Examples of org.springframework.security.oauth2.provider.OAuth2Authentication

• org.springframework.security.oauth2.provider.OAuth2Authentication
  An OAuth 2 authentication token can contain two authentications: one for the client and one for the user. Since some OAuth authorization grants don't require user authentication, the user authentication may be null. @author Ryan Heaton

  public void removeAccessToken(String tokenValue) {
    OAuth2AccessToken removed = this.accessTokenStore.remove(tokenValue);
    this.accessTokenToRefreshTokenStore.remove(tokenValue);
    // Don't remove the refresh token - it's up to the caller to do that
    OAuth2Authentication authentication = this.authenticationStore.remove(tokenValue);
    if (authentication != null) {
      this.authenticationToAccessTokenStore.remove(authenticationKeyGenerator.extractKey(authentication));
      Collection<OAuth2AccessToken> tokens;
      tokens = this.userNameToAccessTokenStore.get(authentication.getName());
      if (tokens != null) {
        tokens.remove(removed);
      }
      String clientId = authentication.getOAuth2Request().getClientId();
      tokens = this.clientIdToAccessTokenStore.get(clientId);
      if (tokens != null) {
        tokens.remove(removed);
      }
      this.authenticationToAccessTokenStore.remove(authenticationKeyGenerator.extractKey(authentication));

        }

        OAuth2Request storedOAuth2Request = oAuth2RequestFactory.createOAuth2Request(authorizationRequest);

        SecurityContextHolder.getContext().setAuthentication(
            new OAuth2Authentication(storedOAuth2Request, authResult));

        onSuccessfulAuthentication(request, response, authResult);

      }

    if (token.isExpired()) {
      throw new InvalidTokenException("Token has expired");
    }

    OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue());

    Map<String, ?> response = accessTokenConverter.convertAccessToken(token, authentication);

    return response;
  }

  public boolean revokeApprovals(Collection<Approval> approvals) {
    boolean success = true;
    for (Approval approval : approvals) {
      Collection<OAuth2AccessToken> tokens = store.findTokensByClientIdAndUserName(approval.getClientId(), approval.getUserId());
      for (OAuth2AccessToken token : tokens) {
        OAuth2Authentication authentication = store.readAuthentication(token);
        if (authentication != null
            && approval.getClientId().equals(authentication.getOAuth2Request().getClientId())) {
          store.removeAccessToken(token);
        }
      }
    }
    return success;

  @Override
  public Collection<Approval> getApprovals(String userId, String clientId) {
    Collection<Approval> result = new HashSet<Approval>();
    Collection<OAuth2AccessToken> tokens = store.findTokensByClientIdAndUserName(clientId, userId);
    for (OAuth2AccessToken token : tokens) {
      OAuth2Authentication authentication = store.readAuthentication(token);
      if (authentication != null) {
        Date expiresAt = token.getExpiration();
        for (String scope : token.getScope()) {
          result.add(new Approval(userId, clientId, scope, expiresAt, ApprovalStatus.APPROVED));
        }

    if (userAuth == null || !userAuth.isAuthenticated()) {
      throw new InvalidGrantException("Could not authenticate user: " + username);
    }

    OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
    return new OAuth2Authentication(storedOAuth2Request, userAuth);
  }

    }
    Assert.state(clientToken instanceof ImplicitTokenRequest, "An ImplicitTokenRequest is required here. Caller needs to wrap the TokenRequest.");

    OAuth2Request requestForStorage = ((ImplicitTokenRequest)clientToken).getOAuth2Request();

    return new OAuth2Authentication(requestForStorage, userAuth);

  }

    @SuppressWarnings("unchecked")
    Set<String> resourceIds = new LinkedHashSet<String>(map.containsKey(AUD) ? (Collection<String>) map.get(AUD)
        : Collections.<String>emptySet());
    OAuth2Request request = new OAuth2Request(parameters, clientId, null, true, scope, resourceIds, null, null,
        null);
    return new OAuth2Authentication(request, user);
  }

    return tokenServices.createAccessToken(getOAuth2Authentication(client, tokenRequest));
  }

  protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
    OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(client, tokenRequest);
    return new OAuth2Authentication(storedOAuth2Request, null);
  }

    OAuth2RefreshToken refreshToken = tokenStore.readRefreshToken(refreshTokenValue);
    if (refreshToken == null) {
      throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
    }

    OAuth2Authentication authentication = tokenStore.readAuthenticationForRefreshToken(refreshToken);
    String clientId = authentication.getOAuth2Request().getClientId();
    if (clientId == null || !clientId.equals(tokenRequest.getClientId())) {
      throw new InvalidGrantException("Wrong client for this refresh token: " + refreshTokenValue);
    }

    // clear out any access tokens already associated with the refresh