Search in sources :

Example 1 with ExtraTrustConsumerDetails

use of org.springframework.security.oauth.provider.ExtraTrustConsumerDetails in project spring-security-oauth by spring-projects.

the class ProtectedResourceProcessingFilter method onValidSignature.

protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    ConsumerAuthentication authentication = (ConsumerAuthentication) SecurityContextHolder.getContext().getAuthentication();
    String token = authentication.getConsumerCredentials().getToken();
    OAuthAccessProviderToken accessToken = null;
    if (StringUtils.hasText(token)) {
        OAuthProviderToken authToken = getTokenServices().getToken(token);
        if (authToken == null) {
            throw new AccessDeniedException("Invalid access token.");
        } else if (!authToken.isAccessToken()) {
            throw new AccessDeniedException("Token should be an access token.");
        } else if (authToken instanceof OAuthAccessProviderToken) {
            accessToken = (OAuthAccessProviderToken) authToken;
        }
    } else if ((!(authentication.getConsumerDetails() instanceof ExtraTrustConsumerDetails)) || ((ExtraTrustConsumerDetails) authentication.getConsumerDetails()).isRequiredToObtainAuthenticatedToken()) {
        throw new InvalidOAuthParametersException(messages.getMessage("ProtectedResourceProcessingFilter.missingToken", "Missing auth token."));
    }
    Authentication userAuthentication = authHandler.createAuthentication(request, authentication, accessToken);
    SecurityContextHolder.getContext().setAuthentication(userAuthentication);
    chain.doFilter(request, response);
}
Also used : OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken) AccessDeniedException(org.springframework.security.access.AccessDeniedException) InvalidOAuthParametersException(org.springframework.security.oauth.provider.InvalidOAuthParametersException) ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication) Authentication(org.springframework.security.core.Authentication) ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication) ExtraTrustConsumerDetails(org.springframework.security.oauth.provider.ExtraTrustConsumerDetails) OAuthAccessProviderToken(org.springframework.security.oauth.provider.token.OAuthAccessProviderToken)

Aggregations

AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 Authentication (org.springframework.security.core.Authentication)1 ConsumerAuthentication (org.springframework.security.oauth.provider.ConsumerAuthentication)1 ExtraTrustConsumerDetails (org.springframework.security.oauth.provider.ExtraTrustConsumerDetails)1 InvalidOAuthParametersException (org.springframework.security.oauth.provider.InvalidOAuthParametersException)1 OAuthAccessProviderToken (org.springframework.security.oauth.provider.token.OAuthAccessProviderToken)1 OAuthProviderToken (org.springframework.security.oauth.provider.token.OAuthProviderToken)1