org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException Java Examples

The following examples show how to use org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: OAuth2Controller.java    From microservices-platform with Apache License 2.0 5 votes vote down vote up
private ClientDetails getClient(String clientId, String clientSecret) {
    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);

    if (clientDetails == null) {
        throw new UnapprovedClientAuthenticationException("clientId对应的信息不存在");
    } else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
        throw new UnapprovedClientAuthenticationException("clientSecret不匹配");
    }
    return clientDetails;
}
 
Example #2
Source File: AuthUtils.java    From microservices-platform with Apache License 2.0 5 votes vote down vote up
/**
 * *从header 请求中的clientId:clientSecret
 */
public static String[] extractClient(HttpServletRequest request) {
    String header = request.getHeader("Authorization");
    if (header == null || !header.startsWith(BASIC_)) {
        throw new UnapprovedClientAuthenticationException("请求头中client信息为空");
    }
    return extractHeaderClient(header);
}
 
Example #3
Source File: SmsSuccessHandler.java    From spring-security-oauth2-demo with GNU General Public License v3.0 5 votes vote down vote up
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {

    log.info("Login succeed!");
    // 1. 获取客户端认证信息
    String header = request.getHeader("Authorization");
    if (header == null || !header.toLowerCase().startsWith("basic ")) {
        throw new UnapprovedClientAuthenticationException("请求头中无客户端信息");
    }

    // 解密请求头
    String[] client = extractAndDecodeHeader(header);
    if (client.length != 2) {
        throw new BadCredentialsException("Invalid basic authentication token");
    }
    String clientId = client[0];
    String clientSecret = client[1];

    // 获取客户端信息进行对比判断
    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
    if (clientDetails == null) {
        throw new UnapprovedClientAuthenticationException("客户端信息不存在:" + clientId);
    } else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
        throw new UnapprovedClientAuthenticationException("客户端密钥不匹配" + clientSecret);
    }
    // 2. 构建令牌请求
    TokenRequest tokenRequest = new TokenRequest(new HashMap<>(0), clientId, clientDetails.getScope(), "custom");
    // 3. 创建 oauth2 令牌请求
    OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
    // 4. 获取当前用户信息(省略,前面已经获取过了)
    // 5. 构建用户授权令牌 (省略,已经传过来了)
    // 6. 构建 oauth2 身份验证令牌
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
    // 7. 创建令牌
    OAuth2AccessToken accessToken = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);

    // 直接结束
    response.setContentType("application/json;charset=utf-8");
    response.getWriter().write(objectMapper.writeValueAsString(accessToken));
}
 
Example #4
Source File: CustomAuthenticationSuccessHandler.java    From fast-family-master with Apache License 2.0 5 votes vote down vote up
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                    Authentication authentication) throws IOException, ServletException {
    String header = request.getHeader("Authorization");

    if (header == null || !header.startsWith("Basic ")) {
        throw new UnapprovedClientAuthenticationException("请求头中无client信息");
    }
    String[] tokens = this.extractAndDecodeHeader(header, request);
    if (tokens.length != 2) {
        throw new BadCredentialsException("Invalid basic authentication token");
    }
    String clientId = tokens[0];
    String clientSecret = tokens[1];
    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
    if (clientDetails == null) {
        throw new UnapprovedClientAuthenticationException("clientId 对应的配置信息不存在" + clientId);
    } else if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) {
        throw new UnapprovedClientAuthenticationException("clientSecret 不匹配" + clientId);
    }
    TokenRequest tokenRequest = new TokenRequest(new HashMap<>(), clientId, clientDetails.getScope(), "custom");
    OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
    OAuth2AccessToken token = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
    //此处可自定义扩展返回结果。
    extendAuthenticationSuccessHandler.customAuthenticationSuccessResult(response, token, authentication);
}
 
Example #5
Source File: MyAuthenticationSucessHandler.java    From SpringAll with MIT License 5 votes vote down vote up
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
    // 1. 从请求头中获取 ClientId
    String header = request.getHeader("Authorization");
    if (header == null || !header.startsWith("Basic ")) {
        throw new UnapprovedClientAuthenticationException("请求头中无client信息");
    }

    String[] tokens = this.extractAndDecodeHeader(header, request);
    String clientId = tokens[0];
    String clientSecret = tokens[1];

    TokenRequest tokenRequest = null;

    // 2. 通过 ClientDetailsService 获取 ClientDetails
    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);

    // 3. 校验 ClientId和 ClientSecret的正确性
    if (clientDetails == null) {
        throw new UnapprovedClientAuthenticationException("clientId:" + clientId + "对应的信息不存在");
    } else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
        throw new UnapprovedClientAuthenticationException("clientSecret不正确");
    } else {
        // 4. 通过 TokenRequest构造器生成 TokenRequest
        tokenRequest = new TokenRequest(new HashMap<>(), clientId, clientDetails.getScope(), "custom");
    }

    // 5. 通过 TokenRequest的 createOAuth2Request方法获取 OAuth2Request
    OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
    // 6. 通过 Authentication和 OAuth2Request构造出 OAuth2Authentication
    OAuth2Authentication auth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);

    // 7. 通过 AuthorizationServerTokenServices 生成 OAuth2AccessToken
    OAuth2AccessToken token = authorizationServerTokenServices.createAccessToken(auth2Authentication);

    // 8. 返回 Token
    log.info("登录成功");
    response.setContentType("application/json;charset=UTF-8");
    response.getWriter().write(new ObjectMapper().writeValueAsString(token));
}
 
Example #6
Source File: MyAuthenticationSucessHandler.java    From SpringAll with MIT License 5 votes vote down vote up
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
    // 1. 从请求头中获取 ClientId
    String header = request.getHeader("Authorization");
    if (header == null || !header.startsWith("Basic ")) {
        throw new UnapprovedClientAuthenticationException("请求头中无client信息");
    }

    String[] tokens = this.extractAndDecodeHeader(header, request);
    String clientId = tokens[0];
    String clientSecret = tokens[1];

    TokenRequest tokenRequest = null;

    // 2. 通过 ClientDetailsService 获取 ClientDetails
    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);

    // 3. 校验 ClientId和 ClientSecret的正确性
    if (clientDetails == null) {
        throw new UnapprovedClientAuthenticationException("clientId:" + clientId + "对应的信息不存在");
    } else if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) {
        throw new UnapprovedClientAuthenticationException("clientSecret不正确");
    } else {
        // 4. 通过 TokenRequest构造器生成 TokenRequest
        tokenRequest = new TokenRequest(new HashMap<>(), clientId, clientDetails.getScope(), "custom");
    }

    // 5. 通过 TokenRequest的 createOAuth2Request方法获取 OAuth2Request
    OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
    // 6. 通过 Authentication和 OAuth2Request构造出 OAuth2Authentication
    OAuth2Authentication auth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);

    // 7. 通过 AuthorizationServerTokenServices 生成 OAuth2AccessToken
    OAuth2AccessToken token = authorizationServerTokenServices.createAccessToken(auth2Authentication);

    // 8. 返回 Token
    log.info("登录成功");
    response.setContentType("application/json;charset=UTF-8");
    response.getWriter().write(new ObjectMapper().writeValueAsString(token));
}
 
Example #7
Source File: CustomToken.java    From spring-security-oauth2-demo with GNU General Public License v3.0 4 votes vote down vote up
@PostMapping("/{type}")
public HttpEntity<?> auth(HttpServletRequest request, @PathVariable String type) {

    // 判断是否是我们自定义的授权类型
    if (!"sms".equalsIgnoreCase(type) && !"email".equalsIgnoreCase(type)) {
        throw new UnsupportedGrantTypeException("Unsupported grant type: " + type);
    }

    log.info(type + " login succeed!");
    // 1. 获取客户端认证信息
    String header = request.getHeader("Authorization");
    if (header == null || !header.toLowerCase().startsWith("basic ")) {
        throw new UnapprovedClientAuthenticationException("请求头中无客户端信息");
    }

    // 解密请求头
    String[] client = extractAndDecodeHeader(header);
    if (client.length != 2) {
        throw new BadCredentialsException("Invalid basic authentication token");
    }
    String clientId = client[0];
    String clientSecret = client[1];

    // 获取客户端信息进行对比判断
    ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
    if (clientDetails == null) {
        throw new UnapprovedClientAuthenticationException("客户端信息不存在:" + clientId);
    } else if (!passwordEncoder.matches(clientSecret, clientDetails.getClientSecret())) {
        throw new UnapprovedClientAuthenticationException("客户端密钥不匹配" + clientSecret);
    }
    // 2. 构建令牌请求
    TokenRequest tokenRequest = new TokenRequest(new HashMap<>(0), clientId, clientDetails.getScope(), "custom");
    // 3. 创建 oauth2 令牌请求
    OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);
    // 4. 获取当前用户信息
    UserDetails userDetails = userDetailsService.loadUserByUsername(request.getParameter(type));
    // 5. 构建用户授权令牌
    Authentication authentication = new UsernamePasswordAuthenticationToken(
            userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities());
    // 6. 构建 oauth2 身份验证令牌
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(oAuth2Request, authentication);
    // 7. 创建令牌
    OAuth2AccessToken accessToken = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
    return ResponseEntity.ok(accessToken);
}
 
Example #8
Source File: PoPAuthenticationManager.java    From OAuth-2.0-Cookbook with MIT License 4 votes vote down vote up
@Override
public Authentication authenticate(Authentication authentication)
    throws AuthenticationException {
    Authentication authenticationResult = authenticationManager
        .authenticate(authentication);

    if (authenticationResult.isAuthenticated()) {
        // validates nonce because JWT is already valid
        if (authentication instanceof PoPAuthenticationToken) {
            PoPAuthenticationToken popAuthentication = (PoPAuthenticationToken) authentication;

            // starts validating nonce here
            String nonce = popAuthentication.getNonce();
            if (nonce == null) {
                throw new UnapprovedClientAuthenticationException(
                    "This request does not have a valid signed nonce");
            }

            String token = (String) popAuthentication.getPrincipal();

            System.out.println("access token:" + token);

            try {
                JWT jwt = JWTParser.parse(token);
                String publicKey = jwt.getJWTClaimsSet().getClaim("public_key").toString();
                JWK jwk = JWK.parse(publicKey);

                JWSObject jwsNonce = JWSObject.parse(nonce);
                JWSVerifier verifier = new RSASSAVerifier((RSAKey) jwk);
                if (!jwsNonce.verify(verifier)) {
                    throw new InvalidTokenException("Client hasn't possession of given token");
                }
            } catch (Exception e) {
                throw new RuntimeException(e);
            }

        }
    }

    return authenticationResult;
}