inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-09-17 14:21:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix PreCommit

Browse Source
This commit is contained in:
rrajoria
2025-05-19 12:56:00 +05:30
parent 04e7b3a316
commit a6d1a7eaa7
1 changed files with 354 additions and 352 deletions
Download Patch File Download Diff File Expand all files Collapse all files

706
repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/SpringBasedIdentityServiceFacade.java
View File

@@ -1,352 +1,354 @@
/* /*
* #%L * #%L
* Alfresco Repository * Alfresco Repository
* %% * %%
* Copyright (C) 2005 - 2025 Alfresco Software Limited * Copyright (C) 2005 - 2025 Alfresco Software Limited
* %% * %%
* This file is part of the Alfresco software. * This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of * If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is * the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms: * provided under the following open source license terms:
* *
* Alfresco is free software: you can redistribute it and/or modify * Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by * it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or * the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* Alfresco is distributed in the hope that it will be useful, * Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details. * GNU Lesser General Public License for more details.
* *
* You should have received a copy of the GNU Lesser General Public License * You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>. * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L% * #L%
*/ */
package org.alfresco.repo.security.authentication.identityservice; package org.alfresco.repo.security.authentication.identityservice;
import static java.util.Objects.requireNonNull; import static java.util.Objects.requireNonNull;
import static org.alfresco.repo.security.authentication.identityservice.IdentityServiceMetadataKey.AUDIENCE; import static org.alfresco.repo.security.authentication.identityservice.IdentityServiceMetadataKey.AUDIENCE;
import java.io.IOException; import java.io.IOException;
import java.net.URI; import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.time.Instant; import java.time.Instant;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import java.util.function.Predicate; import java.util.function.Predicate;
import com.nimbusds.oauth2.sdk.ErrorObject; import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.ParseException; import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken; import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse; import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse;
import com.nimbusds.openid.connect.sdk.UserInfoRequest; import com.nimbusds.openid.connect.sdk.UserInfoRequest;
import com.nimbusds.openid.connect.sdk.UserInfoResponse; import com.nimbusds.openid.connect.sdk.UserInfoResponse;
import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse; import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.core.convert.converter.Converter; import org.springframework.core.convert.converter.Converter;
import org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest; import org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest;
import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest; import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter; import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter;
import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest; import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails; import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails;
import org.springframework.security.oauth2.core.AbstractOAuth2Token; import org.springframework.security.oauth2.core.AbstractOAuth2Token;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType; import org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2RefreshToken; import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap; import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestOperations; import org.springframework.web.client.RestOperations;
class SpringBasedIdentityServiceFacade implements IdentityServiceFacade class SpringBasedIdentityServiceFacade implements IdentityServiceFacade
{ {
private static final Log LOGGER = LogFactory.getLog(SpringBasedIdentityServiceFacade.class); private static final Log LOGGER = LogFactory.getLog(SpringBasedIdentityServiceFacade.class);
private static final Instant SOME_INSIGNIFICANT_DATE_IN_THE_PAST = Instant.MIN.plusSeconds(12345); private static final Instant SOME_INSIGNIFICANT_DATE_IN_THE_PAST = Instant.MIN.plusSeconds(12345);
private final Map<AuthorizationGrantType, OAuth2AccessTokenResponseClient> clients; private final Map<AuthorizationGrantType, OAuth2AccessTokenResponseClient> clients;
private final ClientRegistration clientRegistration; private final ClientRegistration clientRegistration;
private final JwtDecoder jwtDecoder; private final JwtDecoder jwtDecoder;
SpringBasedIdentityServiceFacade(RestOperations restOperations, ClientRegistration clientRegistration, SpringBasedIdentityServiceFacade(RestOperations restOperations, ClientRegistration clientRegistration,
JwtDecoder jwtDecoder) JwtDecoder jwtDecoder)
{ {
requireNonNull(restOperations); requireNonNull(restOperations);
this.clientRegistration = requireNonNull(clientRegistration); this.clientRegistration = requireNonNull(clientRegistration);
this.jwtDecoder = requireNonNull(jwtDecoder); this.jwtDecoder = requireNonNull(jwtDecoder);
this.clients = Map.of( this.clients = Map.of(
AuthorizationGrantType.AUTHORIZATION_CODE, createAuthorizationCodeClient(restOperations), AuthorizationGrantType.AUTHORIZATION_CODE, createAuthorizationCodeClient(restOperations),
AuthorizationGrantType.REFRESH_TOKEN, createRefreshTokenClient(restOperations), AuthorizationGrantType.REFRESH_TOKEN, createRefreshTokenClient(restOperations),
AuthorizationGrantType.PASSWORD, createPasswordClient(restOperations, clientRegistration)); AuthorizationGrantType.PASSWORD, createPasswordClient(restOperations, clientRegistration));
} }
@Override @Override
public AccessTokenAuthorization authorize(AuthorizationGrant authorizationGrant) public AccessTokenAuthorization authorize(AuthorizationGrant authorizationGrant)
{ {
final AbstractOAuth2AuthorizationGrantRequest request = createRequest(authorizationGrant); final AbstractOAuth2AuthorizationGrantRequest request = createRequest(authorizationGrant);
final OAuth2AccessTokenResponseClient client = getClient(request); final OAuth2AccessTokenResponseClient client = getClient(request);
final OAuth2AccessTokenResponse response; final OAuth2AccessTokenResponse response;
try try
{ {
response = client.getTokenResponse(request); response = client.getTokenResponse(request);
} }
catch (OAuth2AuthorizationException e) { catch (OAuth2AuthorizationException e)
LOGGER.debug("Failed to authorize against Authorization Server. Reason: " + e.getError() + "."); {
throw new AuthorizationException("Failed to obtain access token. " + e.getError(), e); LOGGER.debug("Failed to authorize against Authorization Server. Reason: " + e.getError() + ".");
} throw new AuthorizationException("Failed to obtain access token. " + e.getError(), e);
catch (RuntimeException e) { }
LOGGER.warn("Failed to authorize against Authorization Server. Reason: " + e.getMessage()); catch (RuntimeException e)
throw new AuthorizationException("Failed to obtain access token.", e); {
} LOGGER.warn("Failed to authorize against Authorization Server. Reason: " + e.getMessage());
throw new AuthorizationException("Failed to obtain access token.", e);
return new SpringAccessTokenAuthorization(response); }
}
return new SpringAccessTokenAuthorization(response);
@Override }
public Optional<OIDCUserInfo> getUserInfo(String tokenParameter, String principalAttribute)
{ @Override
return Optional.ofNullable(tokenParameter) public Optional<OIDCUserInfo> getUserInfo(String tokenParameter, String principalAttribute)
.filter(Predicate.not(String::isEmpty)) {
.flatMap(token -> Optional.ofNullable(clientRegistration) return Optional.ofNullable(tokenParameter)
.map(ClientRegistration::getProviderDetails) .filter(Predicate.not(String::isEmpty))
.map(ClientRegistration.ProviderDetails::getUserInfoEndpoint) .flatMap(token -> Optional.ofNullable(clientRegistration)
.map(ClientRegistration.ProviderDetails.UserInfoEndpoint::getUri) .map(ClientRegistration::getProviderDetails)
.flatMap(uri -> { .map(ClientRegistration.ProviderDetails::getUserInfoEndpoint)
try .map(ClientRegistration.ProviderDetails.UserInfoEndpoint::getUri)
{ .flatMap(uri -> {
return Optional.of( try
new UserInfoRequest(new URI(uri), new BearerAccessToken(token)).toHTTPRequest().send()); {
} return Optional.of(
catch (IOException | URISyntaxException e) new UserInfoRequest(new URI(uri), new BearerAccessToken(token)).toHTTPRequest().send());
{ }
LOGGER.warn("Failed to get user information. Reason: " + e.getMessage()); catch (IOException | URISyntaxException e)
return Optional.empty(); {
} LOGGER.warn("Failed to get user information. Reason: " + e.getMessage());
}) return Optional.empty();
.flatMap(httpResponse -> { }
try })
{ .flatMap(httpResponse -> {
UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse); try
{
if (userInfoResponse instanceof UserInfoErrorResponse userInfoErrorResponse) UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);
{
String errorMessage = Optional.ofNullable(userInfoErrorResponse.getErrorObject()) if (userInfoResponse instanceof UserInfoErrorResponse userInfoErrorResponse)
.map(ErrorObject::getDescription) {
.orElse("No error description found"); String errorMessage = Optional.ofNullable(userInfoErrorResponse.getErrorObject())
LOGGER.warn("User Info Request failed: " + errorMessage); .map(ErrorObject::getDescription)
throw new UserInfoException(errorMessage); .orElse("No error description found");
} LOGGER.warn("User Info Request failed: " + errorMessage);
return Optional.of(userInfoResponse); throw new UserInfoException(errorMessage);
} }
catch (ParseException e) return Optional.of(userInfoResponse);
{ }
LOGGER.warn("Failed to parse user info response. Reason: " + e.getMessage()); catch (ParseException e)
return Optional.empty(); {
} LOGGER.warn("Failed to parse user info response. Reason: " + e.getMessage());
}) return Optional.empty();
.map(UserInfoResponse::toSuccessResponse) }
.map(UserInfoSuccessResponse::getUserInfo)) })
.map(userInfo -> new OIDCUserInfo(userInfo.getStringClaim(principalAttribute), userInfo.getGivenName(), .map(UserInfoResponse::toSuccessResponse)
userInfo.getFamilyName(), userInfo.getEmailAddress())); .map(UserInfoSuccessResponse::getUserInfo))
} .map(userInfo -> new OIDCUserInfo(userInfo.getStringClaim(principalAttribute), userInfo.getGivenName(),
userInfo.getFamilyName(), userInfo.getEmailAddress()));
@Override }
public ClientRegistration getClientRegistration()
{ @Override
return clientRegistration; public ClientRegistration getClientRegistration()
} {
return clientRegistration;
@Override }
public DecodedAccessToken decodeToken(String token)
{ @Override
final Jwt validToken; public DecodedAccessToken decodeToken(String token)
try {
{ final Jwt validToken;
validToken = jwtDecoder.decode(token); try
} {
catch (RuntimeException e) validToken = jwtDecoder.decode(token);
{ }
throw new TokenDecodingException("Failed to decode token. " + e.getMessage(), e); catch (RuntimeException e)
} {
if (LOGGER.isDebugEnabled()) throw new TokenDecodingException("Failed to decode token. " + e.getMessage(), e);
{ }
LOGGER.debug("Bearer token outcome: " + validToken.getClaims()); if (LOGGER.isDebugEnabled())
} {
return new SpringDecodedAccessToken(validToken); LOGGER.debug("Bearer token outcome: " + validToken.getClaims());
} }
return new SpringDecodedAccessToken(validToken);
private AbstractOAuth2AuthorizationGrantRequest createRequest(AuthorizationGrant grant) }
{
if (grant.isPassword()) private AbstractOAuth2AuthorizationGrantRequest createRequest(AuthorizationGrant grant)
{ {
return new OAuth2PasswordGrantRequest(clientRegistration, grant.getUsername(), grant.getPassword()); if (grant.isPassword())
} {
return new OAuth2PasswordGrantRequest(clientRegistration, grant.getUsername(), grant.getPassword());
if (grant.isRefreshToken()) }
{
final OAuth2AccessToken expiredAccessToken = new OAuth2AccessToken( if (grant.isRefreshToken())
TokenType.BEARER, {
"JUST_FOR_FULFILLING_THE_SPRING_API", final OAuth2AccessToken expiredAccessToken = new OAuth2AccessToken(
SOME_INSIGNIFICANT_DATE_IN_THE_PAST, TokenType.BEARER,
SOME_INSIGNIFICANT_DATE_IN_THE_PAST.plusSeconds(1)); "JUST_FOR_FULFILLING_THE_SPRING_API",
final OAuth2RefreshToken refreshToken = new OAuth2RefreshToken(grant.getRefreshToken(), null); SOME_INSIGNIFICANT_DATE_IN_THE_PAST,
SOME_INSIGNIFICANT_DATE_IN_THE_PAST.plusSeconds(1));
return new OAuth2RefreshTokenGrantRequest(clientRegistration, expiredAccessToken, refreshToken, final OAuth2RefreshToken refreshToken = new OAuth2RefreshToken(grant.getRefreshToken(), null);
clientRegistration.getScopes());
} return new OAuth2RefreshTokenGrantRequest(clientRegistration, expiredAccessToken, refreshToken,
clientRegistration.getScopes());
if (grant.isAuthorizationCode()) }
{
final OAuth2AuthorizationExchange authzExchange = new OAuth2AuthorizationExchange( if (grant.isAuthorizationCode())
OAuth2AuthorizationRequest.authorizationCode() {
.clientId(clientRegistration.getClientId()) final OAuth2AuthorizationExchange authzExchange = new OAuth2AuthorizationExchange(
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) OAuth2AuthorizationRequest.authorizationCode()
.redirectUri(grant.getRedirectUri()) .clientId(clientRegistration.getClientId())
.scopes(clientRegistration.getScopes()) .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
.build(), .redirectUri(grant.getRedirectUri())
OAuth2AuthorizationResponse.success(grant.getAuthorizationCode()) .scopes(clientRegistration.getScopes())
.redirectUri(grant.getRedirectUri()) .build(),
.build()); OAuth2AuthorizationResponse.success(grant.getAuthorizationCode())
return new OAuth2AuthorizationCodeGrantRequest(clientRegistration, authzExchange); .redirectUri(grant.getRedirectUri())
} .build());
return new OAuth2AuthorizationCodeGrantRequest(clientRegistration, authzExchange);
throw new UnsupportedOperationException("Unsupported grant type."); }
}
throw new UnsupportedOperationException("Unsupported grant type.");
private OAuth2AccessTokenResponseClient getClient(AbstractOAuth2AuthorizationGrantRequest request) }
{
final AuthorizationGrantType grantType = request.getGrantType(); private OAuth2AccessTokenResponseClient getClient(AbstractOAuth2AuthorizationGrantRequest request)
final OAuth2AccessTokenResponseClient client = clients.get(grantType); {
if (client == null) final AuthorizationGrantType grantType = request.getGrantType();
{ final OAuth2AccessTokenResponseClient client = clients.get(grantType);
throw new UnsupportedOperationException("Unsupported grant type `" + grantType + "`."); if (client == null)
} {
return client; throw new UnsupportedOperationException("Unsupported grant type `" + grantType + "`.");
} }
return client;
private static OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> createAuthorizationCodeClient( }
RestOperations rest)
{ private static OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> createAuthorizationCodeClient(
final DefaultAuthorizationCodeTokenResponseClient client = new DefaultAuthorizationCodeTokenResponseClient(); RestOperations rest)
client.setRestOperations(rest); {
return client; final DefaultAuthorizationCodeTokenResponseClient client = new DefaultAuthorizationCodeTokenResponseClient();
} client.setRestOperations(rest);
return client;
private static OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> createRefreshTokenClient( }
RestOperations rest)
{ private static OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> createRefreshTokenClient(
final DefaultRefreshTokenTokenResponseClient client = new DefaultRefreshTokenTokenResponseClient(); RestOperations rest)
client.setRestOperations(rest); {
return client; final DefaultRefreshTokenTokenResponseClient client = new DefaultRefreshTokenTokenResponseClient();
} client.setRestOperations(rest);
return client;
private static OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> createPasswordClient(RestOperations rest, }
ClientRegistration clientRegistration)
{ private static OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> createPasswordClient(RestOperations rest,
final DefaultPasswordTokenResponseClient client = new DefaultPasswordTokenResponseClient(); ClientRegistration clientRegistration)
client.setRestOperations(rest); {
Optional.of(clientRegistration) final DefaultPasswordTokenResponseClient client = new DefaultPasswordTokenResponseClient();
.map(ClientRegistration::getProviderDetails) client.setRestOperations(rest);
.map(ProviderDetails::getConfigurationMetadata) Optional.of(clientRegistration)
.map(metadata -> metadata.get(AUDIENCE.getValue())) .map(ClientRegistration::getProviderDetails)
.filter(String.class::isInstance) .map(ProviderDetails::getConfigurationMetadata)
.map(String.class::cast) .map(metadata -> metadata.get(AUDIENCE.getValue()))
.ifPresent(audienceValue -> { .filter(String.class::isInstance)
final OAuth2PasswordGrantRequestEntityConverter requestEntityConverter = new OAuth2PasswordGrantRequestEntityConverter(); .map(String.class::cast)
requestEntityConverter.addParametersConverter(audienceParameterConverter(audienceValue)); .ifPresent(audienceValue -> {
client.setRequestEntityConverter(requestEntityConverter); final OAuth2PasswordGrantRequestEntityConverter requestEntityConverter = new OAuth2PasswordGrantRequestEntityConverter();
}); requestEntityConverter.addParametersConverter(audienceParameterConverter(audienceValue));
return client; client.setRequestEntityConverter(requestEntityConverter);
} });
return client;
private static Converter<OAuth2PasswordGrantRequest, MultiValueMap<String, String>> audienceParameterConverter( }
String audienceValue)
{ private static Converter<OAuth2PasswordGrantRequest, MultiValueMap<String, String>> audienceParameterConverter(
return (grantRequest) -> { String audienceValue)
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(); {
parameters.set("audience", audienceValue); return (grantRequest) -> {
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
return parameters; parameters.set("audience", audienceValue);
};
} return parameters;
};
private static class SpringAccessTokenAuthorization implements AccessTokenAuthorization }
{
private final OAuth2AccessTokenResponse tokenResponse; private static class SpringAccessTokenAuthorization implements AccessTokenAuthorization
{
private SpringAccessTokenAuthorization(OAuth2AccessTokenResponse tokenResponse) private final OAuth2AccessTokenResponse tokenResponse;
{
this.tokenResponse = requireNonNull(tokenResponse); private SpringAccessTokenAuthorization(OAuth2AccessTokenResponse tokenResponse)
} {
this.tokenResponse = requireNonNull(tokenResponse);
@Override }
public AccessToken getAccessToken()
{ @Override
return new SpringAccessToken(tokenResponse.getAccessToken()); public AccessToken getAccessToken()
} {
return new SpringAccessToken(tokenResponse.getAccessToken());
@Override }
public String getRefreshTokenValue()
{ @Override
return Optional.of(tokenResponse) public String getRefreshTokenValue()
.map(OAuth2AccessTokenResponse::getRefreshToken) {
.map(AbstractOAuth2Token::getTokenValue) return Optional.of(tokenResponse)
.orElse(null); .map(OAuth2AccessTokenResponse::getRefreshToken)
} .map(AbstractOAuth2Token::getTokenValue)
} .orElse(null);
}
private static class SpringAccessToken implements AccessToken }
{
private final AbstractOAuth2Token token; private static class SpringAccessToken implements AccessToken
{
private SpringAccessToken(AbstractOAuth2Token token) private final AbstractOAuth2Token token;
{
this.token = requireNonNull(token); private SpringAccessToken(AbstractOAuth2Token token)
} {
this.token = requireNonNull(token);
@Override }
public String getTokenValue()
{ @Override
return token.getTokenValue(); public String getTokenValue()
} {
return token.getTokenValue();
@Override }
public Instant getExpiresAt()
{ @Override
return token.getExpiresAt(); public Instant getExpiresAt()
} {
} return token.getExpiresAt();
}
private static class SpringDecodedAccessToken extends SpringAccessToken implements DecodedAccessToken }
{
private final Jwt jwt; private static class SpringDecodedAccessToken extends SpringAccessToken implements DecodedAccessToken
{
private SpringDecodedAccessToken(Jwt jwt) private final Jwt jwt;
{
super(jwt); private SpringDecodedAccessToken(Jwt jwt)
this.jwt = jwt; {
} super(jwt);
this.jwt = jwt;
@Override }
public Object getClaim(String claim)
{ @Override
return jwt.getClaim(claim); public Object getClaim(String claim)
} {
} return jwt.getClaim(claim);
} }
}
}