View Javadoc
1   package org.springframework.security.oauth.provider;
2   
3   import org.springframework.security.authentication.AbstractAuthenticationToken;
4   import org.springframework.security.core.Authentication;
5   import org.springframework.security.oauth.provider.token.OAuthAccessProviderToken;
6   
7   import javax.servlet.http.HttpServletRequest;
8   
9   /**
10   * The default authentication handler.
11   *
12   * @author Ryan Heaton
13   */
14  public class DefaultAuthenticationHandler implements OAuthAuthenticationHandler {
15  
16    /**
17     * Default implementation returns the user authentication associated with the auth token, if the token is provided. Otherwise, the consumer authentication
18     * is returned.
19     *
20     * @param request The request that was successfully authenticated.
21     * @param authentication The consumer authentication (details about how the request was authenticated).
22     * @param authToken The OAuth token associated with the authentication. This token MAY be null if no authenticated token was needed to successfully
23     * authenticate the request (for example, in the case of 2-legged OAuth).
24     * @return The authentication.
25     */
26    public Authentication createAuthentication(HttpServletRequest request, ConsumerAuthentication authentication, OAuthAccessProviderToken authToken) {
27      if (authToken != null) {
28        Authentication userAuthentication = authToken.getUserAuthentication();
29        if (userAuthentication instanceof AbstractAuthenticationToken) {
30          //initialize the details with the consumer that is actually making the request on behalf of the user.
31          ((AbstractAuthenticationToken) userAuthentication).setDetails(new OAuthAuthenticationDetails(request, authentication.getConsumerDetails()));
32        }
33        return userAuthentication;
34      }
35  
36      return authentication;
37    }
38  }