How to extract authentication token in @Controller
If you have configured oauth2 authorization/resource server you can try below code:
@Autowired
private TokenStore tokenStore;
@RequestMapping(method = {RequestMethod.POST, RequestMethod.GET}, value = "/oauth/me")
public Map<String, Object> userInfo(OAuth2Authentication auth){
final OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
//token
String accessToken = details.getTokenValue();
//reference
final OAuth2AccessToken accessToken = tokenStore.readAccessToken(details.getTokenValue());
// clientid
String clientId = auth.getOAuth2Request().getClientId();
}
Hope it helps!
Artemoon
I'm familiar with these things: Spring Framework, Oracle, PostgreSQL, Jenkins CI/CD, Docker, SonarQube, OpenShift.
Updated on June 22, 2022Comments
-
Artemoon almost 2 years
I have Spring Boot app that uses OAuth 2.0 and Authorization Server. When I try to access secured page, I got redirect on login page of my authorization server (Blitz Identity Provider) and everything works great here like it should. My problem is that I can't extract authorization token in @Controller (on secured page). That token I want to use later to authorize in second application.
- Tried this thing (in answer) and it worked, I got my token back, but as you can see, it's a hardcode of username and password parameters and it's like login over login -- I don't need to login for a second time (on authenticated page).
- Tried to output authentication.getDetails(), it shows token type and token like < TOKEN >, but it's not enough.
- Tried to lookup token in request-response headers, but didn't find it, so authorization server doesn't send it in headers.
Here are 2 files which can help you to understand some part of my context.
application.yml
server: port: 8080 context-path: / session: cookie: name:FIRSTSESSION security: basic: enabled: false oauth2: client: clientId: test_id clientSecret: f3M5m9a2Dn0v15l accessTokenUri: http://server:9000/blitz/oauth/te userAuthorizationUri: http://server:9000/blitz/oauth/ae?scope=test_scope resource: userInfoUri: http://server:9000/blitz/oauth/me logging: level: org.springframework.security: DEBUG
SsoController.java
@EnableOAuth2Sso @Controller public class SsoController { @RequestMapping("/secondService") public String getContent(HttpServletRequest request, Model model) { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); model.addAttribute("submittedValue", authentication.getDetails()); return "secondService"; } }
So, what you can suggest? How can I extract authorization token in this case?
-
Artemoon over 6 yearsYes! That's exactly what I needed! I got my token by implementing this code: OAuth2AuthenticationDetails = auth = (OAuth2AuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails(); accessToken = auth.getTokenValue();