/** * Copy constructor for access token. * * @param accessToken */ public DefaultOAuth2AccessToken(OAuth2AccessToken accessToken) { this(accessToken.getValue()); setAdditionalInformation(accessToken.getAdditionalInformation()); setRefreshToken(accessToken.getRefreshToken()); setExpiration(accessToken.getExpiration()); setScope(accessToken.getScope()); setTokenType(accessToken.getTokenType()); }
@Override public String toString() { return getValue(); }
private OAuth2RefreshToken createRefreshToken(OAuth2AccessToken encodedRefreshToken) { if (!jwtTokenEnhancer.isRefreshToken(encodedRefreshToken)) { throw new InvalidTokenException("Encoded token is not a refresh token"); } if (encodedRefreshToken.getExpiration()!=null) { return new DefaultExpiringOAuth2RefreshToken(encodedRefreshToken.getValue(), encodedRefreshToken.getExpiration()); } return new DefaultOAuth2RefreshToken(encodedRefreshToken.getValue()); }
protected JaxbOAuth2AccessToken convertToInternal(OAuth2AccessToken accessToken) { JaxbOAuth2AccessToken jaxbAccessToken = new JaxbOAuth2AccessToken(); jaxbAccessToken.setAccessToken(accessToken.getValue()); jaxbAccessToken.setExpriation(accessToken.getExpiration()); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); if(refreshToken != null) { jaxbAccessToken.setRefreshToken(refreshToken.getValue()); } return jaxbAccessToken; }
protected void verifyAccessTokens(OAuth2AccessToken oldAccessToken, OAuth2AccessToken newAccessToken) { // make sure the new access token can be used. verifyTokenResponse(newAccessToken.getValue(), HttpStatus.OK); // make sure the old access token isn't valid anymore. verifyTokenResponse(oldAccessToken.getValue(), HttpStatus.UNAUTHORIZED); }
protected OAuth2AccessToken convertToExternal(JaxbOAuth2AccessToken jaxbAccessToken) { DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(jaxbAccessToken.getAccessToken()); String refreshToken = jaxbAccessToken.getRefreshToken(); if(refreshToken != null) { accessToken.setRefreshToken(new DefaultOAuth2RefreshToken(refreshToken)); } Date expiration = jaxbAccessToken.getExpiration(); if(expiration != null) { accessToken.setExpiration(expiration); } return accessToken; } }
@Override public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) { OAuth2AccessToken token = super.grant(grantType, tokenRequest); if (token != null) { DefaultOAuth2AccessToken norefresh = new DefaultOAuth2AccessToken(token); // The spec says that client credentials should not be allowed to get a refresh token if (!allowRefresh) { norefresh.setRefreshToken(null); } token = norefresh; } return token; }
public boolean revokeToken(String tokenValue) { OAuth2AccessToken accessToken = tokenStore.readAccessToken(tokenValue); if (accessToken == null) { return false; } if (accessToken.getRefreshToken() != null) { tokenStore.removeRefreshToken(accessToken.getRefreshToken()); } tokenStore.removeAccessToken(accessToken); return true; }
@Override public String toString() { return String.valueOf(getValue()); }
@Override public int hashCode() { return toString().hashCode(); }
/** * @see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap() */ protected void initExtractorMap() { super.initExtractorMap(); registerExtractor(ServletException.class, new ThrowableCauseExtractor() { public Throwable extractCause(Throwable throwable) { ThrowableAnalyzer.verifyThrowableHierarchy(throwable, ServletException.class); return ((ServletException) throwable).getRootCause(); } }); } }
protected void verifyAccessTokens(OAuth2AccessToken oldAccessToken, OAuth2AccessToken newAccessToken) { // make sure the new access token can be used. verifyTokenResponse(newAccessToken.getValue(), HttpStatus.OK); // make sure the old access token isn't valid anymore. verifyTokenResponse(oldAccessToken.getValue(), HttpStatus.UNAUTHORIZED); }
@Override public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) { return readAuthentication(token.getValue()); }
@Override public void removeAccessToken(OAuth2AccessToken accessToken) { removeAccessToken(accessToken.getValue()); }
@Override public void removeRefreshToken(OAuth2RefreshToken refreshToken) { removeRefreshToken(refreshToken.getValue()); }
@Override public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { return readAuthentication(token.getValue()); }
@Override public void removeRefreshToken(OAuth2RefreshToken token) { remove(token.getValue()); }
@Override public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { return readAuthentication(token.getValue()); }
@Override public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken token) { return readAuthenticationForRefreshToken(token.getValue()); }