Created
May 25, 2016 04:47
-
-
Save gtiwari333/86cd25ef352d5a57c9567b5f62ae2388 to your computer and use it in GitHub Desktop.
Mongo - OAuth - OAuth2Authentication principal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import com.mongodb.DBObject; | |
import org.springframework.core.convert.converter.Converter; | |
import org.springframework.data.convert.ReadingConverter; | |
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; | |
import org.springframework.security.core.Authentication; | |
import org.springframework.security.core.GrantedAuthority; | |
import org.springframework.security.core.authority.SimpleGrantedAuthority; | |
import org.springframework.security.oauth2.provider.OAuth2Authentication; | |
import org.springframework.security.oauth2.provider.OAuth2Request; | |
import us.sdata.enroll.security.CustomUserDetails; | |
import java.util.*; | |
/** | |
* Converter to deserialize back into an OAuth2Authentication Object made necessary because | |
* Spring Mongo can't map clientAuthentication to authorizationRequest. | |
*/ | |
@ReadingConverter | |
public class OAuth2AuthenticationReadConverter implements Converter<DBObject, OAuth2Authentication> { | |
@Override | |
public OAuth2Authentication convert(DBObject source) { | |
DBObject storedRequest = (DBObject) source.get("storedRequest"); | |
OAuth2Request oAuth2Request = new OAuth2Request((Map<String, String>) storedRequest.get("requestParameters"), | |
(String) storedRequest.get("clientId"), null, true, new HashSet((List) storedRequest.get("scope")), | |
null, null, null, null); | |
DBObject userAuthorization = (DBObject) source.get("userAuthentication"); | |
Object principal = getPrincipalObject(userAuthorization.get("principal")); | |
Authentication userAuthentication = new UsernamePasswordAuthenticationToken(principal, | |
userAuthorization.get("credentials"), getAuthorities((List) userAuthorization.get("authorities"))); | |
return new OAuth2Authentication(oAuth2Request, userAuthentication); | |
} | |
private Object getPrincipalObject(Object principal) { | |
if (principal instanceof DBObject) { | |
DBObject principalDBObject = (DBObject) principal; | |
String userName = (String) principalDBObject.get("username"); | |
String password = ""; | |
boolean enabled = (boolean) principalDBObject.get("enabled"); | |
boolean accountNonExpired = (boolean) principalDBObject.get("accountNonExpired"); | |
boolean credentialsNonExpired = (boolean) principalDBObject.get("credentialsNonExpired"); | |
boolean accountNonLocked = (boolean) principalDBObject.get("accountNonLocked"); | |
/* | |
* retrieve the custom fields from principal object and map to CustomUserDetails so that we can use them later on SpEL queries via OAuth2Authentication object | |
*/ | |
String customerId = (String) principalDBObject.get("customerId"); | |
return new CustomUserDetails(userName, password, enabled, | |
accountNonExpired, credentialsNonExpired, accountNonLocked, Collections.EMPTY_LIST, customerId); | |
} else { | |
return principal; | |
} | |
} | |
private Collection<GrantedAuthority> getAuthorities(List<Map<String, String>> authorities) { | |
Set<GrantedAuthority> grantedAuthorities = new HashSet<>(authorities.size()); | |
for (Map<String, String> authority : authorities) { | |
grantedAuthorities.add(new SimpleGrantedAuthority(authority.get("role"))); | |
} | |
return grantedAuthorities; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment