public boolean revokeToken(String tokenValue) { OAuth2AccessToken accessToken = tokenStore.readAccessToken(tokenValue); if (accessToken == null) { return false; } if (accessToken.getRefreshToken() != null) { tokenStore.removeRefreshToken(accessToken.getRefreshToken()); } tokenStore.removeAccessToken(accessToken); return true; }
public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException, InvalidTokenException { OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue); if (accessToken == null) { throw new InvalidTokenException("Invalid access token: " + accessTokenValue); } else if (accessToken.isExpired()) { tokenStore.removeAccessToken(accessToken); throw new InvalidTokenException("Access token expired: " + accessTokenValue); } OAuth2Authentication result = tokenStore.readAuthentication(accessToken); if (result == null) { // in case of race condition throw new InvalidTokenException("Invalid access token: " + accessTokenValue); } if (clientDetailsService != null) { String clientId = result.getOAuth2Request().getClientId(); try { clientDetailsService.loadClientByClientId(clientId); } catch (ClientRegistrationException e) { throw new InvalidTokenException("Client not valid: " + clientId, e); } } return result; }
OAuth2RefreshToken refreshToken = tokenStore.readRefreshToken(refreshTokenValue); if (refreshToken == null) { throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue); OAuth2Authentication authentication = tokenStore.readAuthenticationForRefreshToken(refreshToken); if (this.authenticationManager != null && !authentication.isClientOnly()) { tokenStore.removeAccessTokenUsingRefreshToken(refreshToken); tokenStore.removeRefreshToken(refreshToken); throw new InvalidTokenException("Invalid refresh token (expired): " + refreshToken); tokenStore.removeRefreshToken(refreshToken); refreshToken = createRefreshToken(authentication); tokenStore.storeAccessToken(accessToken, authentication); if (!reuseRefreshToken) { tokenStore.storeRefreshToken(accessToken.getRefreshToken(), authentication);
/** * Extract the implied approvals from any tokens associated with the user and client id supplied. * * @see org.springframework.security.oauth2.provider.approval.ApprovalStore#getApprovals(java.lang.String, * java.lang.String) */ @Override public Collection<Approval> getApprovals(String userId, String clientId) { Collection<Approval> result = new HashSet<Approval>(); Collection<OAuth2AccessToken> tokens = store.findTokensByClientIdAndUserName(clientId, userId); for (OAuth2AccessToken token : tokens) { OAuth2Authentication authentication = store.readAuthentication(token); if (authentication != null) { Date expiresAt = token.getExpiration(); for (String scope : token.getScope()) { result.add(new Approval(userId, clientId, scope, expiresAt, ApprovalStatus.APPROVED)); } } } return result; }
/** * Revoke all tokens that match the client and user in the approvals supplied. * * @see org.springframework.security.oauth2.provider.approval.ApprovalStore#revokeApprovals(java.util.Collection) */ @Override public boolean revokeApprovals(Collection<Approval> approvals) { boolean success = true; for (Approval approval : approvals) { Collection<OAuth2AccessToken> tokens = store.findTokensByClientIdAndUserName(approval.getClientId(), approval.getUserId()); for (OAuth2AccessToken token : tokens) { OAuth2Authentication authentication = store.readAuthentication(token); if (authentication != null && approval.getClientId().equals(authentication.getOAuth2Request().getClientId())) { store.removeAccessToken(token); } } } return success; }
@Transactional public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException { OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication); OAuth2RefreshToken refreshToken = null; if (existingAccessToken != null) { tokenStore.removeRefreshToken(refreshToken); tokenStore.removeAccessToken(existingAccessToken); tokenStore.storeAccessToken(existingAccessToken, authentication); return existingAccessToken; tokenStore.storeAccessToken(accessToken, authentication); tokenStore.storeRefreshToken(refreshToken, authentication);
@Nullable protected String revokeAccessToken(String token, @Nullable Authentication clientAuth, TokenRevocationInitiator revocationInitiator) { OAuth2AccessToken accessToken = tokenStore.readAccessToken(token); if (accessToken != null) { OAuth2Authentication authToRevoke = tokenStore.readAuthentication(accessToken); if (revocationInitiator == TokenRevocationInitiator.CLIENT) { checkIfTokenIsIssuedToClient(clientAuth, authToRevoke); } if (accessToken.getRefreshToken() != null) { tokenStore.removeRefreshToken(accessToken.getRefreshToken()); } tokenStore.removeAccessToken(accessToken); log.debug("Access token removed: {}", tokenMasker.maskToken(token)); if (events != null) { events.publish(new OAuthTokenRevokedEvent(accessToken, revocationInitiator)); } return accessToken.getValue(); } log.debug("No access token {} found in the token store", tokenMasker.maskToken(token)); return null; }
@Controller public class OAuthController { @Autowired private TokenStore tokenStore; @RequestMapping(value = "/oauth/revoke-token", method = RequestMethod.GET) @ResponseStatus(HttpStatus.OK) public void logout(HttpServletRequest request) { String authHeader = request.getHeader("Authorization"); if (authHeader != null) { String tokenValue = authHeader.replace("Bearer", "").trim(); OAuth2AccessToken accessToken = tokenStore.readAccessToken(tokenValue); tokenStore.removeAccessToken(accessToken); } } }
/** * Delegates to the internal instance {@link JwtTokenStore#readAccessToken(String)}. * * @param tokenValue the access token value * @return the {@link OAuth2AccessToken} representation of the access token value */ @Override public OAuth2AccessToken readAccessToken(String tokenValue) { return this.delegate.readAccessToken(tokenValue); }
@Nullable public String revokeRefreshToken(String tokenValue, Authentication clientAuth) { OAuth2RefreshToken refreshToken = tokenStore.readRefreshToken(tokenValue); if (refreshToken != null) { OAuth2Authentication authToRevoke = tokenStore.readAuthenticationForRefreshToken(refreshToken); checkIfTokenIsIssuedToClient(clientAuth, authToRevoke); tokenStore.removeAccessTokenUsingRefreshToken(refreshToken); tokenStore.removeRefreshToken(refreshToken); log.debug("Successfully removed refresh token {} (and any associated access token).", tokenMasker.maskToken(refreshToken.getValue())); return refreshToken.getValue(); } log.debug("No refresh token {} found in the token store.", tokenMasker.maskToken(tokenValue)); return null; }
tokenStore.removeAccessToken(token); logToAuditLogAndThrow(MessageFormat.format("The access token has expired on {0}", token.getExpiration())); OAuth2Authentication auth = tokenStore.readAuthentication(token); if (auth == null) { LOGGER.info(MessageFormat.format(com.sap.cloud.lm.sl.cf.web.message.Messages.TOKEN_LOADED_INTO_TOKEN_STORE, token.getExpiresIn(), tokenProperties.getUserName())); tokenStore.storeAccessToken(token, auth); } catch (DataIntegrityViolationException e) { LOGGER.debug(com.sap.cloud.lm.sl.cf.core.message.Messages.ERROR_STORING_TOKEN_DUE_TO_INTEGRITY_VIOLATION, e);
@Override public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenRequest tokenRequest) throws AuthenticationException { log.info("authentication-provider is refreshing token"); // Note: scope is ignored by the current implementation // - uri, Mar 14, 2012 ExpiringOAuth2RefreshToken refreshToken = (ExpiringOAuth2RefreshToken) tokenStore.readRefreshToken(refreshTokenValue); if (refreshToken == null) { throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue); } else if (isExpired(refreshToken)) { tokenStore.removeRefreshToken(refreshToken); throw new InvalidGrantException("Invalid refresh token: " + refreshToken); } OAuth2Authentication authentication = tokenStore.readAuthenticationForRefreshToken(refreshToken); tokenStore.removeRefreshToken(refreshToken); return createAccessToken(authentication); }
/** * Delegates to the internal instance {@link JwtTokenStore#readAuthentication(OAuth2AccessToken)}. * * @param token the access token * @return the {@link OAuth2Authentication} representation of the access token */ @Override public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { return this.delegate.readAuthentication(token); }
@Override public TokenRequest createTokenRequest(Map<String, String> requestParameters, ClientDetails authenticatedClient) { if (requestParameters.get("grant_type").equals("refresh_token")) { OAuth2Authentication authentication = tokenStore.readAuthenticationForRefreshToken( tokenStore.readRefreshToken(requestParameters.get("refresh_token"))); SecurityContextHolder.getContext() .setAuthentication(new UsernamePasswordAuthenticationToken(authentication.getName(), null, userDetailsService.loadUserByUsername(authentication.getName()).getAuthorities())); } return super.createTokenRequest(requestParameters, authenticatedClient); } }
OAuth2Authentication auth2 = tokenStore.readAuthentication(token); if (auth2 == null) { token = tokenParserChain.parse(token.getValue()); tokenStore.storeAccessToken(token, auth2); } catch (DataIntegrityViolationException e) { LOGGER.debug(com.sap.cloud.lm.sl.cf.core.message.Messages.ERROR_STORING_TOKEN_DUE_TO_INTEGRITY_VIOLATION, e);
/** * Delegates to the internal instance {@link JwtTokenStore#removeAccessToken(OAuth2AccessToken)}. * * @param token the access token */ @Override public void removeAccessToken(OAuth2AccessToken token) { this.delegate.removeAccessToken(token); }
@RequestMapping(value="/approval/revoke",method= RequestMethod.POST) public String revokApproval(@ModelAttribute Approval approval){ approvalStore.revokeApprovals(asList(approval)); tokenStore.findTokensByClientIdAndUserName(approval.getClientId(),approval.getUserId()) .forEach(tokenStore::removeAccessToken) ; return "redirect:/"; }
accessToken = new DefaultOAuth2AccessToken(customTokenEnhancer.enhance(accessToken, authentication)); orcidTokenStore.storeAccessToken(accessToken, authentication); orcidTokenStore.storeAccessToken(accessToken, authentication); } catch(PersistenceException e) { accessToken = generateAccessToken(authentication); try { orcidTokenStore.storeAccessToken(accessToken, authentication); return accessToken; } catch(Exception e2) {
private ExpiringOAuth2RefreshToken createRefreshToken(OAuth2Authentication authentication) { int secondsToExpire = authProperties.getRefreshTokenTimeToLive(); Date expiration = new Date(System.currentTimeMillis() + secondsToExpire * 1000L); String refreshTokenValue = UUID.randomUUID().toString(); ExpiringOAuth2RefreshToken refreshToken = new DefaultExpiringOAuth2RefreshToken(refreshTokenValue, expiration); tokenStore.storeRefreshToken(refreshToken, authentication); return refreshToken; }
@Override @Transactional public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException { OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication); OAuth2RefreshToken refreshToken; if (existingAccessToken != null) { if (existingAccessToken.getRefreshToken() != null) { refreshToken = existingAccessToken.getRefreshToken(); tokenStore.removeRefreshToken(refreshToken); } tokenStore.removeAccessToken(existingAccessToken); } //recreate a refreshToken refreshToken = createRefreshToken(authentication); OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken); if (accessToken != null) { tokenStore.storeAccessToken(accessToken, authentication); } refreshToken = accessToken.getRefreshToken(); if (refreshToken != null) { tokenStore.storeRefreshToken(refreshToken, authentication); } return accessToken; }