OAuth2AccessTokenURLMangler.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2016 Open Source Geospatial Foundation - all rights reserved
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security.oauth2;

import java.util.Map;

import org.geoserver.ows.URLMangler;
import org.geoserver.security.GeoServerSecurityManager;
import org.springframework.context.ApplicationContext;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.common.OAuth2AccessToken;

/**
 * A URL Mangler checking for a "BEARER" type OAuth2 Access Token into the OAuth2 Security Context and injecting it on the OWS URLs.
 * 
 * @author Alessio Fabiani, GeoSolutions S.A.S.
 */
public class OAuth2AccessTokenURLMangler implements URLMangler {

    GeoServerOAuth2SecurityConfiguration oauth2SecurityConfiguration;

    OAuth2RestTemplate geoServerOauth2RestTemplate;

    private ApplicationContext context;

    public OAuth2AccessTokenURLMangler(
            GeoServerSecurityManager securityManager,
            String oauth2SecurityConfiguration, String geoServerOauth2RestTemplate) {
        
        assert securityManager != null;
        
        context = securityManager.getApplicationContext();
        
        assert context != null;
        
        this.oauth2SecurityConfiguration = (GeoServerOAuth2SecurityConfiguration) context.getBean(oauth2SecurityConfiguration);
        this.geoServerOauth2RestTemplate = (OAuth2RestTemplate) context.getBean(geoServerOauth2RestTemplate);
    }

    public OAuth2AccessTokenURLMangler(
            GeoServerSecurityManager securityManager,
            GeoServerOAuth2SecurityConfiguration oauth2SecurityConfiguration, 
            OAuth2RestTemplate geoServerOauth2RestTemplate) {
        
        assert securityManager != null;
        
        context = securityManager.getApplicationContext();
        
        assert context != null;
        
        this.oauth2SecurityConfiguration = oauth2SecurityConfiguration;
        this.geoServerOauth2RestTemplate = geoServerOauth2RestTemplate;
    }
    
    /**
     * @return the context
     */
    public ApplicationContext getContext() {
        return context;
    }

    /**
     * @param context the context to set
     */
    public void setContext(ApplicationContext context) {
        this.context = context;
    }

    @Override
    public void mangleURL(StringBuilder baseURL, StringBuilder path, Map<String, String> kvp,
            URLType type) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

        OAuth2AccessToken token = geoServerOauth2RestTemplate.getOAuth2ClientContext()
                .getAccessToken();
        if (authentication != null && authentication.isAuthenticated() && token != null
                && token.getTokenType().equalsIgnoreCase(OAuth2AccessToken.BEARER_TYPE)) {
            kvp.put("access_token", token.getValue());
        }
    }

}