Java tutorial
/** * Copyright 2013 Stockholm County Council * * This file is part of APIGW * * APIGW is free software; you can redistribute it and/or modify * it under the terms of version 2.1 of the GNU Lesser General Public * License as published by the Free Software Foundation. * * APIGW is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with APIGW; if not, write to the * Free Software Foundation, Inc., 59 Temple Place, Suite 330, * Boston, MA 02111-1307 USA * */ package org.apigw.authserver.web.controller; import java.util.Collection; import org.apigw.authserver.svc.TokenServices; import org.apigw.monitoring.svc.OAuthMonitoringService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.User; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; /** * Rest service for revoking all accesstokens used by a client. * * @author Albert rwall * */ // De-activating this controller until a strategy for administrator authentication and authorization // is implemented. //@Controller //@SessionAttributes //@RequestMapping(value = "/admin/oauth/revoke") public class RevocationController { private static final Logger log = LoggerFactory.getLogger(RevocationController.class); @Autowired private TokenServices tokenServices; @Autowired private OAuthMonitoringService monitoringService; @RequestMapping(method = RequestMethod.GET, params = { "clientId" }) public @ResponseBody String revoke(@RequestParam("clientId") String clientId) { log.debug("revoke(clientId: {})", clientId); Collection<OAuth2AccessToken> tokens = tokenServices.findTokensByClientId(clientId); for (OAuth2AccessToken token : tokens) { try { OAuth2Authentication auth = tokenServices.loadAuthentication(token.getValue()); tokenServices.revokeToken(token.getValue()); User user = (User) auth.getUserAuthentication().getPrincipal(); monitoringService.logRevokeAccessToken(System.currentTimeMillis(), token.getValue(), clientId, token.getScope(), "SUCCESS", "Appen r inte lngre godknd fr anvndning", user.getUsername()); } catch (AuthenticationException e) { log.debug("Access token is already invalid (" + e.getMessage() + ")"); } catch (Throwable e) { log.error("Error while trying to revoke access token", e); } } return "Revoked all authorizations (" + tokens.size() + ") for client: " + clientId; } }