1 package org.springframework.security.oauth2.client.token.grant.client;
2
3 import java.util.Iterator;
4 import java.util.List;
5
6 import org.springframework.http.HttpHeaders;
7 import org.springframework.security.access.AccessDeniedException;
8 import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
9 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
10 import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
11 import org.springframework.security.oauth2.client.token.AccessTokenProvider;
12 import org.springframework.security.oauth2.client.token.AccessTokenRequest;
13 import org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport;
14 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
15 import org.springframework.security.oauth2.common.OAuth2AccessToken;
16 import org.springframework.util.LinkedMultiValueMap;
17 import org.springframework.util.MultiValueMap;
18
19
20
21
22
23
24 public class ClientCredentialsAccessTokenProvider extends OAuth2AccessTokenSupport implements AccessTokenProvider {
25
26 public boolean supportsResource(OAuth2ProtectedResourceDetails resource) {
27 return resource instanceof ClientCredentialsResourceDetails
28 && "client_credentials".equals(resource.getGrantType());
29 }
30
31 public boolean supportsRefresh(OAuth2ProtectedResourceDetails resource) {
32 return false;
33 }
34
35 public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails resource,
36 OAuth2RefreshToken refreshToken, AccessTokenRequest request) throws UserRedirectRequiredException {
37 return null;
38 }
39
40 public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest request)
41 throws UserRedirectRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
42
43 ClientCredentialsResourceDetails resource = (ClientCredentialsResourceDetails) details;
44 return retrieveToken(request, resource, getParametersForTokenRequest(resource), new HttpHeaders());
45
46 }
47
48 private MultiValueMap<String, String> getParametersForTokenRequest(ClientCredentialsResourceDetails resource) {
49
50 MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
51 form.set("grant_type", "client_credentials");
52
53 if (resource.isScoped()) {
54
55 StringBuilder builder = new StringBuilder();
56 List<String> scope = resource.getScope();
57
58 if (scope != null) {
59 Iterator<String> scopeIt = scope.iterator();
60 while (scopeIt.hasNext()) {
61 builder.append(scopeIt.next());
62 if (scopeIt.hasNext()) {
63 builder.append(' ');
64 }
65 }
66 }
67
68 form.set("scope", builder.toString());
69 }
70
71 return form;
72
73 }
74
75 }