private Filter ssoFilter() { OAuth2ClientAuthenticationProcessingFilter

1. private Filter ssoFilter() {
2. OAuth2ClientAuthenticationProcessingFilter appidFilter = new OAuth2ClientAuthenticationProcessingFilter(
3. "/login/appid");
4.  
5. OAuth2RestTemplate appidTemplate = new OAuth2RestTemplate(appid(), oauth2ClientContext);
6. appidFilter.setRestTemplate(appidTemplate);
7.  
8. DefaultTokenServices tokenServices = new DebugTokenServices();
9.  
10. try {
11. //obtain json web key for app id.
12. String location = getJwkUri();
13.  
14. SimpleResponse simpleResponse = new Get().get(location);
15. System.out.println("S: "+simpleResponse.getStatusCode()+" B: "+simpleResponse.getBody());
16. Map<String,Object> parsed = JsonUtil.parseJson(simpleResponse.getBody());
17. RsaJsonWebKey rsa = new RsaJsonWebKey(parsed);
18. RSAPublicKey key = rsa.getRsaPublicKey();
19. System.out.println("KEY: "+key);
20.  
21. JwtAccessTokenConverter converter = new JwtAccessTokenConverter(){
22.  
23. //override decode, because our jwt didn't work with the default one..
24. protected Map<String, Object> decode(String token) {
25. try {
26. JwtConsumer jwtConsumer = new JwtConsumerBuilder()
27. .setRequireExpirationTime()
28. .setAllowedClockSkewInSeconds(30)
29. .setVerificationKey(key) //set the key we loaded via the jwks endpoint
30. .setSkipDefaultAudienceValidation()
31. .setJwsAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST,
32. AlgorithmIdentifiers.RSA_USING_SHA256))
33. .build();
34.  
35. JwtClaims jwtClaims = jwtConsumer.processToClaims(token);
36. Map<String, Object> map = jwtClaims.getClaimsMap();
37. if(map.containsKey("exp") && map.get("exp") instanceof Integer) {
38. Integer intValue = (Integer)map.get("exp");
39. map.put("exp", new Long((long)intValue.intValue()));
40. }
41.  
42. return map;
43. } catch (Exception e) {
44. throw new InvalidTokenException("Cannot convert access token to JSON", e);
45. }
46. }
47.  
48. @Override
49. public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
50. Map<String, String> parameters = new HashMap();
51.  
52. Set<String> scope = Collections.emptySet();
53.  
54. //String clientId = (String)map.get("client_id");
55. //parameters.put("client_id", clientId);
56.  
57. String clientId = map.get("amr").toString();
58.  
59. Set<String> resourceIds = Collections.emptySet();
60. Collection<? extends GrantedAuthority> authorities = null;
61.  
62. UserDetails userdetails = new UserDetails(){
63. @Override
64. public Collection<? extends GrantedAuthority> getAuthorities() {
65. return authorities;
66. }
67.  
68. @Override
69. public String getPassword() {
70. return null;
71. }
72.  
73. @Override
74. public String getUsername() {
75. return map.get("sub").toString();
76. }
77.  
78. @Override
79. public boolean isAccountNonExpired() {
80. return true;
81. }
82.  
83. @Override
84. public boolean isAccountNonLocked() {
85. return true;
86. }
87.  
88. @Override
89. public boolean isCredentialsNonExpired() {
90. return true;
91. }
92.  
93. @Override
94. public boolean isEnabled() {
95. return true;
96. }
97. };
98.  
99. Authentication user = new UsernamePasswordAuthenticationToken(userdetails, "N/A", authorities);
100. OAuth2Request request = new OAuth2Request(parameters, clientId, authorities, true, scope, resourceIds, (String)null, (Set)null, (Map)null);
101. return new OAuth2Authentication(request, user);
102. }
103. };
104.  
105. JwtTokenStore store = new JwtTokenStore(converter);
106.  
107. //JwkTokenStore store = new JwkTokenStore(getJwkUri());
108.  
109. tokenServices.setTokenStore(store);
110.  
111. appidFilter.setTokenServices(tokenServices);
112. return appidFilter;
113.  
114. }catch(IOException e){
115. System.out.println("FAIL: "+e.getMessage());
116. throw new RuntimeException(e);
117. }catch(JoseException e){
118. System.out.println("FAIL: "+e.getMessage());
119. throw new RuntimeException(e);
120. }
121.  
122. }