Search in sources :

Example 6 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AbstractPersistentDefaultTokenServicesTests method testTokenEnhancerUpdatesStoredTokens.

@Test
public void testTokenEnhancerUpdatesStoredTokens() throws Exception {
    final ExpiringOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("testToken", new Date(System.currentTimeMillis() + 100000));
    getTokenServices().setTokenEnhancer(new TokenEnhancer() {

        public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
            DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken);
            result.setRefreshToken(refreshToken);
            return result;
        }
    });
    OAuth2Authentication authentication = createAuthentication();
    OAuth2AccessToken original = getTokenServices().createAccessToken(authentication);
    assertTrue(original.getRefreshToken().equals(refreshToken));
    OAuth2AccessToken result = getTokenStore().getAccessToken(authentication);
    assertEquals(original, result);
    assertEquals(refreshToken, result.getRefreshToken());
    assertEquals(refreshToken, getTokenStore().readRefreshToken(refreshToken.getValue()));
}
Also used : DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) Date(java.util.Date) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) Test(org.junit.Test)

Example 7 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class JwtAccessTokenConverter method enhance.

public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
    DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken);
    Map<String, Object> info = new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation());
    String tokenId = result.getValue();
    if (!info.containsKey(TOKEN_ID)) {
        info.put(TOKEN_ID, tokenId);
    } else {
        tokenId = (String) info.get(TOKEN_ID);
    }
    result.setAdditionalInformation(info);
    result.setValue(encode(result, authentication));
    OAuth2RefreshToken refreshToken = result.getRefreshToken();
    if (refreshToken != null) {
        DefaultOAuth2AccessToken encodedRefreshToken = new DefaultOAuth2AccessToken(accessToken);
        encodedRefreshToken.setValue(refreshToken.getValue());
        // Refresh tokens do not expire unless explicitly of the right type
        encodedRefreshToken.setExpiration(null);
        try {
            Map<String, Object> claims = objectMapper.parseMap(JwtHelper.decode(refreshToken.getValue()).getClaims());
            if (claims.containsKey(TOKEN_ID)) {
                encodedRefreshToken.setValue(claims.get(TOKEN_ID).toString());
            }
        } catch (IllegalArgumentException e) {
        }
        Map<String, Object> refreshTokenInfo = new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation());
        refreshTokenInfo.put(TOKEN_ID, encodedRefreshToken.getValue());
        refreshTokenInfo.put(ACCESS_TOKEN_ID, tokenId);
        encodedRefreshToken.setAdditionalInformation(refreshTokenInfo);
        DefaultOAuth2RefreshToken token = new DefaultOAuth2RefreshToken(encode(encodedRefreshToken, authentication));
        if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            Date expiration = ((ExpiringOAuth2RefreshToken) refreshToken).getExpiration();
            encodedRefreshToken.setExpiration(expiration);
            token = new DefaultExpiringOAuth2RefreshToken(encode(encodedRefreshToken, authentication), expiration);
        }
        result.setRefreshToken(token);
    }
    return result;
}
Also used : ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date) LinkedHashMap(java.util.LinkedHashMap) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)

Example 8 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project ORCID-Source by ORCID.

the class OrcidTokenStoreServiceTest method testStoreAccessToken.

@Test
@Transactional
public void testStoreAccessToken() throws Exception {
    String clientId = "4444-4444-4444-4441";
    DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("some-long-oauth2-token-value-9");
    ExpiringOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken("some-long-oauth2-refresh-value-9", new Date());
    token.setRefreshToken(refreshToken);
    token.setScope(new HashSet<String>(Arrays.asList("/orcid-bio/read", "/orcid-works/read")));
    token.setTokenType("bearer");
    token.setExpiration(new Date());
    Map<String, String> parameters = new HashMap<String, String>();
    parameters.put("client_id", clientId);
    parameters.put("state", "read");
    parameters.put("scope", "/orcid-profile/write");
    parameters.put("redirect_uri", "http://www.google.com/");
    parameters.put("response_type", "bearer");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ProfileEntity profileEntity = profileEntityManager.findByOrcid("4444-4444-4444-4444");
    OrcidOauth2UserAuthentication userAuthentication = new OrcidOauth2UserAuthentication(profileEntity, true);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    orcidTokenStoreService.storeAccessToken(token, authentication);
    OAuth2AccessToken oAuth2AccessToken = orcidTokenStoreService.readAccessToken("some-long-oauth2-token-value-9");
    assertNotNull(oAuth2AccessToken);
}
Also used : HashMap(java.util.HashMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidOauth2UserAuthentication(org.orcid.core.oauth.OrcidOauth2UserAuthentication) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 9 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class DefaultTokenServices method createAccessToken.

@Transactional
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
    OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
    OAuth2RefreshToken refreshToken = null;
    if (existingAccessToken != null) {
        if (existingAccessToken.isExpired()) {
            if (existingAccessToken.getRefreshToken() != null) {
                refreshToken = existingAccessToken.getRefreshToken();
                // The token store could remove the refresh token when the
                // access token is removed, but we want to
                // be sure...
                tokenStore.removeRefreshToken(refreshToken);
            }
            tokenStore.removeAccessToken(existingAccessToken);
        } else {
            // Re-store the access token in case the authentication has changed
            tokenStore.storeAccessToken(existingAccessToken, authentication);
            return existingAccessToken;
        }
    }
    // expired.
    if (refreshToken == null) {
        refreshToken = createRefreshToken(authentication);
    } else // expired.
    if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
        ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
        if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
            refreshToken = createRefreshToken(authentication);
        }
    }
    OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
    tokenStore.storeAccessToken(accessToken, authentication);
    // In case it was modified
    refreshToken = accessToken.getRefreshToken();
    if (refreshToken != null) {
        tokenStore.storeRefreshToken(refreshToken, authentication);
    }
    return accessToken;
}
Also used : ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) Transactional(org.springframework.transaction.annotation.Transactional)

Example 10 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class RedisTokenStore method storeAccessToken.

@Override
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
    byte[] serializedAccessToken = serialize(token);
    byte[] serializedAuth = serialize(authentication);
    byte[] accessKey = serializeKey(ACCESS + token.getValue());
    byte[] authKey = serializeKey(AUTH + token.getValue());
    byte[] authToAccessKey = serializeKey(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication));
    byte[] approvalKey = serializeKey(UNAME_TO_ACCESS + getApprovalKey(authentication));
    byte[] clientId = serializeKey(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId());
    RedisConnection conn = getConnection();
    try {
        conn.openPipeline();
        conn.set(accessKey, serializedAccessToken);
        conn.set(authKey, serializedAuth);
        conn.set(authToAccessKey, serializedAccessToken);
        if (!authentication.isClientOnly()) {
            conn.rPush(approvalKey, serializedAccessToken);
        }
        conn.rPush(clientId, serializedAccessToken);
        if (token.getExpiration() != null) {
            int seconds = token.getExpiresIn();
            conn.expire(accessKey, seconds);
            conn.expire(authKey, seconds);
            conn.expire(authToAccessKey, seconds);
            conn.expire(clientId, seconds);
            conn.expire(approvalKey, seconds);
        }
        OAuth2RefreshToken refreshToken = token.getRefreshToken();
        if (refreshToken != null && refreshToken.getValue() != null) {
            byte[] refresh = serialize(token.getRefreshToken().getValue());
            byte[] auth = serialize(token.getValue());
            byte[] refreshToAccessKey = serializeKey(REFRESH_TO_ACCESS + token.getRefreshToken().getValue());
            conn.set(refreshToAccessKey, auth);
            byte[] accessToRefreshKey = serializeKey(ACCESS_TO_REFRESH + token.getValue());
            conn.set(accessToRefreshKey, refresh);
            if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
                ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
                Date expiration = expiringRefreshToken.getExpiration();
                if (expiration != null) {
                    int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
                    conn.expire(refreshToAccessKey, seconds);
                    conn.expire(accessToRefreshKey, seconds);
                }
            }
        }
        conn.closePipeline();
    } finally {
        conn.close();
    }
}
Also used : ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) Date(java.util.Date) RedisConnection(org.springframework.data.redis.connection.RedisConnection) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)

Aggregations

ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)14 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)10 Test (org.junit.Test)9 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)8 Date (java.util.Date)6 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)5 OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)5 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)5 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)3 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)2 RedisConnection (org.springframework.data.redis.connection.RedisConnection)2 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)2 Transactional (org.springframework.transaction.annotation.Transactional)2 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1 OrcidOauth2UserAuthentication (org.orcid.core.oauth.OrcidOauth2UserAuthentication)1 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)1 OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)1