org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken Java Examples

The following examples show how to use org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CustomRedisTokenStore.java    From Auth-service with MIT License 6 votes vote down vote up 
@Override
public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
    byte[] refreshKey = serializeKey(REFRESH + refreshToken.getValue());
    byte[] refreshAuthKey = serializeKey(REFRESH_AUTH + refreshToken.getValue());
    byte[] serializedRefreshToken = serialize(refreshToken);
    RedisConnection conn = getConnection();
    try {
        conn.openPipeline();
        conn.stringCommands().set(refreshKey, serializedRefreshToken);
        conn.stringCommands().set(refreshAuthKey, serialize(authentication));
        if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
            Date expiration = expiringRefreshToken.getExpiration();
            if (expiration != null) {
                int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L)
                        .intValue();
                conn.expire(refreshKey, seconds);
                conn.expire(refreshAuthKey, seconds);
            }
        }
        conn.closePipeline();
    } finally {
        conn.close();
    }
}
Example #2
Source File: CustomRedisTokenStore.java    From microservices-platform with Apache License 2.0 5 votes vote down vote up 
private void expireRefreshToken(OAuth2RefreshToken refreshToken, RedisConnection conn, byte[] refreshKey, byte[] refreshAuthKey) {
    if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
        ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
        Date expiration = expiringRefreshToken.getExpiration();
        if (expiration != null) {
            int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L)
                    .intValue();
            conn.expire(refreshKey, seconds);
            conn.expire(refreshAuthKey, seconds);
        }
    }
}
Example #3
Source File: YamiTokenServices.java    From mall4j with GNU Affero General Public License v3.0 5 votes vote down vote up 
protected boolean isExpired(OAuth2RefreshToken refreshToken) {
    if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
        ExpiringOAuth2RefreshToken expiringToken = (ExpiringOAuth2RefreshToken) refreshToken;
        return expiringToken.getExpiration() == null
                || System.currentTimeMillis() > expiringToken.getExpiration().getTime();
    }
    return false;
}
Example #4
Source File: YamiTokenServices.java    From mall4j with GNU Affero General Public License v3.0 4 votes vote down vote up 
@Transactional(rollbackFor = Exception.class)
    @Override
    public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) {

        OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
        OAuth2RefreshToken refreshToken = null;
        // 如果有token,直接删除,更新token,避免出现缓存问题
//        if (existingAccessToken != null) {
//            if (existingAccessToken.getRefreshToken() != null) {
//                refreshToken = existingAccessToken.getRefreshToken();
//                // The token store could remove the refresh token when the
//                // access token is removed, but we want to
//                // be sure...
//                tokenStore.removeRefreshToken(refreshToken);
//            }
//            tokenStore.removeAccessToken(existingAccessToken);
//
//        }

        // Only create a new refresh token if there wasn't an existing one
        // associated with an expired access token.
        // Clients might be holding existing refresh tokens, so we re-use it in
        // the case that the old access token
        // expired.
        if (refreshToken == null) {
            refreshToken = createRefreshToken(authentication);
        }
        // But the refresh token itself might need to be re-issued if it has
        // expired.
        else if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
            if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
                refreshToken = createRefreshToken(authentication);
            }
        }

        OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
        tokenStore.storeAccessToken(accessToken, authentication);
        // In case it was modified
        refreshToken = accessToken.getRefreshToken();
        if (refreshToken != null) {
            tokenStore.storeRefreshToken(refreshToken, authentication);
        }
        return accessToken;

    }