Example 11 with OAuth2TokenRevocationAuthenticationToken
use of org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken in project spring-authorization-server by spring-projects.
the class OAuth2TokenRevocationAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
OAuth2TokenRevocationAuthenticationToken tokenRevocationAuthentication = (OAuth2TokenRevocationAuthenticationToken) authentication;
OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(tokenRevocationAuthentication);
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
OAuth2Authorization authorization = this.authorizationService.findByToken(tokenRevocationAuthentication.getToken(), null);
if (authorization == null) {
// Return the authentication request when token not found
return tokenRevocationAuthentication;
}
if (!registeredClient.getId().equals(authorization.getRegisteredClientId())) {
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
}
OAuth2Authorization.Token<AbstractOAuth2Token> token = authorization.getToken(tokenRevocationAuthentication.getToken());
authorization = OAuth2AuthenticationProviderUtils.invalidate(authorization, token.getToken());
this.authorizationService.save(authorization);
return new OAuth2TokenRevocationAuthenticationToken(token.getToken(), clientPrincipal);
}
Also used :
OAuth2Authorization(org.springframework.security.oauth2.server.authorization.OAuth2Authorization)
OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)
AbstractOAuth2Token(org.springframework.security.oauth2.core.AbstractOAuth2Token)
RegisteredClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient)
Aggregations
RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)11
Test (org.junit.Test)10
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)6
OAuth2Authorization (org.springframework.security.oauth2.server.authorization.OAuth2Authorization)5
Authentication (org.springframework.security.core.Authentication)4
OAuth2AuthenticationException (org.springframework.security.oauth2.core.OAuth2AuthenticationException)4
OAuth2ClientAuthenticationToken (org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken)4
OAuth2TokenRevocationAuthenticationToken (org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken)4
FilterChain (javax.servlet.FilterChain)3
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
SecurityContext (org.springframework.security.core.context.SecurityContext)3
OAuth2RefreshToken (org.springframework.security.oauth2.core.OAuth2RefreshToken)2
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)1
AbstractOAuth2Token (org.springframework.security.oauth2.core.AbstractOAuth2Token)1
OAuth2TokenType (org.springframework.security.oauth2.core.OAuth2TokenType)1
AuthenticationConverter (org.springframework.security.web.authentication.AuthenticationConverter)1
AuthenticationSuccessHandler (org.springframework.security.web.authentication.AuthenticationSuccessHandler)1
