org.springframework.security.oauth2.provider.token
Class DefaultTokenServices

java.lang.Object
  extended by org.springframework.security.oauth2.provider.token.DefaultTokenServices
All Implemented Interfaces:
InitializingBean, AuthorizationServerTokenServices, ConsumerTokenServices, ResourceServerTokenServices

public class DefaultTokenServices
extends Object
implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean

Base implementation for token services using random UUID values for the access token and refresh token values. The main extension point for customizations is the TokenEnhancer which will be called after the access and refresh tokens have been generated but before they are stored.

Persistence is delegated to a TokenStore implementation and customization of the access token to a TokenEnhancer.

Author:
Ryan Heaton, Luke Taylor, Dave Syer

Constructor Summary
DefaultTokenServices()
           
 
Method Summary
 void afterPropertiesSet()
          Initialize these token services.
 OAuth2AccessToken createAccessToken(OAuth2Authentication authentication)
          Create an access token associated with the specified credentials.
 Collection<OAuth2AccessToken> findTokensByClientId(String clientId)
           
 Collection<OAuth2AccessToken> findTokensByUserName(String userName)
           
 OAuth2AccessToken getAccessToken(OAuth2Authentication authentication)
          Retrieve an access token stored against the provided authentication key, if it exists.
protected  int getAccessTokenValiditySeconds(AuthorizationRequest authorizationRequest)
          The access token validity period in seconds
 String getClientId(String tokenValue)
           
protected  int getRefreshTokenValiditySeconds(AuthorizationRequest authorizationRequest)
          The refresh token validity period in seconds
protected  boolean isExpired(OAuth2RefreshToken refreshToken)
           
protected  boolean isSupportRefreshToken(AuthorizationRequest authorizationRequest)
          Is a refresh token supported for this client (or the global setting if clientDetailsService is not set.
 OAuth2Authentication loadAuthentication(String accessTokenValue)
          Load the credentials for the specified access token.
 OAuth2AccessToken readAccessToken(String accessToken)
          Retrieve the full access token details from just the value.
 OAuth2AccessToken refreshAccessToken(String refreshTokenValue, AuthorizationRequest request)
          Refresh an access token.
 boolean revokeToken(String tokenValue)
           
 void setAccessTokenValiditySeconds(int accessTokenValiditySeconds)
          The default validity (in seconds) of the access token.
 void setClientDetailsService(ClientDetailsService clientDetailsService)
          The client details service to use for looking up clients (if necessary).
 void setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds)
          The validity (in seconds) of the refresh token.
 void setReuseRefreshToken(boolean reuseRefreshToken)
          Whether to reuse refresh tokens (until expired).
 void setSupportRefreshToken(boolean supportRefreshToken)
          Whether to support the refresh token.
 void setTokenEnhancer(TokenEnhancer accessTokenEnhancer)
          An access token enhancer that will be applied to a new token before it is saved in the token store.
 void setTokenStore(TokenStore tokenStore)
          The persistence strategy for token storage.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultTokenServices

public DefaultTokenServices()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Initialize these token services. If no random generator is set, one will be created.

Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception

createAccessToken

public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication)
                                    throws org.springframework.security.core.AuthenticationException
Description copied from interface: AuthorizationServerTokenServices
Create an access token associated with the specified credentials.

Specified by:
createAccessToken in interface AuthorizationServerTokenServices
Parameters:
authentication - The credentials associated with the access token.
Returns:
The access token.
Throws:
org.springframework.security.core.AuthenticationException - If the credentials are inadequate.

refreshAccessToken

public OAuth2AccessToken refreshAccessToken(String refreshTokenValue,
                                            AuthorizationRequest request)
                                     throws org.springframework.security.core.AuthenticationException
Description copied from interface: AuthorizationServerTokenServices
Refresh an access token. The authorization request should be used for 2 things (at least): to validate that the client id of the original access token is the same as the one requesting the refresh, and to narrow the scopes (if provided).

Specified by:
refreshAccessToken in interface AuthorizationServerTokenServices
Parameters:
refreshTokenValue - The details about the refresh token.
request - The incoming authorization request.
Returns:
The (new) access token.
Throws:
org.springframework.security.core.AuthenticationException - If the refresh token is invalid or expired.

getAccessToken

public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication)
Description copied from interface: AuthorizationServerTokenServices
Retrieve an access token stored against the provided authentication key, if it exists.

Specified by:
getAccessToken in interface AuthorizationServerTokenServices
Parameters:
authentication - the authentication key for the access token
Returns:
the access token or null if there was none

isExpired

protected boolean isExpired(OAuth2RefreshToken refreshToken)

readAccessToken

public OAuth2AccessToken readAccessToken(String accessToken)
Description copied from interface: ResourceServerTokenServices
Retrieve the full access token details from just the value.

Specified by:
readAccessToken in interface ResourceServerTokenServices
Parameters:
accessToken - the token value
Returns:
the full access token with client id etc.

loadAuthentication

public OAuth2Authentication loadAuthentication(String accessTokenValue)
                                        throws org.springframework.security.core.AuthenticationException
Description copied from interface: ResourceServerTokenServices
Load the credentials for the specified access token.

Specified by:
loadAuthentication in interface ResourceServerTokenServices
Parameters:
accessTokenValue - The access token value.
Returns:
The authentication for the access token.
Throws:
org.springframework.security.core.AuthenticationException - If the access token is expired

getClientId

public String getClientId(String tokenValue)
Specified by:
getClientId in interface ConsumerTokenServices

findTokensByUserName

public Collection<OAuth2AccessToken> findTokensByUserName(String userName)
Specified by:
findTokensByUserName in interface ConsumerTokenServices

findTokensByClientId

public Collection<OAuth2AccessToken> findTokensByClientId(String clientId)
Specified by:
findTokensByClientId in interface ConsumerTokenServices

revokeToken

public boolean revokeToken(String tokenValue)
Specified by:
revokeToken in interface ConsumerTokenServices

getAccessTokenValiditySeconds

protected int getAccessTokenValiditySeconds(AuthorizationRequest authorizationRequest)
The access token validity period in seconds

Parameters:
authorizationRequest - the current authorization request
Returns:
the access token validity period in seconds

getRefreshTokenValiditySeconds

protected int getRefreshTokenValiditySeconds(AuthorizationRequest authorizationRequest)
The refresh token validity period in seconds

Parameters:
authorizationRequest - the current authorization request
Returns:
the refresh token validity period in seconds

isSupportRefreshToken

protected boolean isSupportRefreshToken(AuthorizationRequest authorizationRequest)
Is a refresh token supported for this client (or the global setting if clientDetailsService is not set.

Parameters:
authorizationRequest - the current authorization request
Returns:
boolean to indicate if refresh token is supported

setTokenEnhancer

public void setTokenEnhancer(TokenEnhancer accessTokenEnhancer)
An access token enhancer that will be applied to a new token before it is saved in the token store.

Parameters:
accessTokenEnhancer - the access token enhancer to set

setRefreshTokenValiditySeconds

public void setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds)
The validity (in seconds) of the refresh token.

Parameters:
refreshTokenValiditySeconds - The validity (in seconds) of the refresh token.

setAccessTokenValiditySeconds

public void setAccessTokenValiditySeconds(int accessTokenValiditySeconds)
The default validity (in seconds) of the access token. Zero or negative for non-expiring tokens. If a client details service is set the validity period will be read from he client, defaulting to this value if not defined by the client.

Parameters:
accessTokenValiditySeconds - The validity (in seconds) of the access token.

setSupportRefreshToken

public void setSupportRefreshToken(boolean supportRefreshToken)
Whether to support the refresh token.

Parameters:
supportRefreshToken - Whether to support the refresh token.

setReuseRefreshToken

public void setReuseRefreshToken(boolean reuseRefreshToken)
Whether to reuse refresh tokens (until expired).

Parameters:
reuseRefreshToken - Whether to reuse refresh tokens (until expired).

setTokenStore

public void setTokenStore(TokenStore tokenStore)
The persistence strategy for token storage.

Parameters:
tokenStore - the store for access and refresh tokens.

setClientDetailsService

public void setClientDetailsService(ClientDetailsService clientDetailsService)
The client details service to use for looking up clients (if necessary). Optional if the access token expiry is set globally via setAccessTokenValiditySeconds(int).

Parameters:
clientDetailsService - the client details service


Copyright © 2012. All Rights Reserved.