protected void verifyAccessTokens(OAuth2AccessToken oldAccessToken, OAuth2AccessToken newAccessToken) { // make sure the new access token can be used. verifyTokenResponse(newAccessToken.getValue(), HttpStatus.OK); // make sure the old access token isn't valid anymore. verifyTokenResponse(oldAccessToken.getValue(), HttpStatus.UNAUTHORIZED); }
protected void verifyAccessTokens(OAuth2AccessToken oldAccessToken, OAuth2AccessToken newAccessToken) { // make sure the new access token can be used. verifyTokenResponse(newAccessToken.getValue(), HttpStatus.OK); // make sure the old access token isn't valid anymore. verifyTokenResponse(oldAccessToken.getValue(), HttpStatus.UNAUTHORIZED); }
@Override public void removeAccessToken(OAuth2AccessToken accessToken) { removeAccessToken(accessToken.getValue()); }
@Override public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { return readAuthentication(token.getValue()); }
@Override public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { return readAuthentication(token.getValue()); }
public void removeAccessToken(OAuth2AccessToken token) { removeAccessToken(token.getValue()); }
public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { return readAuthentication(token.getValue()); }
public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { return readAuthentication(token.getValue()); }
public void removeAccessToken(OAuth2AccessToken accessToken) { removeAccessToken(accessToken.getValue()); }
@Override public void authenticate(OAuth2ProtectedResourceDetails resource, OAuth2ClientContext clientContext, ClientHttpRequest request) { OAuth2AccessToken accessToken = clientContext.getAccessToken(); if (accessToken == null) { throw new AccessTokenRequiredException(resource); } String tokenType = accessToken.getTokenType(); if (!StringUtils.hasText(tokenType)) { tokenType = OAuth2AccessToken.BEARER_TYPE; // we'll assume basic bearer token type if none is specified. } else if (tokenType.equalsIgnoreCase(OAuth2AccessToken.BEARER_TYPE)) { // gh-1346 tokenType = OAuth2AccessToken.BEARER_TYPE; // Ensure we use the correct syntax for the "Bearer" authentication scheme } request.getHeaders().set("Authorization", String.format("%s %s", tokenType, accessToken.getValue())); }
public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) { String key = authenticationKeyGenerator.extractKey(authentication); OAuth2AccessToken accessToken = authenticationToAccessTokenStore.get(key); if (accessToken != null && !key.equals(authenticationKeyGenerator.extractKey(readAuthentication(accessToken.getValue())))) { // Keep the stores consistent (maybe the same user is represented by this authentication but the details // have changed) storeAccessToken(accessToken, authentication); } return accessToken; }
public OAuth2AccessToken extractData(ClientHttpResponse response) throws IOException { // TODO: this should actually be a 401 if the request asked for JSON URI location = response.getHeaders().getLocation(); if (location == null) { return null; } String fragment = location.getFragment(); OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(OAuth2Utils.extractMap(fragment)); if (accessToken.getValue() == null) { throw new UserRedirectRequiredException(location.toString(), Collections.<String, String> emptyMap()); } return accessToken; } }
/** * tests a happy-day flow of the refresh token provider. */ @Test public void testHappyDay() throws Exception { OAuth2AccessToken accessToken = getAccessToken("read write", "my-trusted-client"); // now use the refresh token to get a new access token. assertNotNull(accessToken.getRefreshToken()); OAuth2AccessToken newAccessToken = refreshAccessToken(accessToken.getRefreshToken().getValue()); assertFalse(newAccessToken.getValue().equals(accessToken.getValue())); verifyAccessTokens(accessToken, newAccessToken); cancelToken(accessToken.getValue()); cancelToken(newAccessToken.getValue()); }
private OAuth2RefreshToken createRefreshToken(OAuth2AccessToken encodedRefreshToken) { if (!jwtTokenEnhancer.isRefreshToken(encodedRefreshToken)) { throw new InvalidTokenException("Encoded token is not a refresh token"); } if (encodedRefreshToken.getExpiration()!=null) { return new DefaultExpiringOAuth2RefreshToken(encodedRefreshToken.getValue(), encodedRefreshToken.getExpiration()); } return new DefaultOAuth2RefreshToken(encodedRefreshToken.getValue()); }
public void saveAccessToken(OAuth2ProtectedResourceDetails resource, Authentication authentication, OAuth2AccessToken accessToken) { removeAccessToken(resource, authentication); String name = authentication==null ? null : authentication.getName(); jdbcTemplate.update( insertAccessTokenSql, new Object[] { accessToken.getValue(), new SqlLobValue(SerializationUtils.serialize(accessToken)), keyGenerator.extractKey(resource, authentication), name, resource.getClientId() }, new int[] { Types.VARCHAR, Types.BLOB, Types.VARCHAR, Types.VARCHAR, Types.VARCHAR }); }
/** * tests a happy-day flow of the refresh token provider. */ @Test public void testHappyDay() throws Exception { OAuth2AccessToken accessToken = getAccessToken("read write", "my-trusted-client"); // now use the refresh token to get a new access token. assertNotNull(accessToken.getRefreshToken()); OAuth2AccessToken newAccessToken = refreshAccessToken(accessToken.getRefreshToken().getValue()); assertFalse(newAccessToken.getValue().equals(accessToken.getValue())); verifyAccessTokens(accessToken, newAccessToken); }
@After public void cancelToken() { try { OAuth2AccessToken token = context.getOAuth2ClientContext().getAccessToken(); if (token != null) { tokenServices.revokeToken(token.getValue()); } } catch (Exception e) { // ignore } }
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { String refreshToken = null; if (token.getRefreshToken() != null) { refreshToken = token.getRefreshToken().getValue(); } if (readAccessToken(token.getValue())!=null) { removeAccessToken(token.getValue()); } jdbcTemplate.update(insertAccessTokenSql, new Object[] { extractTokenKey(token.getValue()), new SqlLobValue(serializeAccessToken(token)), authenticationKeyGenerator.extractKey(authentication), authentication.isClientOnly() ? null : authentication.getName(), authentication.getOAuth2Request().getClientId(), new SqlLobValue(serializeAuthentication(authentication)), extractTokenKey(refreshToken) }, new int[] { Types.VARCHAR, Types.BLOB, Types.VARCHAR, Types.VARCHAR, Types.VARCHAR, Types.BLOB, Types.VARCHAR }); }
protected JaxbOAuth2AccessToken convertToInternal(OAuth2AccessToken accessToken) { JaxbOAuth2AccessToken jaxbAccessToken = new JaxbOAuth2AccessToken(); jaxbAccessToken.setAccessToken(accessToken.getValue()); jaxbAccessToken.setExpriation(accessToken.getExpiration()); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); if(refreshToken != null) { jaxbAccessToken.setRefreshToken(refreshToken.getValue()); } return jaxbAccessToken; }
/** * Copy constructor for access token. * * @param accessToken */ public DefaultOAuth2AccessToken(OAuth2AccessToken accessToken) { this(accessToken.getValue()); setAdditionalInformation(accessToken.getAdditionalInformation()); setRefreshToken(accessToken.getRefreshToken()); setExpiration(accessToken.getExpiration()); setScope(accessToken.getScope()); setTokenType(accessToken.getTokenType()); }