Java Code Examples for org.springframework.security.oauth2.provider.OAuth2Authentication#isClientOnly()
The following examples show how to use
org.springframework.security.oauth2.provider.OAuth2Authentication#isClientOnly() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: OpenTokenEnhancer.java From open-cloud with MIT License | 6 votes |
|
/**
* 生成token
*
* @param accessToken
* @param authentication
* @return
*/
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken(accessToken);
final Map<String, Object> additionalInfo = new HashMap<>(8);
if (!authentication.isClientOnly()) {
if (authentication.getPrincipal() != null && authentication.getPrincipal() instanceof OpenUserDetails) {
// 设置额外用户信息
OpenUserDetails baseUser = ((OpenUserDetails) authentication.getPrincipal());
additionalInfo.put(OpenSecurityConstants.OPEN_ID, baseUser.getUserId());
additionalInfo.put(OpenSecurityConstants.DOMAIN, baseUser.getDomain());
}
}
defaultOAuth2AccessToken.setAdditionalInformation(additionalInfo);
return super.enhance(defaultOAuth2AccessToken, authentication);
}
Example 2
| Source File: OpenHelper.java From open-cloud with MIT License | 6 votes |
|
/**
* 获取认证用户信息
*
* @return
*/
public static OpenUserDetails getUser() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated() && authentication instanceof OAuth2Authentication) {
OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
OAuth2Request clientToken = oAuth2Authentication.getOAuth2Request();
if (!oAuth2Authentication.isClientOnly()) {
if (authentication.getPrincipal() instanceof OpenUserDetails) {
return (OpenUserDetails) authentication.getPrincipal();
}
if (authentication.getPrincipal() instanceof Map) {
return BeanConvertUtils.mapToObject((Map) authentication.getPrincipal(), OpenUserDetails.class);
}
} else {
OpenUserDetails openUser = new OpenUserDetails();
openUser.setClientId(clientToken.getClientId());
openUser.setAuthorities(clientToken.getAuthorities());
return openUser;
}
}
return null;
}
Example 3
| Source File: OpenHelper.java From open-cloud with MIT License | 6 votes |
|
/***
* 更新客户端权限
* @param tokenStore
* @param clientId
* @param authorities
*/
public static void updateOpenClientAuthorities(TokenStore tokenStore, String clientId, Collection<? extends GrantedAuthority> authorities) {
if (authorities == null) {
return;
}
// 动态更新客户端生成的token
Collection<OAuth2AccessToken> accessTokens = tokenStore.findTokensByClientId(clientId);
if (accessTokens != null && !accessTokens.isEmpty()) {
Iterator<OAuth2AccessToken> iterator = accessTokens.iterator();
while (iterator.hasNext()) {
OAuth2AccessToken token = iterator.next();
OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(token);
if (oAuth2Authentication != null && oAuth2Authentication.isClientOnly()) {
// 只更新客户端权限
// 由于没有set方法,使用反射机制强制赋值
ReflectionUtils.setFieldValue(oAuth2Authentication, "authorities", authorities);
// 重新保存
tokenStore.storeAccessToken(token, oAuth2Authentication);
}
}
}
}
Example 4
| Source File: ChoerodonAuthenticationKeyGenerator.java From oauth-server with Apache License 2.0 | 6 votes |
|
@Override
public String extractKey(OAuth2Authentication authentication) {
Map<String, String> values = new LinkedHashMap<>();
OAuth2Request authorizationRequest = authentication.getOAuth2Request();
if (!authentication.isClientOnly()) {
values.put(USERNAME, authentication.getName());
}
values.put(CLIENT_ID, authorizationRequest.getClientId());
if (authorizationRequest.getScope() != null) {
values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet<>(authorizationRequest.getScope())));
}
Authentication auth = authentication.getUserAuthentication();
if (auth != null && auth.getDetails() instanceof WebAuthenticationDetails) {
String sessionId = ((WebAuthenticationDetails) auth.getDetails()).getSessionId();
logger.info("sessionId : {}", sessionId);
if (!StringUtils.isEmpty(sessionId)) {
values.put(SESSION, sessionId);
}
}
return generateKey(values);
}
Example 5
| Source File: MongoTokenStore.java From spring-security-mongo with MIT License | 6 votes |
|
@Override
public void storeAccessToken(final OAuth2AccessToken token,
final OAuth2Authentication authentication) {
String refreshToken = null;
if (nonNull(token.getRefreshToken())) {
refreshToken = token.getRefreshToken().getValue();
}
if (nonNull(readAccessToken(token.getValue()))) {
removeAccessToken(token.getValue());
}
final String tokenKey = extractTokenKey(token.getValue());
final MongoOAuth2AccessToken oAuth2AccessToken = new MongoOAuth2AccessToken(tokenKey,
serializeAccessToken(token),
authenticationKeyGenerator.extractKey(authentication),
authentication.isClientOnly() ? null : authentication.getName(),
authentication.getOAuth2Request().getClientId(),
serializeAuthentication(authentication),
extractTokenKey(refreshToken));
mongoOAuth2AccessTokenRepository.save(oAuth2AccessToken);
}
Example 6
| Source File: CustomTokenStore.java From oauth-server with Apache License 2.0 | 5 votes |
|
@Override
public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
if (oauthProperties.isEnabledSingleLogin() && !authentication.isClientOnly()) {
String key = authenticationKeyGenerator.extractKey(authentication);
String username = authentication.getName();
String clientId = authentication.getOAuth2Request().getClientId();
accessTokenMapper.selectTokens(username, clientId, key);
accessTokenMapper.deleteTokens(username, clientId, key);
}
return super.getAccessToken(authentication);
}
Example 7
| Source File: PigRedisTokenStore.java From pig with MIT License | 5 votes |
|
@Override
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
this.redisTemplate.opsForValue().set(ACCESS + token.getValue(), token);
this.redisTemplate.opsForValue().set(AUTH + token.getValue(), authentication);
this.redisTemplate.opsForValue().set(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication), token);
if (!authentication.isClientOnly()) {
redisTemplate.opsForList().rightPush(UNAME_TO_ACCESS + getApprovalKey(authentication), token);
}
redisTemplate.opsForList().rightPush(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), token);
if (token.getExpiration() != null) {
int seconds = token.getExpiresIn();
redisTemplate.expire(ACCESS + token.getValue(), seconds, TimeUnit.SECONDS);
redisTemplate.expire(AUTH + token.getValue(), seconds, TimeUnit.SECONDS);
redisTemplate.expire(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication), seconds, TimeUnit.SECONDS);
redisTemplate.expire(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), seconds, TimeUnit.SECONDS);
redisTemplate.expire(UNAME_TO_ACCESS + getApprovalKey(authentication), seconds, TimeUnit.SECONDS);
}
if (token.getRefreshToken() != null && token.getRefreshToken().getValue() != null) {
this.redisTemplate.opsForValue().set(REFRESH_TO_ACCESS + token.getRefreshToken().getValue(), token.getValue());
this.redisTemplate.opsForValue().set(ACCESS_TO_REFRESH + token.getValue(), token.getRefreshToken().getValue());
}
}
Example 8
| Source File: FwRedisTokenStore.java From fw-cloud-framework with MIT License | 5 votes |
|
@Override
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
this.redisTemplate.opsForValue().set(ACCESS + token.getValue(), token);
this.redisTemplate.opsForValue().set(AUTH + token.getValue(), authentication);
this.redisTemplate.opsForValue().set(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication), token);
if (!authentication.isClientOnly()) {
this.redisTemplate.opsForList().rightPush(UNAME_TO_ACCESS + getApprovalKey(authentication), token);
}
redisTemplate.opsForList().rightPush(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), token);
if (token.getExpiration() != null) {
int seconds = token.getExpiresIn();
redisTemplate.expire(ACCESS + token.getValue(), seconds, TimeUnit.SECONDS);
redisTemplate.expire(AUTH + token.getValue(), seconds, TimeUnit.SECONDS);
redisTemplate.expire(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication), seconds, TimeUnit.SECONDS);
redisTemplate.expire(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId(), seconds, TimeUnit.SECONDS);
redisTemplate.expire(UNAME_TO_ACCESS + getApprovalKey(authentication), seconds, TimeUnit.SECONDS);
}
if (token.getRefreshToken() != null && token.getRefreshToken()
.getValue() != null) {
this.redisTemplate.opsForValue().set(REFRESH_TO_ACCESS + token.getRefreshToken().getValue(), token.getValue());
this.redisTemplate.opsForValue().set(ACCESS_TO_REFRESH + token.getValue(), token.getRefreshToken().getValue());
}
}
Example 9
| Source File: CustomAccessTokenConverter.java From microservices-oauth with Apache License 2.0 | 5 votes |
|
public Map<String, ?> convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
Map<String, Object> response = new HashMap<String, Object>();
OAuth2Request clientToken = authentication.getOAuth2Request();
if (!authentication.isClientOnly())
response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication()));
else if (clientToken.getAuthorities() != null && !clientToken.getAuthorities().isEmpty())
response.put(UserAuthenticationConverter.AUTHORITIES,
AuthorityUtils.authorityListToSet(clientToken.getAuthorities()));
if (token.getScope() != null)
response.put(SCOPE, token.getScope());
if (token.getAdditionalInformation().containsKey(JTI))
response.put(JTI, token.getAdditionalInformation().get(JTI));
if (token.getExpiration() != null)
response.put(EXP, token.getExpiration().getTime() / 1000);
if (includeGrantType && authentication.getOAuth2Request().getGrantType() != null)
response.put(GRANT_TYPE, authentication.getOAuth2Request().getGrantType());
response.putAll(token.getAdditionalInformation());
response.put(CLIENT_ID, clientToken.getClientId());
if (clientToken.getResourceIds() != null && !clientToken.getResourceIds().isEmpty())
response.put(AUD, clientToken.getResourceIds());
return response;
}
Example 10
| Source File: CustomAccessTokenConverter.java From spring-boot-2-oauth2-resource-jwt with MIT License | 5 votes |
|
public Map<String, ?> convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
Map<String, Object> response = new HashMap<String, Object>();
OAuth2Request clientToken = authentication.getOAuth2Request();
if (!authentication.isClientOnly())
response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication()));
else if (clientToken.getAuthorities() != null && !clientToken.getAuthorities().isEmpty())
response.put(UserAuthenticationConverter.AUTHORITIES,
AuthorityUtils.authorityListToSet(clientToken.getAuthorities()));
if (token.getScope() != null)
response.put(SCOPE, token.getScope());
if (token.getAdditionalInformation().containsKey(JTI))
response.put(JTI, token.getAdditionalInformation().get(JTI));
if (token.getExpiration() != null)
response.put(EXP, token.getExpiration().getTime() / 1000);
if (includeGrantType && authentication.getOAuth2Request().getGrantType() != null)
response.put(GRANT_TYPE, authentication.getOAuth2Request().getGrantType());
response.putAll(token.getAdditionalInformation());
response.put(CLIENT_ID, clientToken.getClientId());
if (clientToken.getResourceIds() != null && !clientToken.getResourceIds().isEmpty())
response.put(AUD, clientToken.getResourceIds());
return response;
}
Example 11
| Source File: MeController.java From osiam with MIT License | 5 votes |
|
@RequestMapping(method = RequestMethod.GET)
public MappingJacksonValue getCurrentUser(@RequestHeader("Authorization") String tokenHeader,
@RequestParam(required = false) String attributes,
HttpServletResponse response,
UriComponentsBuilder builder) {
if (Strings.isNullOrEmpty(tokenHeader)) {
throw new IllegalArgumentException("No access token provided!"); // This should never happen!
}
String accessToken = tokenHeader.substring("Bearer ".length());
OAuth2Authentication oAuth = resourceServerTokenServices.loadAuthentication(accessToken);
if (oAuth.isClientOnly()) {
throw new InvalidTokenException("Can't return an user. This access token belongs to a client.");
}
Authentication userAuthentication = oAuth.getUserAuthentication();
Object principal = userAuthentication.getPrincipal();
User user;
if (principal instanceof User) {
user = userProvisioning.getById(((User) principal).getId());
} else {
throw new IllegalArgumentException("User not authenticated.");
}
response.setHeader("Location", buildLocation(user, builder).toString());
return buildResponse(user, attributes);
}
Example 12
| Source File: OauthAdminController.java From OpenESPI-DataCustodian-java with Apache License 2.0 | 5 votes |
|
private void checkResourceOwner(String user, Principal principal) {
if (principal instanceof OAuth2Authentication) {
OAuth2Authentication authentication = (OAuth2Authentication) principal;
if (!authentication.isClientOnly() && !user.equals(principal.getName())) {
throw new AccessDeniedException(String.format("User '%s' cannot obtain tokens for user '%s'",
principal.getName(), user));
}
}
}
