@RequestMapping(value = "/access/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { tokenService.revokeAccessToken(token); return HttpCodeView.VIEWNAME; } }
@RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } }
/** * @param writer */ private void writeAccessTokens(JsonWriter writer) throws IOException { for (OAuth2AccessTokenEntity token : tokenRepository.getAllAccessTokens()) { writer.beginObject(); writer.name(ID).value(token.getId()); writer.name(EXPIRATION).value(toUTCString(token.getExpiration())); writer.name(CLIENT_ID) .value((token.getClient() != null) ? token.getClient().getClientId() : null); writer.name(AUTHENTICATION_HOLDER_ID) .value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null); writer.name(REFRESH_TOKEN_ID) .value((token.getRefreshToken() != null) ? token.getRefreshToken().getId() : null); writer.name(SCOPE); writer.beginArray(); for (String s : token.getScope()) { writer.value(s); } writer.endArray(); writer.name(TYPE).value(token.getTokenType()); writer.name(VALUE).value(token.getValue()); writer.endObject(); logger.debug("Wrote access token {}", token.getId()); } logger.info("Done writing access tokens"); }
@Override public JsonElement serialize(OAuth2AccessTokenEntity src, Type typeOfSrc, JsonSerializationContext context) { JsonObject o = new JsonObject(); o.addProperty("value", src.getValue()); o.addProperty("id", src.getId()); o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null); o.add("scopes", context.serialize(src.getScope())); o.addProperty("clientId", src.getClient().getClientId()); o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName()); o.add("expiration", context.serialize(src.getExpiration())); return o; }
@Override public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException { OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue)); if (accessToken == null) { throw new InvalidTokenException("Invalid access token: " + accessTokenValue); } else { return accessToken.getAuthenticationHolder().getAuthentication(); } }
OAuth2Authentication authentication = accessToken.getAuthenticationHolder().getAuthentication();
OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());
String userName = accessToken.getAuthenticationHolder().getAuthentication().getName(); user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId());
@Override public AuthenticationHolderEntity getAuthenticationHolder() { return this.rootToken.getAuthenticationHolder(); }
@Override public Set<OAuth2AccessTokenEntity> getAllAccessTokensForUser(String id) { Set<OAuth2AccessTokenEntity> all = tokenRepository.getAllAccessTokens(); Set<OAuth2AccessTokenEntity> results = Sets.newLinkedHashSet(); for (OAuth2AccessTokenEntity token : all) { if (clearExpiredAccessToken(token) != null && token.getAuthenticationHolder().getAuthentication().getName().equals(id)) { results.add(token); } } return results; }
@RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } }
@RequestMapping(value = "/access/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { tokenService.revokeAccessToken(token); return HttpCodeView.VIEWNAME; } }
/** * @param writer */ private void writeAccessTokens(JsonWriter writer) throws IOException { for (OAuth2AccessTokenEntity token : tokenRepository.getAllAccessTokens()) { writer.beginObject(); writer.name(ID).value(token.getId()); writer.name(EXPIRATION).value(toUTCString(token.getExpiration())); writer.name(CLIENT_ID) .value((token.getClient() != null) ? token.getClient().getClientId() : null); writer.name(AUTHENTICATION_HOLDER_ID) .value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null); writer.name(REFRESH_TOKEN_ID) .value((token.getRefreshToken() != null) ? token.getRefreshToken().getId() : null); writer.name(SCOPE); writer.beginArray(); for (String s : token.getScope()) { writer.value(s); } writer.endArray(); writer.name(TYPE).value(token.getTokenType()); writer.name(VALUE).value(token.getValue()); writer.endObject(); logger.debug("Wrote access token {}", token.getId()); } logger.info("Done writing access tokens"); }
@Override public JsonElement serialize(OAuth2AccessTokenEntity src, Type typeOfSrc, JsonSerializationContext context) { JsonObject o = new JsonObject(); o.addProperty("value", src.getValue()); o.addProperty("id", src.getId()); o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null); o.add("scopes", context.serialize(src.getScope())); o.addProperty("clientId", src.getClient().getClientId()); o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName()); o.add("expiration", context.serialize(src.getExpiration())); return o; }
@Override public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException { OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue)); if (accessToken == null) { throw new InvalidTokenException("Invalid access token: " + accessTokenValue); } else { return accessToken.getAuthenticationHolder().getAuthentication(); } }
OAuth2Authentication authentication = accessToken.getAuthenticationHolder().getAuthentication();
OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());
/** * Calculate amr and acr claims. * * @param accessToken the access token * @param idClaims the id claims */ private void calculateAmrAndAcrClaims(final OAuth2AccessTokenEntity accessToken, final JWTClaimsSet.Builder idClaims) { final OAuth2Authentication authN = accessToken.getAuthenticationHolder().getAuthentication(); final Collection<GrantedAuthority> authorities = authN.getAuthorities(); for (final GrantedAuthority authority : authorities) { log.debug("Evaluating authority {} of the authentication", authority); final AuthenticationClassRefAuthority acr = AuthenticationClassRefAuthority.getAuthenticationClassRefAuthority(authority); if (acr != null) { idClaims.claim(OIDCConstants.ACR, acr.getAuthority()); log.debug("Added {} claim as {}", OIDCConstants.ACR, acr.getAuthority()); } final AuthenticationMethodRefAuthority amr = AuthenticationMethodRefAuthority.getAuthenticationClassRefAuthority(authority); if (amr != null) { idClaims.claim(OIDCConstants.AMR, amr.getAuthority()); log.debug("Added {} claim as {}", OIDCConstants.AMR, amr.getAuthority()); } } }
String userName = accessToken.getAuthenticationHolder().getAuthentication().getName(); user = userInfoService.getByUsernameAndClientId(userName, tokenClient.getClientId());
accessToken.getAuthenticationHolder().getClientId()); return idToken;