View Javadoc
1   /*
2    * Copyright 2006-2011 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
5    * the License. You may obtain a copy of the License at
6    *
7    * https://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
10   * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
11   * specific language governing permissions and limitations under the License.
12   */
13  
14  
15  package org.springframework.security.oauth2.provider.authentication;
16  
17  import java.io.Serializable;
18  
19  import javax.servlet.http.HttpServletRequest;
20  import javax.servlet.http.HttpSession;
21  
22  /**
23   * A holder of selected HTTP details related to an OAuth2 authentication request.
24   * 
25   * @author Dave Syer
26   * 
27   */
28  public class OAuth2AuthenticationDetails implements Serializable {
29  	
30  	private static final long serialVersionUID = -4809832298438307309L;
31  
32  	public static final String ACCESS_TOKEN_VALUE = OAuth2AuthenticationDetails.class.getSimpleName() + ".ACCESS_TOKEN_VALUE";
33  
34  	public static final String ACCESS_TOKEN_TYPE = OAuth2AuthenticationDetails.class.getSimpleName() + ".ACCESS_TOKEN_TYPE";
35  
36  	private final String remoteAddress;
37  
38  	private final String sessionId;
39  
40  	private final String tokenValue;
41  
42  	private final String tokenType;
43  
44  	private final String display;
45  	
46  	private Object decodedDetails;
47  
48  
49  	/**
50  	 * Records the access token value and remote address and will also set the session Id if a session already exists
51  	 * (it won't create one).
52  	 * 
53  	 * @param request that the authentication request was received from
54  	 */
55  	public OAuth2AuthenticationDetails(HttpServletRequest request) {
56  		this.tokenValue = (String) request.getAttribute(ACCESS_TOKEN_VALUE);
57  		this.tokenType = (String) request.getAttribute(ACCESS_TOKEN_TYPE);
58  		this.remoteAddress = request.getRemoteAddr();
59  
60  		HttpSession session = request.getSession(false);
61  		this.sessionId = (session != null) ? session.getId() : null;
62  		StringBuilder builder = new StringBuilder();
63  		if (remoteAddress!=null) {
64  			builder.append("remoteAddress=").append(remoteAddress);
65  		}
66  		if (builder.length()>1) {
67  			builder.append(", ");
68  		}
69  		if (sessionId!=null) {
70  			builder.append("sessionId=<SESSION>");
71  			if (builder.length()>1) {
72  				builder.append(", ");
73  			}
74  		}
75  		if (tokenType!=null) {
76  			builder.append("tokenType=").append(this.tokenType);
77  		}
78  		if (tokenValue!=null) {
79  			builder.append("tokenValue=<TOKEN>");
80  		}
81  		this.display = builder.toString();
82  	}
83  
84  	/**
85  	 * The access token value used to authenticate the request (normally in an authorization header).
86  	 * 
87  	 * @return the tokenValue used to authenticate the request
88  	 */
89  	public String getTokenValue() {
90  		return tokenValue;
91  	}
92  	
93  	/**
94  	 * The access token type used to authenticate the request (normally in an authorization header).
95  	 * 
96  	 * @return the tokenType used to authenticate the request if known
97  	 */
98  	public String getTokenType() {
99  		return tokenType;
100 	}
101 
102 	/**
103 	 * Indicates the TCP/IP address the authentication request was received from.
104 	 * 
105 	 * @return the address
106 	 */
107 	public String getRemoteAddress() {
108 		return remoteAddress;
109 	}
110 
111 	/**
112 	 * Indicates the <code>HttpSession</code> id the authentication request was received from.
113 	 * 
114 	 * @return the session ID
115 	 */
116 	public String getSessionId() {
117 		return sessionId;
118 	}
119 
120 	/**
121 	 * The authentication details obtained by decoding the access token
122 	 * if available.
123 	 * 
124 	 * @return the decodedDetails if available (default null)
125 	 */
126 	public Object getDecodedDetails() {
127 		return decodedDetails;
128 	}
129 
130 	/**
131 	 * The authentication details obtained by decoding the access token
132 	 * if available.
133 	 * 
134 	 * @param decodedDetails the decodedDetails to set
135 	 */
136 	public void setDecodedDetails(Object decodedDetails) {
137 		this.decodedDetails = decodedDetails;
138 	}
139 
140 	@Override
141 	public String toString() {
142 		return display;
143 	}
144 
145 	@Override
146 	public int hashCode() {
147 		final int prime = 31;
148 		int result = 1;
149 		result = prime * result + ((sessionId == null) ? 0 : sessionId.hashCode());
150 		result = prime * result + ((tokenType == null) ? 0 : tokenType.hashCode());
151 		result = prime * result + ((tokenValue == null) ? 0 : tokenValue.hashCode());
152 		return result;
153 	}
154 
155 	@Override
156 	public boolean equals(Object obj) {
157 		if (this == obj)
158 			return true;
159 		if (obj == null)
160 			return false;
161 		if (getClass() != obj.getClass())
162 			return false;
163 		OAuth2AuthenticationDetails other = (OAuth2AuthenticationDetails) obj;
164 		if (sessionId == null) {
165 			if (other.sessionId != null)
166 				return false;
167 		}
168 		else if (!sessionId.equals(other.sessionId))
169 			return false;
170 		if (tokenType == null) {
171 			if (other.tokenType != null)
172 				return false;
173 		}
174 		else if (!tokenType.equals(other.tokenType))
175 			return false;
176 		if (tokenValue == null) {
177 			if (other.tokenValue != null)
178 				return false;
179 		}
180 		else if (!tokenValue.equals(other.tokenValue))
181 			return false;
182 		return true;
183 	}
184 	
185 	
186 
187 }