TokenValidatingUserInfoTokenServices (spring-cloud-common-security-config-web 1.1.2.RELEASE API)

java.lang.Object
- org.springframework.security.oauth2.provider.token.DefaultTokenServices
- - org.springframework.cloud.common.security.support.TokenValidatingUserInfoTokenServices

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices, org.springframework.security.oauth2.provider.token.ConsumerTokenServices, org.springframework.security.oauth2.provider.token.ResourceServerTokenServices
```
public class TokenValidatingUserInfoTokenServices
extends org.springframework.security.oauth2.provider.token.DefaultTokenServices
```
Extension of DefaultTokenServices that provides the functionality of the RemoteTokenServices to validate a passed Access Token from a remote OAuth Server (introspection).

Author:

Gunnar Hillert

Field Summary

Fields
Modifier and Type Field and Description

protected org.apache.commons.logging.Log logger

Fields
Modifier and Type	Field and Description
`protected org.apache.commons.logging.Log`	`logger`

Constructor Summary

Constructors
Constructor and Description
`TokenValidatingUserInfoTokenServices(String userInfoEndpointUrl, String tokenInfoUri, String clientId, String clientSecret)` Initialize the DataFlowUserInfoTokenServices.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected String`	`getAuthorizationHeader(String clientId, String clientSecret)` Copied from `RemoteTokenServices`.
`protected Object`	`getPrincipal(Map<String,Object> map)` Return the principal that should be used for the token.
`org.springframework.security.oauth2.provider.OAuth2Authentication`	`loadAuthentication(String accessTokenValue)`
`protected Map<String,Object>`	`postForMap(String path, org.springframework.util.MultiValueMap<String,String> formData, org.springframework.http.HttpHeaders headers)` Copied from `RemoteTokenServices`.
`org.springframework.security.oauth2.common.OAuth2AccessToken`	`readAccessToken(String accessToken)`
`protected org.springframework.security.oauth2.common.OAuth2AccessToken`	`retrieveAccessTokenFromOAuthServer(String accessToken)` This method will take a received accessToken and call the introspection endpoint of the OAuth provider to validate the token and retrieved the associated scopes associated with the token.
`void`	`setAuthoritiesExtractor(org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor authoritiesExtractor)`
`void`	`setClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService)` The client details service to use for looking up clients (if necessary).
`void`	`setPrincipalExtractor(org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor principalExtractor)`
`void`	`setRestTemplate(org.springframework.security.oauth2.client.OAuth2RestOperations restTemplate)`
`void`	`setTokenName(String tokenName)` See also `RemoteTokenServices`.
`void`	`setTokenStore(org.springframework.security.oauth2.provider.token.TokenStore tokenStore)` The persistence strategy for token storage.

Methods inherited from class org.springframework.security.oauth2.provider.token.DefaultTokenServices
afterPropertiesSet, createAccessToken, getAccessToken, getAccessTokenValiditySeconds, getClientId, getRefreshTokenValiditySeconds, isExpired, isSupportRefreshToken, refreshAccessToken, revokeToken, setAccessTokenValiditySeconds, setAuthenticationManager, setRefreshTokenValiditySeconds, setReuseRefreshToken, setSupportRefreshToken, setTokenEnhancer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - logger
```
protected final org.apache.commons.logging.Log logger
```
- Constructor Detail
  - TokenValidatingUserInfoTokenServices
```
public TokenValidatingUserInfoTokenServices(String userInfoEndpointUrl,
                                            String tokenInfoUri,
                                            String clientId,
                                            String clientSecret)
```
    Initialize the DataFlowUserInfoTokenServices.
    
    Parameters:
    
    userInfoEndpointUrl - Must not be empty
    
    tokenInfoUri - Must not be empty
    
    clientId - Must not be empty
    
    clientSecret - Must not be empty
- Method Detail
  - setRestTemplate
```
public void setRestTemplate(org.springframework.security.oauth2.client.OAuth2RestOperations restTemplate)
```
  - setAuthoritiesExtractor
```
public void setAuthoritiesExtractor(org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor authoritiesExtractor)
```
  - setPrincipalExtractor
```
public void setPrincipalExtractor(org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor principalExtractor)
```
  - loadAuthentication
```
public org.springframework.security.oauth2.provider.OAuth2Authentication loadAuthentication(String accessTokenValue)
                                                                                     throws org.springframework.security.core.AuthenticationException,
                                                                                            org.springframework.security.oauth2.common.exceptions.InvalidTokenException
```
    Specified by:
    
    loadAuthentication in interface org.springframework.security.oauth2.provider.token.ResourceServerTokenServices
    
    Overrides:
    
    loadAuthentication in class org.springframework.security.oauth2.provider.token.DefaultTokenServices
    
    Throws:
    
    org.springframework.security.core.AuthenticationException
    
    org.springframework.security.oauth2.common.exceptions.InvalidTokenException
  - getPrincipal
```
protected Object getPrincipal(Map<String,Object> map)
```
    Return the principal that should be used for the token. The default implementation delegates to the PrincipalExtractor.
    
    Parameters:
    
    map - the source map
    
    Returns:
    
    the principal or "unknown"
  - readAccessToken
```
public org.springframework.security.oauth2.common.OAuth2AccessToken readAccessToken(String accessToken)
```
    Specified by:
    
    readAccessToken in interface org.springframework.security.oauth2.provider.token.ResourceServerTokenServices
    
    Overrides:
    
    readAccessToken in class org.springframework.security.oauth2.provider.token.DefaultTokenServices
  - retrieveAccessTokenFromOAuthServer
```
protected org.springframework.security.oauth2.common.OAuth2AccessToken retrieveAccessTokenFromOAuthServer(String accessToken)
```
    This method will take a received accessToken and call the introspection endpoint of the OAuth provider to validate the token and retrieved the associated scopes associated with the token. Keep in mind that introspection is not standardized by the specs: https://stackoverflow.com/questions/12296017/how-to-validate-an-oauth-2-0-access-token-for-a-resource-server
    - https://tools.ietf.org/html/rfc7662
    - https://docs.cloudfoundry.org/api/uaa/version/4.26.0/index.html#introspect-token
    - https://github.com/spring-projects/spring-security-oauth/issues/1558
    In your OAuth Configuration, please make sure to provide the following properties: security.oauth2.resource.userInfoUri=http://localhost:8080/uaa/userinfo security.oauth2.resource.tokenInfoUri: http://localhost:8080/uaa/check_token see also ResourceServerTokenServicesConfiguration
    Parameters:
    
    accessToken -
    
    Returns:
  - getAuthorizationHeader
```
protected String getAuthorizationHeader(String clientId,
                                        String clientSecret)
```
    Copied from RemoteTokenServices.
    
    Parameters:
    
    clientId -
    
    clientSecret -
    
    Returns:
  - postForMap
```
protected Map<String,Object> postForMap(String path,
                                        org.springframework.util.MultiValueMap<String,String> formData,
                                        org.springframework.http.HttpHeaders headers)
```
    Copied from RemoteTokenServices.
    
    Parameters:
    
    path -
    
    formData -
    
    headers -
  - setTokenStore
```
public void setTokenStore(org.springframework.security.oauth2.provider.token.TokenStore tokenStore)
```
    The persistence strategy for token storage.
    
    Overrides:
    
    setTokenStore in class org.springframework.security.oauth2.provider.token.DefaultTokenServices
    
    Parameters:
    
    tokenStore - the store for access and refresh tokens.
  - setClientDetailsService
```
public void setClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService)
```
    The client details service to use for looking up clients (if necessary). Optional if the access token expiration is set globally via DefaultTokenServices.setAccessTokenValiditySeconds(int).
    
    Overrides:
    
    setClientDetailsService in class org.springframework.security.oauth2.provider.token.DefaultTokenServices
    
    Parameters:
    
    clientDetailsService - the client details service
  - setTokenName
```
public void setTokenName(String tokenName)
```
    See also RemoteTokenServices. Property name to set on a post request to introspect an OAuth Token. Defaults to token. For UAA see: https://docs.cloudfoundry.org/api/uaa/version/4.26.0/index.html#introspect-token

Class TokenValidatingUserInfoTokenServices

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.oauth2.provider.token.DefaultTokenServices

Methods inherited from class java.lang.Object

Field Detail

logger

Constructor Detail

TokenValidatingUserInfoTokenServices

Method Detail

setRestTemplate

setAuthoritiesExtractor

setPrincipalExtractor

loadAuthentication

getPrincipal

readAccessToken

retrieveAccessTokenFromOAuthServer

getAuthorizationHeader

postForMap

setTokenStore

setClientDetailsService

setTokenName