use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JCacheOAuthDataProvider method getJwtAccessTokens.
protected List<ServerAccessToken> getJwtAccessTokens(Client client, UserSubject sub) {
final Set<String> toRemove = new HashSet<>();
final List<ServerAccessToken> tokens = new ArrayList<>();
for (Iterator<Cache.Entry<String, String>> it = jwtAccessTokenCache.iterator(); it.hasNext(); ) {
Cache.Entry<String, String> entry = it.next();
String jose = entry.getValue();
JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
ServerAccessToken token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap());
if (isExpired(token)) {
toRemove.add(entry.getKey());
} else if (isTokenMatched(token, client, sub)) {
tokens.add(token);
}
}
jwtAccessTokenCache.removeAll(toRemove);
return tokens;
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JCacheOAuthDataProvider method getJwtAccessToken.
protected ServerAccessToken getJwtAccessToken(String key) {
String jose = jwtAccessTokenCache.get(key);
ServerAccessToken token = null;
if (jose != null) {
JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap());
if (isExpired(token)) {
jwtAccessTokenCache.remove(key);
token = null;
}
}
return token;
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JPAOAuthDataProvider method saveAccessToken.
protected void saveAccessToken(final ServerAccessToken serverToken) {
executeInTransaction(em -> {
List<OAuthPermission> perms = new LinkedList<>();
for (OAuthPermission perm : serverToken.getScopes()) {
OAuthPermission permSaved = em.find(OAuthPermission.class, perm.getPermission());
if (permSaved != null) {
perms.add(permSaved);
} else {
em.persist(perm);
perms.add(perm);
}
}
serverToken.setScopes(perms);
if (serverToken.getSubject() != null) {
UserSubject sub = em.find(UserSubject.class, serverToken.getSubject().getId());
if (sub == null) {
em.persist(serverToken.getSubject());
} else {
sub = em.merge(serverToken.getSubject());
serverToken.setSubject(sub);
}
}
// (needed for OpenJPA : InvalidStateException: Encountered unmanaged object)
if (serverToken.getClient() != null) {
serverToken.setClient(em.find(Client.class, serverToken.getClient().getClientId()));
}
em.persist(serverToken);
return null;
});
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AbstractOAuthDataProvider method handleLinkedRefreshToken.
protected void handleLinkedRefreshToken(Client client, ServerAccessToken accessToken) {
if (accessToken != null && accessToken.getRefreshToken() != null) {
RefreshToken rt = getRefreshToken(accessToken.getRefreshToken());
if (rt == null) {
return;
}
unlinkRefreshAccessToken(rt, accessToken.getTokenKey());
if (rt.getAccessTokens().isEmpty()) {
revokeRefreshToken(client, rt.getTokenKey());
} else {
saveRefreshToken(rt);
}
}
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AbstractOAuthDataProvider method refreshAccessToken.
@Override
public ServerAccessToken refreshAccessToken(Client client, String refreshTokenKey, List<String> restrictedScopes) throws OAuthServiceException {
RefreshToken currentRefreshToken = recycleRefreshTokens ? revokeRefreshToken(client, refreshTokenKey) : getRefreshToken(refreshTokenKey);
if (currentRefreshToken == null) {
throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
}
if (OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn())) {
if (!recycleRefreshTokens) {
revokeRefreshToken(client, refreshTokenKey);
}
throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
}
if (recycleRefreshTokens) {
revokeAccessTokens(client, currentRefreshToken);
}
ServerAccessToken at = doRefreshAccessToken(client, currentRefreshToken, restrictedScopes);
saveAccessToken(at);
if (recycleRefreshTokens) {
createNewRefreshToken(at);
} else {
updateExistingRefreshToken(currentRefreshToken, at);
}
return at;
}
Aggregations