org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverterCustom Maven / Gradle / Ivy
package org.springframework.security.oauth2.provider.token.store;
import java.io.Serializable;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.util.ClassUtils;
import org.springframework.util.CollectionUtils;
import org.springframework.util.LinkedCaseInsensitiveMap;
import org.springframework.util.ReflectionUtils;
public class JwtAccessTokenConverterCustom extends JwtAccessTokenConverter {
private List clientIds = new ArrayList();
private List authorities = new ArrayList();
private Map> additionalInformation = new LinkedCaseInsensitiveMap>();
@Override
protected String encode(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
Map map = authentication.getOAuth2Request().getExtensions();
List keys = new ArrayList();
for (Entry> entry : additionalInformation.entrySet()) {
Object object = map.get(entry.getKey());
if (object != null && ClassUtils.isAssignable(object.getClass(), entry.getValue()) && keys.add(entry.getKey())) {
accessToken.getAdditionalInformation().put(entry.getKey(), object);
}
}
String encode = super.encode(accessToken, authentication);
for (String key : keys) {
accessToken.getAdditionalInformation().remove(key);
}
return encode;
}
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
OAuth2Request oAuth2Request = authentication.getOAuth2Request();
if (oAuth2Request != null && this.clientIds.contains(oAuth2Request.getClientId())) {
Authentication userAuthentication = authentication.getUserAuthentication();
if (userAuthentication != null && userAuthentication.getPrincipal() != null) {
Method method = ReflectionUtils.findMethod(userAuthentication.getPrincipal().getClass(), "isDatabase");
if (method != null) {
Object object = ReflectionUtils.invokeMethod(method, userAuthentication.getPrincipal());
if (object instanceof Boolean && (Boolean) object) {
throw OAuth2Exception.create(OAuth2Exception.ACCESS_DENIED, "No permission");
}
}
}
Collection authorities = authentication.getAuthorities();
if (!CollectionUtils.isEmpty(authorities)) {
for (String authority : AuthorityUtils.authorityListToSet(authentication.getAuthorities())) {
if (this.authorities.contains(authority)) {
throw OAuth2Exception.create(OAuth2Exception.ACCESS_DENIED, "No permission");
}
}
}
}
OAuth2AccessToken result = super.enhance(accessToken, authentication);
try {
Map decode = super.decode(accessToken.getValue());
for (Entry> entry : additionalInformation.entrySet()) {
Object object = decode.get(entry.getKey());
if (object != null && ClassUtils.isAssignable(object.getClass(), entry.getValue())) {
accessToken.getAdditionalInformation().put(entry.getKey(), object);
}
}
}
catch (InvalidTokenException e) {
// ignore
}
return result;
}
public List getClientIds() {
return clientIds;
}
public void setClientIds(List clientIds) {
this.clientIds = clientIds;
}
public List getAuthorities() {
return authorities;
}
public void setAuthorities(List authorities) {
this.authorities = authorities;
}
}