List of usage examples for org.springframework.security.oauth2.common ExpiringOAuth2RefreshToken getValue
@JsonValue String getValue();
From source file:org.socialhistoryservices.security.MongoTokenStore.java
public OAuth2Authentication readAuthentication(ExpiringOAuth2RefreshToken token) { // select token_id, authentication from oauth_refresh_token where token_id = ? OAuth2Authentication authentication = null; final BasicDBObject query = new BasicDBObject("token_id", token.getValue()); final DBCollection collection = getCollection(OAUTH_REFRESH_TOKEN); final DBObject document = collection.findOne(query); if (document == null) { } else {//from w w w . j av a 2s .c o m authentication = deserialize((byte[]) document.get("authentication")); } return authentication; }
From source file:org.socialhistoryservices.security.MongoTokenStore.java
public void storeRefreshToken(ExpiringOAuth2RefreshToken refreshToken, OAuth2Authentication authentication) { // insert into oauth_refresh_token (token_id, token, authentication) values (?, ?, ?) final BasicDBObject document = new BasicDBObject(); document.put("token_id", refreshToken.getValue()); document.put("token", serialize(refreshToken)); document.put("authentication", serialize(authentication)); final DBCollection collection = getCollection(OAUTH_REFRESH_TOKEN); collection.insert(document);/*from w w w . java2s . com*/ }
From source file:org.apigw.authserver.svc.impl.TokenServicesImpl.java
/** * Builds or updates the data of an AuthorizationGrant object based on an access token, refresh token and * an authentication. If a grant is given, it will be updated. If the given authorization grant object is * null a new AuthorizationGrant object will be constructed and populated. * @param grant The grant to be updated or null if a new AuthorizationGrant is to be created. * @param refreshToken The refresh token * @param authentication The authentication * @return The created or updated authorization grant */// w w w . ja v a 2 s. co m protected AuthorizationGrant buildAuthorizationGrant(AuthorizationGrant grant, ExpiringOAuth2RefreshToken refreshToken, OAuth2Authentication authentication) { log.debug("buildAuthorizationGrant"); long now = System.currentTimeMillis(); boolean update = true; if (grant == null) { grant = new AuthorizationGrant(); update = false; } String clientId = authentication.getAuthorizationRequest().getClientId(); grant.setClientId(clientId); grant.setAccessToken(UUID.randomUUID().toString()); if (update) { grant.getGrantedPermissions().clear(); } else { grant.setGrantedPermissions(new ArrayList<CertifiedClientPermission>( authentication.getAuthorizationRequest().getScope().size())); } long validitySeconds = accessTokenValiditySeconds; for (String permission : authentication.getAuthorizationRequest().getScope()) { CertifiedClientPermission ccPermission = ccPermissionRepository.findByPermissionName(permission, clientId); if (ccPermission == null) { log.warn("No permission {} found for client {}", permission, clientId); } else { grant.getGrantedPermissions().add(ccPermission); int permissionValiditySeconds = ccPermission.getPermission().getAccessTokenValiditySeconds(); if (permissionValiditySeconds > 0 && validitySeconds > permissionValiditySeconds) { validitySeconds = permissionValiditySeconds; } } } final String name = authentication.getName(); String legalGuardianResidentIdentificationNumber = null; String citizenResidentIdentificationNumber = name; if (name.contains("/")) { final String[] split = name.split("/"); legalGuardianResidentIdentificationNumber = split[0]; citizenResidentIdentificationNumber = split[1]; } grant.setLegalGuardianResidentIdentificationNumber(legalGuardianResidentIdentificationNumber); grant.setResidentIdentificationNumber(citizenResidentIdentificationNumber); if (validitySeconds > 0) { final Date expirationTime = generateExpirationTime(citizenResidentIdentificationNumber, validitySeconds); grant.setAccessTokenExpires(expirationTime); } grant.setAuthenticationKey(authenticationKeyGenerator.extractKey(authentication)); if (supportRefreshToken) { grant.setGrantExpires(refreshToken.getExpiration()); grant.setRefreshToken(refreshToken.getValue()); } else { grant.setGrantExpires(grant.getAccessTokenExpires()); } grant.setIssueDate(new Date(now)); log.debug("returning from buildAuthorizationGrant"); return grant; }
From source file:org.apigw.authserver.svc.impl.TokenServicesImpl.java
@Override @Transactional(propagation = Propagation.REQUIRED) public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, AuthorizationRequest request) throws AuthenticationException { log.debug("refreshAccessToken(refreshTokenValue:{}, request:{})", refreshTokenValue, request); if (!supportRefreshToken) { throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue); }// w ww . j a v a2 s .co m AuthorizationGrant authorizationGrant = authorizationGrantRepository.findByRefreshToken(refreshTokenValue); if (authorizationGrant == null) { throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue); } if (!validateLegalGuardianInAuthrizationGrant(authorizationGrant)) { throw new InvalidGrantException( "Authorization grant is missing a valid legal guardian: " + refreshTokenValue); } OAuth2AccessToken accessToken = buildAccessTokenFromAuthorizationGrant(authorizationGrant, false); ExpiringOAuth2RefreshToken refreshToken = (ExpiringOAuth2RefreshToken) accessToken.getRefreshToken(); if (accessToken == null || accessToken.getRefreshToken() == null) { throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue); } String clientId = authorizationGrant.getClientId(); if (clientId == null || !clientId.equals(request.getClientId())) { throw new InvalidGrantException("Wrong client for this refresh token: " + refreshTokenValue); } if (isExpired(accessToken.getRefreshToken())) { log.info("Removing expired authorization grant with auth key {} for client {}", authorizationGrant.getAuthenticationKey(), authorizationGrant.getClientId()); authorizationGrantRepository.delete(authorizationGrant); throw new InvalidGrantException("Invalid refresh token: " + accessToken.getRefreshToken()); } Set<String> scope = request.getScope(); // if scope exists, we want to narrow the scope and therefore check that scope is a subset of the original scope // else if the scope param is empty, use the old scope from db. if (scope != null && scope.size() > 0) { if (accessToken.getScope() == null || !accessToken.getScope().containsAll(scope)) { throw new InvalidScopeException( "Unable to narrow the scope of the client authentication to " + scope + ".", accessToken.getScope()); } else if (accessToken.getScope().size() > scope.size()) { // if scope is narrowed, check for already existing accesstoken OAuth2Authentication auth = buildAuthenticationFromAuthorizationGrant(authorizationGrant, scope); AuthorizationGrant grant = authorizationGrantRepository .findByAuthenticationKey(authenticationKeyGenerator.extractKey(auth)); log.info("grant: {}", grant); if (grant != null) { throw new InvalidScopeException( "Unable to narrow the scope of the client authentication to " + scope + ". An authorization with that scope, client and user already exists.", accessToken.getScope()); } } } else { scope = accessToken.getScope(); } OAuth2Authentication authentication = buildAuthenticationFromAuthorizationGrant(authorizationGrant, scope); if (!reuseRefreshToken) { refreshToken = buildRefreshToken(authentication); authorizationGrant.setRefreshToken(refreshToken.getValue()); authorizationGrant.setGrantExpires(refreshToken.getExpiration()); } authorizationGrant = buildAuthorizationGrant(authorizationGrant, refreshToken, authentication); authorizationGrant = authorizationGrantRepository.save(authorizationGrant); OAuth2AccessToken token = buildAccessTokenFromAuthorizationGrant(authorizationGrant, false); log.debug("Returning from refreshAccessToken"); return token; }