package fr.ekito.example.config.oauth2; import com.mongodb.DBObject; import org.springframework.core.convert.converter.Converter; import org.springframework.data.convert.ReadingConverter; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import java.util.*; /** * Converter to deserialize back into an OAuth2Authentication Object made necessary because * Spring Mongo can't map clientAuthentication to authorizationRequest. */ @ReadingConverter public class OAuth2AuthenticationReadConverter implements Converter<DBObject, OAuth2Authentication> { @Override public OAuth2Authentication convert(DBObject source) { DBObject storedRequest = (DBObject)source.get("storedRequest"); OAuth2Request oAuth2Request = new OAuth2Request((Map<String, String>)storedRequest.get("requestParameters"), (String)storedRequest.get("clientId"), null, true, new HashSet((List)storedRequest.get("scope")), null, null, null, null); DBObject userAuthorization = (DBObject)source.get("userAuthentication"); Object principal = getPrincipalObject(userAuthorization.get("principal")); Authentication userAuthentication = new UsernamePasswordAuthenticationToken(principal, userAuthorization.get("credentials"), getAuthorities((List) userAuthorization.get("authorities"))); return new OAuth2Authentication(oAuth2Request, userAuthentication ); } private Object getPrincipalObject(Object principal) { if(principal instanceof DBObject) { DBObject principalDBObject = (DBObject)principal; String userName = (String) principalDBObject.get("username"); String password = ""; boolean enabled = (boolean) principalDBObject.get("enabled"); boolean accountNonExpired = (boolean) principalDBObject.get("accountNonExpired"); boolean credentialsNonExpired = (boolean) principalDBObject.get("credentialsNonExpired"); boolean accountNonLocked = (boolean) principalDBObject.get("accountNonLocked"); return new org.springframework.security.core.userdetails.User(userName, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, Collections.EMPTY_LIST); } else { return principal; } } private Collection<GrantedAuthority> getAuthorities(List<Map<String, String>> authorities) { Set<GrantedAuthority> grantedAuthorities = new HashSet<>(authorities.size()); for(Map<String, String> authority : authorities) { grantedAuthorities.add(new SimpleGrantedAuthority(authority.get("role"))); } return grantedAuthorities; } }