org.springframework.security.oauth.provider.token
Class RandomValueProviderTokenServices

java.lang.Object
  extended by org.springframework.security.oauth.provider.token.RandomValueProviderTokenServices
All Implemented Interfaces:
InitializingBean, OAuthProviderTokenServices, OAuthTokenLifecycleRegistry
Direct Known Subclasses:
InMemoryProviderTokenServices

public abstract class RandomValueProviderTokenServices
extends Object
implements OAuthProviderTokenServices, InitializingBean, OAuthTokenLifecycleRegistry

Base implementation for token services that uses random values to generate tokens. Only the persistence mechanism is left unimplemented.

This base implementation creates tokens that have an expiration. For request tokens, the default validity is 10 minutes. For access tokens, the default validity is 12 hours.

Author:
Ryan Heaton

Constructor Summary
RandomValueProviderTokenServices()
           
 
Method Summary
 void afterPropertiesSet()
          Initialze these token services.
 void authorizeRequestToken(String requestToken, String verifier, org.springframework.security.core.Authentication authentication)
          Authorize the specified request token with the specified authentication credentials.
 OAuthAccessProviderToken createAccessToken(String requestToken)
          Create an OAuth access token given the specified request token.
 OAuthProviderToken createUnauthorizedRequestToken(String consumerKey, String callbackUrl)
          Create an unauthorized OAuth request token.
 int getAccessTokenValiditySeconds()
          The validity (in seconds) of the access token.
 Collection<OAuthTokenLifecycleListener> getLifecycleListeners()
          The collection of lifecycle listeners for these services.
 Random getRandom()
          The random value generator used to create token secrets.
 int getRequestTokenValiditySeconds()
          The validity (in seconds) of the unauthenticated request token.
 OAuthProviderToken getToken(String token)
          Read a token by its value.
 int getTokenSecretLengthBytes()
          The length of the token secret in bytes, before being base64-encoded.
protected  boolean isExpired(OAuthProviderTokenImpl authToken)
          Whether the auth token is expired.
protected  void onTokenCreated(OAuthProviderTokenImpl token)
          Logic for handling event firing of a created token.
protected  void onTokenRemoved(OAuthProviderTokenImpl token)
          Logic for handling event firing of a removed token.
protected abstract  OAuthProviderTokenImpl readToken(String token)
          Read a token from persistence.
 void register(OAuthTokenLifecycleListener... lifecycleListeners)
          Register lifecycle listener(s) with these token services.
protected abstract  OAuthProviderTokenImpl removeToken(String tokenValue)
          Remove a token from persistence.
 void setAccessTokenValiditySeconds(int accessTokenValiditySeconds)
          The validity (in seconds) of the access token.
 void setRandom(Random random)
          The random value generator used to create token secrets.
 void setRequestTokenValiditySeconds(int requestTokenValiditySeconds)
          The validity (in seconds) of the unauthenticated request token.
 void setTokenSecretLengthBytes(int tokenSecretLengthBytes)
          The length of the token secret in bytes, before being base64-encoded.
protected abstract  void storeToken(String tokenValue, OAuthProviderTokenImpl token)
          Store a token from persistence.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RandomValueProviderTokenServices

public RandomValueProviderTokenServices()
Method Detail

readToken

protected abstract OAuthProviderTokenImpl readToken(String token)
Read a token from persistence.

Parameters:
token - The token to read.
Returns:
The token, or null if the token doesn't exist.

storeToken

protected abstract void storeToken(String tokenValue,
                                   OAuthProviderTokenImpl token)
Store a token from persistence.

Parameters:
tokenValue - The token value.
token - The token to store.

removeToken

protected abstract OAuthProviderTokenImpl removeToken(String tokenValue)
Remove a token from persistence.

Parameters:
tokenValue - The token to remove.
Returns:
The token that was removed.

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Initialze these token services. If no random generator is set, one will be created.

Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception

getToken

public OAuthProviderToken getToken(String token)
                            throws org.springframework.security.core.AuthenticationException
Description copied from interface: OAuthProviderTokenServices
Read a token by its value.

Specified by:
getToken in interface OAuthProviderTokenServices
Parameters:
token - The token value.
Returns:
The token.
Throws:
org.springframework.security.core.AuthenticationException - If the token is invalid, expired, or disabled.

isExpired

protected boolean isExpired(OAuthProviderTokenImpl authToken)
Whether the auth token is expired.

Parameters:
authToken - The auth token to check for expiration.
Returns:
Whether the auth token is expired.

createUnauthorizedRequestToken

public OAuthProviderToken createUnauthorizedRequestToken(String consumerKey,
                                                         String callbackUrl)
                                                  throws org.springframework.security.core.AuthenticationException
Description copied from interface: OAuthProviderTokenServices
Create an unauthorized OAuth request token.

Specified by:
createUnauthorizedRequestToken in interface OAuthProviderTokenServices
Parameters:
consumerKey - The consumer key for which to create the token.
callbackUrl - The callback URL associated with the consumer key.
Returns:
The token.
Throws:
org.springframework.security.core.AuthenticationException - If the consumer isn't valid or otherwise isn't allowed to create a new request token.

authorizeRequestToken

public void authorizeRequestToken(String requestToken,
                                  String verifier,
                                  org.springframework.security.core.Authentication authentication)
                           throws org.springframework.security.core.AuthenticationException
Description copied from interface: OAuthProviderTokenServices
Authorize the specified request token with the specified authentication credentials. After the request token is authorized, the consumer to which that request token was issued will be able to use it to obtain an access token.

Specified by:
authorizeRequestToken in interface OAuthProviderTokenServices
Parameters:
requestToken - The request token.
verifier - The verifier to be assigned to the request token.
authentication - The authentication credentials with which to authorize the request token. This is the authentication of the user who has signed in and is authorizing the consumer to have access to a protected resource. This same authentication can be pulled from the security context, but it's passed explicitly here to suggest to the method implementation that it needs to take into account what authorities are being granted to the consumer by the user.
Throws:
org.springframework.security.core.AuthenticationException - If the token is expired or otherwise unauthorizable, or if the authentication credentials are insufficient.

createAccessToken

public OAuthAccessProviderToken createAccessToken(String requestToken)
                                           throws org.springframework.security.core.AuthenticationException
Description copied from interface: OAuthProviderTokenServices
Create an OAuth access token given the specified request token. This token will be used to provide access to a protected resource. After the access token is created, the request token should be invalidated.

Specified by:
createAccessToken in interface OAuthProviderTokenServices
Parameters:
requestToken - The (presumably authorized) request token used to create the access token.
Returns:
The access token.
Throws:
org.springframework.security.core.AuthenticationException - If the request token is expired or disabled or doesn't reference the necessary authentication credentials or otherwise isn't authorized.

onTokenRemoved

protected void onTokenRemoved(OAuthProviderTokenImpl token)
Logic for handling event firing of a removed token.

Parameters:
token - The token that was removed (possibly null).

onTokenCreated

protected void onTokenCreated(OAuthProviderTokenImpl token)
Logic for handling event firing of a created token.

Parameters:
token - The token that was created.

getTokenSecretLengthBytes

public int getTokenSecretLengthBytes()
The length of the token secret in bytes, before being base64-encoded.

Returns:
The length of the token secret in bytes.

setTokenSecretLengthBytes

public void setTokenSecretLengthBytes(int tokenSecretLengthBytes)
The length of the token secret in bytes, before being base64-encoded.

Parameters:
tokenSecretLengthBytes - The length of the token secret in bytes, before being base64-encoded.

getRandom

public Random getRandom()
The random value generator used to create token secrets.

Returns:
The random value generator used to create token secrets.

setRandom

public void setRandom(Random random)
The random value generator used to create token secrets.

Parameters:
random - The random value generator used to create token secrets.

getRequestTokenValiditySeconds

public int getRequestTokenValiditySeconds()
The validity (in seconds) of the unauthenticated request token.

Returns:
The validity (in seconds) of the unauthenticated request token.

setRequestTokenValiditySeconds

public void setRequestTokenValiditySeconds(int requestTokenValiditySeconds)
The validity (in seconds) of the unauthenticated request token.

Parameters:
requestTokenValiditySeconds - The validity (in seconds) of the unauthenticated request token.

getAccessTokenValiditySeconds

public int getAccessTokenValiditySeconds()
The validity (in seconds) of the access token.

Returns:
The validity (in seconds) of the access token.

setAccessTokenValiditySeconds

public void setAccessTokenValiditySeconds(int accessTokenValiditySeconds)
The validity (in seconds) of the access token.

Parameters:
accessTokenValiditySeconds - The validity (in seconds) of the access token.

getLifecycleListeners

public Collection<OAuthTokenLifecycleListener> getLifecycleListeners()
The collection of lifecycle listeners for these services.

Specified by:
getLifecycleListeners in interface OAuthTokenLifecycleRegistry
Returns:
The collection of lifecycle listeners for these services.

register

@Autowired(required=false)
public void register(OAuthTokenLifecycleListener... lifecycleListeners)
Register lifecycle listener(s) with these token services.

Specified by:
register in interface OAuthTokenLifecycleRegistry
Parameters:
lifecycleListeners - The listeners.


Copyright © 2012. All Rights Reserved.