public Object getPrincipal() { return this.userAuthentication == null ? this.storedRequest.getClientId() : this.userAuthentication .getPrincipal(); }
@Override public String getClientId() { Authentication a = SecurityContextHolder.getContext().getAuthentication(); if (!(a instanceof OAuth2Authentication)) { return null; } return ((OAuth2Authentication) a).getOAuth2Request().getClientId(); }
protected String extractClientIdFromAuthentication(Authentication authentication) { if (authentication==null) { return null; } if (authentication instanceof OAuth2Authentication) { OAuth2Authentication a = (OAuth2Authentication)authentication; return a.getOAuth2Request().getClientId(); } return null; }
/** * Is a refresh token supported for this client (or the global setting if * {@link #setClientDetailsService(ClientDetailsService) clientDetailsService} is not set. * * @param clientAuth the current authorization request * @return boolean to indicate if refresh token is supported */ protected boolean isSupportRefreshToken(OAuth2Request clientAuth) { if (clientDetailsService != null) { ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId()); return client.getAuthorizedGrantTypes().contains("refresh_token"); } return this.supportRefreshToken; }
/** * Update the request parameters and return a new object with the same properties except the parameters. * @param parameters new parameters replacing the existing ones * @return a new OAuth2Request */ public OAuth2Request createOAuth2Request(Map<String, String> parameters) { return new OAuth2Request(parameters, getClientId(), authorities, approved, getScope(), resourceIds, redirectUri, responseTypes, extensions); }
/** * Update the scope and create a new request. All the other properties are the same (including the request * parameters). * * @param scope the new scope * @return a new request with the narrowed scope */ public OAuth2Request narrowScope(Set<String> scope) { OAuth2Request request = new OAuth2Request(getRequestParameters(), getClientId(), authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions); request.refresh = this.refresh; return request; }
/** * The refresh token validity period in seconds * * @param clientAuth the current authorization request * @return the refresh token validity period in seconds */ protected int getRefreshTokenValiditySeconds(OAuth2Request clientAuth) { if (clientDetailsService != null) { ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId()); Integer validity = client.getRefreshTokenValiditySeconds(); if (validity != null) { return validity; } } return refreshTokenValiditySeconds; }
/** * The access token validity period in seconds * * @param clientAuth the current authorization request * @return the access token validity period in seconds */ protected int getAccessTokenValiditySeconds(OAuth2Request clientAuth) { if (clientDetailsService != null) { ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId()); Integer validity = client.getAccessTokenValiditySeconds(); if (validity != null) { return validity; } } return accessTokenValiditySeconds; }
public String extractKey(OAuth2Authentication authentication) { Map<String, String> values = new LinkedHashMap<String, String>(); OAuth2Request authorizationRequest = authentication.getOAuth2Request(); if (!authentication.isClientOnly()) { values.put(USERNAME, authentication.getName()); } values.put(CLIENT_ID, authorizationRequest.getClientId()); if (authorizationRequest.getScope() != null) { values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet<String>(authorizationRequest.getScope()))); } return generateKey(values); }
/** * @param principal the currently authentication principal * @return a client id if there is one in the principal */ protected String getClientId(Principal principal) { Authentication client = (Authentication) principal; if (!client.isAuthenticated()) { throw new InsufficientAuthenticationException("The client is not authenticated."); } String clientId = client.getName(); if (client instanceof OAuth2Authentication) { // Might be a client and user combined authentication clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId(); } return clientId; }
private static String getApprovalKey(OAuth2Authentication authentication) { String userName = authentication.getUserAuthentication() == null ? "" : authentication.getUserAuthentication().getName(); return getApprovalKey(authentication.getOAuth2Request().getClientId(), userName); }
private String getApprovalKey(OAuth2Authentication authentication) { String userName = authentication.getUserAuthentication() == null ? "" : authentication.getUserAuthentication() .getName(); return getApprovalKey(authentication.getOAuth2Request().getClientId(), userName); }
public OAuth2Request refresh(TokenRequest tokenRequest) { OAuth2Request request = new OAuth2Request(getRequestParameters(), getClientId(), authorities, approved, getScope(), resourceIds, redirectUri, responseTypes, extensions); request.refresh = tokenRequest; return request; }
private void remove(String token) { if (approvalStore != null) { OAuth2Authentication auth = readAuthentication(token); String clientId = auth.getOAuth2Request().getClientId(); Authentication user = auth.getUserAuthentication(); if (user != null) { Collection<Approval> approvals = new ArrayList<Approval>(); for (String scope : auth.getOAuth2Request().getScope()) { approvals.add(new Approval(user.getName(), clientId, scope, new Date(), ApprovalStatus.APPROVED)); } approvalStore.revokeApprovals(approvals); } } } }
@RequestMapping(value = "/oauth/token/list", method = GET) public ResponseEntity<List<RevocableToken>> listUserTokens(OAuth2Authentication authentication) { UaaPrincipal principal = (UaaPrincipal) authentication.getUserAuthentication().getPrincipal(); String userId = principal.getId(); String clientId = authentication.getOAuth2Request().getClientId(); logger.debug("Listing revocable tokens access token userId:"+ userId +" clientId:"+ clientId); List<RevocableToken> result = tokenProvisioning.getUserTokens(userId, clientId, IdentityZoneHolder.get().getId()); removeTokenValues(result); return new ResponseEntity<>(result, OK); }
public String getClientId(String tokenValue) { OAuth2Authentication authentication = tokenStore.readAuthentication(tokenValue); if (authentication == null) { throw new InvalidTokenException("Invalid access token: " + tokenValue); } OAuth2Request clientAuth = authentication.getOAuth2Request(); if (clientAuth == null) { throw new InvalidTokenException("Invalid access token (no client id): " + tokenValue); } return clientAuth.getClientId(); }
protected OAuth2Request(OAuth2Request other) { this(other.getRequestParameters(), other.getClientId(), other.getAuthorities(), other.isApproved(), other .getScope(), other.getResourceIds(), other.getRedirectUri(), other.getResponseTypes(), other .getExtensions()); }
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { String refreshToken = null; if (token.getRefreshToken() != null) { refreshToken = token.getRefreshToken().getValue(); } if (readAccessToken(token.getValue())!=null) { removeAccessToken(token.getValue()); } jdbcTemplate.update(insertAccessTokenSql, new Object[] { extractTokenKey(token.getValue()), new SqlLobValue(serializeAccessToken(token)), authenticationKeyGenerator.extractKey(authentication), authentication.isClientOnly() ? null : authentication.getName(), authentication.getOAuth2Request().getClientId(), new SqlLobValue(serializeAuthentication(authentication)), extractTokenKey(refreshToken) }, new int[] { Types.VARCHAR, Types.BLOB, Types.VARCHAR, Types.VARCHAR, Types.VARCHAR, Types.BLOB, Types.VARCHAR }); }
@Test public void testTokenRetrieval() throws Exception { OAuth2Authentication result = services.loadAuthentication("FOO"); assertNotNull(result); assertEquals("remote", result.getOAuth2Request().getClientId()); assertEquals("olds", result.getUserAuthentication().getName()); assertEquals("HDGFJSHGDF", ((RemoteUserAuthentication) result.getUserAuthentication()).getId()); assertNotNull(result.getOAuth2Request().getRequestParameters()); assertNull(result.getOAuth2Request().getRequestParameters().get(ClaimConstants.ISS)); }
@Test public void testTokenRetrievalWithClaims() throws Exception { services.setStoreClaims(true); OAuth2Authentication result = services.loadAuthentication("FOO"); assertNotNull(result); assertEquals("remote", result.getOAuth2Request().getClientId()); assertEquals("olds", result.getUserAuthentication().getName()); assertEquals("HDGFJSHGDF", ((RemoteUserAuthentication) result.getUserAuthentication()).getId()); assertNotNull(result.getOAuth2Request().getRequestParameters()); assertNotNull(result.getOAuth2Request().getRequestParameters().get(ClaimConstants.ISS)); }