org.springframework.security.oauth2.provider.token

Class DefaultTokenServices

java.lang.Object

org.springframework.security.oauth2.provider.token.DefaultTokenServices

All Implemented Interfaces:

InitializingBean, AuthorizationServerTokenServices, ConsumerTokenServices, ResourceServerTokenServices

public class DefaultTokenServices
extends Object
implements AuthorizationServerTokenServices, ResourceServerTokenServices, ConsumerTokenServices, InitializingBean

Base implementation for token services using random UUID values for the access token and refresh token values. The main extension point for customizations is the TokenEnhancer which will be called after the access and refresh tokens have been generated but before they are stored.

Persistence is delegated to a TokenStore implementation and customization of the access token to a TokenEnhancer.

Author:

Ryan Heaton, Luke Taylor, Dave Syer

Constructor Summary

Constructors

Constructor and Description
DefaultTokenServices()

Method Summary

Methods

Modifier and Type	Method and Description
void	afterPropertiesSet() Initialize these token services.
OAuth2AccessToken	createAccessToken(OAuth2Authentication authentication) Create an access token associated with the specified credentials.
OAuth2AccessToken	getAccessToken(OAuth2Authentication authentication) Retrieve an access token stored against the provided authentication key, if it exists.
protected int	getAccessTokenValiditySeconds(OAuth2Request clientAuth) The access token validity period in seconds
String	getClientId(String tokenValue)
protected int	getRefreshTokenValiditySeconds(OAuth2Request clientAuth) The refresh token validity period in seconds
protected boolean	isExpired(OAuth2RefreshToken refreshToken)
protected boolean	isSupportRefreshToken(OAuth2Request clientAuth) Is a refresh token supported for this client (or the global setting if clientDetailsService is not set.
OAuth2Authentication	loadAuthentication(String accessTokenValue) Load the credentials for the specified access token.
OAuth2AccessToken	readAccessToken(String accessToken) Retrieve the full access token details from just the value.
OAuth2AccessToken	refreshAccessToken(String refreshTokenValue, TokenRequest tokenRequest) Refresh an access token.
boolean	revokeToken(String tokenValue)
void	setAccessTokenValiditySeconds(int accessTokenValiditySeconds) The default validity (in seconds) of the access token.
void	setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager authenticationManager) An authentication manager that will be used (if provided) to check the user authentication when a token is refreshed.
void	setClientDetailsService(ClientDetailsService clientDetailsService) The client details service to use for looking up clients (if necessary).
void	setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds) The validity (in seconds) of the refresh token.
void	setReuseRefreshToken(boolean reuseRefreshToken) Whether to reuse refresh tokens (until expired).
void	setSupportRefreshToken(boolean supportRefreshToken) Whether to support the refresh token.
void	setTokenEnhancer(TokenEnhancer accessTokenEnhancer) An access token enhancer that will be applied to a new token before it is saved in the token store.
void	setTokenStore(TokenStore tokenStore) The persistence strategy for token storage.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultTokenServices

public DefaultTokenServices()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Initialize these token services. If no random generator is set, one will be created.

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception

createAccessToken

@Transactional
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication)
                                    throws org.springframework.security.core.AuthenticationException

Description copied from interface: AuthorizationServerTokenServices

Create an access token associated with the specified credentials.

Specified by:

createAccessToken in interface AuthorizationServerTokenServices

Parameters:

authentication - The credentials associated with the access token.

Returns:

The access token.

Throws:

org.springframework.security.core.AuthenticationException - If the credentials are inadequate.

refreshAccessToken

@Transactional(noRollbackFor={InvalidTokenException.class,InvalidGrantException.class})
public OAuth2AccessToken refreshAccessToken(String refreshTokenValue,
                                                                                                                    TokenRequest tokenRequest)
                                     throws org.springframework.security.core.AuthenticationException

Description copied from interface: AuthorizationServerTokenServices

Refresh an access token. The authorization request should be used for 2 things (at least): to validate that the client id of the original access token is the same as the one requesting the refresh, and to narrow the scopes (if provided).

Specified by:

refreshAccessToken in interface AuthorizationServerTokenServices

Parameters:

refreshTokenValue - The details about the refresh token.

tokenRequest - The incoming token request.

Returns:

The (new) access token.

Throws:

org.springframework.security.core.AuthenticationException - If the refresh token is invalid or expired.

getAccessToken

public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication)

Description copied from interface: AuthorizationServerTokenServices

Retrieve an access token stored against the provided authentication key, if it exists.

Specified by:

getAccessToken in interface AuthorizationServerTokenServices

Parameters:

authentication - the authentication key for the access token

Returns:

the access token or null if there was none

isExpired

protected boolean isExpired(OAuth2RefreshToken refreshToken)

readAccessToken

public OAuth2AccessToken readAccessToken(String accessToken)

Description copied from interface: ResourceServerTokenServices

Retrieve the full access token details from just the value.

Specified by:

readAccessToken in interface ResourceServerTokenServices

Parameters:

accessToken - the token value

Returns:

the full access token with client id etc.

loadAuthentication

public OAuth2Authentication loadAuthentication(String accessTokenValue)
                                        throws org.springframework.security.core.AuthenticationException,
                                               InvalidTokenException

Description copied from interface: ResourceServerTokenServices

Load the credentials for the specified access token.

Specified by:

loadAuthentication in interface ResourceServerTokenServices

Parameters:

accessTokenValue - The access token value.

Returns:

The authentication for the access token.

Throws:

org.springframework.security.core.AuthenticationException - If the access token is expired

InvalidTokenException - if the token isn't valid

getClientId

public String getClientId(String tokenValue)

revokeToken

public boolean revokeToken(String tokenValue)

Specified by:

revokeToken in interface ConsumerTokenServices

getAccessTokenValiditySeconds

protected int getAccessTokenValiditySeconds(OAuth2Request clientAuth)

The access token validity period in seconds

Parameters:

clientAuth - the current authorization request

Returns:

the access token validity period in seconds

getRefreshTokenValiditySeconds

protected int getRefreshTokenValiditySeconds(OAuth2Request clientAuth)

The refresh token validity period in seconds

Parameters:

clientAuth - the current authorization request

Returns:

the refresh token validity period in seconds

isSupportRefreshToken

protected boolean isSupportRefreshToken(OAuth2Request clientAuth)

Is a refresh token supported for this client (or the global setting if clientDetailsService is not set.

Parameters:

clientAuth - the current authorization request

Returns:

boolean to indicate if refresh token is supported

setTokenEnhancer

public void setTokenEnhancer(TokenEnhancer accessTokenEnhancer)

An access token enhancer that will be applied to a new token before it is saved in the token store.

Parameters:

accessTokenEnhancer - the access token enhancer to set

setRefreshTokenValiditySeconds

public void setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds)

The validity (in seconds) of the refresh token. If less than or equal to zero then the tokens will be non-expiring.

Parameters:

refreshTokenValiditySeconds - The validity (in seconds) of the refresh token.

setAccessTokenValiditySeconds

public void setAccessTokenValiditySeconds(int accessTokenValiditySeconds)

The default validity (in seconds) of the access token. Zero or negative for non-expiring tokens. If a client details service is set the validity period will be read from the client, defaulting to this value if not defined by the client.

Parameters:

accessTokenValiditySeconds - The validity (in seconds) of the access token.

setSupportRefreshToken

public void setSupportRefreshToken(boolean supportRefreshToken)

Whether to support the refresh token.

Parameters:

supportRefreshToken - Whether to support the refresh token.

setReuseRefreshToken

public void setReuseRefreshToken(boolean reuseRefreshToken)

Whether to reuse refresh tokens (until expired).

Parameters:

reuseRefreshToken - Whether to reuse refresh tokens (until expired).

setTokenStore

public void setTokenStore(TokenStore tokenStore)

The persistence strategy for token storage.

Parameters:

tokenStore - the store for access and refresh tokens.

setAuthenticationManager

public void setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager authenticationManager)

An authentication manager that will be used (if provided) to check the user authentication when a token is refreshed.

Parameters:

authenticationManager - the authenticationManager to set

setClientDetailsService

public void setClientDetailsService(ClientDetailsService clientDetailsService)

The client details service to use for looking up clients (if necessary). Optional if the access token expiry is set globally via setAccessTokenValiditySeconds(int).

Parameters:

clientDetailsService - the client details service