Search in sources :

Example 21 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class DefaultTokenServices method createAccessToken.

@Transactional
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
    OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
    OAuth2RefreshToken refreshToken = null;
    if (existingAccessToken != null) {
        if (existingAccessToken.isExpired()) {
            if (existingAccessToken.getRefreshToken() != null) {
                refreshToken = existingAccessToken.getRefreshToken();
                // The token store could remove the refresh token when the
                // access token is removed, but we want to
                // be sure...
                tokenStore.removeRefreshToken(refreshToken);
            }
            tokenStore.removeAccessToken(existingAccessToken);
        } else {
            // Re-store the access token in case the authentication has changed
            tokenStore.storeAccessToken(existingAccessToken, authentication);
            return existingAccessToken;
        }
    }
    // expired.
    if (refreshToken == null) {
        refreshToken = createRefreshToken(authentication);
    } else // expired.
    if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
        ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
        if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
            refreshToken = createRefreshToken(authentication);
        }
    }
    OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
    tokenStore.storeAccessToken(accessToken, authentication);
    // In case it was modified
    refreshToken = accessToken.getRefreshToken();
    if (refreshToken != null) {
        tokenStore.storeRefreshToken(refreshToken, authentication);
    }
    return accessToken;
}
Also used : ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) Transactional(org.springframework.transaction.annotation.Transactional)

Example 22 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class JwtTokenStore method readRefreshToken.

@Override
public OAuth2RefreshToken readRefreshToken(String tokenValue) {
    OAuth2AccessToken encodedRefreshToken = convertAccessToken(tokenValue);
    OAuth2RefreshToken refreshToken = createRefreshToken(encodedRefreshToken);
    if (approvalStore != null) {
        OAuth2Authentication authentication = readAuthentication(tokenValue);
        if (authentication.getUserAuthentication() != null) {
            String userId = authentication.getUserAuthentication().getName();
            String clientId = authentication.getOAuth2Request().getClientId();
            Collection<Approval> approvals = approvalStore.getApprovals(userId, clientId);
            Collection<String> approvedScopes = new HashSet<String>();
            for (Approval approval : approvals) {
                if (approval.isApproved()) {
                    approvedScopes.add(approval.getScope());
                }
            }
            if (!approvedScopes.containsAll(authentication.getOAuth2Request().getScope())) {
                return null;
            }
        }
    }
    return refreshToken;
}
Also used : DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Approval(org.springframework.security.oauth2.provider.approval.Approval)

Example 23 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class RedisTokenStore method storeAccessToken.

@Override
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
    byte[] serializedAccessToken = serialize(token);
    byte[] serializedAuth = serialize(authentication);
    byte[] accessKey = serializeKey(ACCESS + token.getValue());
    byte[] authKey = serializeKey(AUTH + token.getValue());
    byte[] authToAccessKey = serializeKey(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication));
    byte[] approvalKey = serializeKey(UNAME_TO_ACCESS + getApprovalKey(authentication));
    byte[] clientId = serializeKey(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId());
    RedisConnection conn = getConnection();
    try {
        conn.openPipeline();
        conn.set(accessKey, serializedAccessToken);
        conn.set(authKey, serializedAuth);
        conn.set(authToAccessKey, serializedAccessToken);
        if (!authentication.isClientOnly()) {
            conn.rPush(approvalKey, serializedAccessToken);
        }
        conn.rPush(clientId, serializedAccessToken);
        if (token.getExpiration() != null) {
            int seconds = token.getExpiresIn();
            conn.expire(accessKey, seconds);
            conn.expire(authKey, seconds);
            conn.expire(authToAccessKey, seconds);
            conn.expire(clientId, seconds);
            conn.expire(approvalKey, seconds);
        }
        OAuth2RefreshToken refreshToken = token.getRefreshToken();
        if (refreshToken != null && refreshToken.getValue() != null) {
            byte[] refresh = serialize(token.getRefreshToken().getValue());
            byte[] auth = serialize(token.getValue());
            byte[] refreshToAccessKey = serializeKey(REFRESH_TO_ACCESS + token.getRefreshToken().getValue());
            conn.set(refreshToAccessKey, auth);
            byte[] accessToRefreshKey = serializeKey(ACCESS_TO_REFRESH + token.getValue());
            conn.set(accessToRefreshKey, refresh);
            if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
                ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
                Date expiration = expiringRefreshToken.getExpiration();
                if (expiration != null) {
                    int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
                    conn.expire(refreshToAccessKey, seconds);
                    conn.expire(accessToRefreshKey, seconds);
                }
            }
        }
        conn.closePipeline();
    } finally {
        conn.close();
    }
}
Also used : ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) Date(java.util.Date) RedisConnection(org.springframework.data.redis.connection.RedisConnection) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)

Example 24 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class RedisTokenStore method storeRefreshToken.

@Override
public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
    byte[] refreshKey = serializeKey(REFRESH + refreshToken.getValue());
    byte[] refreshAuthKey = serializeKey(REFRESH_AUTH + refreshToken.getValue());
    byte[] serializedRefreshToken = serialize(refreshToken);
    RedisConnection conn = getConnection();
    try {
        conn.openPipeline();
        conn.set(refreshKey, serializedRefreshToken);
        conn.set(refreshAuthKey, serialize(authentication));
        if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
            Date expiration = expiringRefreshToken.getExpiration();
            if (expiration != null) {
                int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
                conn.expire(refreshKey, seconds);
                conn.expire(refreshAuthKey, seconds);
            }
        }
        conn.closePipeline();
    } finally {
        conn.close();
    }
}
Also used : Date(java.util.Date) RedisConnection(org.springframework.data.redis.connection.RedisConnection) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)

Example 25 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AbstractDefaultTokenServicesTests method testRefreshTokenNonExpiring.

@Test
public void testRefreshTokenNonExpiring() throws Exception {
    ClientDetailsService clientDetailsService = new InMemoryClientDetailsServiceBuilder().withClient("id").refreshTokenValiditySeconds(0).authorizedGrantTypes("refresh_token").and().build();
    DefaultTokenServices tokenServices = getTokenServices();
    tokenServices.setClientDetailsService(clientDetailsService);
    OAuth2RefreshToken refreshToken = tokenServices.createAccessToken(createAuthentication()).getRefreshToken();
    assertNotNull(refreshToken);
    assertFalse(refreshToken instanceof ExpiringOAuth2RefreshToken);
}
Also used : ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) InMemoryClientDetailsServiceBuilder(org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder) ClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) Test(org.junit.Test)

Aggregations

OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)24 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)16 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)16 ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)15 Test (org.junit.Test)13 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)12 Date (java.util.Date)11 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)9 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)9 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)4 Transactional (org.springframework.transaction.annotation.Transactional)4 RedisConnection (org.springframework.data.redis.connection.RedisConnection)3 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)2 DBUnitTest (org.orcid.test.DBUnitTest)2 Authentication (org.springframework.security.core.Authentication)2 ClientDetailsService (org.springframework.security.oauth2.provider.ClientDetailsService)2 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1 OrcidOauth2AuthInfo (org.orcid.core.oauth.OrcidOauth2AuthInfo)1 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)1