• Home
• com.crosstreelabs
• oauth
• 0.1.0
• source code
• ResourceOwnerPasswordTokenGranter.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.crosstreelabs.oauth.v2.grant.password.ResourceOwnerPasswordTokenGranter Maven / Gradle / Ivy

/**
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.crosstreelabs.oauth.v2.grant.password;

import com.crosstreelabs.oauth.v2.AccessTokenManager;
import com.crosstreelabs.oauth.v2.DefaultOAuth2RequestFactory;
import com.crosstreelabs.oauth.v2.OAuthParams;
import com.crosstreelabs.oauth.v2.exception.InvalidGrantException;
import com.crosstreelabs.oauth.v2.exception.ext.AccountStatusException;
import com.crosstreelabs.oauth.v2.exception.ext.InvalidCredentialsException;
import com.crosstreelabs.oauth.v2.grant.AbstractTokenGranter;
import com.crosstreelabs.oauth.v2.io.Request;
import com.crosstreelabs.oauth.v2.model.Client;
import com.crosstreelabs.oauth.v2.model.User;
import com.crosstreelabs.oauth.v2.principal.OAuthPrincipal;
import com.crosstreelabs.oauth.v2.service.ClientService;
import com.crosstreelabs.oauth.v2.service.UserService;
import java.util.Map;

public class ResourceOwnerPasswordTokenGranter extends AbstractTokenGranter {

    private static final String GRANT_TYPE = "password";

//    private final AuthenticationManager authenticationManager;
    private final UserService userService;

    public ResourceOwnerPasswordTokenGranter(/*AuthenticationManager authenticationManager,*/UserService userService,
            AccessTokenManager tokenManager, ClientService clientService, DefaultOAuth2RequestFactory requestFactory) {
        super(tokenManager, clientService, requestFactory);
//        this.authenticationManager = authenticationManager;
        this.userService = userService;
    }

    @Override
    protected OAuthPrincipal getOAuth2Authentication(Client client, Request request) {
        Map parameters = request.getRequestParameters();
        String username = parameters.get(OAuthParams.RESOURCE_OWNER_NAME);
        String password = parameters.get(OAuthParams.RESOURCE_OWNER_PASSWORD);
        // Protect from downstream leaks of password
        parameters.remove(OAuthParams.RESOURCE_OWNER_PASSWORD);

        User principal = null;
//        Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
//        ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
        try {
            principal = userService.authenticate(username, password);
//            userAuth = authenticationManager.authenticate(userAuth);
        } catch (AccountStatusException | InvalidCredentialsException ex) {
            //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
            throw new InvalidGrantException(ex.getMessage());
        }
        if (principal == null/* || !principal.isAuthenticated()*/) {
            throw new InvalidGrantException("Could not authenticate user: " + username);
        }

        Request storedOAuth2Request = requestFactory.createOAuth2Request(client, request);
        return new OAuthPrincipal(storedOAuth2Request, client, principal);
    }

    @Override
    public String grantType() {
        return GRANT_TYPE;
    }
}