下面列出了怎么用org.springframework.security.authentication.AccountStatusException的API类实例代码及写法,或者点击链接到github查看源代码。
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<>(tokenRequest.getRequestParameters());
String username = parameters.get("phone");
String password = parameters.get("password");
// Protect from downstream leaks of password
parameters.remove("password");
Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException | BadCredentialsException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
} // If the username/password are wrong the spec says we should send 400/invalid grant
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException("Could not authenticate user: " + username);
}
return new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), userAuth);
}
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
String openId = parameters.get("openid");
String provider = parameters.get("provider");
Authentication userAuth = new OpenIdAuthenticationToken(openId,provider);
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException | BadCredentialsException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException("Could not authenticate user: " + openId);
}
OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
String authorizationCode = parameters.get("authorizationCode");
String provider = parameters.get("provider");
Authentication userAuth = new AcAuthenticationToken(authorizationCode, provider);
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException | BadCredentialsException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException("Could not authenticate user: " + authorizationCode);
}
OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
String phoneNumber = parameters.get("phoneNumber");
String credential = parameters.get("credential");
String token = parameters.get("token");
Authentication userAuth = new SmsAuthenticationToken(phoneNumber, credential, token);
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException | BadCredentialsException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException("Could not authenticate user: " + phoneNumber);
}
OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
String username = parameters.get("username");
String password = parameters.get("password");
// Protect from downstream leaks of password
parameters.remove("password");
Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
try {
userAuth = authenticationManager.authenticate(userAuth);
}
catch (AccountStatusException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
}
catch (BadCredentialsException e) {
// If the username/password are wrong the spec says we should send 400/invlid grant
throw new InvalidGrantException(e.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException("Could not authenticate user: " + username);
}
OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
@Override
public Map<String, Object> grant(OauthClient client, String grantType, Map<String, String> parameters) {
Map<String, Object> result = new HashMap<>();
result.put("status", 0);
String username = parameters.get("username");
String password = parameters.get("password");
String clientId = parameters.get("client_id");
String scope = parameters.get("scope");
if (!GRANT_TYPE.equals(grantType)) {
return result;
}
Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new OAuth2Exception(ase.getMessage(), HttpStatus.UNAUTHORIZED, "invalid_request");
} catch (BadCredentialsException e) {
// If the username/password are wrong the spec says we should send 400/invalid grant
throw new OAuth2Exception(e.getMessage(), HttpStatus.UNAUTHORIZED, "invalid_request");
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new OAuth2Exception("Could not authenticate user: " + username, HttpStatus.UNAUTHORIZED, "invalid_request");
}
Date now = new Date();
Date tokenExpiration = Date.from(LocalDateTime.now().plusSeconds(client.getAccessTokenValidity()).atZone(ZoneId.systemDefault()).toInstant());
Date refreshTokenExpiration = Date.from(LocalDateTime.now().plusSeconds(client.getAccessTokenValidity()).atZone(ZoneId.systemDefault()).toInstant());
UserInfo userInfo = (UserInfo) userAuth.getPrincipal();
String tokenId = UUID.randomUUID().toString();
String accessToken = Jwts.builder()
.setHeaderParam("alg", "HS256")
.setHeaderParam("typ", "JWT")
.claim("accountOpenCode", userInfo.getAccountOpenCode())
.setIssuer(issuer)
.setSubject(userInfo.getUsername())
.setAudience(clientId)
.claim("roles", userInfo.getAuthorities().stream().map(e -> e.getAuthority()).collect(Collectors.toList()))
.setExpiration(tokenExpiration)
.setNotBefore(now)
.setIssuedAt(now)
.setId(tokenId)
.signWith(keyPair.getPrivate())
.compact();
String refreshToken = Jwts.builder()
.setHeaderParam("alg", "HS256")
.setHeaderParam("typ", "JWT")
.claim("accountOpenCode", userInfo.getAccountOpenCode())
.claim("jti", tokenId)
.setIssuer(issuer)
.setSubject(userInfo.getUsername())
.setAudience(clientId)
.claim("roles", userInfo.getAuthorities().stream().map(e -> e.getAuthority()).collect(Collectors.toList()))
.setExpiration(refreshTokenExpiration)
.setNotBefore(now)
.setIssuedAt(now)
.setId(UUID.randomUUID().toString())
.signWith(keyPair.getPrivate())
.compact();
result.put("access_token", accessToken);
result.put("token_type", "bearer");
result.put("refresh_token", refreshToken);
result.put("expires_in", client.getAccessTokenValidity() - 1);
result.put("accountOpenCode", userInfo.getAccountOpenCode());
result.put("scope", scope);
result.put("jti", tokenId);
result.put("status", 1);
return result;
}
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client,
TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<String, String>(
tokenRequest.getRequestParameters());
String username = parameters.get("username");
String password = parameters.get("password");
String clientId = client.getClientId();
// Protect from downstream leaks of password
parameters.remove("password");
Authentication userAuth;
if ("foo_app".equalsIgnoreCase(clientId)) {
userAuth = new FooUsernamePasswordAuthenticationToken(username,
password);
} else if ("bar_app".equalsIgnoreCase(clientId)) {
userAuth = new BarUsernamePasswordAuthenticationToken(username,
password);
} else {
throw new InvalidGrantException("Unknown client: " + clientId);
}
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
} catch (BadCredentialsException e) {
// If the username/password are wrong the spec says we should send 400/invalid grant
throw new InvalidGrantException(e.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException(
"Could not authenticate user: " + username);
}
OAuth2Request storedOAuth2Request = getRequestFactory()
.createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}