List of usage examples for org.springframework.security.oauth2.provider.authentication OAuth2AuthenticationDetails getTokenValue
public String getTokenValue()
From source file:org.trustedanalytics.cloud.auth.OAuth2TokenRetriever.java
@Override public String getAuthToken(Authentication auth) { OAuth2Authentication oauth2 = (OAuth2Authentication) auth; OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) oauth2.getDetails(); return details.getTokenValue(); }
From source file:org.trustedanalytics.modelcatalog.security.OAuth2TokenExtractor.java
@Override public String apply(Authentication authentication) { OAuth2Authentication oauth2 = (OAuth2Authentication) authentication; OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) oauth2.getDetails(); return details.getTokenValue(); }
From source file:com.orange.clara.cloud.services.sandbox.ElpaasoSandboxServiceApplication.java
@Bean @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS) public OAuth2AccessToken getOAuth2AccessToken() { OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) SecurityContextHolder.getContext() .getAuthentication();/*from ww w . j ava 2 s. c o m*/ final OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) oAuth2Authentication.getDetails(); return new DefaultOAuth2AccessToken(details.getTokenValue()); }
From source file:com.orange.clara.cloud.servicedbdumper.config.UaaConfig.java
@Bean @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS) public OAuth2AccessToken getOAuth2AccessToken() { if (!(SecurityContextHolder.getContext().getAuthentication() instanceof OAuth2Authentication)) { return null; }//from w w w. j a va 2 s . c om OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) SecurityContextHolder.getContext() .getAuthentication(); final OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) oAuth2Authentication.getDetails(); return new DefaultOAuth2AccessToken(details.getTokenValue()); }
From source file:org.mitre.openid.connect.web.ClientDynamicRegistrationEndpoint.java
/** * Get the meta information for a client. * @param clientId/* w w w . ja va2 s. c om*/ * @param m * @param auth * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')") @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = "application/json") public String readClientConfiguration(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { // we return the token that we got in OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); try { RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(client.getClientId(), "UTF-8")); // send it all out to the view m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.OK); // http 200 return "clientInformationResponseView"; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); return "httpCodeView"; } } else { // client mismatch logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 return "httpCodeView"; } }
From source file:org.mitre.openid.connect.web.ClientDynamicRegistrationEndpoint.java
/** * Update the metainformation for a given client. * @param clientId/* w ww . j av a2 s . c o m*/ * @param jsonString * @param m * @param auth * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')") @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = "application/json", consumes = "application/json") public String updateClient(@PathVariable("id") String clientId, @RequestBody String jsonString, Model m, OAuth2Authentication auth) { ClientDetailsEntity newClient = ClientDetailsEntityJsonProcessor.parse(jsonString); ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); if (newClient != null && oldClient != null // we have an existing client and the new one parsed && oldClient.getClientId().equals(auth.getOAuth2Request().getClientId()) // the client passed in the URI matches the one in the auth && oldClient.getClientId().equals(newClient.getClientId()) // the client passed in the body matches the one in the URI ) { // a client can't ask to update its own client secret to any particular value newClient.setClientSecret(oldClient.getClientSecret()); // we need to copy over all of the local and SECOAUTH fields newClient.setAccessTokenValiditySeconds(oldClient.getAccessTokenValiditySeconds()); newClient.setIdTokenValiditySeconds(oldClient.getIdTokenValiditySeconds()); newClient.setRefreshTokenValiditySeconds(oldClient.getRefreshTokenValiditySeconds()); newClient.setDynamicallyRegistered(true); // it's still dynamically registered newClient.setAllowIntrospection(oldClient.isAllowIntrospection()); newClient.setAuthorities(oldClient.getAuthorities()); newClient.setClientDescription(oldClient.getClientDescription()); newClient.setCreatedAt(oldClient.getCreatedAt()); newClient.setReuseRefreshToken(oldClient.isReuseRefreshToken()); // set of scopes that are OK for clients to dynamically register for Set<SystemScope> dynScopes = scopeService.getDynReg(); // scopes that the client is asking for Set<SystemScope> requestedScopes = scopeService.fromStrings(newClient.getScope()); // the scopes that the client can have must be a subset of the dynamically allowed scopes Set<SystemScope> allowedScopes = Sets.intersection(dynScopes, requestedScopes); // make sure that the client doesn't ask for scopes it can't have newClient.setScope(scopeService.toStrings(allowedScopes)); try { // save the client ClientDetailsEntity savedClient = clientService.updateClient(oldClient, newClient); // we return the token that we got in // TODO: rotate this after some set amount of time OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); // send it all out to the view m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.OK); // http 200 return "clientInformationResponseView"; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); m.addAttribute("code", HttpStatus.BAD_REQUEST); return "httpCodeView"; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); return "httpCodeView"; } } else { // client mismatch logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 return "httpCodeView"; } }
From source file:org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint.java
private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) {//from w ww. j av a 2s.c om OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); if (config.getRegTokenLifeTime() != null) { try { // Re-issue the token if it has been issued before [currentTime - validity] Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000); if (token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) { logger.info("Rotating the registration access token for " + client.getClientId()); tokenService.revokeAccessToken(token); OAuth2AccessTokenEntity newToken = connectTokenService.createResourceAccessToken(client); tokenService.saveAccessToken(newToken); return newToken; } else { // it's not expired, keep going return token; } } catch (ParseException e) { logger.error("Couldn't parse a known-valid token?", e); return token; } } else { // tokens don't expire, just return it return token; } }
From source file:org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint.java
private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) {/* w w w. ja v a2 s .c o m*/ OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); if (config.getRegTokenLifeTime() != null) { try { // Re-issue the token if it has been issued before [currentTime - validity] Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000); if (token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) { logger.info("Rotating the registration access token for " + client.getClientId()); tokenService.revokeAccessToken(token); OAuth2AccessTokenEntity newToken = connectTokenService.createRegistrationAccessToken(client); tokenService.saveAccessToken(newToken); return newToken; } else { // it's not expired, keep going return token; } } catch (ParseException e) { logger.error("Couldn't parse a known-valid token?", e); return token; } } else { // tokens don't expire, just return it return token; } }