/** * @param writer */ private void writeRefreshTokens(JsonWriter writer) throws IOException { for (OAuth2RefreshTokenEntity token : tokenRepository.getAllRefreshTokens()) { writer.beginObject(); writer.name(ID).value(token.getId()); writer.name(EXPIRATION).value(toUTCString(token.getExpiration())); writer.name(CLIENT_ID) .value((token.getClient() != null) ? token.getClient().getClientId() : null); writer.name(AUTHENTICATION_HOLDER_ID) .value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null); writer.name(VALUE).value(token.getValue()); writer.endObject(); logger.debug("Wrote refresh token {}", token.getId()); } logger.info("Done writing refresh tokens"); }
reader.beginArray(); while (reader.hasNext()) { OAuth2RefreshTokenEntity token = new OAuth2RefreshTokenEntity(); reader.beginObject(); Long currentId = null; } else if (name.equals("expiration")) { Date date = utcToDate(reader.nextString()); token.setExpiration(date); } else if (name.equals("value")) { String value = reader.nextString(); try { token.setJwt(JWTParser.parse(value)); } catch (ParseException ex) { logger.error("Unable to set refresh token value to {}", value, ex); Long newId = tokenRepository.saveRefreshToken(token).getId(); maps.getRefreshTokenToClientRefs().put(currentId, clientId); maps.getRefreshTokenToAuthHolderRefs().put(currentId, authHolderId);
/** * Utility function to delete a refresh token that's expired before returning it. * @param token the token to check * @return null if the token is null or expired, the input token (unchanged) if it hasn't */ private OAuth2RefreshTokenEntity clearExpiredRefreshToken(OAuth2RefreshTokenEntity token) { if (token == null) { return null; } else if (token.isExpired()) { // immediately revoke expired token logger.debug("Clearing expired refresh token: " + token.getValue()); revokeRefreshToken(token); return null; } else { return token; } }
private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client, AuthenticationHolderEntity authHolder) { OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken(); JWTClaimsSet.Builder refreshClaims = new JWTClaimsSet.Builder(); // make it expire if necessary if (client.getRefreshTokenValiditySeconds() != null) { Date expiration = new Date(System.currentTimeMillis() + (client.getRefreshTokenValiditySeconds() * 1000L)); refreshToken.setExpiration(expiration); refreshClaims.expirationTime(expiration); } // set a random identifier refreshClaims.jwtID(UUID.randomUUID().toString()); // TODO: add issuer fields, signature to JWT PlainJWT refreshJwt = new PlainJWT(refreshClaims.build()); refreshToken.setJwt(refreshJwt); //Add the authentication refreshToken.setAuthenticationHolder(authHolder); refreshToken.setClient(client); // save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?) OAuth2RefreshTokenEntity savedRefreshToken = tokenRepository.saveRefreshToken(refreshToken); return savedRefreshToken; }
Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); refreshToken.setClient(client); tokenRepository.saveRefreshToken(refreshToken); Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); refreshToken.setAuthenticationHolder(authHolder); tokenRepository.saveRefreshToken(refreshToken);
OAuth2Authentication authentication = refreshToken.getAuthenticationHolder().getAuthentication(); if (refreshToken.getExpiration() != null) { try { result.put(EXPIRES_AT, dateFormat.valueToString(refreshToken.getExpiration())); result.put(EXP, refreshToken.getExpiration().getTime() / 1000L); } catch (ParseException e) { logger.error("Parse exception in token introspection", e);
ClientDetailsEntity client = refreshToken.getClient(); AuthenticationHolderEntity authHolder = refreshToken.getAuthenticationHolder(); if (refreshToken.isExpired()) { tokenRepository.removeRefreshToken(refreshToken); throw new InvalidTokenException("Expired refresh token: " + refreshTokenValue); Set<String> refreshScopesRequested = new HashSet<>(refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope()); Set<SystemScope> refreshScopes = scopeService.fromStrings(refreshScopesRequested);
@Override @Transactional(value="defaultTransactionManager") public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken) { return JpaUtil.saveOrUpdate(refreshToken.getId(), manager, refreshToken); }
tokenClient = refreshToken.getClient(); String userName = refreshToken.getAuthenticationHolder().getAuthentication().getName(); user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId());
/** * Has this token expired? * @return true if it has a timeout set and the timeout has passed */ @Transient public boolean isExpired() { return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime(); }
@RequestMapping(value = "/refresh/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id); if (token == null) { logger.error("refresh token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } }
private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client, AuthenticationHolderEntity authHolder) { OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken(); JWTClaimsSet.Builder refreshClaims = new JWTClaimsSet.Builder(); // make it expire if necessary if (client.getRefreshTokenValiditySeconds() != null) { Date expiration = new Date(System.currentTimeMillis() + (client.getRefreshTokenValiditySeconds() * 1000L)); refreshToken.setExpiration(expiration); refreshClaims.expirationTime(expiration); } // set a random identifier refreshClaims.jwtID(UUID.randomUUID().toString()); // TODO: add issuer fields, signature to JWT PlainJWT refreshJwt = new PlainJWT(refreshClaims.build()); refreshToken.setJwt(refreshJwt); //Add the authentication refreshToken.setAuthenticationHolder(authHolder); refreshToken.setClient(client); // save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?) OAuth2RefreshTokenEntity savedRefreshToken = tokenRepository.saveRefreshToken(refreshToken); return savedRefreshToken; }
Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); refreshToken.setClient(client); tokenRepository.saveRefreshToken(refreshToken); Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId); OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId); refreshToken.setAuthenticationHolder(authHolder); tokenRepository.saveRefreshToken(refreshToken);
OAuth2Authentication authentication = refreshToken.getAuthenticationHolder().getAuthentication(); if (refreshToken.getExpiration() != null) { try { result.put(EXPIRES_AT, dateFormat.valueToString(refreshToken.getExpiration())); result.put(EXP, refreshToken.getExpiration().getTime() / 1000L); } catch (ParseException e) { logger.error("Parse exception in token introspection", e);
ClientDetailsEntity client = refreshToken.getClient(); AuthenticationHolderEntity authHolder = refreshToken.getAuthenticationHolder(); if (refreshToken.isExpired()) { tokenRepository.removeRefreshToken(refreshToken); throw new InvalidTokenException("Expired refresh token: " + refreshTokenValue); Set<String> refreshScopesRequested = new HashSet<>(refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope()); Set<SystemScope> refreshScopes = scopeService.fromStrings(refreshScopesRequested);
@Override @Transactional(value="defaultTransactionManager") public void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken) { OAuth2RefreshTokenEntity found = getRefreshTokenById(refreshToken.getId()); if (found != null) { manager.remove(found); } else { throw new IllegalArgumentException("Refresh token not found: " + refreshToken); } }
tokenClient = refreshToken.getClient(); String userName = refreshToken.getAuthenticationHolder().getAuthentication().getName(); user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId());
@RequestMapping(value = "/refresh/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id); if (token == null) { logger.error("refresh token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { tokenService.revokeRefreshToken(token); return HttpCodeView.VIEWNAME; } } }