All Downloads are FREE. Search and download functionalities are using the official Maven repository.

leap.oauth2.server.token.DefaultAuthzTokenManager Maven / Gradle / Ivy

There is a newer version: 0.7.13b
Show newest version
/*
 * Copyright 2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package leap.oauth2.server.token;

import java.util.HashMap;

import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.lang.Strings;
import leap.lang.beans.DynaBean;
import leap.oauth2.server.authc.AuthzAuthentication;
import leap.oauth2.server.OAuth2AuthzServerConfig;
import leap.oauth2.server.client.AuthzClient;
import leap.web.security.user.UserDetails;

public class DefaultAuthzTokenManager implements AuthzTokenManager {

	protected @Inject OAuth2AuthzServerConfig      config;
	protected @Inject AuthzAccessTokenGenerator    defaultAccessTokenGenerator;
	protected @Inject AuthzRefreshTokenGenerator   defaultRefreshTokenGenerator;

	protected @Inject BeanFactory                  factory;
    protected @Inject CreateAccessTokenProcessor[] processors;

    @Override
    public AuthzAccessToken createAccessToken(AuthzAuthentication authc) {
        AuthzClient client      = authc.getClientDetails();
        UserDetails               user        = authc.getUserDetails();
        AuthzAccessTokenGenerator atGenerator = getAccessTokenGenerator(authc);
        boolean                   rtCreated   = false;

        //Create access token.
        SimpleAuthzAccessToken at = new SimpleAuthzAccessToken();
        SimpleAuthzRefreshToken rt = new SimpleAuthzRefreshToken();

        if(user instanceof DynaBean && ((DynaBean)user).getProperties()!=null){
			if(at.getExtendedParameters()==null){
				at.setExtendedParameters(new HashMap<>());
			}
			at.getExtendedParameters().putAll(((DynaBean)user).getProperties());
		}

        //Generate token value
        at.setToken(atGenerator.generateAccessToken(authc));

        //Create refresh token
        if(isAllowRefreshToken(client)) {
            rtCreated = true;
            rt.setToken(getRefreshTokenGenerator(authc).generateRefreshToken(authc));
            rt.setExpiresIn(getRefreshTokenExpires(client));
        }

        //Set refresh token.
        at.setRefreshToken(rt.getToken());
        
        //Set expires & created
        at.setExpiresIn(getAccessTokenExpires(client));
        at.setCreated(System.currentTimeMillis());
        rt.setCreated(at.getCreated());

        //Set client & user info
        if(null != client) {
            at.setClientId(client.getId());
            rt.setClientId(client.getId());
            if(client.isAuthenticated()){
                at.setAuthenticated(client.isAuthenticated());
            }
        }

        if(null != user) {
            at.setUserId(user.getId().toString());
            rt.setUserId(at.getUserId());
            at.setUsername(user.getLoginName());
        }

        //Merge scope.
        String scope = null;
        if(client != null){
            if(config.isRequestLevelScopeEnabled()){
                scope = mergeScope(client, authc);
            }else if(client.isAuthenticated()){
                scope = client.getGrantedScope();
            }
        }
        //Scope
        at.setScope(scope);
        rt.setScope(scope);

        //Client Authenticated
        if(null != client){
            at.setAuthenticated(client.isAuthenticated());
        }

        if(processors != null && processors.length>0){
            for(CreateAccessTokenProcessor merger : processors){
                merger.process(client, authc, at,rt);
            }
        }

        //Store the token
        config.getTokenStore().saveAccessToken(at);

        if(rtCreated) {
            config.getTokenStore().saveRefreshToken(rt);
        }

        return at;
    }

    protected String mergeScope(AuthzClient client, AuthzAuthentication authc) {
        if(!client.isAuthenticated()){
            return authc.getScope();
        }
        if(Strings.isEmpty(client.getGrantedScope()) && Strings.isEmpty(authc.getScope())) {
            return null;
        }

        if(Strings.isEmpty(client.getGrantedScope())) {
            return authc.getScope();
        }

        if(Strings.isEmpty(authc.getScope())) {
            return client.getGrantedScope();
        }
        return client.getGrantedScope() + " " + authc.getScope();
    }

    @Override
    public AuthzAccessToken createAccessToken(AuthzAuthentication authc, AuthzRefreshToken rt) {
        //TODO : creates a new rt ?

        //create new one
        AuthzAccessToken at = createAccessToken(authc);

        //removes the old
        removeRefreshToken(rt);

        return at;
    }

    @Override
    public AuthzAccessToken loadAccessToken(String accessToken) {
        return config.getTokenStore().loadAccessToken(accessToken);
    }

    @Override
    public AuthzRefreshToken loadRefreshToken(String refreshToken) {
        return config.getTokenStore().loadRefreshToken(refreshToken);
    }

	@Override
    public void removeAccessToken(AuthzAccessToken token) {
	    removeAccessTokenOnly(token.getToken());
    }

    @Override
    public void removeRefreshToken(AuthzRefreshToken token) {
	    removeRefreshTokenOnly(token.getToken());
    }

    protected void removeAccessTokenOnly(String token) {
        config.getTokenStore().removeAccessToken(token);
    }

	protected void removeRefreshTokenOnly(String token) {
	    config.getTokenStore().removeRefreshToken(token);
	}

    protected int getAccessTokenExpires(AuthzClient client) {
	    int expires = config.getDefaultAccessTokenExpires();

	    if(null != client && client.getAccessTokenExpires() != null) {
	        expires = client.getAccessTokenExpires();
	    }

	    return expires;
	}

    protected int getRefreshTokenExpires(AuthzClient client) {
        int expires = config.getDefaultRefreshTokenExpires();

        if (null != client && client.getRefreshTokenExpires() != null) {
            expires = client.getRefreshTokenExpires();
        }

        return expires;
    }

	protected boolean isAllowRefreshToken(AuthzClient client) {
	    return null == client || client.isAllowRefreshToken();
	}

	protected AuthzAccessTokenGenerator getAccessTokenGenerator(AuthzAuthentication authc) {
	    return defaultAccessTokenGenerator;
	}

	protected AuthzRefreshTokenGenerator getRefreshTokenGenerator(AuthzAuthentication authc) {
	    return defaultRefreshTokenGenerator;
	}

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy