List of usage examples for org.springframework.security.oauth2.common DefaultOAuth2RefreshToken DefaultOAuth2RefreshToken
@JsonCreator
public DefaultOAuth2RefreshToken(String value)
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServices.java
private OAuth2AccessToken createAccessToken(String userId, String username, String userEmail, int validitySeconds, Collection<GrantedAuthority> clientScopes, Set<String> requestedScopes, String clientId, Set<String> resourceIds, String grantType, String refreshToken, Map<String, String> additionalAuthorizationAttributes, Set<String> responseTypes) throws AuthenticationException { String tokenId = UUID.randomUUID().toString(); OpenIdToken accessToken = new OpenIdToken(tokenId); if (validitySeconds > 0) { accessToken.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); }// www . j a va 2 s . c om accessToken.setRefreshToken(refreshToken == null ? null : new DefaultOAuth2RefreshToken(refreshToken)); if (null == requestedScopes || requestedScopes.size() == 0) { logger.debug("No scopes were granted"); throw new InvalidTokenException("No scopes were granted"); } accessToken.setScope(requestedScopes); Map<String, Object> info = new HashMap<String, Object>(); info.put(JTI, accessToken.getValue()); if (null != additionalAuthorizationAttributes) { info.put(ADDITIONAL_AZ_ATTR, additionalAuthorizationAttributes); } accessToken.setAdditionalInformation(info); String content; try { content = mapper.writeValueAsString(createJWTAccessToken(accessToken, userId, username, userEmail, clientScopes, requestedScopes, clientId, resourceIds, grantType, refreshToken)); } catch (Exception e) { throw new IllegalStateException("Cannot convert access token to JSON", e); } String token = JwtHelper.encode(content, signerProvider.getSigner()).getEncoded(); // This setter copies the value and returns. Don't change. accessToken.setValue(token); populateIdToken(accessToken, requestedScopes, responseTypes); publish(new TokenIssuedEvent(accessToken, SecurityContextHolder.getContext().getAuthentication())); return accessToken; }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServices.java
private CompositeAccessToken createAccessToken(String tokenId, String userId, UaaUser user, Date userAuthenticationTime, int validitySeconds, Collection<GrantedAuthority> clientScopes, Set<String> requestedScopes, String clientId, Set<String> resourceIds, String grantType, String refreshToken, String nonce, Map<String, String> additionalAuthorizationAttributes, Map<String, String> externalAttributes, Set<String> responseTypes, String revocableHashSignature, boolean forceIdTokenCreation, Set<String> externalGroupsForIdToken, Map<String, List<String>> userAttributesForIdToken, boolean revocable, Set<String> authenticationMethods, Set<String> authNContextClassRef) throws AuthenticationException { CompositeAccessToken accessToken = new CompositeAccessToken(tokenId); accessToken.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); accessToken.setRefreshToken(refreshToken == null ? null : new DefaultOAuth2RefreshToken(refreshToken)); if (null == requestedScopes || requestedScopes.size() == 0) { logger.debug("No scopes were granted"); throw new InvalidTokenException("No scopes were granted"); }/*w ww. jav a 2 s. c om*/ accessToken.setScope(requestedScopes); Map<String, Object> info = new HashMap<String, Object>(); info.put(JTI, accessToken.getValue()); if (null != additionalAuthorizationAttributes) { info.put(ADDITIONAL_AZ_ATTR, additionalAuthorizationAttributes); } if (null != externalAttributes) { info.put(EXTERNAL_ATTR, externalAttributes); } if (nonce != null) { info.put(NONCE, nonce); } accessToken.setAdditionalInformation(info); String content; Map<String, ?> jwtAccessToken = createJWTAccessToken(accessToken, userId, user, userAuthenticationTime, clientScopes, requestedScopes, clientId, resourceIds, grantType, refreshToken, revocableHashSignature, revocable); try { content = JsonUtils.writeValueAsString(jwtAccessToken); } catch (JsonUtils.JsonUtilException e) { throw new IllegalStateException("Cannot convert access token to JSON", e); } String token = JwtHelper.encode(content, KeyInfo.getActiveKey().getSigner()).getEncoded(); // This setter copies the value and returns. Don't change. accessToken.setValue(token); populateIdToken(accessToken, jwtAccessToken, requestedScopes, responseTypes, clientId, forceIdTokenCreation, externalGroupsForIdToken, user, userAttributesForIdToken, authenticationMethods, authNContextClassRef); publish(new TokenIssuedEvent(accessToken, SecurityContextHolder.getContext().getAuthentication())); return accessToken; }
From source file:org.cloudfoundry.identity.uaa.oauth.UaaTokenServices.java
public CompositeAccessToken persistRevocableToken(String tokenId, String refreshTokenId, CompositeAccessToken token, OAuth2RefreshToken refreshToken, String clientId, String userId, boolean opaque, boolean revocable) { String scope = token.getScope().toString(); if (StringUtils.hasText(scope) && scope.length() > 1000) { scope = scope.substring(0, 1000); }/*from w w w .j a v a 2 s . c om*/ long now = System.currentTimeMillis(); if (revocable) { RevocableToken revocableAccessToken = new RevocableToken().setTokenId(tokenId).setClientId(clientId) .setExpiresAt(token.getExpiration().getTime()).setIssuedAt(now) .setFormat(opaque ? OPAQUE.name() : JWT.name()) .setResponseType(RevocableToken.TokenType.ACCESS_TOKEN) .setZoneId(IdentityZoneHolder.get().getId()).setUserId(userId).setScope(scope) .setValue(token.getValue()); try { tokenProvisioning.create(revocableAccessToken); } catch (DuplicateKeyException updateInstead) { //TODO this is an uninteded side effect of reusing access token IDs tokenProvisioning.update(tokenId, revocableAccessToken); } } boolean refreshTokenOpaque = opaque || TokenConstants.TokenFormat.OPAQUE.getStringValue() .equals(IdentityZoneHolder.get().getConfig().getTokenPolicy().getRefreshTokenFormat()); boolean refreshTokenRevocable = refreshTokenOpaque || IdentityZoneHolder.get().getConfig().getTokenPolicy().isJwtRevocable(); boolean refreshTokenUnique = IdentityZoneHolder.get().getConfig().getTokenPolicy().isRefreshTokenUnique(); if (refreshToken != null && refreshTokenRevocable) { RevocableToken revocableRefreshToken = new RevocableToken().setTokenId(refreshTokenId) .setClientId(clientId) .setExpiresAt(((ExpiringOAuth2RefreshToken) refreshToken).getExpiration().getTime()) .setIssuedAt(now).setFormat(refreshTokenOpaque ? OPAQUE.name() : JWT.name()) .setResponseType(RevocableToken.TokenType.REFRESH_TOKEN) .setZoneId(IdentityZoneHolder.get().getId()).setUserId(userId).setScope(scope) .setValue(refreshToken.getValue()); try { if (refreshTokenUnique) { tokenProvisioning.deleteRefreshTokensForClientAndUserId(clientId, userId); } tokenProvisioning.create(revocableRefreshToken); } catch (DuplicateKeyException ignore) { //no need to store refresh tokens again } } CompositeAccessToken result = new CompositeAccessToken(opaque ? tokenId : token.getValue()); result.setIdTokenValue(token.getIdTokenValue()); result.setExpiration(token.getExpiration()); result.setAdditionalInformation(token.getAdditionalInformation()); result.setScope(token.getScope()); result.setTokenType(token.getTokenType()); result.setRefreshToken(refreshToken == null ? null : new DefaultOAuth2RefreshToken(refreshTokenOpaque ? refreshTokenId : refreshToken.getValue())); return result; }
From source file:org.orcid.core.oauth.service.OrcidTokenStoreServiceImpl.java
private OAuth2AccessToken getOauth2AccessTokenFromDetails(OrcidOauth2TokenDetail detail) { DefaultOAuth2AccessToken token = null; if (detail != null && StringUtils.isNotBlank(detail.getTokenValue())) { token = new DefaultOAuth2AccessToken(detail.getTokenValue()); token.setExpiration(detail.getTokenExpiration()); token.setScope(OAuth2Utils.parseParameterList(detail.getScope())); token.setTokenType(detail.getTokenType()); String refreshToken = detail.getRefreshTokenValue(); OAuth2RefreshToken rt;/*from ww w . ja v a 2 s . com*/ if (StringUtils.isNotBlank(refreshToken)) { if (detail.getRefreshTokenExpiration() != null) { rt = new DefaultExpiringOAuth2RefreshToken(detail.getRefreshTokenValue(), detail.getRefreshTokenExpiration()); } else { rt = new DefaultOAuth2RefreshToken(detail.getRefreshTokenValue()); } token.setRefreshToken(rt); } ProfileEntity profile = detail.getProfile(); if (profile != null) { Map<String, Object> additionalInfo = new HashMap<String, Object>(); additionalInfo.put(OrcidOauth2Constants.ORCID, profile.getId()); additionalInfo.put(OrcidOauth2Constants.PERSISTENT, detail.isPersistent()); additionalInfo.put(OrcidOauth2Constants.DATE_CREATED, detail.getDateCreated()); additionalInfo.put(OrcidOauth2Constants.TOKEN_VERSION, detail.getVersion()); token.setAdditionalInformation(additionalInfo); } String clientId = detail.getClientDetailsId(); if (!PojoUtil.isEmpty(clientId)) { Map<String, Object> additionalInfo = new HashMap<String, Object>(); Map<String, Object> additionalInfoInToken = token.getAdditionalInformation(); if (additionalInfoInToken != null && !additionalInfoInToken.isEmpty()) { additionalInfo.putAll(additionalInfoInToken); } // Copy to a new one to avoid unmodifiable additionalInfo.put(OrcidOauth2Constants.CLIENT_ID, clientId); token.setAdditionalInformation(additionalInfo); } } return token; }
From source file:org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter.java
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken); Map<String, Object> info = new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation()); String tokenId = result.getValue(); if (!info.containsKey(TOKEN_ID)) { info.put(TOKEN_ID, tokenId);//from w w w. ja v a2 s. c om } result.setAdditionalInformation(info); result.setValue(encode(result, authentication)); OAuth2RefreshToken refreshToken = result.getRefreshToken(); if (refreshToken != null) { DefaultOAuth2AccessToken encodedRefreshToken = new DefaultOAuth2AccessToken(accessToken); DefaultOAuth2RefreshToken token = new DefaultOAuth2RefreshToken( encode(encodedRefreshToken, authentication)); if (refreshToken instanceof ExpiringOAuth2RefreshToken) { Date expiration = ((ExpiringOAuth2RefreshToken) refreshToken).getExpiration(); encodedRefreshToken.setExpiration(expiration); token = new DefaultExpiringOAuth2RefreshToken(encode(encodedRefreshToken, authentication), expiration); } result.setRefreshToken(token); } return result; }