/**
* Licensed to The Apereo Foundation under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
*
* The Apereo Foundation licenses this file to you under the Educational
* Community License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of the License
* at:
*
* http://opensource.org/licenses/ecl2.txt
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*
*/
package org.opencastproject.kernel.security;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth.common.OAuthException;
import org.springframework.security.oauth.common.signature.SharedConsumerSecret;
import org.springframework.security.oauth.provider.BaseConsumerDetails;
import org.springframework.security.oauth.provider.ConsumerDetails;
import org.springframework.security.oauth.provider.ConsumerDetailsService;
import org.springframework.security.oauth.provider.ExtraTrustConsumerDetails;
import java.util.ArrayList;
import java.util.List;
/**
* A sample OAuth consumer details service, hard coded to authenticate a consumer with the following information:
*
* <ul>
* <li>key=consumerkey</li>
* <li>name=consumername</li>
* <li>secret=consumersecret</li>
* </ul>
*
* A UserDetailsService must be provided for delegating user lookup requests.
*/
public class OAuthSingleConsumerDetailsService implements ConsumerDetailsService, UserDetailsService {
/** The logger */
private static final Logger logger = LoggerFactory.getLogger(OAuthSingleConsumerDetailsService.class);
/** The single hard-coded OAuth consumer. To be replaced later. */
private ConsumerDetails consumer;
/** The user details service to use as a delegate for user lookups */
private UserDetailsService delegate;
/**
* Full constructor that accepts all the consumer details
*
* @param delegate
* the user detail service to handle user lookups
* @param consumerKey
* The consumer's secret key
* @param consumerSecret
* The shared secret for the consumer
* @param consumerName
* The consumer's name
*/
public OAuthSingleConsumerDetailsService(UserDetailsService delegate, String consumerKey, String consumerSecret,
String consumerName) {
this.delegate = delegate;
consumer = createConsumerDetails(consumerKey, consumerName, consumerSecret);
}
/**
* Creates a spring security consumer details object, suitable to achieve two-legged OAuth.
*
* @param consumerKey
* the consumer key
* @param consumerName
* the consumer name
* @param consumerSecret
* the consumer secret
* @return the consumer details
*/
private ExtraTrustConsumerDetails createConsumerDetails(String consumerKey, String consumerName, String consumerSecret) {
SharedConsumerSecret secret = new SharedConsumerSecret(consumerSecret);
BaseConsumerDetails bcd = new BaseConsumerDetails();
bcd.setConsumerKey(consumerKey);
bcd.setConsumerName(consumerName);
bcd.setSignatureSecret(secret);
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new GrantedAuthorityImpl("ROLE_OAUTH_USER"));
bcd.setAuthorities(authorities);
bcd.setRequiredToObtainAuthenticatedToken(false); // false for 2 legged OAuth
return bcd;
}
@Override
public ConsumerDetails loadConsumerByConsumerKey(String key) throws OAuthException {
logger.debug("Request received to find consumer for consumerKey=[" + key + "]");
if (!consumer.getConsumerKey().equals(key)) {
logger.debug("Result: No consumer found for [" + key + "]");
throw new OAuthException("No consumer found for key " + key);
}
logger.debug("Result: Found consumer [" + consumer.getConsumerName() + "]");
return consumer;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
return delegate.loadUserByUsername(username);
}
}