@PreAuthorize("isAuthenticated()") public Map<String, String> fetchFullToken(String authHeader) { LecUtils.ensureCredentials(blueTokenService.parseClaim(authHeader.substring(LecUtils.TOKEN_PREFIX_LENGTH), BlueTokenService.USER_CLAIM) == null, "com.naturalprogrammer.spring.fullTokenNotAllowed"); UserDto currentUser = LecwUtils.currentUser(); Map<String, Object> claimMap = Collections.singletonMap(BlueTokenService.USER_CLAIM, LecUtils.serialize(currentUser)); // Not serializing converts it to a JsonNode Map<String, String> tokenMap = Collections.singletonMap("token", LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, currentUser.getUsername(), Long.valueOf(properties.getJwt().getShortLivedMillis()), claimMap)); return tokenMap; }
/** * Adds a Lemon-Authorization header to the response */ public void addAuthHeader(HttpServletResponse response, String username, Long expirationMillis) { response.addHeader(LecUtils.TOKEN_RESPONSE_HEADER_NAME, LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, username, expirationMillis)); }
protected ReactiveAuthenticationManager tokenAuthenticationManager() { return authentication -> { log.debug("Authenticating with token ..."); String token = (String) authentication.getCredentials(); JWTClaimsSet claims = blueTokenService.parseToken(token, BlueTokenService.AUTH_AUDIENCE); UserDto userDto = LecUtils.getUserDto(claims); Mono<UserDto> userDtoMono = userDto == null ? fetchUserDto(claims) : Mono.just(userDto); return userDtoMono.map(LemonPrincipal::new) .doOnNext(LemonPrincipal::eraseCredentials) .map(principal -> new UsernamePasswordAuthenticationToken(principal, token, principal.getAuthorities())); }; }
protected void addAuthHeader(ServerHttpResponse response, UserDto userDto, long expirationMillis) { log.debug("Adding auth header for " + userDto.getUsername()); response.getHeaders().add(LecUtils.TOKEN_RESPONSE_HEADER_NAME, LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, userDto.getUsername(), expirationMillis)); }
protected Authentication createAuthToken(String token) { JWTClaimsSet claims = blueTokenService.parseToken(token, BlueTokenService.AUTH_AUDIENCE); UserDto userDto = LecUtils.getUserDto(claims); if (userDto == null) userDto = fetchUserDto(claims); LemonPrincipal principal = new LemonPrincipal(userDto); return new UsernamePasswordAuthenticationToken(principal, token, principal.getAuthorities()); }
@PreAuthorize("isAuthenticated()") public Mono<Map<String, String>> fetchFullToken(String authHeader) { LecUtils.ensureCredentials(blueTokenService.parseClaim(authHeader.substring(LecUtils.TOKEN_PREFIX_LENGTH), BlueTokenService.USER_CLAIM) == null, "com.naturalprogrammer.spring.fullTokenNotAllowed"); return LecrUtils.currentUser().map(optionalUser -> { UserDto currentUser = optionalUser.get(); Map<String, Object> claimMap = Collections.singletonMap(BlueTokenService.USER_CLAIM, LecUtils.serialize(currentUser)); // Not serializing converts it to a JsonNode Map<String, String> tokenMap = Collections.singletonMap("token", LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, currentUser.getUsername(), Long.valueOf(properties.getJwt().getShortLivedMillis()), claimMap)); return tokenMap; }); }
/** * Fetches a new token - for session scrolling etc. * @return */ @PreAuthorize("isAuthenticated()") public String fetchNewToken(Optional<Long> expirationMillis, Optional<String> optionalUsername) { UserDto currentUser = LecwUtils.currentUser(); String username = optionalUsername.orElse(currentUser.getUsername()); LecUtils.ensureAuthority(currentUser.getUsername().equals(username) || currentUser.isGoodAdmin(), "com.naturalprogrammer.spring.notGoodAdminOrSameUser"); return LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, username, expirationMillis.orElse(properties.getJwt().getExpirationMillis())); }
@Override protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { UserDto currentUser = LecwUtils.currentUser(); String shortLivedAuthToken = blueTokenService.createToken( BlueTokenService.AUTH_AUDIENCE, currentUser.getUsername(), (long) properties.getJwt().getShortLivedMillis()); String targetUrl = LecwUtils.fetchCookie(request, HttpCookieOAuth2AuthorizationRequestRepository.LEMON_REDIRECT_URI_COOKIE_PARAM_NAME) .map(Cookie::getValue) .orElse(properties.getOauth2AuthenticationSuccessUrl()); return targetUrl + shortLivedAuthToken; } }
@PreAuthorize("isAuthenticated()") public Mono<Map<String, String>> fetchNewToken(ServerWebExchange exchange) { return Mono.zip(LecrUtils.currentUser(), exchange.getFormData()).map(tuple -> { UserDto currentUser = (UserDto) tuple.getT1().get(); String username = tuple.getT2().getFirst("username"); if (StringUtils.isBlank(username)) username = currentUser.getUsername(); long expirationMillis = getExpirationMillis(tuple.getT2()); LecUtils.ensureAuthority(currentUser.getUsername().equals(username) || currentUser.isGoodAdmin(), "com.naturalprogrammer.spring.notGoodAdminOrSameUser"); return Collections.singletonMap("token", LecUtils.TOKEN_PREFIX + blueTokenService.createToken(blueTokenService.AUTH_AUDIENCE, username, expirationMillis)); }); }