Example 1 with OAuthSecurityContext
use of org.springframework.security.oauth.consumer.OAuthSecurityContext in project spring-security-oauth by spring-projects.
the class HttpSessionBasedTokenServices method getSession.
protected HttpSession getSession() {
OAuthSecurityContext context = OAuthSecurityContextHolder.getContext();
if (context == null) {
throw new IllegalStateException("A security context must be established.");
}
HttpServletRequest request;
try {
request = (HttpServletRequest) context.getDetails();
} catch (ClassCastException e) {
throw new IllegalStateException("The security context must have the HTTP servlet request as its details.");
}
if (request == null) {
throw new IllegalStateException("The security context must have the HTTP servlet request as its details.");
}
HttpSession session = request.getSession(true);
if (session == null) {
throw new IllegalStateException("Unable to create a session in which to store the tokens.");
}
return session;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
OAuthSecurityContext(org.springframework.security.oauth.consumer.OAuthSecurityContext)
Example 2 with OAuthSecurityContext
use of org.springframework.security.oauth.consumer.OAuthSecurityContext in project spring-security-oauth by spring-projects.
the class OAuthClientHttpRequestFactory method createRequest.
public ClientHttpRequest createRequest(URI uri, HttpMethod httpMethod) throws IOException {
OAuthSecurityContext context = OAuthSecurityContextHolder.getContext();
if (context == null) {
context = new OAuthSecurityContextImpl();
}
Map<String, OAuthConsumerToken> accessTokens = context.getAccessTokens();
OAuthConsumerToken accessToken = accessTokens == null ? null : accessTokens.get(this.resource.getId());
boolean useAuthHeader = this.resource.isAcceptsAuthorizationHeader();
if (!useAuthHeader) {
String queryString = this.support.getOAuthQueryString(this.resource, accessToken, uri.toURL(), httpMethod.name(), this.additionalOAuthParameters);
String uriValue = String.valueOf(uri);
uri = URI.create((uriValue.contains("?") ? uriValue.substring(0, uriValue.indexOf('?')) : uriValue) + "?" + queryString);
}
ClientHttpRequest req = delegate.createRequest(uri, httpMethod);
if (useAuthHeader) {
String authHeader = this.support.getAuthorizationHeader(this.resource, accessToken, uri.toURL(), httpMethod.name(), this.additionalOAuthParameters);
req.getHeaders().add("Authorization", authHeader);
}
Map<String, String> additionalHeaders = this.resource.getAdditionalRequestHeaders();
if (additionalHeaders != null) {
for (Map.Entry<String, String> header : additionalHeaders.entrySet()) {
req.getHeaders().add(header.getKey(), header.getValue());
}
}
return req;
}
Also used :
OAuthSecurityContextImpl(org.springframework.security.oauth.consumer.OAuthSecurityContextImpl)
OAuthSecurityContext(org.springframework.security.oauth.consumer.OAuthSecurityContext)
ClientHttpRequest(org.springframework.http.client.ClientHttpRequest)
Map(java.util.Map)
OAuthConsumerToken(org.springframework.security.oauth.consumer.OAuthConsumerToken)
Example 3 with OAuthSecurityContext
use of org.springframework.security.oauth.consumer.OAuthSecurityContext in project spring-security-oauth by spring-projects.
the class OAuthConsumerProcessingFilter method doFilter.
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
Set<String> accessTokenDeps = getAccessTokenDependencies(request, response, chain);
if (!accessTokenDeps.isEmpty()) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (isRequireAuthenticated() && !authentication.isAuthenticated()) {
throw new InsufficientAuthenticationException("An authenticated principal must be present.");
}
OAuthSecurityContext context = OAuthSecurityContextHolder.getContext();
if (context == null) {
throw new IllegalStateException("No OAuth security context has been established. Unable to access resources.");
}
Map<String, OAuthConsumerToken> accessTokens = context.getAccessTokens();
for (String dependency : accessTokenDeps) {
if (!accessTokens.containsKey(dependency)) {
throw new AccessTokenRequiredException(getProtectedResourceDetailsService().loadProtectedResourceDetailsById(dependency));
}
}
chain.doFilter(request, response);
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("No access token dependencies for request.");
}
chain.doFilter(servletRequest, servletResponse);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
AccessTokenRequiredException(org.springframework.security.oauth.consumer.AccessTokenRequiredException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
OAuthSecurityContext(org.springframework.security.oauth.consumer.OAuthSecurityContext)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
OAuthConsumerToken(org.springframework.security.oauth.consumer.OAuthConsumerToken)
Aggregations
OAuthSecurityContext (org.springframework.security.oauth.consumer.OAuthSecurityContext)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
OAuthConsumerToken (org.springframework.security.oauth.consumer.OAuthConsumerToken)2
Map (java.util.Map)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
HttpSession (javax.servlet.http.HttpSession)1
ClientHttpRequest (org.springframework.http.client.ClientHttpRequest)1
InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1
Authentication (org.springframework.security.core.Authentication)1
AccessTokenRequiredException (org.springframework.security.oauth.consumer.AccessTokenRequiredException)1
OAuthSecurityContextImpl (org.springframework.security.oauth.consumer.OAuthSecurityContextImpl)1
