@Override public JsonElement serialize(OAuth2AccessTokenEntity src, Type typeOfSrc, JsonSerializationContext context) { JsonObject o = new JsonObject(); o.addProperty("value", src.getValue()); o.addProperty("id", src.getId()); o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null); o.add("scopes", context.serialize(src.getScope())); o.addProperty("clientId", src.getClient().getClientId()); o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName()); o.add("expiration", context.serialize(src.getExpiration())); return o; }
OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null); OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); token.setClient(client); token.setScope(scope); token.setAuthenticationHolder(authHolder); .issuer(configBean.getIssuer()) .issueTime(new Date()) .expirationTime(token.getExpiration()) token.setJwt(signed);
@Override @Transient public int getExpiresIn() { if (getExpiration() == null) { return -1; // no expiration time } else { int secondsRemaining = (int) ((getExpiration().getTime() - System.currentTimeMillis()) / 1000); if (isExpired()) { return 0; // has an expiration time and expired } else { // has an expiration time and not expired return secondsRemaining; } } }
/** * Utility function to delete an access token that's expired before returning it. * @param token the token to check * @return null if the token is null or expired, the input token (unchanged) if it hasn't */ private OAuth2AccessTokenEntity clearExpiredAccessToken(OAuth2AccessTokenEntity token) { if (token == null) { return null; } else if (token.isExpired()) { // immediately revoke expired token logger.debug("Clearing expired access token: " + token.getValue()); revokeAccessToken(token); return null; } else { return token; } }
reader.beginArray(); while (reader.hasNext()) { OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); reader.beginObject(); Long currentId = null; } else if (name.equals(EXPIRATION)) { Date date = utcToDate(reader.nextString()); token.setExpiration(date); } else if (name.equals(VALUE)) { String value = reader.nextString(); try { token.setJwt(JWTParser.parse(value)); } catch (ParseException ex) { logger.error("Unable to set refresh token value to {}", value, ex); } else if (name.equals(SCOPE)) { Set<String> scope = readSet(reader); token.setScope(scope); } else if (name.equals(TYPE)) { token.setTokenType(reader.nextString()); } else { logger.debug("Found unexpected entry"); Long newId = tokenRepository.saveAccessToken(token).getId(); maps.getAccessTokenToClientRefs().put(currentId, clientId); maps.getAccessTokenToAuthHolderRefs().put(currentId, authHolderId);
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken(); token.setClient(client); token.setScope(scopeService.toStrings(scopes)); token.setExpiration(expiration); authHolder = authenticationHolderRepository.save(authHolder); token.setAuthenticationHolder(authHolder); if (client.isAllowRefresh() && token.getScope().contains(SystemScopeService.OFFLINE_ACCESS)) { OAuth2RefreshTokenEntity savedRefreshToken = createRefreshToken(client, authHolder); token.setRefreshToken(savedRefreshToken); ApprovedSite ap = approvedSiteService.getById(apId); token.setApprovedSite(ap); if (savedToken.getRefreshToken() != null) { tokenRepository.saveRefreshToken(savedToken.getRefreshToken()); // make sure we save any changes that might have been enhanced
Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); accessToken.setClient(client); tokenRepository.saveAccessToken(accessToken); Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); accessToken.setAuthenticationHolder(authHolder); tokenRepository.saveAccessToken(accessToken); Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId); OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId); accessToken.setRefreshToken(refreshToken); tokenRepository.saveAccessToken(accessToken); Long newTokenId = maps.getAccessTokenOldToNewIdMap().get(oldTokenId); OAuth2AccessTokenEntity token = tokenRepository.getAccessTokenById(newTokenId); token.setApprovedSite(site); tokenRepository.saveAccessToken(token);
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); token.setScope(scopeService.toStrings(scope)); } else { String errorMsg = "Up-scoping is not allowed."; token.setScope(scopeService.toStrings(refreshScopes)); token.setClient(client); token.setExpiration(expiration); token.setRefreshToken(refreshToken); } else { token.setRefreshToken(newRefresh); token.setAuthenticationHolder(authHolder);
@Override public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy) { OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity(); authHolder.setAuthentication(o2auth); authHolder = authenticationHolderRepository.save(authHolder); token.setAuthenticationHolder(authHolder); token.setClient(client); perm.setScopes(new HashSet<>(Sets.intersection(ticketScopes, policyScopes))); token.setPermissions(Sets.newHashSet(perm)); token.setExpiration(exp); token.setJwt(signed);
OAuth2Authentication authentication = accessToken.getAuthenticationHolder().getAuthentication(); if (accessToken.getPermissions() != null && !accessToken.getPermissions().isEmpty()) { for (Permission perm : accessToken.getPermissions()) { Map<String, Object> o = newLinkedHashMap(); o.put("resource_set_id", perm.getResourceSet().getId().toString()); Set<String> scopes = Sets.intersection(authScopes, accessToken.getScope()); if (accessToken.getExpiration() != null) { try { result.put(EXPIRES_AT, dateFormat.valueToString(accessToken.getExpiration())); result.put(EXP, accessToken.getExpiration().getTime() / 1000L); } catch (ParseException e) { logger.error("Parse exception in token introspection", e); result.put(TOKEN_TYPE, accessToken.getTokenType());
.issuer(configBean.getIssuer()) .issueTime(new Date()) .expirationTime(token.getExpiration()) .subject(authentication.getName()) token.setJwt(signed); token.setIdToken(idToken); } else {
Map<String, String> entity = ImmutableMap.of("rpt", token.getValue());
@RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } }
@Override public JsonElement serialize(OAuth2AccessTokenEntity src, Type typeOfSrc, JsonSerializationContext context) { return new JsonPrimitive(src.getId()); } })
Set<String> approvedScopes = incomingToken.getScope(); Set<String> requestedScopes = tokenRequest.getScope(); OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());
@Override public OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetailsEntity client) { List<OAuth2AccessTokenEntity> allTokens = getAccessTokensForClient(client); for (OAuth2AccessTokenEntity token : allTokens) { if ((token.getScope().contains(SystemScopeService.REGISTRATION_TOKEN_SCOPE) || token.getScope().contains(SystemScopeService.RESOURCE_TOKEN_SCOPE)) && token.getScope().size() == 1) { // if it only has the registration scope, then it's a registration token return token; } } return null; } }
/** * @param writer * @throws IOException */ private void writeTokenPermissions(JsonWriter writer) throws IOException { for (OAuth2AccessTokenEntity token : tokenRepository.getAllAccessTokens()) { if (!token.getPermissions().isEmpty()) { // skip tokens that don't have the permissions structure attached writer.beginObject(); writer.name(TOKEN_ID).value(token.getId()); writer.name(PERMISSIONS); writer.beginArray(); for (Permission p : token.getPermissions()) { writer.beginObject(); writer.name(RESOURCE_SET).value(p.getResourceSet().getId()); writer.name(SCOPES); writer.beginArray(); for (String s : p.getScopes()) { writer.value(s); } writer.endArray(); writer.endObject(); } writer.endArray(); writer.endObject(); } } }
tokenClient = accessToken.getClient(); String userName = accessToken.getAuthenticationHolder().getAuthentication().getName(); user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId());
@Override @Transient public boolean isExpired() { return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime(); }
@Override public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { this.rootToken.setAuthenticationHolder(authenticationHolder); }