root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Generate introspected token with scopes from client 

when using client_credentials
This commit is contained in:
Marcial Rosales 2025-08-04 17:24:58 +02:00
parent 4301251cbc
commit 3dadfdfe9f
3 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/authorization-server-make.yaml vendored
View File

@ -14,7 +14,7 @@ on:
env: env:
REGISTRY_IMAGE: pivotalrabbitmq/spring-authorization-server REGISTRY_IMAGE: pivotalrabbitmq/spring-authorization-server
IMAGE_TAG: 0.0.9 IMAGE_TAG: 0.0.10
jobs: jobs:
docker: docker:
runs-on: ubuntu-latest runs-on: ubuntu-latest

2
selenium/authorization-server/pom.xml
View File

@ -10,7 +10,7 @@
</parent> </parent>
<groupId>com.rabbitmq</groupId> <groupId>com.rabbitmq</groupId>
<artifactId>authorization-server</artifactId> <artifactId>authorization-server</artifactId>
<version>0.0.9</version> <version>0.0.10</version>
<name>authorization-server</name> <name>authorization-server</name>
<description>Authorization Server for Selenium</description> <description>Authorization Server for Selenium</description>
<url/> <url/>

22
selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SecurityConfig.java
View File

@ -5,6 +5,9 @@ import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.util.UUID; import java.util.UUID;
import java.util.Collection;
import java.util.List;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -30,6 +33,8 @@ import org.springframework.security.web.authentication.LoginUrlAuthenticationEnt
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher; import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext; import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import com.nimbusds.jose.jwk.JWKSet; import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey; import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet; import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
@ -130,9 +135,20 @@ public class SecurityConfig {
logger.info("authorities : {}", principal.getAuthorities()); logger.info("authorities : {}", principal.getAuthorities());
logger.info("authorized scopes : {}", context.getAuthorizedScopes()); logger.info("authorized scopes : {}", context.getAuthorizedScopes());
context.getClaims() if (AuthorizationGrantType.CLIENT_CREDENTIALS.equals(context.getAuthorizationGrantType())) {
.audience(AudienceAuthority.getAll(principal)) Collection<String> extra_scope = context.getRegisteredClient().getScopes();
.claim("extra_scope", ScopeAuthority.getAuthorites(principal)); logger.info("granting extra_scope: {}", extra_scope);
context.getClaims()
.claim("extra_scope", extra_scope);
} else {
Collection<String> extra_scope = ScopeAuthority.getAuthorites(principal);
List<String> audience = AudienceAuthority.getAll(principal);
logger.info("granting extra_scope: {}", extra_scope);
logger.info("granting audience: {}", audience);
context.getClaims()
.audience(audience)
.claim("extra_scope", extra_scope);
}
}; };
} }
@Bean @Bean