Commit 919f2d66 authored by Matija Obreza's avatar Matija Obreza
Browse files

OAuth verification tokens are persisted

parent 98cc72df
/**
* Copyright 2013 Global Crop Diversity Trust
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -16,66 +16,62 @@
package org.genesys2.server.model.oauth;
import java.sql.Blob;
import java.util.Date;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Lob;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import org.genesys2.server.model.HibernateModel;
import org.genesys2.server.model.BusinessModel;
/**
* Verification code model
*
* @author matijaobreza
*/
@Entity
@Table(name = "oauth_code")
public class OAuthCode implements HibernateModel {
public class OAuthCode extends BusinessModel {
private static final long serialVersionUID = 8018089692223912764L;
@Id
@Column(name = "code", unique = true, nullable = false)
@Column(name = "code", length = 32, unique = true, nullable = false)
private String code;
@Lob
@Column(name = "authentication")
private Blob authentication;
private byte[] authentication;
public String getCode() {
return code;
}
@Temporal(TemporalType.TIMESTAMP)
private Date createdDate;
public void setCode(String code) {
this.code = code;
public OAuthCode() {
createdDate = new Date();
}
public Blob getAuthentication() {
return authentication;
public Date getCreatedDate() {
return createdDate;
}
public void setAuthentication(Blob authentication) {
this.authentication = authentication;
public void setCreatedDate(Date createdDate) {
this.createdDate = createdDate;
}
@Override
public boolean equals(Object o) {
if (this == o)
return true;
if (!(o instanceof OAuthCode))
return false;
OAuthCode oAuthCode = (OAuthCode) o;
public String getCode() {
return code;
}
if (authentication != null ? !authentication.equals(oAuthCode.authentication) : oAuthCode.authentication != null)
return false;
if (code != null ? !code.equals(oAuthCode.code) : oAuthCode.code != null)
return false;
public void setCode(String code) {
this.code = code;
}
return true;
public void setAuthentication(byte[] authentication) {
this.authentication = authentication;
}
@Override
public int hashCode() {
int result = code != null ? code.hashCode() : 0;
result = 31 * result + (authentication != null ? authentication.hashCode() : 0);
return result;
public byte[] getAuthentication() {
return authentication;
}
}
......@@ -16,11 +16,21 @@
package org.genesys2.server.persistence.domain;
import java.util.Date;
import org.genesys2.server.model.oauth.OAuthCode;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.transaction.annotation.Transactional;
@Transactional
public interface OAuthCodePersistence extends JpaRepository<OAuthCode, String> {
public interface OAuthCodePersistence extends JpaRepository<OAuthCode, Long> {
OAuthCode findByCode(String code);
@Modifying
@Query("delete from OAuthCode code where code.createdDate < ?1")
int deleteOlderThan(Date date);
}
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.service;
public interface OAuth2AuthorizationCodeCleanup {
/**
* Remove expired tokens
*/
void removeExpired();
}
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.service.impl;
import java.util.Date;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.genesys2.server.model.oauth.OAuthCode;
import org.genesys2.server.persistence.domain.OAuthCodePersistence;
import org.genesys2.server.service.OAuth2AuthorizationCodeCleanup;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.security.oauth2.common.util.SerializationUtils;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.AuthorizationRequestHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@Service("verificationCodeService")
@Transactional
public class OAuth2AuthorizationCodeServiceImpl implements OAuth2AuthorizationCodeCleanup, AuthorizationCodeServices {
private static final Log LOG = LogFactory.getLog(OAuth2AuthorizationCodeServiceImpl.class);
private RandomValueStringGenerator generator = new RandomValueStringGenerator();
@Autowired
private OAuthCodePersistence oauthCodeRepository;
/**
* Cleanup executed every 10 minutes
*/
@Override
@Scheduled(fixedDelay = 600000)
public void removeExpired() {
Date olderThan = new Date(new Date().getTime() - 600000);
LOG.info("Removing OAuth verification codes from before: " + olderThan);
int count = oauthCodeRepository.deleteOlderThan(olderThan);
LOG.info("Removed expired OAuth verification codes: " + count);
}
@Override
public String createAuthorizationCode(AuthorizationRequestHolder authentication) {
for (int i = 5; i >= 0; i--) {
String code = generator.generate();
try {
store(code, authentication);
return code;
} catch (Throwable e) {
LOG.warn(e);
}
}
throw new RuntimeException("Failed to generate a unique verification code.");
}
@Override
public AuthorizationRequestHolder consumeAuthorizationCode(String code) throws InvalidGrantException {
AuthorizationRequestHolder auth = this.remove(code);
if (auth == null) {
throw new InvalidGrantException("Invalid authorization code: " + code);
}
return auth;
}
protected void store(String code, AuthorizationRequestHolder authentication) {
OAuthCode oauthCode = new OAuthCode();
oauthCode.setCode(code);
oauthCode.setAuthentication(SerializationUtils.serialize(authentication));
oauthCodeRepository.save(oauthCode);
}
protected AuthorizationRequestHolder remove(String code) {
OAuthCode oauthCode = oauthCodeRepository.findByCode(code);
if (oauthCode != null) {
oauthCodeRepository.delete(oauthCode);
return SerializationUtils.deserialize(oauthCode.getAuthentication());
} else {
return null;
}
}
}
......@@ -33,7 +33,7 @@
</sec:authentication-manager>
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
<oauth:authorization-code />
<oauth:authorization-code authorization-code-services-ref="verificationCodeService" />
<oauth:refresh-token />
</oauth:authorization-server>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment