@RequestMapping(value = "/access/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { tokenService.revokeAccessToken(token); return HttpCodeView.VIEWNAME; } }
@RequestMapping(value = "/refresh/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id); if (token == null) { logger.error("refresh token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { tokenService.revokeRefreshToken(token); return HttpCodeView.VIEWNAME; } } }
@RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } }
@RequestMapping(value = "/refresh/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id); if (token == null) { logger.error("refresh token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } }
@Override public JsonElement serialize(OAuth2AccessTokenEntity src, Type typeOfSrc, JsonSerializationContext context) { JsonObject o = new JsonObject(); o.addProperty("value", src.getValue()); o.addProperty("id", src.getId()); o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null); o.add("scopes", context.serialize(src.getScope())); o.addProperty("clientId", src.getClient().getClientId()); o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName()); o.add("expiration", context.serialize(src.getExpiration())); return o; }
OAuth2Authentication authentication = refreshToken.getAuthenticationHolder().getAuthentication();
@Override public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException { OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue)); if (accessToken == null) { throw new InvalidTokenException("Invalid access token: " + accessTokenValue); } else { return accessToken.getAuthenticationHolder().getAuthentication(); } }
OAuth2Authentication authentication = accessToken.getAuthenticationHolder().getAuthentication();
/** * Consume a given authorization code. * Match the provided string to an AuthorizationCodeEntity. If one is found, return * the authentication associated with the code. If one is not found, throw an * InvalidGrantException. * * @param code the authorization code * @return the authentication that made the original request * @throws InvalidGrantException, if an AuthorizationCodeEntity is not found with the given value */ @Override public OAuth2Authentication consumeAuthorizationCode(String code) throws InvalidGrantException { AuthorizationCodeEntity result = repository.getByCode(code); if (result == null) { throw new InvalidGrantException("JpaAuthorizationCodeRepository: no authorization code found for value " + code); } OAuth2Authentication auth = result.getAuthenticationHolder().getAuthentication(); repository.remove(result); return auth; }
OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());
String userName = accessToken.getAuthenticationHolder().getAuthentication().getName(); user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId()); String userName = refreshToken.getAuthenticationHolder().getAuthentication().getName(); user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId());
OAuth2Request originalAuthRequest = authHolder.getAuthentication().getOAuth2Request();
Set<String> refreshScopesRequested = new HashSet<>(refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope()); Set<SystemScope> refreshScopes = scopeService.fromStrings(refreshScopesRequested); tokenEnhancer.enhance(token, authHolder.getAuthentication());
@Override public Set<OAuth2RefreshTokenEntity> getAllRefreshTokensForUser(String id) { Set<OAuth2RefreshTokenEntity> all = tokenRepository.getAllRefreshTokens(); Set<OAuth2RefreshTokenEntity> results = Sets.newLinkedHashSet(); for (OAuth2RefreshTokenEntity token : all) { if (clearExpiredRefreshToken(token) != null && token.getAuthenticationHolder().getAuthentication().getName().equals(id)) { results.add(token); } } return results; }
@Override public Set<OAuth2AccessTokenEntity> getAllAccessTokensForUser(String id) { Set<OAuth2AccessTokenEntity> all = tokenRepository.getAllAccessTokens(); Set<OAuth2AccessTokenEntity> results = Sets.newLinkedHashSet(); for (OAuth2AccessTokenEntity token : all) { if (clearExpiredAccessToken(token) != null && token.getAuthenticationHolder().getAuthentication().getName().equals(id)) { results.add(token); } } return results; }
@RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } }
@RequestMapping(value = "/access/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { tokenService.revokeAccessToken(token); return HttpCodeView.VIEWNAME; } }
@RequestMapping(value = "/refresh/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id); if (token == null) { logger.error("refresh token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } }
@Override public JsonElement serialize(OAuth2AccessTokenEntity src, Type typeOfSrc, JsonSerializationContext context) { JsonObject o = new JsonObject(); o.addProperty("value", src.getValue()); o.addProperty("id", src.getId()); o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null); o.add("scopes", context.serialize(src.getScope())); o.addProperty("clientId", src.getClient().getClientId()); o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName()); o.add("expiration", context.serialize(src.getExpiration())); return o; }
@Override public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException { OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue)); if (accessToken == null) { throw new InvalidTokenException("Invalid access token: " + accessTokenValue); } else { return accessToken.getAuthenticationHolder().getAuthentication(); } }