roles granted by introspection token services are now configurable (and extendable) via service, addresses #386
parent
35d1e1b6d4
commit
67fd5fa7e9
|
@ -23,7 +23,6 @@ import java.util.Map;
|
|||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||
|
@ -50,6 +49,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
|
|||
private String clientId;
|
||||
private String clientSecret;
|
||||
private IntrospectionUrlProvider introspectionUrlProvider;
|
||||
private IntrospectionAuthorityGranter introspectionAuthorityGranter = new SimpleIntrospectionAuthorityGranter();
|
||||
|
||||
// Inner class to store in the hash map
|
||||
private class TokenCacheObject {
|
||||
|
@ -117,7 +117,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
|
|||
// create a default authentication object with authority ROLE_API
|
||||
private Authentication createAuthentication(JsonObject token) {
|
||||
// TODO: make role/authority configurable somehow
|
||||
return new PreAuthenticatedAuthenticationToken(token.get("sub").getAsString(), null, AuthorityUtils.createAuthorityList("ROLE_API"));
|
||||
return new PreAuthenticatedAuthenticationToken(token.get("sub").getAsString(), token, introspectionAuthorityGranter.getAuthorities(token));
|
||||
}
|
||||
|
||||
private OAuth2AccessToken createAccessToken(final JsonObject token, final String tokenString) {
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
/**
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.introspectingfilter;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
|
||||
/**
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
public interface IntrospectionAuthorityGranter {
|
||||
|
||||
public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse);
|
||||
|
||||
}
|
|
@ -4,6 +4,8 @@
|
|||
package org.mitre.oauth2.introspectingfilter;
|
||||
|
||||
import java.text.ParseException;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import org.mitre.openid.connect.client.service.ServerConfigurationService;
|
||||
import org.mitre.openid.connect.config.ServerConfiguration;
|
||||
|
@ -50,6 +52,9 @@ public class JWTParsingIntrospectionUrlProvider implements IntrospectionUrlProvi
|
|||
|
||||
String issuer = jwt.getJWTClaimsSet().getIssuer();
|
||||
if (!Strings.isNullOrEmpty(issuer)) {
|
||||
|
||||
|
||||
|
||||
ServerConfiguration server = serverConfigurationService.getServerConfiguration(issuer);
|
||||
if (server != null) {
|
||||
if (!Strings.isNullOrEmpty(server.getIntrospectionEndpointUri())) {
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
/**
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.introspectingfilter;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
|
||||
/**
|
||||
*
|
||||
* Grants the same set of authorities no matter what's passed in.
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
public class SimpleIntrospectionAuthorityGranter implements IntrospectionAuthorityGranter {
|
||||
|
||||
private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_API");
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.oauth2.introspectingfilter.IntrospectionAuthorityGranter#getAuthorities(net.minidev.json.JSONObject)
|
||||
*/
|
||||
@Override
|
||||
public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse) {
|
||||
return authorities;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the authorities
|
||||
*/
|
||||
public List<GrantedAuthority> getAuthorities() {
|
||||
return authorities;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param authorities the authorities to set
|
||||
*/
|
||||
public void setAuthorities(List<GrantedAuthority> authorities) {
|
||||
this.authorities = authorities;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue