Commit af51c33c authored by Matija Obreza's avatar Matija Obreza

Use cache manager to manage OAuth2 authorization codes

parent 2835eb9a
/*
* Copyright 2019 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys2.spring;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.code.RandomValueAuthorizationCodeServices;
/**
* An InMemoryAuthorizationCodeServices implementation using the cache manager ensures
* codes are shared between instances.
*
* @author Matija Obreza
*/
public class CachedInMemoryAuthorizationCodeServices extends RandomValueAuthorizationCodeServices implements InitializingBean {
@Autowired
private CacheManager cacheManager;
private String authorizationCodeCacheName = "oauth2.authorizationCodes";
private Cache authorizationCodeCache;
public void setAuthorizationCodeCacheName(String authorizationCodeCacheName) {
this.authorizationCodeCacheName = authorizationCodeCacheName;
}
@Override
public void afterPropertiesSet() throws Exception {
authorizationCodeCache = cacheManager.getCache(authorizationCodeCacheName);
if (authorizationCodeCache == null) {
throw new Exception("Could not obtain cache " + authorizationCodeCacheName);
}
}
@Override
protected void store(String code, OAuth2Authentication authentication) {
authorizationCodeCache.put(code, authentication);
}
@Override
protected OAuth2Authentication remove(String code) {
return authorizationCodeCache.get(code, OAuth2Authentication.class);
}
}
......@@ -19,6 +19,7 @@ import java.util.Arrays;
import org.genesys.blocks.oauth.service.OAuthServiceImpl;
import org.genesys.blocks.security.component.OAuthClientOriginCheckFilter;
import org.genesys2.spring.CachedInMemoryAuthorizationCodeServices;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
......@@ -42,6 +43,7 @@ import org.springframework.security.oauth2.config.annotation.web.configurers.Res
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
......@@ -80,6 +82,8 @@ public class OAuth2ServerConfig {
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
/**
* Access token converter.
......@@ -196,7 +200,7 @@ public class OAuth2ServerConfig {
store.setTokenStore(tokenStore());
return store;
}
/**
* Token services.
*
......@@ -229,11 +233,19 @@ public class OAuth2ServerConfig {
endpoints
.tokenStore(tokenStore())
.authorizationCodeServices(authorizationCodeServices())
.tokenEnhancer(tokenEnhancerChain)
.userDetailsService(userDetailsService)
.authenticationManager(authenticationManager);
}
@Bean
public AuthorizationCodeServices authorizationCodeServices() {
// Make sure Hazelcast cacheManager is used
AuthorizationCodeServices authCodeServ = new CachedInMemoryAuthorizationCodeServices();
return authCodeServ;
}
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients().checkTokenAccess("permitAll()").realm(APPLICATION_RESOURCE_ID + "/client").passwordEncoder(passwordEncoder);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment