Artemoon
Reputation: 155
How to extract authentication token in @Controller
I have Spring Boot app that uses OAuth 2.0 and Authorization Server. When I try to access a secured page, I get a redirect to the login page of my authorization server (Blitz Identity Provider) and everything works like it should.
My problem is that I can't extract authorization token in @Controller (on the secured page). That token I want to use later to authorize in second application.
- Tried this thing (in answer) and it worked, I got my token back, but as you can see, it's a hardcode of username and password parameters and it's like login over login -- I don't need to login for a second time (on authenticated page).
- Tried to output authentication.getDetails(), it shows token type and token like < TOKEN >, but it's not enough.
- Tried to lookup token in request-response headers, but didn't find it, so authorization server doesn't send it in headers.
Here are 2 files which can help you to understand some part of my context.
application.yml
server:
port: 8080
context-path: /
session:
cookie:
name:FIRSTSESSION
security:
basic:
enabled: false
oauth2:
client:
clientId: test_id
clientSecret: f3M5m9a2Dn0v15l
accessTokenUri: http://server:9000/blitz/oauth/te
userAuthorizationUri: http://server:9000/blitz/oauth/ae?scope=test_scope
resource:
userInfoUri: http://server:9000/blitz/oauth/me
logging:
level:
org.springframework.security: DEBUG
SsoController.java
@EnableOAuth2Sso
@Controller
public class SsoController {
@RequestMapping("/secondService")
public String getContent(HttpServletRequest request, Model model) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
model.addAttribute("submittedValue", authentication.getDetails());
return "secondService";
}
}
So, what you can suggest? How can I extract authorization token in this case?
Upvotes: 10
Views: 24038
Answers (1)
Samir
Reputation: 705
If you have configured oauth2 authorization/resource server you can try below code:
@Autowired
private TokenStore tokenStore;
@RequestMapping(method = { RequestMethod.POST, RequestMethod.GET },
value = "/oauth/me")
public Map<String, Object> userInfo (OAuth2Authentication auth)
{
final OAuth2AuthenticationDetails details =
(OAuth2AuthenticationDetails) auth.getDetails();
//token
String accessToken = details.getTokenValue();
//reference
final OAuth2AccessToken accessToken =
tokenStore.readAccessToken(details.getTokenValue());
// clientid
String clientId = auth.getOAuth2Request().getClientId();
}
Hope it helps!
Upvotes: 8
Related Questions
- Getting data from security token in rest controller
- How to extract claims from token in Resource Server, in Spring Boot
- Spring Boot OAuth2: How to retrieve user token info details
- How get a token in spring boot 2 oauth2?
- Spring MVC - Get access token
- How to get oAuth2 access token when user call signup rest API in springboot?
- Get session token for Spring boot/security in controller
- Get the user details while generating the token in spring security oauth2
- Oauth2 Request Token using Spring Security
- How to get the access token in a controller of a protected resource