Example 26 with ClientDetailsEntity
use of org.orcid.persistence.jpa.entities.ClientDetailsEntity in project ORCID-Source by ORCID.
the class ClientDetailsManagerImpl method cleanOldClientKeys.
/**
* Removes all non primary client secret keys
*
* @param clientId
* */
@Override
@Transactional
public void cleanOldClientKeys() {
LOGGER.info("Starting cron to delete non primary client keys");
Date currentDate = new Date();
List<ClientDetailsEntity> allClientDetails = this.getAll();
if (allClientDetails != null && allClientDetails != null) {
for (ClientDetailsEntity clientDetails : allClientDetails) {
String clientId = clientDetails.getClientId();
LOGGER.info("Deleting non primary keys for client: {}", clientId);
Set<ClientSecretEntity> clientSecrets = clientDetails.getClientSecrets();
for (ClientSecretEntity clientSecret : clientSecrets) {
if (!clientSecret.isPrimary()) {
Date dateRevoked = clientSecret.getLastModified();
Date timeToDeleteMe = DateUtils.addHours(dateRevoked, 24);
// If the key have been revokend more than 24 hours ago
if (timeToDeleteMe.before(currentDate)) {
LOGGER.info("Deleting key for client {}", clientId);
clientSecretDao.removeClientSecret(clientId, clientSecret.getClientSecret());
}
}
}
}
}
LOGGER.info("Cron done");
}
Also used :
ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity)
ClientSecretEntity(org.orcid.persistence.jpa.entities.ClientSecretEntity)
Date(java.util.Date)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 27 with ClientDetailsEntity
use of org.orcid.persistence.jpa.entities.ClientDetailsEntity in project ORCID-Source by ORCID.
the class ClientDetailsEntityCacheManagerImpl method retrieve.
@Override
public ClientDetailsEntity retrieve(String clientId) throws IllegalArgumentException {
Object key = new ClientIdCacheKey(clientId, releaseName);
Date dbDate = retrieveLastModifiedDate(clientId);
ClientDetailsEntity clientDetails = toClientDetailsEntity(clientDetailsCache.get(key));
if (needsFresh(dbDate, clientDetails)) {
try {
synchronized (lockers.obtainLock(clientId)) {
clientDetails = toClientDetailsEntity(clientDetailsCache.get(key));
if (needsFresh(dbDate, clientDetails)) {
clientDetails = clientDetailsManager.findByClientId(clientId);
if (clientDetails == null)
throw new IllegalArgumentException("Invalid client id " + clientId);
clientDetailsCache.put(new Element(key, clientDetails));
}
}
} finally {
lockers.releaseLock(clientId);
}
}
return clientDetails;
}
Also used :
ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity)
Element(net.sf.ehcache.Element)
Date(java.util.Date)
Example 28 with ClientDetailsEntity
use of org.orcid.persistence.jpa.entities.ClientDetailsEntity in project ORCID-Source by ORCID.
the class ClientDetailsManagerImpl method merge.
@Override
public ClientDetailsEntity merge(ClientDetailsEntity clientDetails) {
ClientDetailsEntity result = clientDetailsDao.merge(clientDetails);
clientDetailsDao.updateLastModified(result.getId());
// Evict the name in the source name manager
sourceNameCacheManager.remove(result.getId());
return result;
}
Also used :
ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity)
Example 29 with ClientDetailsEntity
use of org.orcid.persistence.jpa.entities.ClientDetailsEntity in project ORCID-Source by ORCID.
the class OrcidRandomValueTokenServicesImpl method refreshAccessToken.
@Override
@Transactional
public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenRequest tokenRequest) throws AuthenticationException {
String parentTokenValue = tokenRequest.getRequestParameters().get(OrcidOauth2Constants.AUTHORIZATION);
String clientId = tokenRequest.getClientId();
String scopes = tokenRequest.getRequestParameters().get(OAuth2Utils.SCOPE);
Long expiresIn = tokenRequest.getRequestParameters().containsKey(OrcidOauth2Constants.EXPIRES_IN) ? Long.valueOf(tokenRequest.getRequestParameters().get(OrcidOauth2Constants.EXPIRES_IN)) : 0L;
Boolean revokeOld = tokenRequest.getRequestParameters().containsKey(OrcidOauth2Constants.REVOKE_OLD) ? Boolean.valueOf(tokenRequest.getRequestParameters().get(OrcidOauth2Constants.REVOKE_OLD)) : true;
// Check if the refresh token is enabled
if (!customSupportRefreshToken) {
throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
}
// Check if the client support refresh token
ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
if (!clientDetails.getAuthorizedGrantTypes().contains(OrcidOauth2Constants.REFRESH_TOKEN)) {
throw new InvalidGrantException("Client " + clientId + " doesnt have refresh token enabled");
}
OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailDao.findByTokenValue(parentTokenValue);
ProfileEntity profileEntity = new ProfileEntity(parentToken.getProfile().getId());
OrcidOauth2TokenDetail newToken = new OrcidOauth2TokenDetail();
newToken.setApproved(true);
newToken.setClientDetailsId(clientId);
newToken.setDateCreated(new Date());
newToken.setLastModified(new Date());
newToken.setPersistent(parentToken.isPersistent());
newToken.setProfile(profileEntity);
newToken.setRedirectUri(parentToken.getRedirectUri());
newToken.setRefreshTokenValue(UUID.randomUUID().toString());
newToken.setResourceId(parentToken.getResourceId());
newToken.setResponseType(parentToken.getResponseType());
newToken.setState(parentToken.getState());
newToken.setTokenDisabled(false);
if (expiresIn <= 0) {
//If expiresIn is 0 or less, set the parent token
newToken.setTokenExpiration(parentToken.getTokenExpiration());
} else {
//Assumes expireIn already contains the real expired time expressed in millis
newToken.setTokenExpiration(new Date(expiresIn));
}
newToken.setTokenType(parentToken.getTokenType());
newToken.setTokenValue(UUID.randomUUID().toString());
newToken.setVersion(parentToken.getVersion());
if (PojoUtil.isEmpty(scopes)) {
newToken.setScope(parentToken.getScope());
} else {
newToken.setScope(scopes);
}
//Generate an authentication object to be able to generate the authentication key
Set<String> scopesSet = OAuth2Utils.parseParameterList(newToken.getScope());
AuthorizationRequest request = new AuthorizationRequest(clientId, scopesSet);
request.setApproved(true);
Authentication authentication = new OrcidOauth2UserAuthentication(profileEntity, true);
OrcidOAuth2Authentication orcidAuthentication = new OrcidOAuth2Authentication(request, authentication, newToken.getTokenValue());
newToken.setAuthenticationKey(authenticationKeyGenerator.extractKey(orcidAuthentication));
// Store the new token and return it
orcidOauth2TokenDetailDao.persist(newToken);
// Revoke the old token when required
if (revokeOld) {
orcidOauth2TokenDetailDao.disableAccessToken(parentTokenValue);
}
// Save the changes
orcidOauth2TokenDetailDao.flush();
// and return it
return toOAuth2AccessToken(newToken);
}
Also used :
ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity)
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication)
InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException)
ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)
Date(java.util.Date)
OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication)
OrcidOauth2TokenDetail(org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 30 with ClientDetailsEntity
use of org.orcid.persistence.jpa.entities.ClientDetailsEntity in project ORCID-Source by ORCID.
the class OrcidTokenStoreServiceImpl method getOAuth2AuthenticationFromDetails.
private OAuth2Authentication getOAuth2AuthenticationFromDetails(OrcidOauth2TokenDetail details) {
if (details != null) {
ClientDetailsEntity clientDetailsEntity = clientDetailsEntityCacheManager.retrieve(details.getClientDetailsId());
Authentication authentication = null;
AuthorizationRequest request = null;
if (clientDetailsEntity != null) {
//Check member is not locked
orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetailsEntity);
Set<String> scopes = OAuth2Utils.parseParameterList(details.getScope());
request = new AuthorizationRequest(clientDetailsEntity.getClientId(), scopes);
request.setAuthorities(clientDetailsEntity.getAuthorities());
Set<String> resourceIds = new HashSet<>();
resourceIds.add(details.getResourceId());
request.setResourceIds(resourceIds);
request.setApproved(details.isApproved());
ProfileEntity profile = details.getProfile();
if (profile != null) {
authentication = new OrcidOauth2UserAuthentication(profile, details.isApproved());
}
}
return new OrcidOAuth2Authentication(request, authentication, details.getTokenValue());
}
throw new InvalidTokenException("Token not found");
}
Also used :
ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity)
InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException)
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication)
OrcidOAuth2Authentication(org.orcid.core.oauth.OrcidOAuth2Authentication)
ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)
HashSet(java.util.HashSet)
Aggregations
ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)149
Test (org.junit.Test)75
SourceEntity (org.orcid.persistence.jpa.entities.SourceEntity)57
BaseTest (org.orcid.core.BaseTest)51
ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)33
Date (java.util.Date)23
Transactional (org.springframework.transaction.annotation.Transactional)16
HashSet (java.util.HashSet)15
DBUnitTest (org.orcid.test.DBUnitTest)15
HashMap (java.util.HashMap)14
Authentication (org.springframework.security.core.Authentication)13
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)13
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)11
Work (org.orcid.jaxb.model.record_v2.Work)9
Before (org.junit.Before)8
ArrayList (java.util.ArrayList)7
OrcidClient (org.orcid.jaxb.model.clientgroup.OrcidClient)7
ClientSecretEntity (org.orcid.persistence.jpa.entities.ClientSecretEntity)7
OrcidProfile (org.orcid.jaxb.model.message.OrcidProfile)6
Funding (org.orcid.jaxb.model.record_v2.Funding)6
