• Home
• org.springframework.security.oauth
• spring-security-oauth2
• 2.5.0.RELEASE
• source code
• DefaultClientAuthenticationHandler.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.springframework.security.oauth2.client.token.auth.DefaultClientAuthenticationHandler Maven / Gradle / Ivy

package org.springframework.security.oauth2.client.token.auth;

import java.io.UnsupportedEncodingException;

import org.springframework.http.HttpHeaders;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/**
 * Default implementation of the client authentication handler.
 *
 * 

 * @deprecated See the OAuth 2.0 Migration Guide for Spring Security 5.
 *
 * @author Ryan Heaton
 * @author Dave Syer
 */
@Deprecated
public class DefaultClientAuthenticationHandler implements ClientAuthenticationHandler {

	public void authenticateTokenRequest(OAuth2ProtectedResourceDetails resource, MultiValueMap form,
			HttpHeaders headers) {
		if (resource.isAuthenticationRequired()) {
			AuthenticationScheme scheme = AuthenticationScheme.header;
			if (resource.getClientAuthenticationScheme() != null) {
				scheme = resource.getClientAuthenticationScheme();
			}

			try {
				String clientSecret = resource.getClientSecret();
				clientSecret = clientSecret == null ? "" : clientSecret;
				switch (scheme) {
				case header:
					form.remove("client_secret");
					headers.add(
							"Authorization",
							String.format(
									"Basic %s",
									new String(Base64.encode(String.format("%s:%s", resource.getClientId(),
											clientSecret).getBytes("UTF-8")), "UTF-8")));
					break;
				case form:
				case query:
					form.set("client_id", resource.getClientId());
					if (StringUtils.hasText(clientSecret)) {
						form.set("client_secret", clientSecret);
					}
					break;
				default:
					throw new IllegalStateException(
							"Default authentication handler doesn't know how to handle scheme: " + scheme);
				}
			}
			catch (UnsupportedEncodingException e) {
				throw new IllegalStateException(e);
			}
		}
	}
}