-
-
Save chocotan/df9c0ebe7c4b17c1de638eb21b062ec2 to your computer and use it in GitHub Desktop.
use spring security oauth2 resource owner password scheme as authentication provider
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class ResourceOwnerAuthenticationProvider implements AuthenticationProvider { | |
private String apiEndpoint; | |
private String clientId; | |
private String accessTokenUri; | |
private String clientSecret; | |
private List<String> scope; | |
@Override | |
public boolean supports(Class<?> authentication) { | |
return authentication.equals(UsernamePasswordAuthenticationToken.class); | |
} | |
@Override | |
public Authentication authenticate(Authentication authentication) throws AuthenticationException { | |
String username = (String) authentication.getPrincipal(); | |
String password = (String) authentication.getCredentials(); | |
ResourceOwnerPasswordResourceDetails resourceDetails = createResourceDetails(username, password); | |
OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails); | |
Client client = new Client(apiEndpoint, restTemplate); | |
UserData userData = null; | |
try { | |
userData = client.selectUser(); | |
} catch (HttpClientErrorException e) { | |
if (HttpStatus.UNAUTHORIZED.equals(e.getStatusCode())) { | |
throw new BadCredentialsException("invalid login", e); | |
} | |
} | |
if (userData != null) { | |
UsernamePasswordAuthenticationToken authentication = | |
new UsernamePasswordAuthenticationToken( | |
userData.getEmail(), | |
null, | |
Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"))); | |
authentication.setDetails( | |
new AuthenticationContext( | |
resourceDetails, | |
restTemplate.getOAuth2ClientContext())); | |
return authentication; | |
} else { | |
throw new IllegalStateException( | |
"login seems to have been successful but I'm missing the respective user data!"); | |
} | |
} | |
private ResourceOwnerPasswordResourceDetails createResourceDetails(String username, String password) { | |
ResourceOwnerPasswordResourceDetails resourceDetails = new ResourceOwnerPasswordResourceDetails(); | |
resourceDetails.setAccessTokenUri(accessTokenUri); | |
resourceDetails.setClientId(clientId); | |
resourceDetails.setClientSecret(clientSecret); | |
resourceDetails.setScope(scope); | |
resourceDetails.setUsername(username); | |
resourceDetails.setPassword(password); | |
return resourceDetails; | |
} | |
public void setAPIEndpoint(String apiEndpoint) { | |
this.apiEndpoint = apiEndpoint; | |
} | |
public void setClientId(String clientId) { | |
this.clientId = clientId; | |
} | |
public void setAccessTokenUri(String accessTokenUri) { | |
this.accessTokenUri = accessTokenUri; | |
} | |
public void setClientSecret(String clientSecret) { | |
this.clientSecret = clientSecret; | |
} | |
public void setScope(List<String> scope) { | |
this.scope = scope; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment