@Override protected Map<String, Object> createDefaultClaims(Authentication auth) { UserPrincipal user = auth.getUser(); Map<String, Object> claims = new HashMap<>(); claims.put(JWT.CLAIM_JWT_ID, UUID.randomUUID().toString()); claims.put(CLAIM_NAME, user.getLoginName()); return claims; }
@Override public boolean isAuthenticated() { return null != user && !user.isAnonymous(); }
@Override public UserDetails getUserDetails(UserPrincipal user) { if(user instanceof UserDetails) { return (UserDetails)user; } return sc.getUserStore().loadUserDetailsById(user.getId()); }
protected AuthzSSOSession newSession(Request request, Response response, AuthzAuthentication authc) { SimpleAuthzSSOSession session = new SimpleAuthzSSOSession(); UserPrincipal user = authc.getAuthentication().getUser(); String token = authc.getAuthentication().getToken(); Map<String, Object> claims = verifier.verify(token); session.setId((String) claims.get(JWT.CLAIM_JWT_ID)); session.setUserId(user.getIdAsString()); session.setUsername(user.getLoginName()); session.setToken(authc.getAuthentication().getToken()); session.setExpiresIn(config.getDefaultLoginSessionExpires()); session.setCreated(System.currentTimeMillis()); return session; }
@Override public OAuth2AccessToken fetchAndSaveAccessToken(Request request, Authentication authc, String code) { HttpRequest req = hc.request(config.getServerTokenEndpointUrl()) .addFormParam("grant_type", "authorization_code") .addFormParam("code", code) .addHeader("Authorization", "Basic " + Base64.encode(config.getClientId()+":"+config.getClientSecret())); HttpResponse resp = req.post(); if(resp.isOk()) { Map<String, Object> map = JSON.decode(resp.getString()); if(!map.containsKey("error")) { SimpleWacAccessToken at = new SimpleWacAccessToken(); at.setCreated(System.currentTimeMillis()); at.setToken((String)map.get("access_token")); at.setRefreshToken((String)map.get("refresh_token")); at.setExpiresIn((Integer)map.get("expires_in")); at.setUserId(authc.getUser().getIdAsString()); saveAccessToken(request, at); return at; }else{ throw new AuthorizationCodeInvalidException("Cannot obtain access token, authorization code may be invalid : " + map.get("error")); } }else { throw new ObtainAccessTokenFailedException("Obtain access token failed, " + resp.getStatus() + " -> " + resp.getString()); } }
protected AuthzSSOSession newSession(Request request, Response response, AuthzAuthentication authc) { SimpleAuthzSSOSession session = new SimpleAuthzSSOSession(); UserPrincipal user = authc.getAuthentication().getUser(); String token = authc.getAuthentication().getToken(); Map<String, Object> claims = verifier.verify(token); session.setId((String) claims.get(JwtTokenAuthenticator.JWT_ID)); session.setUserId(user.getIdAsString()); session.setUsername(user.getLoginName()); session.setToken(authc.getAuthentication().getToken()); session.setExpiresIn(config.getDefaultLoginSessionExpires()); session.setCreated(System.currentTimeMillis()); return session; }
if(null != user && !user.getIdAsString().equals(at.getUserId())) { removeAccessToken(request); if(null != config.getTokenStore()) {
@Override public String toString() { UserPrincipal user = getUser(); ClientPrincipal client = getClient(); StringBuilder s = new StringBuilder(); s.append("Authc[user=") .append(null == user ? "n/a" : user.getLoginName()) .append(",client=") .append(null == client ? "n/a" : client.getIdAsString()) .append("]") ; return s.toString(); } }
/** * Returns true if the user is not null and not anonymous. */ default boolean isUserAuthenticated() { return null != getUser() && !getUser().isAnonymous(); }
@Override public String[] resolveLogoutUrls(Request request, Response response, LogoutContext context) throws Throwable { Authentication authc = context.getAuthentication(); if(null == authc) { return Arrays2.EMPTY_STRING_ARRAY; } String token = context.getAuthenticationToken(); if(Strings.isEmpty(token)) { throw new IllegalStateException("The authentication token must be exists."); } AuthzSSOStore ss = config.getSSOStore(); AuthzSSOSession session = ss.loadSessionByToken(authc.getUser().getLoginName(), token); if(null == session) { return Arrays2.EMPTY_STRING_ARRAY; } List<AuthzSSOLogin> logins = ss.loadLoginsInSession(session); Set<String> urls = new HashSet<>(); for(AuthzSSOLogin login : logins){ if(!Strings.isEmpty(login.getLogoutUri())) { urls.add(login.getLogoutUri()); } } return urls.toArray(new String[urls.size()]); }
/** * Returns <code>true</code> if the authentication only contains client, no user. */ default boolean isClientOnly() { return hasClient() && (getUser() == null || getUser().isAnonymous()); }
@Override public String[] resolveLogoutUrls(Request request, Response response, LogoutContext context) throws Throwable { Authentication authc = context.getAuthentication(); if(null == authc) { return Arrays2.EMPTY_STRING_ARRAY; } String token = context.getAuthenticationToken(); if(Strings.isEmpty(token)) { throw new IllegalStateException("The authentication token must be exists."); } AuthzSSOStore ss = config.getSSOStore(); AuthzSSOSession session = ss.loadSessionByToken(authc.getUser().getLoginName(), token); if(null == session) { return Arrays2.EMPTY_STRING_ARRAY; } List<AuthzSSOLogin> logins = ss.loadLoginsInSession(session); Set<String> urls = new HashSet<>(); for(AuthzSSOLogin login : logins){ if(!Strings.isEmpty(login.getLogoutUri())) { urls.add(login.getLogoutUri()); } } return urls.toArray(new String[urls.size()]); }
@Override public void onLoginSuccess(Request request, Response response, Authentication authentication) { UserPrincipal user = authentication.getUser(); if(user instanceof UserDetails){ String rememberMe = request.getParameter(securityConfig.getRememberMeParameterName()); if(Converts.toBoolean(rememberMe, false)){ setRememberMeCookie(request,response,user.getLoginName(),((UserDetails) user).getPassword()); }else{ removeCookie(request, response); } } }
@Override public void loginImmediately(Request request, Response response, Authentication authc) { log.debug("User {} logged in", authc.getUser().getLoginName()); saveAuthentication(request, response, authc); if(securityConfig.isAuthenticationTokenEnabled()) { tokenAuthenticationManager.onLoginSuccess(request, response, authc); } if(securityConfig.isRememberMeEnabled() && !authc.isRememberMe()) { rememberMeManager.onLoginSuccess(request, response, authc); } for(AuthenticationResolver h : resolvers) { h.onLoginSuccess(request, response, authc); } }