Example 1 with AuthenticationScheme
use of org.springframework.security.oauth2.common.AuthenticationScheme in project spring-security-oauth by spring-projects.
the class ResourceBeanDefinitionParser method doParse.
@Override
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
String id = element.getAttribute("id");
if (!StringUtils.hasText(id)) {
parserContext.getReaderContext().error("An id must be supplied on a resource element.", element);
}
builder.addPropertyValue("id", id);
String type = element.getAttribute("type");
if (!StringUtils.hasText(type)) {
type = "client_credentials";
}
builder.addPropertyValue("grantType", type);
String accessTokenUri = element.getAttribute("access-token-uri");
if (!StringUtils.hasText(accessTokenUri) && !"implicit".equals(type)) {
parserContext.getReaderContext().error("An accessTokenUri must be supplied on a resource element of type " + type, element);
}
builder.addPropertyValue("accessTokenUri", accessTokenUri);
String clientId = element.getAttribute("client-id");
if (!StringUtils.hasText(clientId)) {
parserContext.getReaderContext().error("An clientId must be supplied on a resource element", element);
}
builder.addPropertyValue("clientId", clientId);
String clientSecret = element.getAttribute("client-secret");
if (StringUtils.hasText(clientSecret)) {
builder.addPropertyValue("clientSecret", clientSecret);
}
String clientAuthenticationScheme = element.getAttribute("client-authentication-scheme");
if (StringUtils.hasText(clientAuthenticationScheme)) {
builder.addPropertyValue("clientAuthenticationScheme", clientAuthenticationScheme);
}
String userAuthorizationUri = element.getAttribute("user-authorization-uri");
if (StringUtils.hasText(userAuthorizationUri)) {
if (needsUserAuthorizationUri(type)) {
builder.addPropertyValue("userAuthorizationUri", userAuthorizationUri);
} else {
parserContext.getReaderContext().error("The " + type + " grant type does not accept an authorization URI", element);
}
} else {
if (needsUserAuthorizationUri(type)) {
parserContext.getReaderContext().error("An authorization URI must be supplied for a resource of type " + type, element);
}
}
String preEstablishedRedirectUri = element.getAttribute("pre-established-redirect-uri");
if (StringUtils.hasText(preEstablishedRedirectUri)) {
builder.addPropertyValue("preEstablishedRedirectUri", preEstablishedRedirectUri);
}
String requireImmediateAuthorization = element.getAttribute("require-immediate-authorization");
if (StringUtils.hasText(requireImmediateAuthorization)) {
builder.addPropertyValue("requireImmediateAuthorization", requireImmediateAuthorization);
}
String useCurrentUri = element.getAttribute("use-current-uri");
if (StringUtils.hasText(useCurrentUri)) {
builder.addPropertyValue("useCurrentUri", useCurrentUri);
}
String scope = element.getAttribute("scope");
if (StringUtils.hasText(scope)) {
BeanDefinitionBuilder scopesBuilder = BeanDefinitionBuilder.genericBeanDefinition(StringListFactoryBean.class);
scopesBuilder.addConstructorArgValue(new TypedStringValue(scope));
builder.addPropertyValue("scope", scopesBuilder.getBeanDefinition());
}
AuthenticationScheme btm = AuthenticationScheme.header;
String bearerTokenMethod = element.getAttribute("authentication-scheme");
if (StringUtils.hasText(bearerTokenMethod)) {
btm = AuthenticationScheme.valueOf(bearerTokenMethod);
}
builder.addPropertyValue("authenticationScheme", btm);
String bearerTokenName = element.getAttribute("token-name");
if (!StringUtils.hasText(bearerTokenName)) {
bearerTokenName = OAuth2AccessToken.ACCESS_TOKEN;
}
builder.addPropertyValue("tokenName", bearerTokenName);
if (type.equals("password")) {
String[] attributeNames = { "username", "password" };
for (String attributeName : attributeNames) {
String attribute = element.getAttribute(attributeName);
if (StringUtils.hasText(attribute)) {
builder.addPropertyValue(attributeName, attribute);
} else {
parserContext.getReaderContext().error("A " + attributeName + " must be supplied on a resource element of type " + type, element);
}
}
}
}
Also used :
AuthenticationScheme(org.springframework.security.oauth2.common.AuthenticationScheme)
BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder)
TypedStringValue(org.springframework.beans.factory.config.TypedStringValue)
Example 2 with AuthenticationScheme
use of org.springframework.security.oauth2.common.AuthenticationScheme in project spring-security-oauth by spring-projects.
the class OAuth2RestTemplate method createRequest.
@Override
protected ClientHttpRequest createRequest(URI uri, HttpMethod method) throws IOException {
OAuth2AccessToken accessToken = getAccessToken();
AuthenticationScheme authenticationScheme = resource.getAuthenticationScheme();
if (AuthenticationScheme.query.equals(authenticationScheme) || AuthenticationScheme.form.equals(authenticationScheme)) {
uri = appendQueryParameter(uri, accessToken);
}
ClientHttpRequest req = super.createRequest(uri, method);
if (AuthenticationScheme.header.equals(authenticationScheme)) {
authenticator.authenticate(resource, getOAuth2ClientContext(), req);
}
return req;
}
Also used :
AuthenticationScheme(org.springframework.security.oauth2.common.AuthenticationScheme)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
ClientHttpRequest(org.springframework.http.client.ClientHttpRequest)
Example 3 with AuthenticationScheme
use of org.springframework.security.oauth2.common.AuthenticationScheme in project spring-security-oauth by spring-projects.
the class DefaultClientAuthenticationHandler method authenticateTokenRequest.
public void authenticateTokenRequest(OAuth2ProtectedResourceDetails resource, MultiValueMap<String, String> form, HttpHeaders headers) {
if (resource.isAuthenticationRequired()) {
AuthenticationScheme scheme = AuthenticationScheme.header;
if (resource.getClientAuthenticationScheme() != null) {
scheme = resource.getClientAuthenticationScheme();
}
try {
String clientSecret = resource.getClientSecret();
clientSecret = clientSecret == null ? "" : clientSecret;
switch(scheme) {
case header:
form.remove("client_secret");
headers.add("Authorization", String.format("Basic %s", new String(Base64.encode(String.format("%s:%s", resource.getClientId(), clientSecret).getBytes("UTF-8")), "UTF-8")));
break;
case form:
case query:
form.set("client_id", resource.getClientId());
if (StringUtils.hasText(clientSecret)) {
form.set("client_secret", clientSecret);
}
break;
default:
throw new IllegalStateException("Default authentication handler doesn't know how to handle scheme: " + scheme);
}
} catch (UnsupportedEncodingException e) {
throw new IllegalStateException(e);
}
}
}
Also used :
AuthenticationScheme(org.springframework.security.oauth2.common.AuthenticationScheme)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Aggregations
AuthenticationScheme (org.springframework.security.oauth2.common.AuthenticationScheme)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
TypedStringValue (org.springframework.beans.factory.config.TypedStringValue)1
BeanDefinitionBuilder (org.springframework.beans.factory.support.BeanDefinitionBuilder)1
ClientHttpRequest (org.springframework.http.client.ClientHttpRequest)1
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)1
