Package com.sap.cloud.security.xsuaa.token

Class TokenAuthenticationConverter

java.lang.Object

com.sap.cloud.security.xsuaa.token.TokenAuthenticationConverter

All Implemented Interfaces:

org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,org.springframework.security.authentication.AbstractAuthenticationToken>

public class TokenAuthenticationConverter
extends Object
implements org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,org.springframework.security.authentication.AbstractAuthenticationToken>

An authentication converter that extracts authorization related information from the Jwt token. For example theLocalAuthoritiesExtractor can remove the ugly application id prefix (e.g.my-application-demo!t1229) from the scopes in the JWT.

Constructor Summary

Constructors

Constructor	Description
TokenAuthenticationConverter(AuthoritiesExtractor authoritiesExtractor)	Creates a new converter with the given AuthoritiesExtractor.
TokenAuthenticationConverter(XsuaaServiceConfiguration xsuaaServiceConfiguration)	Creates a new converter with a new DefaultAuthoritiesExtractor instance as default authorities extractor.
TokenAuthenticationConverter(String appId)	Creates a new converter with a new DefaultAuthoritiesExtractor instance as default authorities extractor.

Method Summary

Modifier and Type	Method	Description
org.springframework.security.authentication.AbstractAuthenticationToken	convert(org.springframework.security.oauth2.jwt.Jwt jwt)
TokenAuthenticationConverter	setLocalScopeAsAuthorities(boolean extractLocalScopesOnly)	This method allows to overwrite the default behavior of the Token.getAuthorities() implementation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.core.convert.converter.Converter

andThen

Constructor Details

TokenAuthenticationConverter

public TokenAuthenticationConverter(AuthoritiesExtractor authoritiesExtractor)

Creates a new converter with the given AuthoritiesExtractor.

Parameters:

authoritiesExtractor - - the extractor used to turn Jwt scopes into Spring Security authorities.

TokenAuthenticationConverter

public TokenAuthenticationConverter(String appId)

Creates a new converter with a new DefaultAuthoritiesExtractor instance as default authorities extractor.

Parameters:

appId - e.g. myXsAppname!t123

TokenAuthenticationConverter

public TokenAuthenticationConverter(XsuaaServiceConfiguration xsuaaServiceConfiguration)

Creates a new converter with a new DefaultAuthoritiesExtractor instance as default authorities extractor.

Parameters:

xsuaaServiceConfiguration - the xsuaa configuration

Method Details

convert

public org.springframework.security.authentication.AbstractAuthenticationToken convert(org.springframework.security.oauth2.jwt.Jwt jwt)

Specified by:

convert in interface org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.jwt.Jwt,org.springframework.security.authentication.AbstractAuthenticationToken>

setLocalScopeAsAuthorities

public TokenAuthenticationConverter setLocalScopeAsAuthorities(boolean extractLocalScopesOnly)

This method allows to overwrite the default behavior of the Token.getAuthorities() implementation.

Parameters:

extractLocalScopesOnly - true when Token.getAuthorities() should only extract local scopes. Local scopes means that non-application specific scopes are filtered out and scopes are returned without appId prefix, e.g. "Display". Creates a new converter with a new LocalAuthoritiesExtractor

Returns:

the token authenticator itself