List of usage examples for org.springframework.security.oauth2.provider AuthorizationRequest setAuthorities
public void setAuthorities(Collection<? extends GrantedAuthority> authorities)
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServices.java
@Override public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException { Map<String, Object> claims = getClaimsForToken(accessToken); // Check token expiry Integer expiration = (Integer) claims.get(EXP); if (expiration != null && new Date(expiration * 1000l).before(new Date())) { throw new InvalidTokenException("Invalid access token (expired): " + accessToken + " expired at " + new Date(expiration * 1000l)); }/* ww w . j a v a 2 s .c o m*/ // Check client ID is valid validateClient((String) claims.get(CLIENT_ID)); validateClient((String) claims.get(CID)); @SuppressWarnings("unchecked") ArrayList<String> scopes = (ArrayList<String>) claims.get(SCOPE); AuthorizationRequest authorizationRequest = new AuthorizationRequest((String) claims.get(CLIENT_ID), scopes); ArrayList<String> rids = (ArrayList<String>) claims.get(AUD); //TODO - Fix null resource IDs for a client_credentials request to /oauth/token Set<String> resourceIds = Collections .unmodifiableSet(rids == null ? new HashSet<String>() : new HashSet<>(rids)); authorizationRequest.setResourceIds(resourceIds); authorizationRequest.setApproved(true); Collection<? extends GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList( StringUtils.collectionToCommaDelimitedString(defaultUserAuthorities)); if (claims.containsKey("authorities")) { Object authoritiesFromClaims = claims.get("authorities"); if (authoritiesFromClaims instanceof String) { authorities = AuthorityUtils.commaSeparatedStringToAuthorityList((String) authoritiesFromClaims); } if (authoritiesFromClaims instanceof Collection) { authorities = AuthorityUtils.commaSeparatedStringToAuthorityList( StringUtils.collectionToCommaDelimitedString((Collection<?>) authoritiesFromClaims)); } } Authentication userAuthentication = null; // Is this a user token? if (claims.containsKey(EMAIL)) { UaaUser user = new UaaUser((String) claims.get(USER_ID), (String) claims.get(USER_NAME), null, (String) claims.get(EMAIL), UaaAuthority.USER_AUTHORITIES, null, null, null, null, null, null, false); UaaPrincipal principal = new UaaPrincipal(user); userAuthentication = new UaaAuthentication(principal, UaaAuthority.USER_AUTHORITIES, null); } else { authorizationRequest.setAuthorities(authorities); } OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); authentication.setAuthenticated(true); return authentication; }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServices.java
@Override public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException { if (StringUtils.isEmpty(accessToken)) { throw new InvalidTokenException( "Invalid access token value, must be at least 30 characters:" + accessToken); }/*from w ww .j a va 2s.c om*/ TokenValidation tokenValidation = validateToken(accessToken); Map<String, Object> claims = tokenValidation.getClaims(); accessToken = tokenValidation.getJwt().getEncoded(); // Check token expiry Integer expiration = (Integer) claims.get(EXP); if (expiration != null && new Date(expiration * 1000l).before(new Date())) { throw new InvalidTokenException("Invalid access token (expired): " + accessToken + " expired at " + new Date(expiration * 1000l)); } @SuppressWarnings("unchecked") ArrayList<String> scopes = (ArrayList<String>) claims.get(SCOPE); AuthorizationRequest authorizationRequest = new AuthorizationRequest((String) claims.get(CLIENT_ID), scopes); ArrayList<String> rids = (ArrayList<String>) claims.get(AUD); //TODO - Fix null resource IDs for a client_credentials request to /oauth/token Set<String> resourceIds = Collections .unmodifiableSet(rids == null ? new HashSet<String>() : new HashSet<>(rids)); authorizationRequest.setResourceIds(resourceIds); authorizationRequest.setApproved(true); Collection<? extends GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList( StringUtils.collectionToCommaDelimitedString(defaultUserAuthorities)); if (claims.containsKey("authorities")) { Object authoritiesFromClaims = claims.get("authorities"); if (authoritiesFromClaims instanceof String) { authorities = AuthorityUtils.commaSeparatedStringToAuthorityList((String) authoritiesFromClaims); } if (authoritiesFromClaims instanceof Collection) { authorities = AuthorityUtils.commaSeparatedStringToAuthorityList( StringUtils.collectionToCommaDelimitedString((Collection<?>) authoritiesFromClaims)); } } Authentication userAuthentication = null; // Is this a user token - minimum info is user_id if (claims.containsKey(USER_ID)) { UaaUser user = userDatabase.retrieveUserById((String) claims.get(USER_ID)); UaaPrincipal principal = new UaaPrincipal(user); userAuthentication = new UaaAuthentication(principal, UaaAuthority.USER_AUTHORITIES, null); } else { authorizationRequest.setAuthorities(authorities); } OAuth2Authentication authentication = new UaaOauth2Authentication(accessToken, IdentityZoneHolder.get().getId(), authorizationRequest.createOAuth2Request(), userAuthentication); authentication.setAuthenticated(true); return authentication; }
From source file:org.orcid.core.oauth.OrcidClientCredentialsChecker.java
public OAuth2Request validateCredentials(String grantType, TokenRequest tokenRequest) { String clientId = tokenRequest.getClientId(); Set<String> scopes = tokenRequest.getScope(); ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId); orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails); validateGrantType(grantType, clientDetails); if (scopes != null) { validateScope(clientDetails, scopes); }//from w w w. j a v a 2 s. c om Map<String, String> authorizationParams = new HashMap<String, String>(); authorizationParams.putAll(tokenRequest.getRequestParameters()); authorizationParams.put(OrcidOauth2Constants.GRANT_TYPE, grantType); authorizationParams.put(OAuth2Utils.SCOPE, StringUtils.join(scopes, ' ')); authorizationParams.put(OAuth2Utils.CLIENT_ID, clientId); AuthorizationRequest authorizationRequest = oAuth2RequestFactory .createAuthorizationRequest(authorizationParams); authorizationRequest.setAuthorities(clientDetails.getAuthorities()); authorizationRequest.setResourceIds(clientDetails.getResourceIds()); authorizationRequest.setApproved(true); return oAuth2RequestFactory.createOAuth2Request(authorizationRequest); }
From source file:org.orcid.core.oauth.service.OrcidTokenStoreServiceImpl.java
private OAuth2Authentication getOAuth2AuthenticationFromDetails(OrcidOauth2TokenDetail details) { if (details != null) { ClientDetailsEntity clientDetailsEntity = clientDetailsEntityCacheManager .retrieve(details.getClientDetailsId()); Authentication authentication = null; AuthorizationRequest request = null; if (clientDetailsEntity != null) { //Check member is not locked orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetailsEntity); Set<String> scopes = OAuth2Utils.parseParameterList(details.getScope()); request = new AuthorizationRequest(clientDetailsEntity.getClientId(), scopes); request.setAuthorities(clientDetailsEntity.getAuthorities()); Set<String> resourceIds = new HashSet<>(); resourceIds.add(details.getResourceId()); request.setResourceIds(resourceIds); request.setApproved(details.isApproved()); ProfileEntity profile = details.getProfile(); if (profile != null) { authentication = new OrcidOauth2UserAuthentication(profile, details.isApproved()); }//from ww w.ja va 2s .c om } return new OrcidOAuth2Authentication(request, authentication, details.getTokenValue()); } throw new InvalidTokenException("Token not found"); }