Package io.getlime.security.powerauth.rest.api.spring.provider

Class PowerAuthAuthenticationProvider

java.lang.Object
io.getlime.security.powerauth.rest.api.base.provider.PowerAuthAuthenticationProviderBase
io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProvider
@Component
public class PowerAuthAuthenticationProvider
extends PowerAuthAuthenticationProviderBase
Implementation of PowerAuth authentication provider.
Author:
Petr Dvorak, petr@wultra.com

  • Constructor Details

    • PowerAuthAuthenticationProvider

      public PowerAuthAuthenticationProvider()

  • Method Details

    • setPowerAuthClient

      @Autowired public void setPowerAuthClient​(com.wultra.security.powerauth.client.PowerAuthClient powerAuthClient)

    • setApplicationConfiguration

      @Autowired(required=false) public void setApplicationConfiguration​(PowerAuthApplicationConfiguration applicationConfiguration)

    • authenticate

      public org.springframework.security.core.Authentication authenticate​(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Throws:
      org.springframework.security.core.AuthenticationException

    • validateRequestSignature

      public PowerAuthApiAuthentication validateRequestSignature​(java.lang.String httpMethod, byte[] httpBody, java.lang.String requestUriIdentifier, java.lang.String httpAuthorizationHeader, java.util.List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes, @Nullable java.lang.Integer forcedSignatureVersion) throws PowerAuthAuthenticationException
      Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier. Make sure to accept only allowed signatures.
      Specified by:
      validateRequestSignature in class PowerAuthAuthenticationProviderBase
      Parameters:
      httpMethod - HTTP method (GET, POST, ...)
      httpBody - Body of the HTTP request.
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      allowedSignatureTypes - Allowed types of the signature.
      forcedSignatureVersion - Forced signature version, optional parameter used during upgrade.
      Returns:
      Instance of a PowerAuthApiAuthenticationImpl on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateToken

      public PowerAuthApiAuthentication validateToken​(java.lang.String tokenHeader, java.util.List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException
      Specified by:
      validateToken in class PowerAuthAuthenticationProviderBase
      Throws:
      PowerAuthAuthenticationException