@Override public boolean isClient() { Authentication a = SecurityContextHolder.getContext().getAuthentication(); if (!(a instanceof OAuth2Authentication)) { return false; } return ((OAuth2Authentication) a).isClientOnly(); }
protected boolean hasClientOauth2Authentication() { SecurityContext context = SecurityContextHolder.getContext(); if (context.getAuthentication() instanceof OAuth2Authentication) { OAuth2Authentication authentication = (OAuth2Authentication) context.getAuthentication(); if (authentication.isClientOnly()) { return true; } } return false; } }
public static boolean isOAuthUserAuth(Authentication authentication) { if (authentication instanceof OAuth2Authentication) { return authentication.isAuthenticated() && !((OAuth2Authentication)authentication).isClientOnly(); } return false; }
public static boolean isOAuthClientAuth(Authentication authentication) { if (authentication instanceof OAuth2Authentication) { return authentication.isAuthenticated() && ((OAuth2Authentication)authentication).isClientOnly(); } return false; }
@Override public String getAuthenticationInfo() { Authentication a = SecurityContextHolder.getContext().getAuthentication(); if (a instanceof OAuth2Authentication) { OAuth2Authentication oauth = ((OAuth2Authentication) a); String info = getClientId(); if (!oauth.isClientOnly()) { info = info + "; " + a.getName() + "; " + getUserId(); } return info; } else { return a.getName(); } }
public String extractKey(OAuth2Authentication authentication) { Map<String, String> values = new LinkedHashMap<String, String>(); OAuth2Request authorizationRequest = authentication.getOAuth2Request(); if (!authentication.isClientOnly()) { values.put(USERNAME, authentication.getName()); } values.put(CLIENT_ID, authorizationRequest.getClientId()); if (authorizationRequest.getScope() != null) { values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet<String>(authorizationRequest.getScope()))); } return generateKey(values); }
protected String extractUserIdFromAuthentication(Authentication authentication) { if (authentication==null) { return null; } if (authentication.getPrincipal() instanceof UaaPrincipal) { return ((UaaPrincipal)authentication.getPrincipal()).getId(); } if (authentication instanceof OAuth2Authentication) { OAuth2Authentication a = (OAuth2Authentication)authentication; if (!a.isClientOnly()) { if (a.getUserAuthentication().getPrincipal() instanceof UaaPrincipal) { return ((UaaPrincipal)a.getUserAuthentication().getPrincipal()).getId(); } } } return null; }
OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) caller; builder.append("client=").append(oAuth2Authentication.getOAuth2Request().getClientId()); if (!oAuth2Authentication.isClientOnly()) { builder.append(", ").append("user=").append(oAuth2Authentication.getName());
@Test public void successfulLoginAuthenticationInvokesLoginAuthManager() throws Exception { SecurityContextHolder.getContext().setAuthentication(loginAuthentication); when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException("Invalid authentication manager invoked")); when(loginAuthMgr.authenticate(any(Authentication.class))).thenReturn(new UsernamePasswordAuthenticationToken("joe", null)); when(loginAuthentication.isClientOnly()).thenReturn(Boolean.TRUE); @SuppressWarnings("rawtypes") ResponseEntity response = (ResponseEntity) endpoint.authenticate(new MockHttpServletRequest(), "joe","origin", null); assertEquals(HttpStatus.OK, response.getStatusCode()); }
OAuth2Request clientToken = authentication.getOAuth2Request(); if (!authentication.isClientOnly()) { response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication())); } else {
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { if (this.flushCounter.incrementAndGet() >= this.flushInterval) { flush(); this.flushCounter.set(0); } this.accessTokenStore.put(token.getValue(), token); this.authenticationStore.put(token.getValue(), authentication); this.authenticationToAccessTokenStore.put(authenticationKeyGenerator.extractKey(authentication), token); if (!authentication.isClientOnly()) { addToCollection(this.userNameToAccessTokenStore, getApprovalKey(authentication), token); } addToCollection(this.clientIdToAccessTokenStore, authentication.getOAuth2Request().getClientId(), token); if (token.getExpiration() != null) { TokenExpiry expiry = new TokenExpiry(token.getValue(), token.getExpiration()); // Remove existing expiry for this token if present expiryQueue.remove(expiryMap.put(token.getValue(), expiry)); this.expiryQueue.put(expiry); } if (token.getRefreshToken() != null && token.getRefreshToken().getValue() != null) { this.refreshTokenToAccessTokenStore.put(token.getRefreshToken().getValue(), token.getValue()); this.accessTokenToRefreshTokenStore.put(token.getValue(), token.getRefreshToken().getValue()); } }
@Test public void test_ConsumeClientCredentials_From_OldStore() throws Exception { String code = legacyCodeServices.createAuthorizationCode(clientAuthentication); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); OAuth2Authentication authentication = store.consumeAuthorizationCode(code); assertNotNull(authentication); assertTrue(authentication.isClientOnly()); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(0)); }
if (authentication.isClientOnly()) { UaaUser user = getUser(req, info); UaaAuthenticationDetails authdetails = (UaaAuthenticationDetails) req.getDetails();
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuthentication.getClientId()); Set<String> scopes = clientAuthentication.getScope(); if (oauth2Authentication.isClientOnly() && clientAuthoritiesAreScopes) { scopes = AuthorityUtils.authorityListToSet(clientAuthentication.getAuthorities());
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { String refreshToken = null; if (token.getRefreshToken() != null) { refreshToken = token.getRefreshToken().getValue(); } if (readAccessToken(token.getValue())!=null) { removeAccessToken(token.getValue()); } jdbcTemplate.update(insertAccessTokenSql, new Object[] { extractTokenKey(token.getValue()), new SqlLobValue(serializeAccessToken(token)), authenticationKeyGenerator.extractKey(authentication), authentication.isClientOnly() ? null : authentication.getName(), authentication.getOAuth2Request().getClientId(), new SqlLobValue(serializeAuthentication(authentication)), extractTokenKey(refreshToken) }, new int[] { Types.VARCHAR, Types.BLOB, Types.VARCHAR, Types.VARCHAR, Types.VARCHAR, Types.BLOB, Types.VARCHAR }); }
&& !authentication.isClientOnly()) {
conn.set(authToAccessKey, serializedAccessToken); if (!authentication.isClientOnly()) { conn.sAdd(approvalKey, serializedAccessToken);
if (authentication.isClientOnly()) { clientScopes = client.getAuthorities(); } else {
if (this.authenticationManager != null && !authentication.isClientOnly()) {
@Override public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { this.redisTemplate.opsForValue().set(ACCESS + token.getValue(), token); this.redisTemplate.opsForValue().set(AUTH + token.getValue(), authentication); this.redisTemplate.opsForValue().set(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication), token); if (!authentication.isClientOnly()) { redisTemplate.opsForList().rightPush(UNAME_TO_ACCESS + getApprovalKey(authentication), token); } redisTemplate.opsForList().rightPush(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), token); if (token.getExpiration() != null) { int seconds = token.getExpiresIn(); redisTemplate.expire(ACCESS + token.getValue(), seconds, TimeUnit.SECONDS); redisTemplate.expire(AUTH + token.getValue(), seconds, TimeUnit.SECONDS); redisTemplate.expire(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication), seconds, TimeUnit.SECONDS); redisTemplate.expire(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), seconds, TimeUnit.SECONDS); redisTemplate.expire(UNAME_TO_ACCESS + getApprovalKey(authentication), seconds, TimeUnit.SECONDS); } if (token.getRefreshToken() != null && token.getRefreshToken().getValue() != null) { this.redisTemplate.opsForValue().set(REFRESH_TO_ACCESS + token.getRefreshToken().getValue(), token.getValue()); this.redisTemplate.opsForValue().set(ACCESS_TO_REFRESH + token.getValue(), token.getRefreshToken().getValue()); } }