Example 71 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.
the class JwtAccessTokenConverter method enhance.
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken);
Map<String, Object> info = new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation());
String tokenId = result.getValue();
if (!info.containsKey(TOKEN_ID)) {
info.put(TOKEN_ID, tokenId);
} else {
tokenId = (String) info.get(TOKEN_ID);
}
result.setAdditionalInformation(info);
result.setValue(encode(result, authentication));
OAuth2RefreshToken refreshToken = result.getRefreshToken();
if (refreshToken != null) {
DefaultOAuth2AccessToken encodedRefreshToken = new DefaultOAuth2AccessToken(accessToken);
encodedRefreshToken.setValue(refreshToken.getValue());
// Refresh tokens do not expire unless explicitly of the right type
encodedRefreshToken.setExpiration(null);
try {
Map<String, Object> claims = objectMapper.parseMap(JwtHelper.decode(refreshToken.getValue()).getClaims());
if (claims.containsKey(TOKEN_ID)) {
encodedRefreshToken.setValue(claims.get(TOKEN_ID).toString());
}
} catch (IllegalArgumentException e) {
}
Map<String, Object> refreshTokenInfo = new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation());
refreshTokenInfo.put(TOKEN_ID, encodedRefreshToken.getValue());
refreshTokenInfo.put(ACCESS_TOKEN_ID, tokenId);
encodedRefreshToken.setAdditionalInformation(refreshTokenInfo);
DefaultOAuth2RefreshToken token = new DefaultOAuth2RefreshToken(encode(encodedRefreshToken, authentication));
if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
Date expiration = ((ExpiringOAuth2RefreshToken) refreshToken).getExpiration();
encodedRefreshToken.setExpiration(expiration);
token = new DefaultExpiringOAuth2RefreshToken(encode(encodedRefreshToken, authentication), expiration);
}
result.setRefreshToken(token);
}
return result;
}
Also used :
ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)
OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)
DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)
DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)
DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
Date(java.util.Date)
LinkedHashMap(java.util.LinkedHashMap)
ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)
DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)
Example 72 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.
the class JwtTokenStore method remove.
private void remove(String token) {
if (approvalStore != null) {
OAuth2Authentication auth = readAuthentication(token);
String clientId = auth.getOAuth2Request().getClientId();
Authentication user = auth.getUserAuthentication();
if (user != null) {
Collection<Approval> approvals = new ArrayList<Approval>();
for (String scope : auth.getOAuth2Request().getScope()) {
approvals.add(new Approval(user.getName(), clientId, scope, new Date(), ApprovalStatus.APPROVED));
}
approvalStore.revokeApprovals(approvals);
}
}
}
Also used :
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Approval(org.springframework.security.oauth2.provider.approval.Approval)
Example 73 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.
the class RedisTokenStore method readAuthentication.
@Override
public OAuth2Authentication readAuthentication(String token) {
byte[] bytes = null;
RedisConnection conn = getConnection();
try {
bytes = conn.get(serializeKey(AUTH + token));
} finally {
conn.close();
}
OAuth2Authentication auth = deserializeAuthentication(bytes);
return auth;
}
Also used :
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
RedisConnection(org.springframework.data.redis.connection.RedisConnection)
Example 74 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.
the class ClientScopeVoter method vote.
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
int result = ACCESS_ABSTAIN;
if (!(authentication instanceof OAuth2Authentication)) {
return result;
}
OAuth2Authentication oauth2Authentication = (OAuth2Authentication) authentication;
OAuth2Request clientAuthentication = oauth2Authentication.getOAuth2Request();
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuthentication.getClientId());
Set<String> scopes = clientAuthentication.getScope();
if (oauth2Authentication.isClientOnly() && clientAuthoritiesAreScopes) {
scopes = AuthorityUtils.authorityListToSet(clientAuthentication.getAuthorities());
}
for (ConfigAttribute attribute : attributes) {
if (this.supports(attribute)) {
result = ACCESS_GRANTED;
for (String scope : scopes) {
if (!client.getScope().contains(scope)) {
result = ACCESS_DENIED;
break;
}
}
if (result == ACCESS_DENIED && throwException) {
InsufficientScopeException failure = new InsufficientScopeException("Insufficient scope for this resource", client.getScope());
throw new AccessDeniedException(failure.getMessage(), failure);
}
return result;
}
}
return result;
}
Also used :
InsufficientScopeException(org.springframework.security.oauth2.common.exceptions.InsufficientScopeException)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Example 75 with OAuth2Authentication
use of org.springframework.security.oauth2.provider.OAuth2Authentication in project spring-security-oauth by spring-projects.
the class DefaultAuthenticationKeyGenerator method extractKey.
public String extractKey(OAuth2Authentication authentication) {
Map<String, String> values = new LinkedHashMap<String, String>();
OAuth2Request authorizationRequest = authentication.getOAuth2Request();
if (!authentication.isClientOnly()) {
values.put(USERNAME, authentication.getName());
}
values.put(CLIENT_ID, authorizationRequest.getClientId());
if (authorizationRequest.getScope() != null) {
values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet<String>(authorizationRequest.getScope())));
}
return generateKey(values);
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
TreeSet(java.util.TreeSet)
LinkedHashMap(java.util.LinkedHashMap)
Aggregations
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)167
Test (org.junit.Test)116
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)84
Authentication (org.springframework.security.core.Authentication)69
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)58
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)50
Date (java.util.Date)34
HashMap (java.util.HashMap)23
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)21
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)20
DBUnitTest (org.orcid.test.DBUnitTest)17
ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)15
DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)15
DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)15
HashSet (java.util.HashSet)13
ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)13
ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)13
OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)13
TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)13
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)12
