service/src/main/java/com/ge/predix/acs/SpringSecurityPolicyContextResolver.java - gerrit/www.eclipse.org/keti - Git at Google

 /*******************************************************************************
  * Copyright 2017 General Electric Company
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * SPDX-License-Identifier: Apache-2.0
  *******************************************************************************/

 package com.ge.predix.acs;

 import java.util.Map;

 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.stereotype.Component;

 import com.ge.predix.acs.service.InvalidACSRequestException;

 /**
  * Retrieve the authentication context.
  *
  * @author acs-engineers@ge.com
  */
 @SuppressWarnings("nls")
 @Component
 public class SpringSecurityPolicyContextResolver implements PolicyContextResolver {
     @Override
     public String getIssuerIdOrFail() {
         String issuer = null;
         OAuth2Request oAuth2Request = getAuthentication().getOAuth2Request();

         if (oAuth2Request != null) {
             Map<String, String> requestParameters = oAuth2Request.getRequestParameters();

             if (requestParameters != null && requestParameters.containsKey("iss")) {
                 issuer = requestParameters.get("iss");
             }
         }

         if (issuer == null) {
             throw new InvalidACSRequestException("Authetication issuer cannot be null");
         }

         return issuer;
     }

     @Override
     public String getClientIdOrFail() {
         String clientId = null;

         OAuth2Request oAuth2Request = getAuthentication().getOAuth2Request();
         if (oAuth2Request != null) {
             clientId = oAuth2Request.getClientId();
         }
         if (clientId == null) {
             throw new InvalidACSRequestException("Authetication clientId cannot be null");
         }

         return clientId;
     }

     private OAuth2Authentication getAuthentication() {
         OAuth2Authentication oAuth2authentication = (OAuth2Authentication) SecurityContextHolder.getContext()
                 .getAuthentication();

         // postcondition check that the oAuth2authentication should never be
         // null
         if (oAuth2authentication == null) {
             throw new InvalidACSRequestException("OAuth2Authentication cannot be null");
         }

         return oAuth2authentication;
     }

 }
	/*******************************************************************************
	* Copyright 2017 General Electric Company
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	* SPDX-License-Identifier: Apache-2.0
	*******************************************************************************/

	package com.ge.predix.acs;

	import java.util.Map;

	import org.springframework.security.core.context.SecurityContextHolder;
	import org.springframework.security.oauth2.provider.OAuth2Authentication;
	import org.springframework.security.oauth2.provider.OAuth2Request;
	import org.springframework.stereotype.Component;

	import com.ge.predix.acs.service.InvalidACSRequestException;

	/**
	* Retrieve the authentication context.
	*
	* @author acs-engineers@ge.com
	*/
	@SuppressWarnings("nls")
	@Component
	public class SpringSecurityPolicyContextResolver implements PolicyContextResolver {
	@Override
	public String getIssuerIdOrFail() {
	String issuer = null;
	OAuth2Request oAuth2Request = getAuthentication().getOAuth2Request();

	if (oAuth2Request != null) {
	Map<String, String> requestParameters = oAuth2Request.getRequestParameters();

	if (requestParameters != null && requestParameters.containsKey("iss")) {
	issuer = requestParameters.get("iss");
	}
	}

	if (issuer == null) {
	throw new InvalidACSRequestException("Authetication issuer cannot be null");
	}

	return issuer;
	}

	@Override
	public String getClientIdOrFail() {
	String clientId = null;

	OAuth2Request oAuth2Request = getAuthentication().getOAuth2Request();
	if (oAuth2Request != null) {
	clientId = oAuth2Request.getClientId();
	}
	if (clientId == null) {
	throw new InvalidACSRequestException("Authetication clientId cannot be null");
	}

	return clientId;
	}

	private OAuth2Authentication getAuthentication() {
	OAuth2Authentication oAuth2authentication = (OAuth2Authentication) SecurityContextHolder.getContext()
	.getAuthentication();

	// postcondition check that the oAuth2authentication should never be
	// null
	if (oAuth2authentication == null) {
	throw new InvalidACSRequestException("OAuth2Authentication cannot be null");
	}

	return oAuth2authentication;
	}

	}