added registration token API
Justin Richer
parent
13cee6bf06
commit
0b8dbc4f68
|
|
@ -26,6 +26,7 @@ import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
|
||||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||||
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
||||||
import org.mitre.oauth2.view.TokenApiView;
|
import org.mitre.oauth2.view.TokenApiView;
|
||||||
|
import org.mitre.openid.connect.service.OIDCTokenService;
|
||||||
import org.mitre.openid.connect.view.HttpCodeView;
|
import org.mitre.openid.connect.view.HttpCodeView;
|
||||||
import org.mitre.openid.connect.view.JsonErrorView;
|
import org.mitre.openid.connect.view.JsonErrorView;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
|
|
@ -54,6 +55,9 @@ public class TokenAPI {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private ClientDetailsEntityService clientService;
|
private ClientDetailsEntityService clientService;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private OIDCTokenService oidcTokenService;
|
||||||
|
|
||||||
private static Logger logger = LoggerFactory.getLogger(TokenAPI.class);
|
private static Logger logger = LoggerFactory.getLogger(TokenAPI.class);
|
||||||
|
|
||||||
|
|
@ -152,6 +156,32 @@ public class TokenAPI {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
||||||
|
@RequestMapping(value = "/registration/{clientId}", method = RequestMethod.PUT, produces = "application/json")
|
||||||
|
public String rotateRegistrationTokenByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) {
|
||||||
|
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
|
||||||
|
|
||||||
|
if (client != null) {
|
||||||
|
OAuth2AccessTokenEntity token = oidcTokenService.createRegistrationAccessToken(client);
|
||||||
|
token = tokenService.saveAccessToken(token);
|
||||||
|
|
||||||
|
if (token != null) {
|
||||||
|
m.put("entity", token);
|
||||||
|
return TokenApiView.VIEWNAME;
|
||||||
|
} else {
|
||||||
|
m.put("code", HttpStatus.NOT_FOUND);
|
||||||
|
m.put("errorMessage", "No registration token could be found.");
|
||||||
|
return JsonErrorView.VIEWNAME;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// client not found
|
||||||
|
m.put("code", HttpStatus.NOT_FOUND);
|
||||||
|
m.put("errorMessage", "The requested client with id " + clientId + " could not be found.");
|
||||||
|
return JsonErrorView.VIEWNAME;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
@RequestMapping(value = "/refresh", method = RequestMethod.GET, produces = "application/json")
|
@RequestMapping(value = "/refresh", method = RequestMethod.GET, produces = "application/json")
|
||||||
public String getAllRefreshTokens(ModelMap m, Principal p) {
|
public String getAllRefreshTokens(ModelMap m, Principal p) {
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@ import org.mitre.oauth2.model.AuthenticationHolderEntity;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
import org.mitre.oauth2.repository.AuthenticationHolderRepository;
|
import org.mitre.oauth2.repository.AuthenticationHolderRepository;
|
||||||
|
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
||||||
import org.mitre.oauth2.service.SystemScopeService;
|
import org.mitre.oauth2.service.SystemScopeService;
|
||||||
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
||||||
import org.mitre.openid.connect.service.OIDCTokenService;
|
import org.mitre.openid.connect.service.OIDCTokenService;
|
||||||
|
|
@ -39,6 +40,7 @@ import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
|
import org.springframework.security.core.token.TokenService;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Request;
|
import org.springframework.security.oauth2.provider.OAuth2Request;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
@ -83,6 +85,9 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private SymmetricCacheService symmetricCacheService;
|
private SymmetricCacheService symmetricCacheService;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private OAuth2TokenEntityService tokenService;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public OAuth2AccessTokenEntity createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken) {
|
public OAuth2AccessTokenEntity createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken) {
|
||||||
|
|
@ -202,6 +207,14 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
@Override
|
@Override
|
||||||
public OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) {
|
public OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) {
|
||||||
|
|
||||||
|
// revoke any previous tokens
|
||||||
|
OAuth2AccessTokenEntity oldToken = tokenService.getRegistrationAccessTokenForClient(client);
|
||||||
|
if (oldToken != null) {
|
||||||
|
tokenService.revokeAccessToken(oldToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
// create a new token
|
||||||
|
|
||||||
Map<String, String> authorizationParameters = Maps.newHashMap();
|
Map<String, String> authorizationParameters = Maps.newHashMap();
|
||||||
OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(),
|
OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(),
|
||||||
Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true,
|
Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true,
|
||||||
|
|
|
||||||
|
|
@ -163,7 +163,7 @@ public class ClientDynamicRegistrationEndpoint {
|
||||||
|
|
||||||
// generate the registration access token
|
// generate the registration access token
|
||||||
OAuth2AccessTokenEntity token = connectTokenService.createRegistrationAccessToken(savedClient);
|
OAuth2AccessTokenEntity token = connectTokenService.createRegistrationAccessToken(savedClient);
|
||||||
tokenService.saveAccessToken(token);
|
token = tokenService.saveAccessToken(token);
|
||||||
|
|
||||||
// send it all out to the view
|
// send it all out to the view
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue