github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

check access token expiration on read. closes #983

pull/990/head
Justin Richer 2015-12-16 22:46:42 -05:00
parent e1800b5fd6
commit 698feb49cd
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
View File

@ -335,15 +335,13 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
if (accessToken == null) { if (accessToken == null) {
throw new InvalidTokenException("Invalid access token: " + accessTokenValue); throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
} } else if (accessToken.isExpired()) {
if (accessToken.isExpired()) {
//tokenRepository.removeAccessToken(accessToken); //tokenRepository.removeAccessToken(accessToken);
revokeAccessToken(accessToken); revokeAccessToken(accessToken);
throw new InvalidTokenException("Expired access token: " + accessTokenValue); throw new InvalidTokenException("Expired access token: " + accessTokenValue);
} else {
return accessToken.getAuthenticationHolder().getAuthentication();
} }
return accessToken.getAuthenticationHolder().getAuthentication();
} }
@ -355,8 +353,11 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenByValue(accessTokenValue); OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenByValue(accessTokenValue);
if (accessToken == null) { if (accessToken == null) {
throw new InvalidTokenException("Access token for value " + accessTokenValue + " was not found"); throw new InvalidTokenException("Access token for value " + accessTokenValue + " was not found");
} } else if (accessToken.isExpired()) {
else { // immediately revoke the expired token
revokeAccessToken(accessToken);
throw new InvalidTokenException("Access token for value " + accessTokenValue + " is expired");
} else {
return accessToken; return accessToken;
} }
} }