/** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientId() */ public String getClientId() { return client.getClientId(); } /**
@Override public ClientDetailsEntity saveClient(ClientDetailsEntity client) { return JpaUtil.saveOrUpdate(client.getClientId(), manager, client); }
@Override public Collection<ResourceSet> getAllForClient(ClientDetailsEntity client) { return repository.getAllForClient(client.getClientId()); }
/** * Create a symmetric signing and validation service for the given client * * @param client * @return */ public JWTSigningAndValidationService getSymmetricValidtor(ClientDetailsEntity client) { if (client == null) { logger.error("Couldn't create symmetric validator for null client"); return null; } if (Strings.isNullOrEmpty(client.getClientSecret())) { logger.error("Couldn't create symmetric validator for client " + client.getClientId() + " without a client secret"); return null; } try { return validators.get(client.getClientSecret()); } catch (UncheckedExecutionException ue) { logger.error("Problem loading client validator", ue); return null; } catch (ExecutionException e) { logger.error("Problem loading client validator", e); return null; } }
@Override public DeviceCode createNewDeviceCode(Set<String> requestedScopes, ClientDetailsEntity client, Map<String, String> parameters) { // create a device code, should be big and random String deviceCode = UUID.randomUUID().toString(); // create a user code, should be random but small and typable, and always uppercase (lookup is case insensitive) String userCode = randomGenerator.generate().toUpperCase(); DeviceCode dc = new DeviceCode(deviceCode, userCode, requestedScopes, client.getClientId(), parameters); if (client.getDeviceCodeValiditySeconds() != null) { dc.setExpiration(new Date(System.currentTimeMillis() + client.getDeviceCodeValiditySeconds() * 1000L)); } dc.setApproved(false); return repository.save(dc); }
if (!accessToken.getClient().getClientId().equals(authClient.getClientId())) { logger.info("Client " + authClient.getClientId() + " tried to revoke a token owned by " + accessToken.getClient().getClientId()); logger.debug("Client " + authClient.getClientId() + " revoked access token " + tokenValue); OAuth2RefreshTokenEntity refreshToken = tokenServices.getRefreshToken(tokenValue); if (!refreshToken.getClient().getClientId().equals(authClient.getClientId())) { logger.info("Client " + authClient.getClientId() + " tried to revoke a token owned by " + refreshToken.getClient().getClientId()); logger.debug("Client " + authClient.getClientId() + " revoked access token " + tokenValue);
/** * @param writer */ private void writeRefreshTokens(JsonWriter writer) throws IOException { for (OAuth2RefreshTokenEntity token : tokenRepository.getAllRefreshTokens()) { writer.beginObject(); writer.name(ID).value(token.getId()); writer.name(EXPIRATION).value(toUTCString(token.getExpiration())); writer.name(CLIENT_ID) .value((token.getClient() != null) ? token.getClient().getClientId() : null); writer.name(AUTHENTICATION_HOLDER_ID) .value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null); writer.name(VALUE).value(token.getValue()); writer.endObject(); logger.debug("Wrote refresh token {}", token.getId()); } logger.info("Done writing refresh tokens"); }
/** * Delete the indicated client from the system. * @param clientId * @param m * @param auth * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')") @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteClient(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { clientService.deleteClient(client); m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); // http 204 return HttpCodeView.VIEWNAME; } else { // client mismatch logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 return HttpCodeView.VIEWNAME; } }
/** * Delete the indicated client from the system. * @param clientId * @param m * @param auth * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteResource(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { clientService.deleteClient(client); m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); // http 204 return HttpCodeView.VIEWNAME; } else { // client mismatch logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 return HttpCodeView.VIEWNAME; } }
@Override public JsonElement serialize(OAuth2AccessTokenEntity src, Type typeOfSrc, JsonSerializationContext context) { JsonObject o = new JsonObject(); o.addProperty("value", src.getValue()); o.addProperty("id", src.getId()); o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null); o.add("scopes", context.serialize(src.getScope())); o.addProperty("clientId", src.getClient().getClientId()); o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName()); o.add("expiration", context.serialize(src.getExpiration())); return o; }
if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(client.getClientId(), "UTF-8"));
if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(client.getClientId(), "UTF-8"));
/** * @param writer */ private void writeAccessTokens(JsonWriter writer) throws IOException { for (OAuth2AccessTokenEntity token : tokenRepository.getAllAccessTokens()) { writer.beginObject(); writer.name(ID).value(token.getId()); writer.name(EXPIRATION).value(toUTCString(token.getExpiration())); writer.name(CLIENT_ID) .value((token.getClient() != null) ? token.getClient().getClientId() : null); writer.name(AUTHENTICATION_HOLDER_ID) .value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null); writer.name(REFRESH_TOKEN_ID) .value((token.getRefreshToken() != null) ? token.getRefreshToken().getId() : null); writer.name(SCOPE); writer.beginArray(); for (String s : token.getScope()) { writer.value(s); } writer.endArray(); writer.name(TYPE).value(token.getTokenType()); writer.name(VALUE).value(token.getValue()); writer.endObject(); logger.debug("Wrote access token {}", token.getId()); } logger.info("Done writing access tokens"); }
private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) { OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); if (config.getRegTokenLifeTime() != null) { try { // Re-issue the token if it has been issued before [currentTime - validity] Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000); if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) { logger.info("Rotating the registration access token for " + client.getClientId()); tokenService.revokeAccessToken(token); OAuth2AccessTokenEntity newToken = connectTokenService.createResourceAccessToken(client); tokenService.saveAccessToken(newToken); return newToken; } else { // it's not expired, keep going return token; } } catch (ParseException e) { logger.error("Couldn't parse a known-valid token?", e); return token; } } else { // tokens don't expire, just return it return token; } }
private OAuth2AccessTokenEntity rotateRegistrationTokenIfNecessary(OAuth2Authentication auth, ClientDetailsEntity client) { OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); if (config.getRegTokenLifeTime() != null) { try { // Re-issue the token if it has been issued before [currentTime - validity] Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000); if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) { logger.info("Rotating the registration access token for " + client.getClientId()); tokenService.revokeAccessToken(token); OAuth2AccessTokenEntity newToken = connectTokenService.createRegistrationAccessToken(client); tokenService.saveAccessToken(newToken); return newToken; } else { // it's not expired, keep going return token; } } catch (ParseException e) { logger.error("Couldn't parse a known-valid token?", e); return token; } } else { // tokens don't expire, just return it return token; } }
&& oldClient.getClientId().equals(auth.getOAuth2Request().getClientId()) // the client passed in the URI matches the one in the auth && oldClient.getClientId().equals(newClient.getClientId()) // the client passed in the body matches the one in the URI ) { RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
/** * Delete a client and all its associated tokens */ @Override public void deleteClient(ClientDetailsEntity client) throws InvalidClientException { if (clientRepository.getById(client.getId()) == null) { throw new InvalidClientException("Client with id " + client.getClientId() + " was not found"); } // clean out any tokens that this client had issued tokenRepository.clearTokensForClient(client); // clean out any approved sites for this client approvedSiteService.clearApprovedSitesForClient(client); // clear out any whitelisted sites for this client WhitelistedSite whitelistedSite = whitelistedSiteService.getByClientId(client.getClientId()); if (whitelistedSite != null) { whitelistedSiteService.remove(whitelistedSite); } // clear out resource sets registered for this client Collection<ResourceSet> resourceSets = resourceSetService.getAllForClient(client); for (ResourceSet rs : resourceSets) { resourceSetService.remove(rs); } // take care of the client itself clientRepository.deleteClient(client); statsService.resetCache(); }
OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(), Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true, scope, null, null, null, null); .audience(Lists.newArrayList(client.getClientId())) .issuer(configBean.getIssuer()) .issueTime(new Date())
if (Strings.isNullOrEmpty(client.getClientId())) { client = generateClientId(client);
.audience(Lists.newArrayList(client.getClientId())) .issuer(config.getIssuer()) .issueTime(new Date()) logger.error("Couldn't find encrypter for client: " + client.getClientId());