protected String extractUserIdFromAuthentication(Authentication authentication) {
if (authentication == null) {
return null;
}
if (authentication.getPrincipal() instanceof UaaPrincipal) {
return ((UaaPrincipal) authentication.getPrincipal()).getId();
}
if (authentication instanceof OAuth2Authentication) {
OAuth2Authentication a = (OAuth2Authentication) authentication;
if (!a.isClientOnly()) {
if (a.getUserAuthentication().getPrincipal() instanceof UaaPrincipal) {
return ((UaaPrincipal) a.getUserAuthentication().getPrincipal()).getId();
}
}
}
return null;
}
/**
* Create a refreshed authentication.
*
* @param authentication The authentication.
* @param scope The scope for the refreshed token.
* @return The refreshed authentication.
* @throws InvalidScopeException If the scope requested is invalid or wider than the original
* scope.
*/
private OAuth2Authentication createRefreshedAuthentication(
OAuth2Authentication authentication, Set<String> scope) {
OAuth2Authentication narrowed = authentication;
if (scope != null && !scope.isEmpty()) {
OAuth2Request clientAuth = authentication.getOAuth2Request();
Set<String> originalScope = clientAuth.getScope();
if (originalScope == null || !originalScope.containsAll(scope)) {
throw new InvalidScopeException(
"Unable to narrow the scope of the client authentication to " + scope + ".",
originalScope);
} else {
narrowed = new OAuth2Authentication(clientAuth, authentication.getUserAuthentication());
}
}
return narrowed;
}
