Class AccessTokenServiceInternalImpl
- java.lang.Object
-
- org.springframework.web.util.CookieGenerator
-
- org.craftercms.studio.impl.v2.service.security.internal.AccessTokenServiceInternalImpl
-
- All Implemented Interfaces:
AccessTokenServiceInternal
,org.springframework.beans.factory.InitializingBean
public class AccessTokenServiceInternalImpl extends org.springframework.web.util.CookieGenerator implements AccessTokenServiceInternal, org.springframework.beans.factory.InitializingBean
Default implementation ofAccessTokenServiceInternal
- Since:
- 4.0
- Author:
- joseross
-
-
Field Summary
Fields Modifier and Type Field Description protected int
accessTokenExpiration
The time in minutes for the expiration of the generated access tokensstatic String
ACTIVITY_CACHE_CONFIG_KEY
protected String
audience
The audience for generation and validation of access tokensprotected AuditServiceInternal
auditService
protected String
encryptPassword
The password for encrypting the access tokensprotected int
inactivityTimeout
Time in minutes after which inactive users will be required to login againprotected InstanceService
instanceService
protected String
issuer
The issuer for generation access tokensprotected Key
jwtEncryptKey
protected Key
jwtSignKey
protected RetryingDatabaseOperationFacade
retryingDatabaseOperationFacade
protected SecurityDAO
securityDao
protected int
sessionTimeout
Time in minutes after which active users will be required to login againprotected String
signPassword
The password for signing the access tokensprotected SiteService
siteService
protected StudioConfiguration
studioConfiguration
protected SystemStatusProvider
systemStatusProvider
protected com.google.common.cache.Cache<Long,Instant>
userActivity
Cache used to track the activity of the usersprotected String[]
validIssuers
List of accepted issuers for validation of access tokens
-
Constructor Summary
Constructors Constructor Description AccessTokenServiceInternalImpl(String issuer, String[] validIssuers, int accessTokenExpiration, String signPassword, String encryptPassword, int sessionTimeout, int inactivityTimeout, SecurityDAO securityDao, InstanceService instanceService, AuditServiceInternal auditService, StudioConfiguration studioConfiguration, SiteService siteService, RetryingDatabaseOperationFacade retryingDatabaseOperationFacade, SystemStatusProvider systemStatusProvider)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterPropertiesSet()
PersistentAccessToken
createAccessToken(String label, Instant expiresAt)
Creates a new access token for the current userprotected void
createAuditLog(String actor, long tokenId, String type, String operation)
protected void
createAuditLog(String actor, long tokenId, String type, String value, String operation)
protected void
createAuditLog(org.springframework.security.core.Authentication auth, long tokenId, String type, String operation)
protected String
createToken(Instant issuedAt, Instant expiresAt, String username, Long id)
AccessToken
createTokens(org.springframework.security.core.Authentication auth, javax.servlet.http.HttpServletResponse response)
Creates the access & refresh tokens for the given authenticationvoid
deleteAccessToken(long tokenId)
Deletes an access token for the current uservoid
deleteExpiredRefreshTokens()
Deletes all expired refresh tokensvoid
deleteRefreshToken(User user)
Deletes the refresh token for the given uservoid
deleteRefreshToken(org.springframework.security.core.Authentication auth)
Deletes the refresh token for the given authenticationList<PersistentAccessToken>
getAccessTokens()
Get all existing access tokens for the current userprotected String
getActualAudience()
protected long
getUserId(org.springframework.security.core.Authentication auth)
String
getUsername(String token)
Returns the username for the given access tokenboolean
hasValidRefreshToken(org.springframework.security.core.Authentication auth, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Checks if the given request contains a valid refresh tokenvoid
setAudience(String audience)
PersistentAccessToken
updateAccessToken(long tokenId, boolean enabled)
Updates an access token for the current uservoid
updateRefreshToken(org.springframework.security.core.Authentication auth, javax.servlet.http.HttpServletResponse response)
Updates the refresh token for the given responsevoid
updateUserActivity(org.springframework.security.core.Authentication authentication)
Updates the user activity record to extend the timeout-
Methods inherited from class org.springframework.web.util.CookieGenerator
addCookie, createCookie, getCookieDomain, getCookieMaxAge, getCookieName, getCookiePath, isCookieHttpOnly, isCookieSecure, removeCookie, setCookieDomain, setCookieHttpOnly, setCookieMaxAge, setCookieName, setCookiePath, setCookieSecure
-
-
-
-
Field Detail
-
ACTIVITY_CACHE_CONFIG_KEY
public static final String ACTIVITY_CACHE_CONFIG_KEY
- See Also:
- Constant Field Values
-
issuer
protected String issuer
The issuer for generation access tokens
-
validIssuers
protected String[] validIssuers
List of accepted issuers for validation of access tokens
-
audience
protected String audience
The audience for generation and validation of access tokens
-
accessTokenExpiration
protected int accessTokenExpiration
The time in minutes for the expiration of the generated access tokens
-
signPassword
protected String signPassword
The password for signing the access tokens
-
encryptPassword
protected String encryptPassword
The password for encrypting the access tokens
-
sessionTimeout
protected int sessionTimeout
Time in minutes after which active users will be required to login again
-
inactivityTimeout
protected int inactivityTimeout
Time in minutes after which inactive users will be required to login again
-
userActivity
protected com.google.common.cache.Cache<Long,Instant> userActivity
Cache used to track the activity of the users
-
jwtSignKey
protected Key jwtSignKey
-
jwtEncryptKey
protected Key jwtEncryptKey
-
securityDao
protected SecurityDAO securityDao
-
instanceService
protected InstanceService instanceService
-
auditService
protected AuditServiceInternal auditService
-
studioConfiguration
protected StudioConfiguration studioConfiguration
-
siteService
protected SiteService siteService
-
retryingDatabaseOperationFacade
protected RetryingDatabaseOperationFacade retryingDatabaseOperationFacade
-
systemStatusProvider
protected SystemStatusProvider systemStatusProvider
-
-
Constructor Detail
-
AccessTokenServiceInternalImpl
@ConstructorProperties({"issuer","validIssuers","accessTokenExpiration","signPassword","encryptPassword","sessionTimeout","inactivityTimeout","securityDao","instanceService","auditService","studioConfiguration","siteService","retryingDatabaseOperationFacade","systemStatusProvider"}) public AccessTokenServiceInternalImpl(String issuer, String[] validIssuers, int accessTokenExpiration, String signPassword, String encryptPassword, int sessionTimeout, int inactivityTimeout, SecurityDAO securityDao, InstanceService instanceService, AuditServiceInternal auditService, StudioConfiguration studioConfiguration, SiteService siteService, RetryingDatabaseOperationFacade retryingDatabaseOperationFacade, SystemStatusProvider systemStatusProvider)
-
-
Method Detail
-
setAudience
public void setAudience(String audience)
-
afterPropertiesSet
public void afterPropertiesSet()
- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
-
hasValidRefreshToken
public boolean hasValidRefreshToken(org.springframework.security.core.Authentication auth, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Description copied from interface:AccessTokenServiceInternal
Checks if the given request contains a valid refresh token- Specified by:
hasValidRefreshToken
in interfaceAccessTokenServiceInternal
- Parameters:
auth
- the current authenticationrequest
- the request to checkresponse
- the response- Returns:
- true if the request contains a valid refresh token
-
updateRefreshToken
public void updateRefreshToken(org.springframework.security.core.Authentication auth, javax.servlet.http.HttpServletResponse response)
Description copied from interface:AccessTokenServiceInternal
Updates the refresh token for the given response- Specified by:
updateRefreshToken
in interfaceAccessTokenServiceInternal
- Parameters:
auth
- the current authenticationresponse
- the response
-
createTokens
public AccessToken createTokens(org.springframework.security.core.Authentication auth, javax.servlet.http.HttpServletResponse response) throws ServiceLayerException
Description copied from interface:AccessTokenServiceInternal
Creates the access & refresh tokens for the given authentication- Specified by:
createTokens
in interfaceAccessTokenServiceInternal
- Parameters:
auth
- the current authenticationresponse
- the response- Returns:
- the access token
- Throws:
ServiceLayerException
- if there is any error creating the access token
-
deleteRefreshToken
public void deleteRefreshToken(org.springframework.security.core.Authentication auth)
Description copied from interface:AccessTokenServiceInternal
Deletes the refresh token for the given authentication- Specified by:
deleteRefreshToken
in interfaceAccessTokenServiceInternal
- Parameters:
auth
- the current authentication
-
deleteRefreshToken
public void deleteRefreshToken(User user)
Description copied from interface:AccessTokenServiceInternal
Deletes the refresh token for the given user- Specified by:
deleteRefreshToken
in interfaceAccessTokenServiceInternal
- Parameters:
user
- the user
-
deleteExpiredRefreshTokens
public void deleteExpiredRefreshTokens()
Description copied from interface:AccessTokenServiceInternal
Deletes all expired refresh tokens- Specified by:
deleteExpiredRefreshTokens
in interfaceAccessTokenServiceInternal
-
createAccessToken
public PersistentAccessToken createAccessToken(String label, Instant expiresAt) throws ServiceLayerException
Description copied from interface:AccessTokenServiceInternal
Creates a new access token for the current user- Specified by:
createAccessToken
in interfaceAccessTokenServiceInternal
- Parameters:
label
- the label of the access tokenexpiresAt
- the date of expiration of the access token- Returns:
- the access token
- Throws:
ServiceLayerException
- if there is any error creating the access token
-
getAccessTokens
public List<PersistentAccessToken> getAccessTokens()
Description copied from interface:AccessTokenServiceInternal
Get all existing access tokens for the current user- Specified by:
getAccessTokens
in interfaceAccessTokenServiceInternal
- Returns:
- the list of access tokens
-
updateAccessToken
public PersistentAccessToken updateAccessToken(long tokenId, boolean enabled)
Description copied from interface:AccessTokenServiceInternal
Updates an access token for the current user- Specified by:
updateAccessToken
in interfaceAccessTokenServiceInternal
- Parameters:
tokenId
- the id of the access tokenenabled
- indicates if the token is enabled or not- Returns:
- the updated access token
-
deleteAccessToken
public void deleteAccessToken(long tokenId)
Description copied from interface:AccessTokenServiceInternal
Deletes an access token for the current user- Specified by:
deleteAccessToken
in interfaceAccessTokenServiceInternal
- Parameters:
tokenId
- the id of the access token
-
getActualAudience
protected String getActualAudience()
-
getUsername
public String getUsername(String token)
Description copied from interface:AccessTokenServiceInternal
Returns the username for the given access token- Specified by:
getUsername
in interfaceAccessTokenServiceInternal
- Parameters:
token
- the access token- Returns:
- the username, null if the access token is invalid
-
getUserId
protected long getUserId(org.springframework.security.core.Authentication auth)
-
createToken
protected String createToken(Instant issuedAt, Instant expiresAt, String username, Long id) throws ServiceLayerException
- Throws:
ServiceLayerException
-
createAuditLog
protected void createAuditLog(org.springframework.security.core.Authentication auth, long tokenId, String type, String operation)
-
createAuditLog
protected void createAuditLog(String actor, long tokenId, String type, String operation)
-
createAuditLog
protected void createAuditLog(String actor, long tokenId, String type, String value, String operation)
-
updateUserActivity
public void updateUserActivity(org.springframework.security.core.Authentication authentication)
Description copied from interface:AccessTokenServiceInternal
Updates the user activity record to extend the timeout- Specified by:
updateUserActivity
in interfaceAccessTokenServiceInternal
- Parameters:
authentication
- the current authentication
-
-