Created
June 10, 2016 10:41
-
-
Save BrongoObenge/532c6d557860d2b00190204ef05fd9ee to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Cloud Foundry 2012.02.03 Beta | |
| * Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved. | |
| * | |
| * This product is licensed to you under the Apache License, Version 2.0 (the "License"). | |
| * You may not use this product except in compliance with the License. | |
| * | |
| * This product includes a number of subcomponents with | |
| * separate copyright notices and license terms. Your use of these | |
| * subcomponents is subject to the terms and conditions of the | |
| * subcomponent's license, as noted in the LICENSE file. | |
| */ | |
| package main.config.domain; | |
| import java.util.Arrays; | |
| import java.util.Collection; | |
| import java.util.Collections; | |
| import java.util.Date; | |
| import java.util.HashMap; | |
| import java.util.HashSet; | |
| import java.util.LinkedHashSet; | |
| import java.util.Map; | |
| import java.util.Set; | |
| import org.mitre.openid.connect.model.OIDCAuthenticationToken; | |
| import org.springframework.security.core.Authentication; | |
| import org.springframework.security.core.GrantedAuthority; | |
| import org.springframework.security.core.authority.AuthorityUtils; | |
| import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; | |
| import org.springframework.security.oauth2.common.OAuth2AccessToken; | |
| import org.springframework.security.oauth2.provider.OAuth2Authentication; | |
| import org.springframework.security.oauth2.provider.OAuth2Request; | |
| import org.springframework.security.oauth2.provider.token.AccessTokenConverter; | |
| import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter; | |
| import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter; | |
| import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter; | |
| /** | |
| * Default implementation of {@link AccessTokenConverter}. | |
| * | |
| * @author Dave Syer | |
| * | |
| */ | |
| public class CustomAccessTokenConverter extends DefaultAccessTokenConverter implements AccessTokenConverter { | |
| // | |
| private UserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter(); | |
| private boolean includeGrantType; | |
| private String CLIENT_ID = "issued_to"; | |
| /** | |
| * Converter for the part of the data in the token representing a user. | |
| * | |
| * @param userTokenConverter the userTokenConverter to set | |
| */ | |
| public void setUserTokenConverter(UserAuthenticationConverter userTokenConverter) { | |
| this.userTokenConverter = userTokenConverter; | |
| } | |
| /** | |
| * Flag to indicate the the grant type should be included in the converted token. | |
| * | |
| * @param includeGrantType the flag value (default false) | |
| */ | |
| public void setIncludeGrantType(boolean includeGrantType) { | |
| this.includeGrantType = includeGrantType; | |
| } | |
| public Map<String, ?> convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { | |
| Map<String, Object> response = new HashMap<String, Object>(); | |
| OAuth2Request clientToken = authentication.getOAuth2Request(); | |
| if (!authentication.isClientOnly()) { | |
| response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication())); | |
| } else { | |
| if (clientToken.getAuthorities()!=null && !clientToken.getAuthorities().isEmpty()) { | |
| response.put(UserAuthenticationConverter.AUTHORITIES, | |
| AuthorityUtils.authorityListToSet(clientToken.getAuthorities())); | |
| } | |
| } | |
| if (token.getScope()!=null) { | |
| response.put(SCOPE, token.getScope()); | |
| } | |
| if (token.getAdditionalInformation().containsKey(JTI)) { | |
| response.put(JTI, token.getAdditionalInformation().get(JTI)); | |
| } | |
| if (token.getExpiration() != null) { | |
| response.put(EXP, token.getExpiration().getTime() / 1000); | |
| } | |
| if (includeGrantType && authentication.getOAuth2Request().getGrantType()!=null) { | |
| response.put(GRANT_TYPE, authentication.getOAuth2Request().getGrantType()); | |
| } | |
| response.putAll(token.getAdditionalInformation()); | |
| response.put(CLIENT_ID, clientToken.getClientId()); | |
| if (clientToken.getResourceIds() != null && !clientToken.getResourceIds().isEmpty()) { | |
| response.put(AUD, clientToken.getResourceIds()); | |
| } | |
| return response; | |
| } | |
| public OAuth2AccessToken extractAccessToken(String value, Map<String, ?> map) { | |
| DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(value); | |
| Map<String, Object> info = new HashMap<String, Object>(map); | |
| info.remove(EXP); | |
| info.remove(AUD); | |
| info.remove(CLIENT_ID); | |
| info.remove(SCOPE); | |
| if (map.containsKey(EXP)) { | |
| token.setExpiration(new Date((Long) map.get(EXP) * 1000L)); | |
| } | |
| if (map.containsKey(JTI)) { | |
| info.put(JTI, map.get(JTI)); | |
| } | |
| @SuppressWarnings("unchecked") | |
| Collection<String> scope = (Collection<String>) map.get(SCOPE); | |
| if (scope != null) { | |
| token.setScope(new HashSet<String>(scope)); | |
| } | |
| token.setAdditionalInformation(info); | |
| return token; | |
| } | |
| @Override | |
| public OAuth2Authentication extractAuthentication(Map<String, ?> map) { | |
| Map<String, String> parameters = new HashMap<String, String>(); | |
| Set<String> scope; | |
| if(map.containsKey(SCOPE)){ | |
| Object scopes = map.get(SCOPE); | |
| Collection<String> coll; | |
| if (scopes instanceof String){ | |
| coll = Arrays.asList(((String) scopes).split(" ")); | |
| } else if (scopes instanceof Collection) { | |
| coll = (Collection<String>) scopes; | |
| } else { | |
| throw new RuntimeException("Scope must be a String or a Collection."); | |
| } | |
| scope = new LinkedHashSet<String>(coll); | |
| } else { | |
| scope = Collections.<String>emptySet(); | |
| } | |
| Authentication user = userTokenConverter.extractAuthentication(map); | |
| String clientId = (String) map.get(CLIENT_ID); | |
| parameters.put(CLIENT_ID, clientId); | |
| if (includeGrantType && map.containsKey(GRANT_TYPE)) { | |
| parameters.put(GRANT_TYPE, (String) map.get(GRANT_TYPE)); | |
| } | |
| @SuppressWarnings("unchecked") | |
| Set<String> resourceIds = new LinkedHashSet<String>(map.containsKey(AUD) ? (Collection<String>) map.get(AUD) | |
| : Collections.<String>emptySet()); | |
| Collection<? extends GrantedAuthority> authorities = null; | |
| if (user==null && map.containsKey(AUTHORITIES)) { | |
| @SuppressWarnings("unchecked") | |
| String[] roles = ((Collection<String>)map.get(AUTHORITIES)).toArray(new String[0]); | |
| authorities = AuthorityUtils.createAuthorityList(roles); | |
| } | |
| OAuth2Request request = new OAuth2Request(parameters, clientId, authorities, true, scope, resourceIds, null, null, | |
| null); | |
| return new OAuth2Authentication(request, user); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment