List of usage examples for org.springframework.security.oauth2.common OAuth2AccessToken SCOPE
String SCOPE
To view the source code for org.springframework.security.oauth2.common OAuth2AccessToken SCOPE.
Click Source Link
From source file:org.cloudfoundry.identity.uaa.oauth.DefaultTokenConverter.java
@Override public Map<String, ?> convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { Map<String, Object> response = new HashMap<String, Object>(); AuthorizationRequest clientToken = authentication.getAuthorizationRequest(); if (!authentication.isClientOnly()) { response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication())); }/*from ww w . ja v a 2 s . co m*/ response.put(OAuth2AccessToken.SCOPE, token.getScope()); if (token.getAdditionalInformation().containsKey(JwtTokenEnhancer.TOKEN_ID)) { response.put(JwtTokenEnhancer.TOKEN_ID, token.getAdditionalInformation().get(JwtTokenEnhancer.TOKEN_ID)); } if (token.getExpiration() != null) { response.put("exp", token.getExpiration().getTime() / 1000); } response.putAll(token.getAdditionalInformation()); response.put("client_id", clientToken.getClientId()); if (clientToken.getResourceIds() != null && !clientToken.getResourceIds().isEmpty()) { response.put("aud", clientToken.getResourceIds()); } return response; }
From source file:org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Serializer.java
@Override public void serialize(OAuth2AccessToken token, JsonGenerator jgen, SerializerProvider provider) throws IOException, JsonGenerationException { jgen.writeStartObject();/*from w ww.j ava 2 s . co m*/ jgen.writeStringField(OAuth2AccessToken.ACCESS_TOKEN, token.getValue()); jgen.writeStringField(OAuth2AccessToken.TOKEN_TYPE, token.getTokenType()); OAuth2RefreshToken refreshToken = token.getRefreshToken(); if (refreshToken != null) { jgen.writeStringField(OAuth2AccessToken.REFRESH_TOKEN, refreshToken.getValue()); } Date expiration = token.getExpiration(); if (expiration != null) { long now = System.currentTimeMillis(); jgen.writeNumberField(OAuth2AccessToken.EXPIRES_IN, (expiration.getTime() - now) / 1000); } Set<String> scope = token.getScope(); if (scope != null && !scope.isEmpty()) { StringBuffer scopes = new StringBuffer(); for (String s : scope) { Assert.hasLength(s, "Scopes cannot be null or empty. Got " + scope + ""); scopes.append(s); scopes.append(" "); } jgen.writeStringField(OAuth2AccessToken.SCOPE, scopes.substring(0, scopes.length() - 1)); } Map<String, Object> additionalInformation = token.getAdditionalInformation(); for (String key : additionalInformation.keySet()) { jgen.writeObjectField(key, additionalInformation.get(key)); } jgen.writeEndObject(); }
From source file:com.acc.conv.Oauth2AccessTokenConverter.java
@Override public void marshal(final Object source, final HierarchicalStreamWriter writerOrig, final MarshallingContext context) { final OAuth2AccessToken token = (OAuth2AccessToken) source; final ExtendedHierarchicalStreamWriter writer = (ExtendedHierarchicalStreamWriter) writerOrig .underlyingWriter();/* w w w.ja v a2 s .co m*/ writer.startNode(OAuth2AccessToken.ACCESS_TOKEN, String.class); writer.setValue(formattedValue(token.getValue())); writer.endNode(); writer.startNode(OAuth2AccessToken.TOKEN_TYPE, String.class); writer.setValue(formattedValue(token.getTokenType())); writer.endNode(); final OAuth2RefreshToken refreshToken = token.getRefreshToken(); if (refreshToken != null) { writer.startNode(OAuth2AccessToken.REFRESH_TOKEN, String.class); writer.setValue(formattedValue(refreshToken.getValue())); writer.endNode(); } final Date expiration = token.getExpiration(); if (expiration != null) { final long now = System.currentTimeMillis(); writer.startNode(OAuth2AccessToken.EXPIRES_IN, Integer.class); writer.setValue(String.valueOf((expiration.getTime() - now) / 1000)); writer.endNode(); } final Set<String> scope = token.getScope(); if (scope != null && !scope.isEmpty()) { final StringBuffer scopes = new StringBuffer(); for (final String s : scope) { Assert.hasLength(s, "Scopes cannot be null or empty. Got " + scope); scopes.append(s); scopes.append(' '); } writer.startNode(OAuth2AccessToken.SCOPE, String.class); writer.setValue(formattedValue(scopes.substring(0, scopes.length() - 1))); writer.endNode(); } final Map<String, Object> additionalInformation = token.getAdditionalInformation(); for (final String key : additionalInformation.keySet()) { writer.startNode(key, String.class); writer.setValue(formattedValue(String.valueOf(additionalInformation.get(key)))); writer.endNode(); } }
From source file:org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Deserializer.java
@Override public OAuth2AccessToken deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException { String tokenValue = null;//from ww w. ja v a 2 s. c o m String tokenType = null; String refreshToken = null; Long expiresIn = null; Set<String> scope = null; Map<String, Object> additionalInformation = new LinkedHashMap<String, Object>(); // TODO What should occur if a parameter exists twice while (jp.nextToken() != JsonToken.END_OBJECT) { String name = jp.getCurrentName(); jp.nextToken(); if (OAuth2AccessToken.ACCESS_TOKEN.equals(name)) { tokenValue = jp.getText(); } else if (OAuth2AccessToken.TOKEN_TYPE.equals(name)) { tokenType = jp.getText(); } else if (OAuth2AccessToken.REFRESH_TOKEN.equals(name)) { refreshToken = jp.getText(); } else if (OAuth2AccessToken.EXPIRES_IN.equals(name)) { try { expiresIn = jp.getLongValue(); } catch (JsonParseException e) { expiresIn = Long.valueOf(jp.getText()); } } else if (OAuth2AccessToken.SCOPE.equals(name)) { String text = jp.getText(); scope = OAuth2Utils.parseParameterList(text); } else { additionalInformation.put(name, jp.readValueAs(Object.class)); } } // TODO What should occur if a required parameter (tokenValue or tokenType) is missing? DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(tokenValue); accessToken.setTokenType(tokenType); if (expiresIn != null) { accessToken.setExpiration(new Date(System.currentTimeMillis() + (expiresIn * 1000))); } if (refreshToken != null) { accessToken.setRefreshToken(new DefaultOAuth2RefreshToken(refreshToken)); } accessToken.setScope(scope); accessToken.setAdditionalInformation(additionalInformation); return accessToken; }
From source file:com.ge.predix.uaa.token.lib.TestTokenUtil.java
private static Map<String, ?> createJWTAccessToken(final OAuth2AccessToken token, final String issuerId, final String userId, final String username, final String userEmail, final Collection<GrantedAuthority> clientScopes, final Set<String> requestedScopes, final String clientId, final Set<String> resourceIds, final String grantType, final String refreshToken, final String revocableHashSignature, final long issuedAtMillis, final String zoneId) { Map<String, Object> response = new LinkedHashMap<String, Object>(); response.put(JTI, token.getAdditionalInformation().get(JTI)); response.putAll(token.getAdditionalInformation()); response.put(SUB, userId);/*w w w . j a v a 2 s . c o m*/ if (null != clientScopes) { response.put(AUTHORITIES, AuthorityUtils.authorityListToSet(clientScopes)); } response.put(OAuth2AccessToken.SCOPE, requestedScopes); response.put(CLIENT_ID, clientId); response.put(CID, clientId); response.put(AZP, clientId); // openId Connect if (null != grantType) { response.put(GRANT_TYPE, grantType); } if (!"client_credentials".equals(grantType)) { response.put(USER_ID, userId); response.put(USER_NAME, username == null ? userId : username); if (null != userEmail) { response.put(EMAIL, userEmail); } } if (StringUtils.hasText(revocableHashSignature)) { response.put(Claims.REVOCATION_SIGNATURE, revocableHashSignature); } response.put(IAT, issuedAtMillis / 1000); if (token.getExpiration() != null) { response.put(EXP, token.getExpiration().getTime() / 1000); } if (issuerId != null) { response.put(ISS, issuerId); response.put(ZONE_ID, zoneId); } response.put(AUD, resourceIds); return response; }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServices.java
private Map<String, ?> createJWTAccessToken(OAuth2AccessToken token, String userId, String username, String userEmail, Collection<GrantedAuthority> clientScopes, Set<String> requestedScopes, String clientId, Set<String> resourceIds, String grantType, String refreshToken) { Map<String, Object> response = new LinkedHashMap<String, Object>(); response.put(JTI, token.getAdditionalInformation().get(JTI)); response.putAll(token.getAdditionalInformation()); response.put(SUB, userId);// w ww .j a va 2 s. c om if (null != clientScopes) { response.put(AUTHORITIES, AuthorityUtils.authorityListToSet(clientScopes)); } response.put(OAuth2AccessToken.SCOPE, requestedScopes); response.put(CLIENT_ID, clientId); response.put(CID, clientId); response.put(AZP, clientId); //openId Connect if (null != grantType) { response.put(GRANT_TYPE, grantType); } if (!"client_credentials".equals(grantType)) { response.put(USER_ID, userId); response.put(USER_NAME, username == null ? userId : username); if (null != userEmail) { response.put(EMAIL, userEmail); } } response.put(IAT, System.currentTimeMillis() / 1000); if (token.getExpiration() != null) { response.put(EXP, token.getExpiration().getTime() / 1000); } if (tokenEndpoint != null) { response.put(ISS, tokenEndpoint); } // TODO: different values for audience in the AT and RT. Need to sync // them up response.put(AUD, resourceIds); return response; }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServices.java
private Map<String, ?> createJWTAccessToken(OAuth2AccessToken token, String userId, UaaUser user, Date userAuthenticationTime, Collection<GrantedAuthority> clientScopes, Set<String> requestedScopes, String clientId, Set<String> resourceIds, String grantType, String refreshToken, String revocableHashSignature, boolean revocable) { Map<String, Object> response = new LinkedHashMap<String, Object>(); response.put(JTI, token.getAdditionalInformation().get(JTI)); response.putAll(token.getAdditionalInformation()); response.put(SUB, clientId);//from w w w . j a v a 2 s . c o m if (null != clientScopes) { response.put(AUTHORITIES, AuthorityUtils.authorityListToSet(clientScopes)); } response.put(OAuth2AccessToken.SCOPE, requestedScopes); response.put(CLIENT_ID, clientId); response.put(CID, clientId); response.put(AZP, clientId); //openId Connect if (revocable) { response.put(REVOCABLE, true); } if (null != grantType) { response.put(GRANT_TYPE, grantType); } if (user != null && userId != null) { response.put(USER_ID, userId); String origin = user.getOrigin(); if (StringUtils.hasLength(origin)) { response.put(ORIGIN, origin); } String username = user.getUsername(); response.put(USER_NAME, username == null ? userId : username); String userEmail = user.getEmail(); if (userEmail != null) { response.put(EMAIL, userEmail); } if (userAuthenticationTime != null) { response.put(AUTH_TIME, userAuthenticationTime.getTime() / 1000); } response.put(SUB, userId); } if (StringUtils.hasText(revocableHashSignature)) { response.put(REVOCATION_SIGNATURE, revocableHashSignature); } response.put(IAT, System.currentTimeMillis() / 1000); response.put(EXP, token.getExpiration().getTime() / 1000); if (getTokenEndpoint() != null) { response.put(ISS, getTokenEndpoint()); response.put(ZONE_ID, IdentityZoneHolder.get().getId()); } // TODO: different values for audience in the AT and RT. Need to sync // them up response.put(AUD, resourceIds); for (String excludedClaim : getExcludedClaims()) { response.remove(excludedClaim); } return response; }