Add in-memory AccessTokenRepository
Fixes gh-4508
This commit is contained in:
Joe Grandja
+7
@@ -26,6 +26,7 @@ import org.springframework.security.jwt.Jwt;
|
||||
import org.springframework.security.jwt.JwtDecoder;
|
||||
import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwtDecoderRegistry;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
|
||||
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
|
||||
@@ -79,19 +80,23 @@ import java.util.Collection;
|
||||
*/
|
||||
public class AuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
|
||||
private final AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
|
||||
private final SecurityTokenRepository<AccessToken> accessTokenRepository;
|
||||
private final ProviderJwtDecoderRegistry providerJwtDecoderRegistry;
|
||||
private final OAuth2UserService userInfoService;
|
||||
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
|
||||
|
||||
public AuthorizationCodeAuthenticationProvider(
|
||||
AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger,
|
||||
SecurityTokenRepository<AccessToken> accessTokenRepository,
|
||||
ProviderJwtDecoderRegistry providerJwtDecoderRegistry,
|
||||
OAuth2UserService userInfoService) {
|
||||
|
||||
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
|
||||
Assert.notNull(accessTokenRepository, "accessTokenRepository cannot be null");
|
||||
Assert.notNull(providerJwtDecoderRegistry, "providerJwtDecoderRegistry cannot be null");
|
||||
Assert.notNull(userInfoService, "userInfoService cannot be null");
|
||||
this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
|
||||
this.accessTokenRepository = accessTokenRepository;
|
||||
this.providerJwtDecoderRegistry = providerJwtDecoderRegistry;
|
||||
this.userInfoService = userInfoService;
|
||||
}
|
||||
@@ -134,6 +139,8 @@ public class AuthorizationCodeAuthenticationProvider implements AuthenticationPr
|
||||
accessTokenAuthentication.getAccessToken(), accessTokenAuthentication.getIdToken());
|
||||
authenticationResult.setDetails(accessTokenAuthentication.getDetails());
|
||||
|
||||
this.accessTokenRepository.saveSecurityToken(accessToken, authenticationResult);
|
||||
|
||||
return authenticationResult;
|
||||
}
|
||||
|
||||
|
||||
+72
@@ -0,0 +1,72 @@
|
||||
/*
|
||||
* Copyright 2012-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.client.token;
|
||||
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.oauth2.oidc.core.user.OidcUser;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* A basic implementation of a {@link SecurityTokenRepository}
|
||||
* that stores {@link AccessToken}(s) <i>in-memory</i>.
|
||||
*
|
||||
* @author Joe Grandja
|
||||
* @since 5.0
|
||||
* @see SecurityTokenRepository
|
||||
* @see AccessToken
|
||||
*/
|
||||
public final class InMemoryAccessTokenRepository implements SecurityTokenRepository<AccessToken> {
|
||||
private final Map<String, AccessToken> accessTokens = new HashMap<>();
|
||||
|
||||
@Override
|
||||
public AccessToken loadSecurityToken(OAuth2AuthenticationToken authentication) {
|
||||
Assert.notNull(authentication, "authentication cannot be null");
|
||||
return this.accessTokens.get(this.resolveAuthenticationKey(authentication));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void saveSecurityToken(AccessToken accessToken, OAuth2AuthenticationToken authentication) {
|
||||
Assert.notNull(accessToken, "accessToken cannot be null");
|
||||
Assert.notNull(authentication, "authentication cannot be null");
|
||||
this.accessTokens.put(this.resolveAuthenticationKey(authentication), accessToken);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeSecurityToken(OAuth2AuthenticationToken authentication) {
|
||||
Assert.notNull(authentication, "authentication cannot be null");
|
||||
this.accessTokens.remove(this.resolveAuthenticationKey(authentication));
|
||||
}
|
||||
|
||||
private String resolveAuthenticationKey(OAuth2AuthenticationToken authentication) {
|
||||
String authenticationKey;
|
||||
|
||||
OAuth2User oauth2User = (OAuth2User) authentication.getPrincipal();
|
||||
if (OidcUser.class.isAssignableFrom(oauth2User.getClass())) {
|
||||
OidcUser oidcUser = (OidcUser)oauth2User;
|
||||
authenticationKey = oidcUser.getIssuer().toString() + "-" + oidcUser.getSubject();
|
||||
} else {
|
||||
authenticationKey = authentication.getClientRegistration().getProviderDetails().getUserInfoUri() +
|
||||
"-" + oauth2User.getName();
|
||||
}
|
||||
|
||||
return authenticationKey;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user