List of usage examples for org.springframework.security.oauth.provider ConsumerAuthentication getConsumerCredentials
public ConsumerCredentials getConsumerCredentials()
From source file:ltistarter.oauth.MyOAuthAuthenticationHandler.java
@Override public Authentication createAuthentication(HttpServletRequest request, ConsumerAuthentication authentication, OAuthAccessProviderToken authToken) { Collection<GrantedAuthority> authorities = new HashSet<>(authentication.getAuthorities()); // attempt to create a user Authority String username = request.getParameter("username"); if (StringUtils.isBlank(username)) { username = authentication.getName(); }// w ww . j a v a 2s . com // NOTE: you should replace this block with your real rules for determining OAUTH ADMIN roles if (username.equals("admin")) { authorities.add(userGA); authorities.add(adminGA); } else { authorities.add(userGA); } Principal principal = new NamedOAuthPrincipal(username, authorities, authentication.getConsumerCredentials().getConsumerKey(), authentication.getConsumerCredentials().getSignature(), authentication.getConsumerCredentials().getSignatureMethod(), authentication.getConsumerCredentials().getSignatureBaseString(), authentication.getConsumerCredentials().getToken()); Authentication auth = new UsernamePasswordAuthenticationToken(principal, null, authorities); log.info("createAuthentication generated auth principal (" + principal + "): req=" + request); return auth; }
From source file:ltistarter.lti.LTIOAuthAuthenticationHandler.java
@Override public Authentication createAuthentication(HttpServletRequest request, ConsumerAuthentication authentication, OAuthAccessProviderToken authToken) { Collection<GrantedAuthority> authorities = new HashSet<>(authentication.getAuthorities()); LTIRequest ltiRequest = (LTIRequest) request.getAttribute(LTIRequest.class.getName()); if (ltiRequest == null) { throw new IllegalStateException("Cannot create authentication for LTI because the LTIRequest is null"); }/*from www. j a v a 2 s . c o m*/ // attempt to create a user Authority String username = ltiRequest.getLtiUserId(); if (StringUtils.isBlank(username)) { username = authentication.getName(); } // set appropriate permissions for this user based on LTI data if (ltiRequest.getUser() != null) { authorities.add(userGA); } if (ltiRequest.isRoleAdministrator()) { authorities.add(adminGA); } if (ltiRequest.isRoleInstructor()) { authorities.add(instructorGA); } if (ltiRequest.isRoleLearner()) { authorities.add(learnerGA); } // TODO store lti context and user id in the principal Principal principal = new MyOAuthAuthenticationHandler.NamedOAuthPrincipal(username, authorities, authentication.getConsumerCredentials().getConsumerKey(), authentication.getConsumerCredentials().getSignature(), authentication.getConsumerCredentials().getSignatureMethod(), authentication.getConsumerCredentials().getSignatureBaseString(), authentication.getConsumerCredentials().getToken()); Authentication auth = new UsernamePasswordAuthenticationToken(principal, null, authorities); log.info("createAuthentication generated LTI auth principal (" + principal + "): req=" + request); return auth; }
From source file:org.springframework.security.oauth.provider.filter.OAuthProviderProcessingFilter.java
/** * Validate the signature of the request given the authentication request. * * @param authentication The authentication request. *//*from w w w . jav a 2s. com*/ protected void validateSignature(ConsumerAuthentication authentication) throws AuthenticationException { SignatureSecret secret = authentication.getConsumerDetails().getSignatureSecret(); String token = authentication.getConsumerCredentials().getToken(); OAuthProviderToken authToken = null; if (token != null && !"".equals(token)) { authToken = getTokenServices().getToken(token); } String signatureMethod = authentication.getConsumerCredentials().getSignatureMethod(); OAuthSignatureMethod method; try { method = getSignatureMethodFactory().getSignatureMethod(signatureMethod, secret, authToken != null ? authToken.getSecret() : null); } catch (UnsupportedSignatureMethodException e) { throw new OAuthException(e.getMessage(), e); } String signatureBaseString = authentication.getConsumerCredentials().getSignatureBaseString(); String signature = authentication.getConsumerCredentials().getSignature(); if (log.isDebugEnabled()) { log.debug("Verifying signature " + signature + " for signature base string " + signatureBaseString + " with method " + method.getName() + "."); } method.verify(signatureBaseString, signature); }
From source file:org.springframework.security.oauth.provider.OAuthProviderProcessingFilter.java
/** * Validate the signature of the request given the authentication request. * * @param authentication The authentication request. *///from w w w .ja va2 s.c o m protected void validateSignature(ConsumerAuthentication authentication) throws AuthenticationException { SignatureSecret secret = authentication.getConsumerDetails().getSignatureSecret(); String token = authentication.getConsumerCredentials().getToken(); OAuthProviderToken authToken = null; if (token != null && !"".equals(token)) { authToken = getTokenServices().getToken(token); } String signatureMethod = authentication.getConsumerCredentials().getSignatureMethod(); OAuthSignatureMethod method = getSignatureMethodFactory().getSignatureMethod(signatureMethod, secret, authToken != null ? authToken.getSecret() : null); String signatureBaseString = authentication.getConsumerCredentials().getSignatureBaseString(); String signature = authentication.getConsumerCredentials().getSignature(); if (log.isDebugEnabled()) { log.debug("Verifying signature " + signature + " for signature base string " + signatureBaseString + " with method " + method.getName() + "."); } method.verify(signatureBaseString, signature); }