ConditionalDetailsService, UnauthenticatedException, Refresh Token API

Minimize the use of AdminDetailsService and CustomerDetailsService -> ConditionalDetailsService
Modify an error message in UnauthenticatedException
Fix an error on the exposed refresh token API, /api/v1/traditional-oauth/token

Author: patternhelloworld

deploy.sh

@@ -1,3 +1,4 @@
 #!/bin/bash
 local_maven_repo='/mnt/c/Users/Andrew\sKang/.m2/repository/com/patternknife/securityhelper/oauth2/spring-security-oauth2-password-jpa-implementation'
 mvn  -DaltDeploymentRepository=snapshot-repo::default::file://${local_maven_repo}/snapshots clean deploy
+

src/main/java/com/patternknife/securityhelper/oauth2/config/response/error/GlobalExceptionHandler.java

@@ -2,7 +2,7 @@
 
 
 import com.patternknife.securityhelper.oauth2.config.logger.dto.ErrorDetails;
-import com.patternknife.securityhelper.oauth2.config.response.error.exception.ErrorMessagesContainedException;
+import com.patternknife.securityhelper.oauth2.config.response.error.exception.ErrorMessagesContainedExceptionForSecurityAuthentication;
 import com.patternknife.securityhelper.oauth2.config.response.error.exception.auth.*;
 import com.patternknife.securityhelper.oauth2.config.response.error.exception.data.*;
 import com.patternknife.securityhelper.oauth2.config.response.error.exception.file.FileNotFoundException;
@@ -46,8 +46,8 @@ public class GlobalExceptionHandler {
     @ExceptionHandler({InsufficientAuthenticationException.class, UnauthenticatedException.class, AuthenticationException.class})
     public ResponseEntity<?> authenticationException(Exception ex, WebRequest request) {
         ErrorDetails errorDetails;
-        if(ex instanceof ErrorMessagesContainedException && ((ErrorMessagesContainedException) ex).getErrorMessages() != null) {
-            errorDetails = new ErrorDetails(((ErrorMessagesContainedException) ex).getErrorMessages(),
+        if(ex instanceof ErrorMessagesContainedExceptionForSecurityAuthentication && ((ErrorMessagesContainedExceptionForSecurityAuthentication) ex).getErrorMessages() != null) {
+            errorDetails = new ErrorDetails(((ErrorMessagesContainedExceptionForSecurityAuthentication) ex).getErrorMessages(),
                     ex, request.getDescription(false), CustomExceptionUtils.getAllStackTraces(ex),
                     CustomExceptionUtils.getAllCauses(ex), null);
         }else {

src/main/java/com/patternknife/securityhelper/oauth2/config/security/provider/auth/endpoint/CustomAuthenticationProvider.java

@@ -63,7 +63,7 @@ public Authentication authenticate(Authentication authentication)
                 throw new IllegalStateException(SecurityExceptionMessage.WRONG_GRANT_TYPE.getMessage());
             }
 
-            OAuth2Authorization oAuth2Authorization = commonOAuth2AuthorizationCycle.run(userDetails, ((CustomGrantAuthenticationToken) authentication).getGrantType(), clientId, ((CustomGrantAuthenticationToken) authentication).getAdditionalParameters());
+            OAuth2Authorization oAuth2Authorization = commonOAuth2AuthorizationCycle.run(userDetails, ((CustomGrantAuthenticationToken) authentication).getGrantType(), clientId, ((CustomGrantAuthenticationToken) authentication).getAdditionalParameters(), null);
 
             RegisteredClient registeredClient = oAuth2ClientAuthenticationToken.getRegisteredClient();
 

src/main/java/com/patternknife/securityhelper/oauth2/config/security/provider/auth/introspectionendpoint/Oauth2OpaqueTokenAuthenticationProvider.java

@@ -1,12 +1,8 @@
 package com.patternknife.securityhelper.oauth2.config.security.provider.auth.introspectionendpoint;
 
-import com.patternknife.securityhelper.oauth2.config.response.error.exception.auth.UnauthenticatedException;
-import com.patternknife.securityhelper.oauth2.config.response.error.message.SecurityExceptionMessage;
-import com.patternknife.securityhelper.oauth2.config.security.serivce.persistence.authorization.OAuth2AuthorizationServiceImpl;
 import com.patternknife.securityhelper.oauth2.config.security.principal.AccessTokenUserInfo;
-import com.patternknife.securityhelper.oauth2.config.security.principal.AdditionalAccessTokenUserInfo;
-import com.patternknife.securityhelper.oauth2.config.security.serivce.userdetail.AdminDetailsService;
-import com.patternknife.securityhelper.oauth2.config.security.serivce.userdetail.CustomerDetailsService;
+import com.patternknife.securityhelper.oauth2.config.security.serivce.persistence.authorization.OAuth2AuthorizationServiceImpl;
+import com.patternknife.securityhelper.oauth2.config.security.serivce.userdetail.ConditionalDetailsService;
 import jakarta.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -41,16 +37,15 @@ public final class Oauth2OpaqueTokenAuthenticationProvider implements Authentica
     private OpaqueTokenAuthenticationConverter authenticationConverter = Oauth2OpaqueTokenAuthenticationProvider::convert;
 
     private final OAuth2AuthorizationServiceImpl authorizationService;
-    private final CustomerDetailsService customerDetailsService;
-    private final AdminDetailsService adminDetailsService;
+    private final ConditionalDetailsService conditionalDetailsService;
+
 
     public Oauth2OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector introspector, OAuth2AuthorizationServiceImpl authorizationService,
-                                                   CustomerDetailsService customerDetailsService,  AdminDetailsService adminDetailsService) {
+                                                   ConditionalDetailsService conditionalDetailsService) {
         Assert.notNull(introspector, "introspector cannot be null");
         this.introspector = introspector;
         this.authorizationService = authorizationService;
-        this.customerDetailsService = customerDetailsService;
-        this.adminDetailsService = adminDetailsService;
+        this.conditionalDetailsService = conditionalDetailsService;
     }
 
     @Override
@@ -117,18 +112,7 @@ public BearerTokenAuthentication convert(HttpServletRequest httpServletRequest)
             return null;
         }
 
-        OAuth2AuthenticatedPrincipal oAuth2AuthenticatedPrincipal  = null;
-        if (oAuth2Authorization.getAttributes().get("client_id").equals(AdditionalAccessTokenUserInfo.UserType.ADMIN.getValue())) {
-            oAuth2AuthenticatedPrincipal = (AccessTokenUserInfo) adminDetailsService.loadUserByUsername(oAuth2Authorization.getPrincipalName());
-        } else if (oAuth2Authorization.getAttributes().get("client_id").equals(AdditionalAccessTokenUserInfo.UserType.CUSTOMER.getValue())) {
-            oAuth2AuthenticatedPrincipal = (AccessTokenUserInfo)customerDetailsService.loadUserByUsername(oAuth2Authorization.getPrincipalName());
-        } else {
-            return null;
-        }
-
-        if(oAuth2AuthenticatedPrincipal == null){
-            throw new UnauthenticatedException(SecurityExceptionMessage.AUTHENTICATION_FAILURE.getMessage());
-        }
+        OAuth2AuthenticatedPrincipal oAuth2AuthenticatedPrincipal = (AccessTokenUserInfo) conditionalDetailsService.loadUserByUsername(oAuth2Authorization.getPrincipalName(), (String)oAuth2Authorization.getAttributes().get("client_id"));
 
         OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, token, oAuth2Authorization.getAccessToken().getToken().getIssuedAt(), oAuth2Authorization.getAccessToken().getToken().getExpiresAt());
         return new BearerTokenAuthentication(oAuth2AuthenticatedPrincipal, accessToken, oAuth2AuthenticatedPrincipal.getAuthorities());

src/main/java/com/patternknife/securityhelper/oauth2/config/security/provider/resource/introspector/JpaTokenStoringOauth2TokenIntrospector.java

@@ -1,13 +1,11 @@
 package com.patternknife.securityhelper.oauth2.config.security.provider.resource.introspector;
 
 
-import com.patternknife.securityhelper.oauth2.config.response.error.message.SecurityExceptionMessage;
 import com.patternknife.securityhelper.oauth2.config.response.error.exception.auth.UnauthenticatedException;
-import com.patternknife.securityhelper.oauth2.config.security.serivce.persistence.authorization.OAuth2AuthorizationServiceImpl;
+import com.patternknife.securityhelper.oauth2.config.response.error.message.SecurityExceptionMessage;
 import com.patternknife.securityhelper.oauth2.config.security.principal.AccessTokenUserInfo;
-import com.patternknife.securityhelper.oauth2.config.security.principal.AdditionalAccessTokenUserInfo;
-import com.patternknife.securityhelper.oauth2.config.security.serivce.userdetail.AdminDetailsService;
-import com.patternknife.securityhelper.oauth2.config.security.serivce.userdetail.CustomerDetailsService;
+import com.patternknife.securityhelper.oauth2.config.security.serivce.persistence.authorization.OAuth2AuthorizationServiceImpl;
+import com.patternknife.securityhelper.oauth2.config.security.serivce.userdetail.ConditionalDetailsService;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
@@ -18,21 +16,21 @@
 public class JpaTokenStoringOauth2TokenIntrospector implements OpaqueTokenIntrospector {
 
 
-   private OpaqueTokenIntrospector delegate =
+    private OpaqueTokenIntrospector delegate =
             new NimbusOpaqueTokenIntrospector(
                     "http://localhost:8300/oauth2/introspect",
                     "barClient",
                     "barClientSecret"
             );
 
     private final OAuth2AuthorizationServiceImpl authorizationService;
-    private final CustomerDetailsService customerDetailsService;
-    private final AdminDetailsService adminDetailsService;
+    private final ConditionalDetailsService conditionalDetailsService;
+
 
-    public JpaTokenStoringOauth2TokenIntrospector(OAuth2AuthorizationServiceImpl authorizationService, CustomerDetailsService customerDetailsService, AdminDetailsService adminDetailsService) {
+    public JpaTokenStoringOauth2TokenIntrospector(OAuth2AuthorizationServiceImpl authorizationService,
+                                                  ConditionalDetailsService conditionalDetailsService) {
         this.authorizationService = authorizationService;
-        this.customerDetailsService = customerDetailsService;
-        this.adminDetailsService = adminDetailsService;
+        this.conditionalDetailsService = conditionalDetailsService;
     }
 
     @Override
@@ -46,20 +44,14 @@ public OAuth2AuthenticatedPrincipal introspect(String token) {
             throw new UnauthenticatedException(e.getMessage());
         }*/
 
-       OAuth2Authorization oAuth2Authorization = authorizationService.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
+        OAuth2Authorization oAuth2Authorization = authorizationService.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
 
         if(oAuth2Authorization == null || oAuth2Authorization.getAccessToken() == null || oAuth2Authorization.getAccessToken().isExpired()
-            || oAuth2Authorization.getRefreshToken() == null || oAuth2Authorization.getRefreshToken().isExpired()){
+                || oAuth2Authorization.getRefreshToken() == null || oAuth2Authorization.getRefreshToken().isExpired()){
             throw new UnauthenticatedException(SecurityExceptionMessage.AUTHENTICATION_FAILURE.getMessage());
             //return null;
         }
 
-        if (oAuth2Authorization.getAttributes().get("client_id").equals(AdditionalAccessTokenUserInfo.UserType.ADMIN.getValue())) {
-            return (AccessTokenUserInfo) adminDetailsService.loadUserByUsername(oAuth2Authorization.getPrincipalName());
-        } else if (oAuth2Authorization.getAttributes().get("client_id").equals(AdditionalAccessTokenUserInfo.UserType.CUSTOMER.getValue())) {
-            return (AccessTokenUserInfo) customerDetailsService.loadUserByUsername(oAuth2Authorization.getPrincipalName());
-        } else {
-            throw new UnauthenticatedException(SecurityExceptionMessage.AUTHENTICATION_ERROR.getMessage());
-        }
+        return (AccessTokenUserInfo) conditionalDetailsService.loadUserByUsername(oAuth2Authorization.getPrincipalName(), (String) oAuth2Authorization.getAttributes().get("client_id"));
     }
 }

src/main/java/com/patternknife/securityhelper/oauth2/config/security/serivce/CommonOAuth2AuthorizationCycle.java

@@ -1,5 +1,6 @@
 package com.patternknife.securityhelper.oauth2.config.security.serivce;
 
+import jakarta.annotation.Nullable;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
@@ -12,6 +13,7 @@
 public interface CommonOAuth2AuthorizationCycle {
 
      OAuth2Authorization run(UserDetails userDetails, AuthorizationGrantType authorizationGrantType,
-                                                            String clientId, Map<String, Object> additionalParameters);
+                                                            String clientId, Map<String, Object> additionalParameters,
+                                                            @Nullable Map<String, Object> modifiableAdditionalParameters);
 
 }

src/main/java/com/patternknife/securityhelper/oauth2/config/security/serivce/CommonOAuth2AuthorizationCycleImpl.java

@@ -30,10 +30,10 @@ public class CommonOAuth2AuthorizationCycleImpl implements CommonOAuth2Authoriza
 
      @Override
      public OAuth2Authorization run(UserDetails userDetails, AuthorizationGrantType authorizationGrantType, String clientId,
-                                                                   Map<String, Object> additionalParameters) {
+                                                                   Map<String, Object> additionalParameters, Map<String, Object> modifiableAdditionalParameters) {
 
           OAuth2Authorization oAuth2Authorization = oAuth2AuthorizationService.findByUserNameAndClientIdAndAppToken(userDetails.getUsername(), clientId, (String) additionalParameters.get(CustomHttpHeaders.APP_TOKEN));
-          if(((String)additionalParameters.get("grant_type")).equals(AuthorizationGrantType.PASSWORD.getValue())){
+          if(authorizationGrantType.getValue().equals(AuthorizationGrantType.PASSWORD.getValue())){
                if (oAuth2Authorization == null || oAuth2Authorization.getAccessToken().isExpired()) {
                     int retryLogin = 0;
                     while (retryLogin < 5) {
@@ -52,12 +52,21 @@ public OAuth2Authorization run(UserDetails userDetails, AuthorizationGrantType a
                          }
                     }
                }
-          }else if(((String)additionalParameters.get("grant_type")).equals(AuthorizationGrantType.REFRESH_TOKEN.getValue())){
+          }else if(authorizationGrantType.getValue().equals(AuthorizationGrantType.REFRESH_TOKEN.getValue())){
                int retryLogin = 0;
                while (retryLogin < 5) {
                     try {
+                         String refreshTokenValue = null;
+                         if(additionalParameters.containsKey("refresh_token")){
+                              refreshTokenValue = (String) additionalParameters.get("refresh_token");
+                         }else{
+                              assert modifiableAdditionalParameters != null;
+                              refreshTokenValue = (String)modifiableAdditionalParameters.get("refresh_token");
+                         }
+                         assert refreshTokenValue != null;
+
 
-                         OAuth2Authorization oAuth2AuthorizationFromRefreshToken = oAuth2AuthorizationService.findByToken((String)additionalParameters.get("refresh_token"), OAuth2TokenType.REFRESH_TOKEN);
+                         OAuth2Authorization oAuth2AuthorizationFromRefreshToken = oAuth2AuthorizationService.findByToken(refreshTokenValue, OAuth2TokenType.REFRESH_TOKEN);
 
                          if(oAuth2AuthorizationFromRefreshToken == null){
                               throw new UnauthenticatedException("Refresh Token Expired.");
@@ -85,6 +94,8 @@ public OAuth2Authorization run(UserDetails userDetails, AuthorizationGrantType a
                     }
                }
 
+          }else{
+               // TO DO.
           }