org.mitre.oauth2.token.ChainedTokenGranter クラス

org.mitre.oauth2.token.ChainedTokenGranter の継承関係図

org.mitre.oauth2.token.ChainedTokenGranter 連携図

公開メンバ関数
	ChainedTokenGranter (OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService, OAuth2RequestFactory requestFactory)

静的公開変数類
static final String	GRANT_TYPE = "urn:ietf:params:oauth:grant_type:redelegate"

限定公開メンバ関数
OAuth2Authentication	getOAuth2Authentication (ClientDetails client, TokenRequest tokenRequest) throws AuthenticationException, InvalidTokenException

非公開変数類
OAuth2TokenEntityService	tokenServices

詳解

著者

jricher

構築子と解体子

ChainedTokenGranter()

org.mitre.oauth2.token.ChainedTokenGranter.ChainedTokenGranter ( OAuth2TokenEntityService  tokenServices, ClientDetailsEntityService  clientDetailsService, OAuth2RequestFactory  requestFactory  )

inline

引数

tokenServices
clientDetailsService
GRANT_TYPE

                                                                                                                                                                 {
                super(tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
                this.tokenServices = tokenServices;
        }

関数詳解

getOAuth2Authentication()

OAuth2Authentication org.mitre.oauth2.token.ChainedTokenGranter.getOAuth2Authentication ( ClientDetails  client, TokenRequest  tokenRequest  ) throws AuthenticationException, InvalidTokenException

inlineprotected

                                                                                                                                                                      {
                // read and load up the existing token
                String incomingTokenValue = tokenRequest.getRequestParameters().get("token");
                OAuth2AccessTokenEntity incomingToken = tokenServices.readAccessToken(incomingTokenValue);

                // check for scoping in the request, can't up-scope with a chained request
                Set<String> approvedScopes = incomingToken.getScope();
                Set<String> requestedScopes = tokenRequest.getScope();

                if (requestedScopes == null) {
                        requestedScopes = new HashSet<>();
                }

                // do a check on the requested scopes -- if they exactly match the client scopes, they were probably shadowed by the token granter
                if (client.getScope().equals(requestedScopes)) {
                        requestedScopes = new HashSet<>();
                }

                // if our scopes are a valid subset of what's allowed, we can continue
                if (approvedScopes.containsAll(requestedScopes)) {

                        if (requestedScopes.isEmpty()) {
                                // if there are no scopes, inherit the original scopes from the token
                                tokenRequest.setScope(approvedScopes);
                        } else {
                                // if scopes were asked for, give only the subset of scopes requested
                                // this allows safe downscoping
                                tokenRequest.setScope(Sets.intersection(requestedScopes, approvedScopes));
                        }

                        // NOTE: don't revoke the existing access token

                        // create a new access token
                        OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());

                        return authentication;

                } else {
                        throw new InvalidScopeException("Invalid scope requested in chained request", approvedScopes);
                }

        }

メンバ詳解

GRANT_TYPE

final String org.mitre.oauth2.token.ChainedTokenGranter.GRANT_TYPE = "urn:ietf:params:oauth:grant_type:redelegate"

static

tokenServices

OAuth2TokenEntityService org.mitre.oauth2.token.ChainedTokenGranter.tokenServices

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/mitreid-connect/src/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java