예제 #1
0
  // Access 토큰을 refresh함.
  private TokenVO refreshToken(String clientRefreshToken) throws OAuth2Exception {
    TokenVO tempVO = new TokenVO();
    tempVO.setRefresh_token(clientRefreshToken);
    TokenVO tVO = null;
    try {
      tVO = dao.selectRefreshToken(tempVO);
    } catch (Exception e) {
      e.printStackTrace();
      throw new OAuth2Exception(500, OAuth2ErrorConstant.SERVER_ERROR);
    }

    if (tVO == null) {
      throw new OAuth2Exception(401, OAuth2ErrorConstant.INVALID_TOKEN);
    }

    tVO.setAccess_token(OAuth2Util.generateToken());
    tVO.setCreated_at(OAuth2Util.getCurrentTimeStamp());

    try {
      dao.updateAccessToken(tVO);
    } catch (Exception e) {
      e.printStackTrace();
      throw new OAuth2Exception(401, OAuth2ErrorConstant.INVALID_TOKEN);
    }

    return tVO;
  }
예제 #2
0
  // grant_type이 authorization_code일 때
  private ResponseAccessTokenVO refreshTokenFlow(
      RequestAccessTokenVO ratVO, HttpServletRequest request) throws OAuth2Exception {
    // 1. 전달된 refresh Token과
    // GET 방식일 때는 Client ID와 Client Secret은 Authorization Header를 통해 전달되어야 함.
    if (request.getMethod().equalsIgnoreCase("GET")) {
      String authHeader = (String) request.getHeader("Authorization");
      if (authHeader == null || authHeader.equals("")) {
        throw new OAuth2Exception(400, OAuth2ErrorConstant.INVALID_PARAMETER);
      }
      // Basic 인증 헤더 파싱
      OAuth2Util.parseBasicAuthHeader(authHeader, ratVO);
    }

    // 2. ClientID, Secret 모두 전달되었는지 여부 --> 존재 여부 확인
    if (ratVO.getClient_id() == null || ratVO.getClient_secret() == null) {
      throw new OAuth2Exception(400, OAuth2ErrorConstant.INVALID_PARAMETER);
    }

    // 3. clientID 와 client_secret의 일치여부
    ClientVO cVOTemp = new ClientVO();
    cVOTemp.setClient_id(ratVO.getClient_id());
    ClientVO cVO = null;
    try {
      cVO = dao.getClientOne(cVOTemp);
    } catch (Exception e) {
      throw new OAuth2Exception(500, OAuth2ErrorConstant.SERVER_ERROR);
    }

    if (cVO == null) {
      throw new OAuth2Exception(500, OAuth2ErrorConstant.UNAUTHORIZED_CLIENT);
    }

    if (ratVO.getClient_secret() != null
        && !cVO.getClient_secret().equals(ratVO.getClient_secret())) {
      throw new OAuth2Exception(500, OAuth2ErrorConstant.UNAUTHORIZED_CLIENT);
    }

    // 4. refresh token의 일치 여부
    if (ratVO.getRefresh_token() == null) {
      throw new OAuth2Exception(400, OAuth2ErrorConstant.INVALID_PARAMETER);
    }

    TokenVO tVOTemp = new TokenVO();
    tVOTemp.setRefresh_token(ratVO.getRefresh_token());
    TokenVO tVO = null;
    try {
      tVO = dao.selectRefreshToken(tVOTemp);
    } catch (Exception e) {
      e.printStackTrace();
      throw new OAuth2Exception(500, OAuth2ErrorConstant.SERVER_ERROR);
    }

    if (tVO == null) {
      throw new OAuth2Exception(400, OAuth2ErrorConstant.INVALID_TOKEN);
    }

    // 5. TokenVO의 accessToken 갱신 --> DB 업데이트 -->
    // --> refreshToken 값 없이  ResponseAccessTokenVO객체 생성 --> JSON 포맷으로 응답
    tVO.setAccess_token(OAuth2Util.generateToken());
    tVO.setCreated_at(OAuth2Util.getCurrentTimeStamp());
    try {
      dao.updateAccessToken(tVO);
    } catch (Exception e) {
      e.printStackTrace();
      throw new OAuth2Exception(500, OAuth2ErrorConstant.SERVER_ERROR);
    }

    ResponseAccessTokenVO resVO =
        new ResponseAccessTokenVO(
            tVO.getAccess_token(),
            tVO.getToken_type(),
            tVO.getExpires_in(),
            null,
            ratVO.getState(),
            tVO.getCreated_at());

    return resVO;
  }