org.springframework.security.oauth2.common.util.SerializationUtils Java Examples

The following examples show how to use org.springframework.security.oauth2.common.util.SerializationUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RedisAuthorizationCodeServices.java    From cloud-service with MIT License 6 votes vote down vote up
@Override
protected OAuth2Authentication remove(final String code) {
	OAuth2Authentication oAuth2Authentication = redisTemplate.execute(new RedisCallback<OAuth2Authentication>() {

		@Override
		public OAuth2Authentication doInRedis(RedisConnection connection) throws DataAccessException {
			byte[] keyByte = codeKey(code).getBytes();
			byte[] valueByte = connection.get(keyByte);

			if (valueByte != null) {
				connection.del(keyByte);
				return SerializationUtils.deserialize(valueByte);
			}

			return null;
		}
	});

	return oAuth2Authentication;
}
 
Example #2
Source File: TokenServiceImpl.java    From oauth-server with Apache License 2.0 6 votes vote down vote up
@Override
public void deleteOne(String tokenId) {
    //筛选token
    AccessTokenDO accessTokenDO = accessTokenMapper.selectByPrimaryKey(tokenId);
    //token不存在
    if (accessTokenDO == null) {
        throw new CommonException("error.delete.token.not.exist");
    }
    //提取sessionId
    DefaultOAuth2AccessToken deserialize = SerializationUtils.deserialize(accessTokenDO.getToken());
    //删除redis session
    redisTemplate.delete(SESSION_KEY_PREFIX + deserialize.getAdditionalInformation().get("sessionId"));
    //删除db accessToken/refreshToken
    accessTokenMapper.deleteByPrimaryKey(tokenId);
    refreshTokenMapper.deleteByPrimaryKey(accessTokenDO.getRefreshToken());
    LOGGER.info("delete token,tokenId:{},sessionId:{}",tokenId,deserialize.getAdditionalInformation().get("sessionId"));
}
 
Example #3
Source File: AccessParameterClientTokenServices.java    From shimmer with Apache License 2.0 6 votes vote down vote up
@Override
public void saveAccessToken(
        OAuth2ProtectedResourceDetails resource,
        Authentication authentication, OAuth2AccessToken accessToken) {

    String username = authentication.getPrincipal().toString();
    String shimKey = authentication.getDetails().toString();

    AccessParameters accessParameters =
            accessParametersRepo.findByUsernameAndShimKey(
                    username,
                    shimKey,
                    new Sort(Sort.Direction.DESC, "dateCreated"));

    if (accessParameters == null) {
        accessParameters = new AccessParameters();
        accessParameters.setUsername(username);
        accessParameters.setShimKey(shimKey);
    }

    accessParameters.setSerializedToken(SerializationUtils.serialize(accessToken));

    accessParametersRepo.save(accessParameters);
}
 
Example #4
Source File: AccessParameterClientTokenServices.java    From shimmer with Apache License 2.0 6 votes vote down vote up
@Override
public OAuth2AccessToken getAccessToken(
        OAuth2ProtectedResourceDetails resource,
        Authentication authentication) {

    String username = authentication.getPrincipal().toString();
    String shimKey = authentication.getDetails().toString();

    AccessParameters accessParameters = accessParametersRepo.findByUsernameAndShimKey(
            username, shimKey, new Sort(Sort.Direction.DESC, "dateCreated"));

    if (accessParameters == null || accessParameters.getSerializedToken() == null) {
        return null; //No token was found!
    }

    return SerializationUtils.deserialize(accessParameters.getSerializedToken());
}
 
Example #5
Source File: MongoTokenStoreTest.java    From spring-security-mongo with MIT License 6 votes vote down vote up
@Test
public void shouldReadAuthenticationForRefreshToken() {
    //Given
    final OAuth2RefreshToken oAuth2RefreshToken = OAuth2RefreshTokenBuilder.oAuth2RefreshToken().build();

    //And
    final OAuth2Authentication authentication = OAuth2AuthenticationBuilder.oAuth2AuthenticationBuilder().build();
    final byte[] authenticationSer = SerializationUtils.serialize(authentication);

    //And
    given(mongoOAuth2RefreshTokenRepository.findByTokenId(any(String.class)))
            .willReturn(MongoOAuth2RefreshTokenBuilder.mongoOAuth2RefreshTokenBuilder()
                    .authentication(authenticationSer)
                    .build());
    //When
    final OAuth2Authentication oAuth2Authentication = mongoTokenStore.readAuthenticationForRefreshToken(oAuth2RefreshToken);

    //Then
    assertThat(oAuth2Authentication.getPrincipal()).isEqualTo(authentication.getPrincipal());
    assertThat(oAuth2Authentication.getCredentials()).isEqualTo(authentication.getCredentials());
}
 
Example #6
Source File: MongoTokenStoreTest.java    From spring-security-mongo with MIT License 6 votes vote down vote up
@Test
public void shouldReadRefreshToken() {
    //Given
    final String tokenValue = string().next();
    final OAuth2RefreshToken oAuth2RefreshToken = OAuth2RefreshTokenBuilder.oAuth2RefreshToken().build();
    final byte[] oAuth2RefreshTokenSer = SerializationUtils.serialize(oAuth2RefreshToken);

    //And
    given(mongoOAuth2RefreshTokenRepository.findByTokenId(any(String.class)))
            .willReturn(MongoOAuth2RefreshTokenBuilder.mongoOAuth2RefreshTokenBuilder().token(oAuth2RefreshTokenSer).build());

    //When
    final OAuth2RefreshToken result = mongoTokenStore.readRefreshToken(tokenValue);

    //Then
    assertThat(result.getValue()).isEqualTo(oAuth2RefreshToken.getValue());
}
 
Example #7
Source File: MongoTokenStoreTest.java    From spring-security-mongo with MIT License 6 votes vote down vote up
@Test
public void shouldStoreRefreshToken() {
    //Given
    final OAuth2RefreshToken oAuth2RefreshToken = OAuth2RefreshTokenBuilder.oAuth2RefreshToken().build();

    //And
    final OAuth2Authentication oAuth2Authentication = OAuth2AuthenticationBuilder.oAuth2AuthenticationBuilder().build();

    //And
    final ArgumentCaptor<MongoOAuth2RefreshToken> argumentCaptor = ArgumentCaptor.forClass(MongoOAuth2RefreshToken.class);

    //When
    mongoTokenStore.storeRefreshToken(oAuth2RefreshToken, oAuth2Authentication);

    //Then
    verify(mongoOAuth2RefreshTokenRepository).save(argumentCaptor.capture());
    final MongoOAuth2RefreshToken refreshToken = argumentCaptor.getValue();
    final byte[] expectedResult = SerializationUtils.serialize(oAuth2RefreshToken);
    assertThat(refreshToken.getToken()).isEqualTo(expectedResult);

}
 
Example #8
Source File: MongoTokenStoreTest.java    From spring-security-mongo with MIT License 6 votes vote down vote up
@Test
public void shouldStoreAccessToken() {
    //Given
    final OAuth2AccessToken auth2AccessToken = OAuth2AccessTokenBuilder.oAuth2AccessTokenBuilder().build();
    final byte[] token = SerializationUtils.serialize(auth2AccessToken);

    //And
    final OAuth2Authentication oAuth2Authentication = OAuth2AuthenticationBuilder.oAuth2AuthenticationBuilder().build();

    //And
    given(mongoOAuth2AccessTokenRepository.findByTokenId(any(String.class)))
            .willReturn(MongoOAuth2AccessTokenBuilder.mongoOAuth2AccessTokenBuilder().token(token).build());

    //When
    mongoTokenStore.storeAccessToken(auth2AccessToken, oAuth2Authentication);

    //Then
    verify(mongoOAuth2AccessTokenRepository).deleteByTokenId(any(String.class));
    verify(mongoOAuth2AccessTokenRepository).save(any(MongoOAuth2AccessToken.class));
}
 
Example #9
Source File: OAuth2Shim.java    From shimmer with Apache License 2.0 5 votes vote down vote up
@Override
public AuthorizationRequestParameters getAuthorizationRequestParameters(
        String username,
        Map<String, String> additionalParameters)
        throws ShimException {

    OAuth2RestOperations restTemplate = restTemplate();

    try {
        // TODO replace with restTemplate.getAccessToken();
        trigger(restTemplate, getTriggerDataRequest());

        // if no exception has been thrown, assume that the current authorization is valid
        return AuthorizationRequestParameters.authorized();
    }
    catch (UserRedirectRequiredException e) {
        // if an exception was thrown it means a redirect is required
        AccessTokenRequest accessTokenRequest = restTemplate.getOAuth2ClientContext().getAccessTokenRequest();

        String stateKey = accessTokenRequest.getStateKey();

        /**
         * Build an authorization request from the exception
         * parameters. We also serialize spring's accessTokenRequest.
         */
        AuthorizationRequestParameters authRequestParams = new AuthorizationRequestParameters();
        authRequestParams.setRedirectUri(e.getRedirectUri());
        authRequestParams.setStateKey(e.getStateKey());
        authRequestParams.setAuthorizationUrl(getAuthorizationUrl(e, additionalParameters));
        authRequestParams.setSerializedRequest(SerializationUtils.serialize(accessTokenRequest));
        authRequestParams.setStateKey(stateKey);
        authRequestParams.setRequestParams(additionalParameters);

        return authorizationRequestParametersRepo.save(authRequestParams);
    }
}
 
Example #10
Source File: RedisAuthorizationCodeServices.java    From cloud-service with MIT License 5 votes vote down vote up
/**
 * 存储code到redis,并设置过期时间,10分钟<br>
 * value为OAuth2Authentication序列化后的字节<br>
 * 因为OAuth2Authentication没有无参构造函数<br>
 * redisTemplate.opsForValue().set(key, value, timeout, unit);
 * 这种方式直接存储的话,redisTemplate.opsForValue().get(key)的时候有些问题,
 * 所以这里采用最底层的方式存储,get的时候也用最底层的方式获取
 */
@Override
protected void store(String code, OAuth2Authentication authentication) {
	redisTemplate.execute(new RedisCallback<Long>() {

		@Override
		public Long doInRedis(RedisConnection connection) throws DataAccessException {
			connection.set(codeKey(code).getBytes(), SerializationUtils.serialize(authentication),
					Expiration.from(10, TimeUnit.MINUTES), SetOption.UPSERT);
			return 1L;
		}
	});
}
 
Example #11
Source File: MongoTokenStoreTest.java    From spring-security-mongo with MIT License 5 votes vote down vote up
@Test
public void shouldGetAccessToken() {
    //Given
    final OAuth2Authentication oAuth2Authentication = OAuth2AuthenticationBuilder.oAuth2AuthenticationBuilder().build();

    //And
    final String value = string().next();
    doReturn(value).doReturn(value).when(authenticationKeyGenerator).extractKey(any());

    //And
    final OAuth2AccessToken oAuth2AccessToken = OAuth2AccessTokenBuilder.oAuth2AccessTokenBuilder().build();

    final byte[] oAuth2AccessTokenSer = SerializationUtils.serialize(oAuth2AccessToken);
    given(mongoOAuth2AccessTokenRepository.findByAuthenticationId(value))
            .willReturn(MongoOAuth2AccessTokenBuilder.mongoOAuth2AccessTokenBuilder()
                    .token(oAuth2AccessTokenSer)
                    .build());

    //And
    given(mongoOAuth2AccessTokenRepository.findByTokenId(any()))
            .willReturn(MongoOAuth2AccessTokenBuilder.mongoOAuth2AccessTokenBuilder().build());

    //When
    mongoTokenStore.getAccessToken(oAuth2Authentication);

    //Then
    verify(mongoOAuth2AccessTokenRepository, never()).deleteByTokenId(any(String.class));
    verify(mongoOAuth2AccessTokenRepository, never()).save(any(MongoOAuth2AccessToken.class));
}
 
Example #12
Source File: MongoClientTokenServices.java    From spring-security-mongo with MIT License 5 votes vote down vote up
@Override
public void saveAccessToken(final OAuth2ProtectedResourceDetails resource,
                            final Authentication authentication,
                            final OAuth2AccessToken accessToken) {
    removeAccessToken(resource, authentication);
    final MongoOAuth2ClientToken mongoOAuth2ClientToken = new MongoOAuth2ClientToken(UUID.randomUUID().toString(),
            accessToken.getValue(),
            SerializationUtils.serialize(accessToken),
            clientKeyGenerator.extractKey(resource, authentication),
            authentication.getName(),
            resource.getClientId());

    mongoOAuth2ClientTokenRepository.save(mongoOAuth2ClientToken);
}
 
Example #13
Source File: MongoClientTokenServices.java    From spring-security-mongo with MIT License 4 votes vote down vote up
@Override
public OAuth2AccessToken getAccessToken(final OAuth2ProtectedResourceDetails resource,
                                        final Authentication authentication) {
    final MongoOAuth2ClientToken mongoOAuth2ClientToken = mongoOAuth2ClientTokenRepository.findByAuthenticationId(clientKeyGenerator.extractKey(resource, authentication));
    return SerializationUtils.deserialize(mongoOAuth2ClientToken.getToken());
}
 
Example #14
Source File: MongoTokenStore.java    From spring-security-mongo with MIT License 4 votes vote down vote up
private Collection<OAuth2AccessToken> transformToOAuth2AccessTokens(final List<MongoOAuth2AccessToken> oAuth2AccessTokens) {
    return oAuth2AccessTokens.stream()
            .filter(Objects::nonNull)
            .map(token -> SerializationUtils.<OAuth2AccessToken>deserialize(token.getToken()))
            .collect(Collectors.toList());
}
 
Example #15
Source File: RefreshToken.java    From konker-platform with Apache License 2.0 4 votes vote down vote up
public OAuth2Authentication authentication() {
    return SerializationUtils.deserialize(authentication);
}
 
Example #16
Source File: RefreshToken.java    From konker-platform with Apache License 2.0 4 votes vote down vote up
public OAuth2RefreshToken token() {
    return SerializationUtils.deserialize(token);
}
 
Example #17
Source File: AccessToken.java    From konker-platform with Apache License 2.0 4 votes vote down vote up
@Tolerate
public OAuth2Authentication authentication() {
    return SerializationUtils.deserialize(authentication);
}
 
Example #18
Source File: AccessToken.java    From konker-platform with Apache License 2.0 4 votes vote down vote up
@Tolerate
public OAuth2AccessToken token() {
    return SerializationUtils.deserialize(token);
}
 
Example #19
Source File: AuthorizationCode.java    From konker-platform with Apache License 2.0 4 votes vote down vote up
public OAuth2Authentication authentication() {
    return SerializationUtils.deserialize(authenticationBytes);
}
 
Example #20
Source File: AccessTokenDO.java    From oauth-server with Apache License 2.0 4 votes vote down vote up
public void setAuth2Authentication(OAuth2Authentication oauth2Authentication) {
    this.auth2Authentication = oauth2Authentication;
    this.authentication = SerializationUtils.serialize(oauth2Authentication);
}
 
Example #21
Source File: AccessTokenDO.java    From oauth-server with Apache License 2.0 4 votes vote down vote up
public void setToken(byte[] token) {
    this.token = token;
    this.value = SerializationUtils.deserialize(token);
}
 
Example #22
Source File: AccessTokenDO.java    From oauth-server with Apache License 2.0 4 votes vote down vote up
public void setValue(OAuth2AccessToken value) {
    this.value = value;
    this.token = SerializationUtils.serialize(value);
}