Example usage for org.springframework.security.oauth.provider ConsumerAuthentication getAuthorities

List of usage examples for org.springframework.security.oauth.provider ConsumerAuthentication getAuthorities

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.oauth.provider.*
  5. ConsumerAuthentication
  6. getAuthorities

Introduction

In this page you can find the example usage for org.springframework.security.oauth.provider ConsumerAuthentication getAuthorities.

Prototype

public Collection<GrantedAuthority> getAuthorities()

Source Link

Usage

From source file:ltistarter.lti.LTIOAuthAuthenticationHandler.java

@Override
public Authentication createAuthentication(HttpServletRequest request, ConsumerAuthentication authentication,
        OAuthAccessProviderToken authToken) {
    Collection<GrantedAuthority> authorities = new HashSet<>(authentication.getAuthorities());
    LTIRequest ltiRequest = (LTIRequest) request.getAttribute(LTIRequest.class.getName());
    if (ltiRequest == null) {
        throw new IllegalStateException("Cannot create authentication for LTI because the LTIRequest is null");
    }/*from   ww  w  .  j  a  va 2s  .  c  om*/

    // attempt to create a user Authority
    String username = ltiRequest.getLtiUserId();
    if (StringUtils.isBlank(username)) {
        username = authentication.getName();
    }

    // set appropriate permissions for this user based on LTI data
    if (ltiRequest.getUser() != null) {
        authorities.add(userGA);
    }
    if (ltiRequest.isRoleAdministrator()) {
        authorities.add(adminGA);
    }
    if (ltiRequest.isRoleInstructor()) {
        authorities.add(instructorGA);
    }
    if (ltiRequest.isRoleLearner()) {
        authorities.add(learnerGA);
    }

    // TODO store lti context and user id in the principal
    Principal principal = new MyOAuthAuthenticationHandler.NamedOAuthPrincipal(username, authorities,
            authentication.getConsumerCredentials().getConsumerKey(),
            authentication.getConsumerCredentials().getSignature(),
            authentication.getConsumerCredentials().getSignatureMethod(),
            authentication.getConsumerCredentials().getSignatureBaseString(),
            authentication.getConsumerCredentials().getToken());
    Authentication auth = new UsernamePasswordAuthenticationToken(principal, null, authorities);
    log.info("createAuthentication generated LTI auth principal (" + principal + "): req=" + request);
    return auth;
}

From source file:ltistarter.oauth.MyOAuthAuthenticationHandler.java

@Override
public Authentication createAuthentication(HttpServletRequest request, ConsumerAuthentication authentication,
        OAuthAccessProviderToken authToken) {
    Collection<GrantedAuthority> authorities = new HashSet<>(authentication.getAuthorities());
    // attempt to create a user Authority
    String username = request.getParameter("username");
    if (StringUtils.isBlank(username)) {
        username = authentication.getName();
    }//from  w  w w.  j  a  v a2s.co m

    // NOTE: you should replace this block with your real rules for determining OAUTH ADMIN roles
    if (username.equals("admin")) {
        authorities.add(userGA);
        authorities.add(adminGA);
    } else {
        authorities.add(userGA);
    }

    Principal principal = new NamedOAuthPrincipal(username, authorities,
            authentication.getConsumerCredentials().getConsumerKey(),
            authentication.getConsumerCredentials().getSignature(),
            authentication.getConsumerCredentials().getSignatureMethod(),
            authentication.getConsumerCredentials().getSignatureBaseString(),
            authentication.getConsumerCredentials().getToken());
    Authentication auth = new UsernamePasswordAuthenticationToken(principal, null, authorities);
    log.info("createAuthentication generated auth principal (" + principal + "): req=" + request);
    return auth;
}