-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature : Create more selective pointcuts (refer to README)
- Loading branch information
1 parent
d8503dc
commit f542bcb
Showing
53 changed files
with
430 additions
and
215 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...helper/oauth2/client/config/response/error/exception/ErrorMessagesContainedException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...yhelper/oauth2/client/config/response/error/exception/data/ResourceNotFoundException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
...urityhelper/oauth2/client/config/securityimpl/response/CustomAccessDeniedHandlerImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package com.patternknife.securityhelper.oauth2.client.config.securityimpl.response; | ||
|
||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.beans.factory.annotation.Qualifier; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.access.AccessDeniedException; | ||
import org.springframework.security.web.access.AccessDeniedHandler; | ||
import org.springframework.web.servlet.HandlerExceptionResolver; | ||
|
||
import java.io.IOException; | ||
|
||
@Configuration | ||
@RequiredArgsConstructor | ||
public class CustomAccessDeniedHandlerImpl implements AccessDeniedHandler { | ||
|
||
@Qualifier("handlerExceptionResolver") | ||
private final HandlerExceptionResolver resolver; | ||
|
||
@Override | ||
public void handle(HttpServletRequest request, HttpServletResponse response, | ||
AccessDeniedException accessDeniedException) throws IOException { | ||
|
||
resolver.resolveException(request, response, null, accessDeniedException); | ||
} | ||
} |
25 changes: 25 additions & 0 deletions
25
...helper/oauth2/client/config/securityimpl/response/CustomAuthenticationEntryPointImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package com.patternknife.securityhelper.oauth2.client.config.securityimpl.response; | ||
|
||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.beans.factory.annotation.Qualifier; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.core.AuthenticationException; | ||
import org.springframework.security.web.AuthenticationEntryPoint; | ||
import org.springframework.web.servlet.HandlerExceptionResolver; | ||
|
||
import java.io.IOException; | ||
|
||
@Configuration | ||
@RequiredArgsConstructor | ||
public class CustomAuthenticationEntryPointImpl implements AuthenticationEntryPoint { | ||
|
||
@Qualifier("handlerExceptionResolver") | ||
private final HandlerExceptionResolver resolver; | ||
|
||
@Override | ||
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ex) throws IOException { | ||
resolver.resolveException(request, response, null, ex); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
87 changes: 87 additions & 0 deletions
87
...er/oauth2/client/config/securityimpl/response/CustomAuthenticationSuccessHandlerImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
package com.patternknife.securityhelper.oauth2.client.config.securityimpl.response; | ||
|
||
|
||
import io.github.patternknife.securityhelper.oauth2.api.config.security.message.DefaultSecurityUserExceptionMessage; | ||
import io.github.patternknife.securityhelper.oauth2.api.config.security.message.ISecurityUserExceptionMessageService; | ||
import io.github.patternknife.securityhelper.oauth2.api.config.security.response.error.dto.ErrorMessages; | ||
import io.github.patternknife.securityhelper.oauth2.api.config.security.response.error.exception.KnifeOauth2AuthenticationException; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.http.converter.HttpMessageConverter; | ||
import org.springframework.http.server.ServletServerHttpResponse; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.oauth2.core.AuthorizationGrantType; | ||
import org.springframework.security.oauth2.core.OAuth2AccessToken; | ||
import org.springframework.security.oauth2.core.OAuth2RefreshToken; | ||
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; | ||
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter; | ||
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken; | ||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; | ||
|
||
import java.io.IOException; | ||
import java.time.Instant; | ||
import java.time.temporal.ChronoUnit; | ||
import java.util.Map; | ||
|
||
@Configuration | ||
@RequiredArgsConstructor | ||
public class CustomAuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler { | ||
|
||
private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter = | ||
new OAuth2AccessTokenResponseHttpMessageConverter(); | ||
|
||
private final ISecurityUserExceptionMessageService iSecurityUserExceptionMessageService; | ||
|
||
@Override | ||
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException { | ||
|
||
|
||
final OAuth2AccessTokenAuthenticationToken accessTokenAuthentication=(OAuth2AccessTokenAuthenticationToken)authentication; | ||
|
||
OAuth2AccessToken accessToken = accessTokenAuthentication.getAccessToken(); | ||
OAuth2RefreshToken refreshToken = accessTokenAuthentication.getRefreshToken(); | ||
Map<String, Object> additionalParameters = accessTokenAuthentication.getAdditionalParameters(); | ||
/* Map<String, Object> additionalParameters = accessTokenAuthentication.getAdditionalParameters(); | ||
// Lookup the authorization using the access token | ||
OAuth2Authorization authorization = this.authorizationService.findByToken( | ||
accessToken.getTokenValue(), OAuth2TokenType.ACCESS_TOKEN); | ||
Map<String, Object> opaqueTokenClaims = authorization.getAccessToken().getClaims(); | ||
Authentication userPrincipal = authorization.getAttribute(Principal.class.getName());*/ | ||
|
||
OAuth2AccessTokenResponse.Builder builder = | ||
OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()) | ||
.tokenType(accessToken.getTokenType()) | ||
.scopes(accessToken.getScopes()); | ||
if(((String)additionalParameters.get("grant_type")).equals(AuthorizationGrantType.PASSWORD.getValue())){ | ||
if(accessToken.getExpiresAt() != null) { | ||
builder.expiresIn(ChronoUnit.SECONDS.between(Instant.now(), accessToken.getExpiresAt())); | ||
} | ||
}else if(((String)additionalParameters.get("grant_type")).equals(AuthorizationGrantType.REFRESH_TOKEN.getValue())){ | ||
assert refreshToken != null; | ||
if(refreshToken.getExpiresAt() != null) { | ||
builder.expiresIn(ChronoUnit.SECONDS.between(Instant.now(), refreshToken.getExpiresAt())); | ||
} | ||
}else{ | ||
throw new KnifeOauth2AuthenticationException(ErrorMessages.builder().message("Wrong grant type from Req : " + (String)additionalParameters.get("grant_type")).userMessage(iSecurityUserExceptionMessageService.getUserMessage(DefaultSecurityUserExceptionMessage.AUTHENTICATION_WRONG_GRANT_TYPE)).build()); | ||
} | ||
|
||
|
||
if (refreshToken != null) { | ||
builder.refreshToken(refreshToken.getTokenValue()); | ||
} | ||
/* if (!CollectionUtils.isEmpty(additionalParameters)) { | ||
builder.additionalParameters(additionalParameters); | ||
}*/ | ||
|
||
// TODO Add custom response parameters using `opaqueTokenClaims` and/or `userPrincipal` | ||
|
||
|
||
OAuth2AccessTokenResponse accessTokenResponse = builder.build(); | ||
ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response); | ||
this.accessTokenHttpResponseConverter.write(accessTokenResponse, null, httpResponse); | ||
} | ||
} |
Oops, something went wrong.