protected void saveAccessToken(ServerAccessToken serverToken) {
    getEntityManager().getTransaction().begin();
    List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
    for (OAuthPermission perm : serverToken.getScopes()) {
      OAuthPermission permSaved =
          getEntityManager().find(OAuthPermission.class, perm.getPermission());
      if (permSaved != null) {
        perms.add(permSaved);
      } else {
        getEntityManager().persist(perm);
        perms.add(perm);
      }
    }
    serverToken.setScopes(perms);

    UserSubject sub =
        getEntityManager().find(UserSubject.class, serverToken.getSubject().getLogin());
    if (sub == null) {
      getEntityManager().persist(serverToken.getSubject());
    } else {
      sub = getEntityManager().merge(serverToken.getSubject());
      serverToken.setSubject(sub);
    }

    getEntityManager().persist(serverToken);
    getEntityManager().getTransaction().commit();
  }
Exemple #2
0
  private static String tokenizeServerToken(ServerAccessToken token) {
    StringBuilder state = new StringBuilder();
    // 0: key
    state.append(tokenizeString(token.getTokenKey()));
    // 1: type
    state.append(SEP);
    state.append(tokenizeString(token.getTokenType()));
    // 2: expiresIn
    state.append(SEP);
    state.append(token.getExpiresIn());
    // 3: issuedAt
    state.append(SEP);
    state.append(token.getIssuedAt());
    // 4: client id
    state.append(SEP);
    state.append(tokenizeString(token.getClient().getClientId()));
    // 5: refresh token
    state.append(SEP);
    state.append(tokenizeString(token.getRefreshToken()));
    // 6: grant type
    state.append(SEP);
    state.append(tokenizeString(token.getGrantType()));
    // 7: audience
    state.append(SEP);
    state.append(tokenizeString(token.getAudience()));
    // 8: other parameters
    state.append(SEP);
    // {key=value, key=value}
    state.append(token.getParameters().toString());
    // 9: permissions
    state.append(SEP);
    if (token.getScopes().isEmpty()) {
      state.append(" ");
    } else {
      for (OAuthPermission p : token.getScopes()) {
        // 9.1
        state.append(tokenizeString(p.getPermission()));
        state.append(".");
        // 9.2
        state.append(tokenizeString(p.getDescription()));
        state.append(".");
        // 9.3
        state.append(p.isDefault());
        state.append(".");
        // 9.4
        state.append(p.getHttpVerbs().toString());
        state.append(".");
        // 9.5
        state.append(p.getUris().toString());
      }
    }
    state.append(SEP);
    // 10: user subject
    tokenizeUserSubject(state, token.getSubject());

    return state.toString();
  }
 private String getProcessedIdToken(ServerAccessToken st) {
   if (userInfoProvider != null) {
     IdToken idToken =
         userInfoProvider.getIdToken(
             st.getClient().getClientId(), st.getSubject(), st.getScopes());
     setAtHashAndNonce(idToken, st);
     return super.processJwt(new JwtToken(idToken), st.getClient());
   } else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) {
     return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN);
   } else if (st.getSubject() instanceof OidcUserSubject) {
     OidcUserSubject sub = (OidcUserSubject) st.getSubject();
     IdToken idToken = new IdToken(sub.getIdToken());
     idToken.setAudience(st.getClient().getClientId());
     idToken.setAuthorizedParty(st.getClient().getClientId());
     // if this token was refreshed then the cloned IDToken might need to have its
     // issuedAt and expiry time properties adjusted if it proves to be necessary
     setAtHashAndNonce(idToken, st);
     return super.processJwt(new JwtToken(idToken), st.getClient());
   } else {
     return null;
   }
 }