList (java.util.ArrayList)2
GrantedAuthority (org.springframework.security.core.GrantedAuthority)2
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)2
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)2
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)2
ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)1
HashMap (java.util.HashMap)1
List (java.util.List)1
JSONObject (net.minidev.json.JSONObject)1
Authentication (org.springframework.security.core.Authentication)1
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)1
OAuth2User (org.springframework.security.oauth2.core.user.OAuth2User)1
BadOpaqueTokenException (org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException)1
