github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added null check for expiration during introspection. Making assumption that null exp means tokens dont expire.

pull/834/merge
William Kim 2015-06-02 17:25:29 -04:00 committed by Justin Richer
parent 2d5e53c0f2
commit 54fbf0d0ac
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
View File

@ -122,7 +122,8 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
private TokenCacheObject checkCache(String key) { private TokenCacheObject checkCache(String key) {
if (authCache.containsKey(key)) { if (authCache.containsKey(key)) {
TokenCacheObject tco = authCache.get(key); TokenCacheObject tco = authCache.get(key);
if (tco.token.getExpiration().after(new Date())) { // for this introspection service, null expiration means tokens don't expire
if (tco.token.getExpiration() == null || tco.token.getExpiration().after(new Date())) {
return tco; return tco;
} else { } else {
// if the token is expired, don't keep things around. // if the token is expired, don't keep things around.
@ -156,7 +157,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
// Validate a token string against the introspection endpoint, // Validate a token string against the introspection endpoint,
// then parse it and store it in the local cache. Return true on // then parse it and store it in the local cache. Return true on
// sucess, false otherwise. // success, false otherwise.
private boolean parseToken(String accessToken) { private boolean parseToken(String accessToken) {
// find out which URL to ask // find out which URL to ask
@ -230,7 +231,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
// create an OAuth2AccessToken // create an OAuth2AccessToken
OAuth2AccessToken token = createAccessToken(tokenResponse, accessToken); OAuth2AccessToken token = createAccessToken(tokenResponse, accessToken);
if (token.getExpiration().after(new Date())) { if (token.getExpiration() == null || token.getExpiration().after(new Date())) {
// Store them in the cache // Store them in the cache
authCache.put(accessToken, new TokenCacheObject(token, auth)); authCache.put(accessToken, new TokenCacheObject(token, auth));
@ -253,7 +254,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
} else { } else {
if (parseToken(accessToken)) { if (parseToken(accessToken)) {
cacheAuth = authCache.get(accessToken); cacheAuth = authCache.get(accessToken);
if (cacheAuth != null && (cacheAuth.token.getExpiration().after(new Date()))) { if (cacheAuth != null && (cacheAuth.token.getExpiration() == null || cacheAuth.token.getExpiration().after(new Date()))) {
return cacheAuth.auth; return cacheAuth.auth;
} else { } else {
return null; return null;
@ -275,7 +276,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
} else { } else {
if (parseToken(accessToken)) { if (parseToken(accessToken)) {
cacheAuth = authCache.get(accessToken); cacheAuth = authCache.get(accessToken);
if (cacheAuth != null && (cacheAuth.token.getExpiration().after(new Date()))) { if (cacheAuth != null && (cacheAuth.token.getExpiration() == null || cacheAuth.token.getExpiration().after(new Date()))) {
return cacheAuth.token; return cacheAuth.token;
} else { } else {
return null; return null;