Joe Grandja
8 years ago
7 changed files with 105 additions and 228 deletions
@ -1,67 +0,0 @@
@@ -1,67 +0,0 @@
|
||||
/* |
||||
* Copyright 2012-2017 the original author or authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.springframework.security.oauth2.client.authentication; |
||||
|
||||
import org.springframework.security.oauth2.core.AccessToken; |
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponse; |
||||
import org.springframework.util.Assert; |
||||
|
||||
/** |
||||
* An implementation of an {@link AuthorizationGrantAuthenticator} that |
||||
* <i>"authenticates"</i> an <i>authorization code grant</i> credential |
||||
* against an OAuth 2.0 Provider's <i>Token Endpoint</i>. |
||||
* |
||||
* @author Joe Grandja |
||||
* @since 5.0 |
||||
* @see AuthorizationCodeAuthenticationToken |
||||
* @see AuthorizationGrantTokenExchanger |
||||
*/ |
||||
public class AuthorizationCodeAuthenticator implements AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> { |
||||
private final AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger; |
||||
|
||||
public AuthorizationCodeAuthenticator(AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger) { |
||||
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null"); |
||||
this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger; |
||||
} |
||||
|
||||
@Override |
||||
public OAuth2ClientAuthenticationToken authenticate( |
||||
AuthorizationCodeAuthenticationToken authorizationCodeAuthentication) throws OAuth2AuthenticationException { |
||||
|
||||
// Section 3.1.2.1 Authentication Request - http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
||||
// scope
|
||||
// REQUIRED. OpenID Connect requests MUST contain the "openid" scope value.
|
||||
// If the openid scope value is not present, the behavior is entirely unspecified.
|
||||
if (authorizationCodeAuthentication.getAuthorizationRequest().getScope().contains("openid")) { |
||||
// The OpenID Connect implementation of AuthorizationGrantAuthenticator
|
||||
// should handle OpenID Connect Authentication Requests
|
||||
return null; |
||||
} |
||||
|
||||
TokenResponse tokenResponse = |
||||
this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthentication); |
||||
|
||||
AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(), |
||||
tokenResponse.getTokenValue(), tokenResponse.getIssuedAt(), |
||||
tokenResponse.getExpiresAt(), tokenResponse.getScope()); |
||||
|
||||
OAuth2ClientAuthenticationToken clientAuthentication = |
||||
new OAuth2ClientAuthenticationToken(authorizationCodeAuthentication.getClientRegistration(), accessToken); |
||||
clientAuthentication.setDetails(authorizationCodeAuthentication.getDetails()); |
||||
|
||||
return clientAuthentication; |
||||
} |
||||
} |
||||
@ -1,29 +0,0 @@
@@ -1,29 +0,0 @@
|
||||
/* |
||||
* Copyright 2012-2017 the original author or authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.springframework.security.oauth2.client.authentication; |
||||
|
||||
/** |
||||
* A strategy used for <i>"authenticating"</i> an <i>authorization grant</i> credential |
||||
* with the authorization server's <i>Token Endpoint</i>. |
||||
* |
||||
* @author Joe Grandja |
||||
* @since 5.0 |
||||
*/ |
||||
public interface AuthorizationGrantAuthenticator<T extends AuthorizationGrantAuthenticationToken> { |
||||
|
||||
OAuth2ClientAuthenticationToken authenticate(T authorizationGrantAuthentication) throws OAuth2AuthenticationException; |
||||
|
||||
} |
||||
@ -1,59 +0,0 @@
@@ -1,59 +0,0 @@
|
||||
/* |
||||
* Copyright 2012-2017 the original author or authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.springframework.security.oauth2.client.authentication; |
||||
|
||||
import org.springframework.core.ResolvableType; |
||||
import org.springframework.util.Assert; |
||||
|
||||
import java.util.Collections; |
||||
import java.util.HashMap; |
||||
import java.util.LinkedList; |
||||
import java.util.List; |
||||
import java.util.Map; |
||||
import java.util.Objects; |
||||
|
||||
/** |
||||
* An implementation of an {@link AuthorizationGrantAuthenticator} that |
||||
* simply delegates to one of the {@link AuthorizationGrantAuthenticator}'s that it composes. |
||||
* |
||||
* @author Joe Grandja |
||||
* @since 5.0 |
||||
*/ |
||||
public class DelegatingAuthorizationGrantAuthenticator<T extends AuthorizationGrantAuthenticationToken> implements AuthorizationGrantAuthenticator<T> { |
||||
private final Map<Class<? extends AuthorizationGrantAuthenticationToken>, List<AuthorizationGrantAuthenticator<T>>> authenticators = new HashMap<>(); |
||||
|
||||
public DelegatingAuthorizationGrantAuthenticator(List<AuthorizationGrantAuthenticator<T>> authenticators) { |
||||
Assert.notEmpty(authenticators, "authenticators cannot be empty"); |
||||
authenticators.forEach(authenticator -> { |
||||
Class<? extends AuthorizationGrantAuthenticationToken> authenticationType = |
||||
ResolvableType.forInstance(authenticator).as(AuthorizationGrantAuthenticator.class) |
||||
.resolveGeneric(0).asSubclass(AuthorizationGrantAuthenticationToken.class); |
||||
this.authenticators |
||||
.computeIfAbsent(authenticationType, k -> new LinkedList<>()) |
||||
.add(authenticator); |
||||
}); |
||||
} |
||||
|
||||
@Override |
||||
public OAuth2ClientAuthenticationToken authenticate(T authorizationGrantAuthentication) throws OAuth2AuthenticationException { |
||||
return this.authenticators.getOrDefault(authorizationGrantAuthentication.getClass(), Collections.emptyList()) |
||||
.stream() |
||||
.map(authenticator -> authenticator.authenticate(authorizationGrantAuthentication)) |
||||
.filter(Objects::nonNull) |
||||
.findFirst() |
||||
.orElse(null); |
||||
} |
||||
} |
||||
Loading…
Reference in new issue