public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
String refreshToken = null;
if (token.getRefreshToken() != null) {
refreshToken = token.getRefreshToken().getValue();
}
// the JdbcTokenStore removes the existing token for this token_id [if it exists]
// We'll avoid doing so for now, unless a compelling reason to do otherwise presents itself
// if (readAccessToken(token.getValue()) != null) {
// removeAccessToken(token.getValue());
// }
Map<String, AttributeValueUpdate> updates = new HashMap<String, AttributeValueUpdate>();
updates.put(
schema.getAccessColumnToken(),
new AttributeValueUpdate(
new AttributeValue().withB(serializeAccessToken(token)), AttributeAction.PUT));
DynamoDBUtils.nullSafeUpdateS(
updates,
schema.getAccessColumnAuthenticationId(),
authenticationKeyGenerator.extractKey(authentication));
if (authentication.isClientOnly()
|| authentication.getName() == null
|| authentication.getName().length() == 0) {
DynamoDBUtils.nullSafeUpdateS(
updates, schema.getAccessColumnUserName(), schema.getAccessNullUserToken());
updates.put(
schema.getAccessColumnIsNullUser(),
new AttributeValueUpdate(
new AttributeValue().withN(schema.getAccessIsNullUserTrueToken()),
AttributeAction.PUT));
} else {
DynamoDBUtils.nullSafeUpdateS(
updates, schema.getAccessColumnUserName(), authentication.getName());
DynamoDBUtils.nullSafeUpdateS(updates, schema.getAccessColumnIsNullUser(), null);
}
DynamoDBUtils.nullSafeUpdateS(
updates, schema.getAccessColumnClientId(), authentication.getOAuth2Request().getClientId());
updates.put(
schema.getAccessColumnAuthentication(),
new AttributeValueUpdate(
new AttributeValue().withB(serializeAuthentication(authentication)),
AttributeAction.PUT));
DynamoDBUtils.nullSafeUpdateS(
updates, schema.getAccessColumnRefreshToken(), extractTokenKey(refreshToken));
dynamoDBTemplate.update(
schema.getAccessTableName(), //
Collections.singletonMap(
schema.getAccessColumnTokenId(),
new AttributeValue(extractTokenKey(token.getValue()))), //
updates);
}
public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) {
OAuth2AccessToken accessToken = null;
String key = authenticationKeyGenerator.extractKey(authentication);
try {
String accessTokenId =
dynamoDBTemplate.queryUnique(
schema.getAccessTableName(),
schema.getAccessIndexAuthenticationId(), //
Collections.singletonMap(
schema.getAccessColumnAuthenticationId(),
new Condition()
.withComparisonOperator(ComparisonOperator.EQ)
.withAttributeValueList(new AttributeValue(key))), //
new ObjectExtractor<String>() {
public String extract(Map<String, AttributeValue> values) {
return values.get(schema.getAccessColumnTokenId()).getS();
}
});
accessToken =
dynamoDBTemplate.get(
schema.getAccessTableName(),
Collections.singletonMap(
schema.getAccessColumnTokenId(), new AttributeValue(accessTokenId)),
new ObjectExtractor<OAuth2AccessToken>() {
public OAuth2AccessToken extract(Map<String, AttributeValue> values) {
return deserializeAccessToken(values.get(schema.getAccessColumnToken()).getB());
}
});
} catch (EmptyResultDataAccessException | IncorrectResultSizeDataAccessException e) {
if (LOG.isDebugEnabled()) {
LOG.debug("Failed to find access token for authentication " + authentication);
}
} catch (IllegalArgumentException e) {
LOG.error("Could not extract access token for authentication " + authentication, e);
}
if (accessToken != null
&& !key.equals(
authenticationKeyGenerator.extractKey(readAuthentication(accessToken.getValue())))) {
// Keep the store consistent (maybe the same user is represented by this authentication but
// the details have
// changed)
storeAccessToken(accessToken, authentication);
}
return accessToken;
}
