/** * The MIT License (MIT) * * Copyright (C) 2013-2016 tarent solutions GmbH * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ package org.osiam.auth.token; import org.osiam.auth.oauth_client.ClientRepository; import org.osiam.client.oauth.AccessToken; import org.osiam.client.oauth.Scope; import org.osiam.resources.provisioning.SCIMUserProvisioning; import org.osiam.resources.scim.User; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.stereotype.Service; import java.util.Collection; import java.util.LinkedList; import java.util.List; @Service public class TokenService { private final TokenStore tokenStore; private final SCIMUserProvisioning userProvisioning; private final ClientRepository clientRepository; @Autowired public TokenService(TokenStore tokenStore, SCIMUserProvisioning userProvisioning, ClientRepository clientRepository) { this.tokenStore = tokenStore; this.userProvisioning = userProvisioning; this.clientRepository = clientRepository; } public AccessToken validateToken(final String token) { OAuth2Authentication auth = tokenStore.readAuthentication(token); OAuth2AccessToken accessToken = tokenStore.getAccessToken(auth); OAuth2Request authReq = auth.getOAuth2Request(); AccessToken.Builder tokenBuilder = new AccessToken.Builder(token).setClientId(authReq.getClientId()); if (auth.getUserAuthentication() != null && auth.getPrincipal() instanceof User) { User user = (User) auth.getPrincipal(); tokenBuilder.setUserName(user.getUserName()); tokenBuilder.setUserId(user.getId()); } tokenBuilder.setExpiresAt(accessToken.getExpiration()); for (String scopeString : authReq.getScope()) { tokenBuilder.addScope(new Scope(scopeString)); } return tokenBuilder.build(); } public void revokeToken(final String token) { tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(token)); } public void revokeAllTokensOfUser(final String userId) { User user = userProvisioning.getById(userId); // the token store maps the tokens of a user to the string representation of the principal String searchKey = new User.Builder(user.getUserName()) .setId(userId) .build() .toString(); List<String> clientIds = clientRepository.findAllClientIds(); List<OAuth2AccessToken> tokens = new LinkedList<>(); for (String clientId : clientIds) { Collection<OAuth2AccessToken> tokenForClient = tokenStore.findTokensByClientIdAndUserName( clientId, searchKey ); tokens.addAll(tokenForClient); } for (OAuth2AccessToken token : tokens) { tokenStore.removeAccessToken(token); } } }