public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
String refreshToken = null;
if (token.getRefreshToken() != null) {
refreshToken = token.getRefreshToken().getValue();
}
// the JdbcTokenStore removes the existing token for this token_id [if it exists]
// We'll avoid doing so for now, unless a compelling reason to do otherwise presents itself
// if (readAccessToken(token.getValue()) != null) {
// removeAccessToken(token.getValue());
// }
Map<String, AttributeValueUpdate> updates = new HashMap<String, AttributeValueUpdate>();
updates.put(
schema.getAccessColumnToken(),
new AttributeValueUpdate(
new AttributeValue().withB(serializeAccessToken(token)), AttributeAction.PUT));
DynamoDBUtils.nullSafeUpdateS(
updates,
schema.getAccessColumnAuthenticationId(),
authenticationKeyGenerator.extractKey(authentication));
if (authentication.isClientOnly()
|| authentication.getName() == null
|| authentication.getName().length() == 0) {
DynamoDBUtils.nullSafeUpdateS(
updates, schema.getAccessColumnUserName(), schema.getAccessNullUserToken());
updates.put(
schema.getAccessColumnIsNullUser(),
new AttributeValueUpdate(
new AttributeValue().withN(schema.getAccessIsNullUserTrueToken()),
AttributeAction.PUT));
} else {
DynamoDBUtils.nullSafeUpdateS(
updates, schema.getAccessColumnUserName(), authentication.getName());
DynamoDBUtils.nullSafeUpdateS(updates, schema.getAccessColumnIsNullUser(), null);
}
DynamoDBUtils.nullSafeUpdateS(
updates, schema.getAccessColumnClientId(), authentication.getOAuth2Request().getClientId());
updates.put(
schema.getAccessColumnAuthentication(),
new AttributeValueUpdate(
new AttributeValue().withB(serializeAuthentication(authentication)),
AttributeAction.PUT));
DynamoDBUtils.nullSafeUpdateS(
updates, schema.getAccessColumnRefreshToken(), extractTokenKey(refreshToken));
dynamoDBTemplate.update(
schema.getAccessTableName(), //
Collections.singletonMap(
schema.getAccessColumnTokenId(),
new AttributeValue(extractTokenKey(token.getValue()))), //
updates);
}
@Override
public OAuth2AccessToken getAccessToken(
OAuth2ProtectedResourceDetails resource, Authentication authentication) {
if (authentication instanceof OAuth2Authentication) {
OAuth2AccessToken token = tokenStore.getAccessToken((OAuth2Authentication) authentication);
if (token != null) {
logger.debug("Found token for OAuth2Authentication");
return token;
}
}
Collection<OAuth2AccessToken> tokens = tokenStore.findTokensByClientId(resource.getClientId());
if (tokens == null || tokens.isEmpty()) {
return null;
}
Iterator<OAuth2AccessToken> iter = tokens.iterator();
while (iter.hasNext()) {
OAuth2AccessToken token = iter.next();
OAuth2Authentication oauth2Auth = tokenStore.readAuthentication(token);
if (oauth2Auth != null
&& resource.getClientId().equals(oauth2Auth.getOAuth2Request().getClientId())
&& oauth2Auth.getName().equals(authentication.getName())) {
logger.debug("token for user: "******" found");
return token;
}
}
logger.debug("token not found");
return null;
}
@PersistenceConstructor
public OAuth2AuthenticationAccessToken(
OAuth2AccessToken oAuth2AccessToken,
OAuth2Authentication authentication,
String authenticationId) {
this.id = UUID.randomUUID().toString();
this.tokenId = oAuth2AccessToken.getValue();
this.oAuth2AccessToken = oAuth2AccessToken;
this.authenticationId = authenticationId;
this.userName = authentication.getName();
this.clientId = authentication.getOAuth2Request().getClientId();
this.authentication = authentication;
this.refreshToken = oAuth2AccessToken.getRefreshToken().getValue();
}
