|
1 | 1 | /* |
2 | | - * Copyright 2020 the original author or authors. |
| 2 | + * Copyright 2020-2021 the original author or authors. |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
5 | 5 | * you may not use this file except in compliance with the License. |
|
15 | 15 | */ |
16 | 16 | package org.springframework.security.oauth2.server.authorization.authentication; |
17 | 17 |
|
| 18 | +import java.util.Collections; |
| 19 | +import java.util.Map; |
| 20 | + |
18 | 21 | import org.springframework.lang.Nullable; |
19 | 22 | import org.springframework.security.authentication.AbstractAuthenticationToken; |
20 | 23 | import org.springframework.security.core.Authentication; |
|
23 | 26 | import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; |
24 | 27 | import org.springframework.util.Assert; |
25 | 28 |
|
26 | | -import java.util.Collections; |
27 | | -import java.util.Map; |
28 | | - |
29 | 29 | /** |
30 | 30 | * An {@link Authentication} implementation used for OAuth 2.0 Client Authentication. |
31 | 31 | * |
|
39 | 39 | */ |
40 | 40 | public class OAuth2ClientAuthenticationToken extends AbstractAuthenticationToken { |
41 | 41 | private static final long serialVersionUID = Version.SERIAL_VERSION_UID; |
42 | | - private String clientId; |
43 | | - private String clientSecret; |
44 | | - private ClientAuthenticationMethod clientAuthenticationMethod; |
45 | | - private Map<String, Object> additionalParameters; |
46 | | - private RegisteredClient registeredClient; |
| 42 | + private final String clientId; |
| 43 | + private final RegisteredClient registeredClient; |
| 44 | + private final ClientAuthenticationMethod clientAuthenticationMethod; |
| 45 | + private final Object credentials; |
| 46 | + private final Map<String, Object> additionalParameters; |
47 | 47 |
|
48 | 48 | /** |
49 | 49 | * Constructs an {@code OAuth2ClientAuthenticationToken} using the provided parameters. |
50 | 50 | * |
51 | 51 | * @param clientId the client identifier |
52 | | - * @param clientSecret the client secret |
53 | 52 | * @param clientAuthenticationMethod the authentication method used by the client |
| 53 | + * @param credentials the client credentials |
54 | 54 | * @param additionalParameters the additional parameters |
55 | 55 | */ |
56 | | - public OAuth2ClientAuthenticationToken(String clientId, String clientSecret, |
57 | | - ClientAuthenticationMethod clientAuthenticationMethod, |
58 | | - @Nullable Map<String, Object> additionalParameters) { |
59 | | - this(clientId, additionalParameters); |
60 | | - Assert.hasText(clientSecret, "clientSecret cannot be empty"); |
61 | | - Assert.notNull(clientAuthenticationMethod, "clientAuthenticationMethod cannot be null"); |
62 | | - this.clientSecret = clientSecret; |
63 | | - this.clientAuthenticationMethod = clientAuthenticationMethod; |
64 | | - } |
65 | | - |
66 | | - /** |
67 | | - * Constructs an {@code OAuth2ClientAuthenticationToken} using the provided parameters. |
68 | | - * |
69 | | - * @param clientId the client identifier |
70 | | - * @param additionalParameters the additional parameters |
71 | | - */ |
72 | | - public OAuth2ClientAuthenticationToken(String clientId, |
73 | | - @Nullable Map<String, Object> additionalParameters) { |
| 56 | + public OAuth2ClientAuthenticationToken(String clientId, ClientAuthenticationMethod clientAuthenticationMethod, |
| 57 | + @Nullable Object credentials, @Nullable Map<String, Object> additionalParameters) { |
74 | 58 | super(Collections.emptyList()); |
75 | 59 | Assert.hasText(clientId, "clientId cannot be empty"); |
| 60 | + Assert.notNull(clientAuthenticationMethod, "clientAuthenticationMethod cannot be null"); |
76 | 61 | this.clientId = clientId; |
77 | | - this.additionalParameters = additionalParameters != null ? |
78 | | - Collections.unmodifiableMap(additionalParameters) : null; |
79 | | - this.clientAuthenticationMethod = ClientAuthenticationMethod.NONE; |
| 62 | + this.registeredClient = null; |
| 63 | + this.clientAuthenticationMethod = clientAuthenticationMethod; |
| 64 | + this.credentials = credentials; |
| 65 | + this.additionalParameters = Collections.unmodifiableMap( |
| 66 | + additionalParameters != null ? additionalParameters : Collections.emptyMap()); |
80 | 67 | } |
81 | 68 |
|
82 | 69 | /** |
83 | 70 | * Constructs an {@code OAuth2ClientAuthenticationToken} using the provided parameters. |
84 | 71 | * |
85 | | - * @param registeredClient the registered client |
| 72 | + * @param registeredClient the authenticated registered client |
| 73 | + * @param clientAuthenticationMethod the authentication method used by the client |
| 74 | + * @param credentials the client credentials |
86 | 75 | */ |
87 | | - public OAuth2ClientAuthenticationToken(RegisteredClient registeredClient) { |
| 76 | + public OAuth2ClientAuthenticationToken(RegisteredClient registeredClient, ClientAuthenticationMethod clientAuthenticationMethod, |
| 77 | + @Nullable Object credentials) { |
88 | 78 | super(Collections.emptyList()); |
89 | 79 | Assert.notNull(registeredClient, "registeredClient cannot be null"); |
| 80 | + Assert.notNull(clientAuthenticationMethod, "clientAuthenticationMethod cannot be null"); |
| 81 | + this.clientId = registeredClient.getClientId(); |
90 | 82 | this.registeredClient = registeredClient; |
| 83 | + this.clientAuthenticationMethod = clientAuthenticationMethod; |
| 84 | + this.credentials = credentials; |
| 85 | + this.additionalParameters = Collections.unmodifiableMap(Collections.emptyMap()); |
91 | 86 | setAuthenticated(true); |
92 | 87 | } |
93 | 88 |
|
94 | 89 | @Override |
95 | 90 | public Object getPrincipal() { |
96 | | - return this.registeredClient != null ? |
97 | | - this.registeredClient.getClientId() : |
98 | | - this.clientId; |
| 91 | + return this.clientId; |
99 | 92 | } |
100 | 93 |
|
| 94 | + @Nullable |
101 | 95 | @Override |
102 | 96 | public Object getCredentials() { |
103 | | - return this.clientSecret; |
| 97 | + return this.credentials; |
104 | 98 | } |
105 | 99 |
|
106 | 100 | /** |
107 | | - * Returns the additional parameters |
| 101 | + * Returns the authenticated {@link RegisteredClient registered client}, or {@code null} if not authenticated. |
108 | 102 | * |
109 | | - * @return the additional parameters |
| 103 | + * @return the authenticated {@link RegisteredClient}, or {@code null} if not authenticated |
110 | 104 | */ |
111 | | - public @Nullable Map<String, Object> getAdditionalParameters() { |
112 | | - return this.additionalParameters; |
| 105 | + @Nullable |
| 106 | + public RegisteredClient getRegisteredClient() { |
| 107 | + return this.registeredClient; |
113 | 108 | } |
114 | 109 |
|
115 | 110 | /** |
116 | | - * Returns the {@link RegisteredClient registered client}. |
| 111 | + * Returns the {@link ClientAuthenticationMethod authentication method} used by the client. |
117 | 112 | * |
118 | | - * @return the {@link RegisteredClient} |
| 113 | + * @return the {@link ClientAuthenticationMethod} used by the client |
119 | 114 | */ |
120 | | - public @Nullable RegisteredClient getRegisteredClient() { |
121 | | - return this.registeredClient; |
| 115 | + public ClientAuthenticationMethod getClientAuthenticationMethod() { |
| 116 | + return this.clientAuthenticationMethod; |
122 | 117 | } |
123 | 118 |
|
124 | 119 | /** |
125 | | - * Returns the {@link ClientAuthenticationMethod client authentication method}. |
| 120 | + * Returns the additional parameters. |
126 | 121 | * |
127 | | - * @return the {@link ClientAuthenticationMethod} |
| 122 | + * @return the additional parameters |
128 | 123 | */ |
129 | | - public @Nullable ClientAuthenticationMethod getClientAuthenticationMethod() { |
130 | | - return this.clientAuthenticationMethod; |
| 124 | + public Map<String, Object> getAdditionalParameters() { |
| 125 | + return this.additionalParameters; |
131 | 126 | } |
| 127 | + |
132 | 128 | } |
0 commit comments