Examples with SecurityUser org.thingsboard.server.service.security.model.SecurityUser used on opensource projects

Example 1 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class RefreshTokenAuthenticationProvider method authenticateByUserId.

private SecurityUser authenticateByUserId(UserId userId) {
    User user = userService.findUserById(userId);
    if (user == null) {
        throw new UsernameNotFoundException("User not found by refresh token");
    }
    UserCredentials userCredentials = userService.findUserCredentialsByUserId(user.getId());
    if (userCredentials == null) {
        throw new UsernameNotFoundException("User credentials not found");
    }
    if (!userCredentials.isEnabled()) {
        throw new DisabledException("User is not active");
    }
    if (user.getAuthority() == null)
        throw new InsufficientAuthenticationException("User has no authority assigned");
    UserPrincipal userPrincipal = new UserPrincipal(UserPrincipal.Type.USER_NAME, user.getEmail());
    SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
    return securityUser;
}

Example 2 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class RefreshTokenAuthenticationProvider method authenticateByPublicId.

private SecurityUser authenticateByPublicId(String publicId) {
    CustomerId customerId;
    try {
        customerId = new CustomerId(UUID.fromString(publicId));
    } catch (Exception e) {
        throw new BadCredentialsException("Refresh token is not valid");
    }
    Customer publicCustomer = customerService.findCustomerById(customerId);
    if (publicCustomer == null) {
        throw new UsernameNotFoundException("Public entity not found by refresh token");
    }
    if (!publicCustomer.isPublic()) {
        throw new BadCredentialsException("Refresh token is not valid");
    }
    User user = new User(new UserId(EntityId.NULL_UUID));
    user.setTenantId(publicCustomer.getTenantId());
    user.setCustomerId(publicCustomer.getId());
    user.setEmail(publicId);
    user.setAuthority(Authority.CUSTOMER_USER);
    user.setFirstName("Public");
    user.setLastName("Public");
    UserPrincipal userPrincipal = new UserPrincipal(UserPrincipal.Type.PUBLIC_ID, publicId);
    SecurityUser securityUser = new SecurityUser(user, true, userPrincipal);
    return securityUser;
}

Example 3 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class RefreshTokenAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    Assert.notNull(authentication, "No authentication data provided");
    RawAccessJwtToken rawAccessToken = (RawAccessJwtToken) authentication.getCredentials();
    SecurityUser unsafeUser = tokenFactory.parseRefreshToken(rawAccessToken);
    UserPrincipal principal = unsafeUser.getUserPrincipal();
    SecurityUser securityUser;
    if (principal.getType() == UserPrincipal.Type.USER_NAME) {
        securityUser = authenticateByUserId(unsafeUser.getId());
    } else {
        securityUser = authenticateByPublicId(principal.getValue());
    }
    return new RefreshAuthenticationToken(securityUser);
}

Example 4 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class JwtTokenFactory method parseRefreshToken.

public SecurityUser parseRefreshToken(RawAccessJwtToken rawAccessToken) {
    Jws<Claims> jwsClaims = rawAccessToken.parseClaims(settings.getTokenSigningKey());
    Claims claims = jwsClaims.getBody();
    String subject = claims.getSubject();
    List<String> scopes = claims.get(SCOPES, List.class);
    if (scopes == null || scopes.isEmpty()) {
        throw new IllegalArgumentException("Refresh Token doesn't have any scopes");
    }
    if (!scopes.get(0).equals(Authority.REFRESH_TOKEN.name())) {
        throw new IllegalArgumentException("Invalid Refresh Token scope");
    }
    boolean isPublic = claims.get(IS_PUBLIC, Boolean.class);
    UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME, subject);
    SecurityUser securityUser = new SecurityUser(new UserId(UUID.fromString(claims.get(USER_ID, String.class))));
    securityUser.setUserPrincipal(principal);
    return securityUser;
}

Example 5 with SecurityUser

use of org.thingsboard.server.service.security.model.SecurityUser in project thingsboard by thingsboard.

the class RestAuthenticationProvider method authenticateByPublicId.

private Authentication authenticateByPublicId(UserPrincipal userPrincipal, String publicId) {
    CustomerId customerId;
    try {
        customerId = new CustomerId(UUID.fromString(publicId));
    } catch (Exception e) {
        throw new BadCredentialsException("Authentication Failed. Public Id is not valid.");
    }
    Customer publicCustomer = customerService.findCustomerById(customerId);
    if (publicCustomer == null) {
        throw new UsernameNotFoundException("Public entity not found: " + publicId);
    }
    if (!publicCustomer.isPublic()) {
        throw new BadCredentialsException("Authentication Failed. Public Id is not valid.");
    }
    User user = new User(new UserId(EntityId.NULL_UUID));
    user.setTenantId(publicCustomer.getTenantId());
    user.setCustomerId(publicCustomer.getId());
    user.setEmail(publicId);
    user.setAuthority(Authority.CUSTOMER_USER);
    user.setFirstName("Public");
    user.setLastName("Public");
    SecurityUser securityUser = new SecurityUser(user, true, userPrincipal);
    return new UsernamePasswordAuthenticationToken(securityUser, null, securityUser.getAuthorities());
}