use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class RefreshTokenSupportTests method verifyAccessTokens.
protected void verifyAccessTokens(OAuth2AccessToken oldAccessToken, OAuth2AccessToken newAccessToken) {
// make sure the new access token can be used.
verifyTokenResponse(newAccessToken.getValue(), HttpStatus.OK);
// the old access token is still valid because there is no state on the server.
verifyTokenResponse(oldAccessToken.getValue(), HttpStatus.OK);
JwtTokenStore store = (JwtTokenStore) ReflectionTestUtils.getField(services, "tokenStore");
OAuth2AccessToken token = store.readAccessToken(oldAccessToken.getValue());
OAuth2AccessToken refresh = ReflectionTestUtils.invokeMethod(store, "convertAccessToken", oldAccessToken.getRefreshToken().getValue());
assertEquals(refresh.getExpiration().getTime(), token.getExpiration().getTime() + 100000);
}
use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class ResourceServerConfiguration method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
ResourceServerTokenServices services = resolveTokenServices();
if (services != null) {
resources.tokenServices(services);
} else {
if (tokenStore != null) {
resources.tokenStore(tokenStore);
} else if (endpoints != null) {
resources.tokenStore(endpoints.getEndpointsConfigurer().getTokenStore());
}
}
if (eventPublisher != null) {
resources.eventPublisher(eventPublisher);
}
for (ResourceServerConfigurer configurer : configurers) {
configurer.configure(resources);
}
// @formatter:off
http.authenticationProvider(new AnonymousAuthenticationProvider("default")).exceptionHandling().accessDeniedHandler(resources.getAccessDeniedHandler()).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();
// @formatter:on
http.apply(resources);
if (endpoints != null) {
// Assume we are in an Authorization Server
http.requestMatcher(new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
}
for (ResourceServerConfigurer configurer : configurers) {
// Delegates can add authorizeRequests() here
configurer.configure(http);
}
if (configurers.isEmpty()) {
// Add anyRequest() last as a fall back. Spring Security would
// replace an existing anyRequest() matcher with this one, so to
// avoid that we only add it if the user hasn't configured anything.
http.authorizeRequests().anyRequest().authenticated();
}
}
use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class TokenServicesWithTokenEnhancerTests method storeEnhancedRefreshTokenDuringRefresh.
// gh-511
@Test
public void storeEnhancedRefreshTokenDuringRefresh() {
InMemoryTokenStore tokenStore = new InMemoryTokenStore();
tokenServices.setSupportRefreshToken(true);
tokenServices.setReuseRefreshToken(false);
tokenServices.setTokenStore(tokenStore);
OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
TokenRequest tokenRequest = new TokenRequest(Collections.<String, String>emptyMap(), request.getClientId(), request.getScope(), "authorization_code");
accessToken = tokenServices.refreshAccessToken(refreshToken.getValue(), tokenRequest);
OAuth2RefreshToken enhancedRefreshToken = accessToken.getRefreshToken();
OAuth2RefreshToken storedEnhancedRefreshToken = tokenStore.readRefreshToken(enhancedRefreshToken.getValue());
assertEquals(enhancedRefreshToken.getValue(), storedEnhancedRefreshToken.getValue());
}
use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class ProviderBeanDefinitionParser method parseInternal.
@Override
protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
String tokenServicesRef = element.getAttribute("token-services-ref");
String serializerRef = element.getAttribute("serialization-service-ref");
if (!StringUtils.hasText(tokenServicesRef)) {
tokenServicesRef = "oauth2TokenServices";
BeanDefinitionBuilder tokenServices = BeanDefinitionBuilder.rootBeanDefinition(DefaultTokenServices.class);
AbstractBeanDefinition tokenStore = BeanDefinitionBuilder.rootBeanDefinition(InMemoryTokenStore.class).getBeanDefinition();
tokenServices.addPropertyValue("tokenStore", tokenStore);
parserContext.getRegistry().registerBeanDefinition(tokenServicesRef, tokenServices.getBeanDefinition());
}
return parseEndpointAndReturnFilter(element, parserContext, tokenServicesRef, serializerRef);
}
use of org.springframework.security.oauth2.provider.token.TokenStore in project spring-security-oauth by spring-projects.
the class AbstractIntegrationTests method clear.
private void clear(TokenStore tokenStore) throws Exception {
if (tokenStore instanceof Advised) {
Advised advised = (Advised) tokenStore;
TokenStore target = (TokenStore) advised.getTargetSource().getTarget();
clear(target);
return;
}
if (tokenStore instanceof InMemoryTokenStore) {
((InMemoryTokenStore) tokenStore).clear();
}
if (tokenStore instanceof JdbcTokenStore) {
JdbcTemplate template = new JdbcTemplate(dataSource);
template.execute("delete from oauth_access_token");
template.execute("delete from oauth_refresh_token");
template.execute("delete from oauth_client_token");
template.execute("delete from oauth_code");
}
}
Aggregations