public OAuth2AccessToken enhance(
OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken);
Map<String, Object> info =
new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation());
String tokenId = result.getValue();
if (!info.containsKey(TOKEN_ID)) {
info.put(TOKEN_ID, tokenId);
}
result.setAdditionalInformation(info);
return result.setValue(encode(result, authentication));
}
private OAuth2AccessToken createAccessToken(
OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString());
int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request());
if (validitySeconds > 0) {
token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L)));
}
token.setRefreshToken(refreshToken);
token.setScope(authentication.getOAuth2Request().getScope());
return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token;
}
@Test
public void testExpiredToken() throws Exception {
OAuth2Authentication expectedAuthentication =
new OAuth2Authentication(
new AuthorizationRequest("id", Collections.singleton("read"), null, null),
new TestAuthentication("test2", false));
DefaultOAuth2AccessToken firstAccessToken =
(DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
// Make it expire (and rely on mutable state in volatile token store)
firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
expected.expect(InvalidTokenException.class);
expected.expectMessage("expired");
getTokenServices().loadAuthentication(firstAccessToken.getValue());
}
private Collection<OAuth2AccessToken> enhance(Collection<OAuth2AccessToken> tokens) {
Collection<OAuth2AccessToken> result = new ArrayList<OAuth2AccessToken>();
for (OAuth2AccessToken prototype : tokens) {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(prototype);
String clientId = tokenStore.readAuthentication(token).getOAuth2Request().getClientId();
if (clientId != null) {
Map<String, Object> map = new HashMap<String, Object>(token.getAdditionalInformation());
map.put("client_id", clientId);
token.setAdditionalInformation(map);
result.add(token);
}
}
return result;
}
@Test
public void testDifferentRefreshTokenMaintainsState() throws Exception {
// create access token
getTokenServices().setAccessTokenValiditySeconds(1);
getTokenServices()
.setClientDetailsService(
new ClientDetailsService() {
public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception {
BaseClientDetails client = new BaseClientDetails();
client.setAccessTokenValiditySeconds(1);
return client;
}
});
OAuth2Authentication expectedAuthentication =
new OAuth2Authentication(
new AuthorizationRequest("id", Collections.singleton("read"), null, null),
new TestAuthentication("test2", false));
DefaultOAuth2AccessToken firstAccessToken =
(DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
OAuth2RefreshToken expectedExpiringRefreshToken = firstAccessToken.getRefreshToken();
// Make it expire (and rely on mutable state in volatile token store)
firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
// create another access token
OAuth2AccessToken secondAccessToken =
getTokenServices().createAccessToken(expectedAuthentication);
assertFalse(
"The new access token should be different",
firstAccessToken.getValue().equals(secondAccessToken.getValue()));
assertEquals(
"The new access token should have the same refresh token",
expectedExpiringRefreshToken.getValue(),
secondAccessToken.getRefreshToken().getValue());
// refresh access token with refresh token
getTokenServices()
.refreshAccessToken(
expectedExpiringRefreshToken.getValue(),
expectedAuthentication.getAuthorizationRequest().getScope());
assertEquals(1, getAccessTokenCount());
}