View Javadoc
1   package org.springframework.security.oauth2.provider;
2   
3   import org.springframework.security.authentication.AbstractAuthenticationToken;
4   import org.springframework.security.core.Authentication;
5   import org.springframework.security.core.CredentialsContainer;
6   
7   /**
8    * An OAuth 2 authentication token can contain two authentications: one for the client and one for the user. Since some
9    * OAuth authorization grants don't require user authentication, the user authentication may be null.
10   * 
11   * @author Ryan Heaton
12   */
13  public class OAuth2Authentication extends AbstractAuthenticationToken {
14  
15  	private static final long serialVersionUID = -4809832298438307309L;
16  
17  	private final OAuth2Request storedRequest;
18  
19  	private final Authentication userAuthentication;
20  
21  	/**
22  	 * Construct an OAuth 2 authentication. Since some grant types don't require user authentication, the user
23  	 * authentication may be null.
24  	 * 
25  	 * @param storedRequest The authorization request (must not be null).
26  	 * @param userAuthentication The user authentication (possibly null).
27  	 */
28  	public OAuth2Authentication(OAuth2Request storedRequest, Authentication userAuthentication) {
29  		super(userAuthentication == null ? storedRequest.getAuthorities() : userAuthentication.getAuthorities());
30  		this.storedRequest = storedRequest;
31  		this.userAuthentication = userAuthentication;
32  	}
33  
34  	public Object getCredentials() {
35  		return "";
36  	}
37  
38  	public Object getPrincipal() {
39  		return this.userAuthentication == null ? this.storedRequest.getClientId() : this.userAuthentication
40  				.getPrincipal();
41  	}
42  
43  	/**
44  	 * Convenience method to check if there is a user associated with this token, or just a client application.
45  	 * 
46  	 * @return true if this token represents a client app not acting on behalf of a user
47  	 */
48  	public boolean isClientOnly() {
49  		return userAuthentication == null;
50  	}
51  
52  	/**
53  	 * The authorization request containing details of the client application.
54  	 * 
55  	 * @return The client authentication.
56  	 */
57  	public OAuth2Request getOAuth2Request() {
58  		return storedRequest;
59  	}
60  
61  	/**
62  	 * The user authentication.
63  	 * 
64  	 * @return The user authentication.
65  	 */
66  	public Authentication getUserAuthentication() {
67  		return userAuthentication;
68  	}
69  
70  	@Override
71  	public boolean isAuthenticated() {
72  		return this.storedRequest.isApproved()
73  				&& (this.userAuthentication == null || this.userAuthentication.isAuthenticated());
74  	}
75  
76  	@Override
77  	public void eraseCredentials() {
78  		super.eraseCredentials();
79  		if (this.userAuthentication != null && CredentialsContainer.class.isAssignableFrom(this.userAuthentication.getClass())) {
80  			CredentialsContainer.class.cast(this.userAuthentication).eraseCredentials();
81  		}
82  	}
83  
84  	@Override
85  	public boolean equals(Object o) {
86  		if (this == o) {
87  			return true;
88  		}
89  		if (!(o instanceof OAuth2Authentication)) {
90  			return false;
91  		}
92  		if (!super.equals(o)) {
93  			return false;
94  		}
95  
96  		OAuth2Authentication that = (OAuth2Authentication) o;
97  
98  		if (!storedRequest.equals(that.storedRequest)) {
99  			return false;
100 		}
101 		if (userAuthentication != null ? !userAuthentication.equals(that.userAuthentication)
102 				: that.userAuthentication != null) {
103 			return false;
104 		}
105 		
106 		if (getDetails()!=null ? !getDetails().equals(that.getDetails()) : that.getDetails()!=null) {
107 			// return false;
108 		}
109 
110 		return true;
111 	}
112 
113 	@Override
114 	public int hashCode() {
115 		int result = super.hashCode();
116 		result = 31 * result + storedRequest.hashCode();
117 		result = 31 * result + (userAuthentication != null ? userAuthentication.hashCode() : 0);
118 		return result;
119 	}
120 
121 }