github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added getters and setters to IntrospectingTokenService 

Fixed TokenCacheObject constructor for setting TCO's expire time
pull/839/head
Stephen Moore 2015-06-09 13:37:07 -04:00
parent 698fe55b85
commit a259841eaf
1 changed files with 70 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
View File

@ -88,12 +88,12 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
this.token = token; this.token = token;
this.auth = auth; this.auth = auth;
// we don't need to check the cacheTokens values, because this won't actually be added to the cache if cacheTokens is false
// if the token doesn't have an expire time, use the default expire time // if the token isn't null we use the token expire time
// also use the default expire time if the token is valid for longer than that time (i.e. force a check of the token, if force check is valid) // if forceCacheExpireTime is also true, we also make sure that the token expire time is shorter than the default expire time
if (this.token.getExpiration() != null || (forceCacheExpireTime && (this.token.getExpiration().getTime() - System.currentTimeMillis() <= defaultExpireTime))) { if ((this.token.getExpiration() != null) && (!forceCacheExpireTime || (forceCacheExpireTime && (this.token.getExpiration().getTime() - System.currentTimeMillis() <= defaultExpireTime)))) {
this.cacheExpire = this.token.getExpiration(); this.cacheExpire = this.token.getExpiration();
} else { } else { // if the token doesn't have an expire time, or if the using forceCacheExpireTime the token expire time is longer than the default, then use the default expire time
Calendar cal = Calendar.getInstance(); Calendar cal = Calendar.getInstance();
cal.add(Calendar.MILLISECOND, defaultExpireTime); cal.add(Calendar.MILLISECOND, defaultExpireTime);
this.cacheExpire = cal.getTime(); this.cacheExpire = cal.getTime();
@ -151,8 +151,63 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
this.defaultExpireTime = defaultExpireTime; this.defaultExpireTime = defaultExpireTime;
} }
// Check if there is a token and authentication in the cache /**
// and check if it is not expired. * check if forcing a cache expire time maximum value
* @return the forceCacheExpireTime setting
*/
public boolean isForceCacheExpireTime() {
return forceCacheExpireTime;
}
/**
* set forcing a cache expire time maximum value
* @param forceCacheExpireTime
*/
public void setForceCacheExpireTime(boolean forceCacheExpireTime) {
this.forceCacheExpireTime = forceCacheExpireTime;
}
/**
* Are non-expiring tokens cached using the default cache time
* @return state of cacheNonExpiringTokens
*/
public boolean isCacheNonExpiringTokens() {
return cacheNonExpiringTokens;
}
/**
* should non-expiring tokens be cached using the default cache timeout
* @param cacheNonExpiringTokens
*/
public void setCacheNonExpiringTokens(boolean cacheNonExpiringTokens) {
this.cacheNonExpiringTokens = cacheNonExpiringTokens;
}
/**
* Is the service caching tokens, or is it hitting the introspection end point every time
* @return true is caching tokens locally, false hits the introspection end point every time
*/
public boolean isCacheTokens() {
return cacheTokens;
}
/**
* Configure if the client should cache tokens locally or not
* @param cacheTokens
*/
public void setCacheTokens(boolean cacheTokens) {
this.cacheTokens = cacheTokens;
}
/**
* Check to see if the introspection end point response for a token has been cached locally
* This call will return the token if it has been cached and is still valid according to
* the cache expire time on the TokenCacheObject. If a cached value has been found but is
* expired, either by default expire times or the token's own expire time, then the token is
* removed from the cache and null is returned.
* @param key is the token to check
* @return the cached TokenCacheObject or null
*/
private TokenCacheObject checkCache(String key) { private TokenCacheObject checkCache(String key) {
if (cacheTokens && authCache.containsKey(key)) { if (cacheTokens && authCache.containsKey(key)) {
TokenCacheObject tco = authCache.get(key); TokenCacheObject tco = authCache.get(key);
@ -189,9 +244,13 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
return accessToken; return accessToken;
} }
// Validate a token string against the introspection endpoint, /**
// then parse it and store it in the local cache. Return TokenCacheObject * Validate a token string against the introspection endpoint,
// if token is valid, otherwise return null * then parse it and store it in the local cache if caching is enabled.
*
* @param accessToken Token to pass to the introspection endpoint
* @return TokenCacheObject containing authentication and token if the token was valid, otherwise null
*/
private TokenCacheObject parseToken(String accessToken) { private TokenCacheObject parseToken(String accessToken) {
// find out which URL to ask // find out which URL to ask
@ -275,7 +334,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
} }
} }
// If we never put a token and an authentication in the cache... // when the token is invalid for whatever reason
return null; return null;
} }