@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client,
TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<String, String>(
tokenRequest.getRequestParameters());
String username = parameters.get("username");
String password = parameters.get("password");
String clientId = client.getClientId();
// Protect from downstream leaks of password
parameters.remove("password");
Authentication userAuth;
if ("foo_app".equalsIgnoreCase(clientId)) {
userAuth = new FooUsernamePasswordAuthenticationToken(username,
password);
} else if ("bar_app".equalsIgnoreCase(clientId)) {
userAuth = new BarUsernamePasswordAuthenticationToken(username,
password);
} else {
throw new InvalidGrantException("Unknown client: " + clientId);
}
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
} catch (BadCredentialsException e) {
// If the username/password are wrong the spec says we should send 400/invalid grant
throw new InvalidGrantException(e.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException(
"Could not authenticate user: " + username);
}
OAuth2Request storedOAuth2Request = getRequestFactory()
.createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
CustomResourceOwnerPasswordTokenGranter.java 文件源码
java
阅读 33
收藏 0
点赞 0
评论 0
项目:spring-auth-example
作者:
评论列表
文章目录
