Package org.craftercms.studio.impl.v2.service.security.internal

Class AccessTokenServiceInternalImpl

java.lang.Object

org.springframework.web.util.CookieGenerator

org.craftercms.studio.impl.v2.service.security.internal.AccessTokenServiceInternalImpl

All Implemented Interfaces:

AccessTokenServiceInternal, org.springframework.beans.factory.InitializingBean

public class AccessTokenServiceInternalImpl
extends org.springframework.web.util.CookieGenerator
implements AccessTokenServiceInternal, org.springframework.beans.factory.InitializingBean

Default implementation of AccessTokenServiceInternal

Since:

4.0

Author:

joseross

Field Summary

Fields

Modifier and Type	Field	Description
protected int	accessTokenExpiration	The time in minutes for the expiration of the generated access tokens
static String	ACTIVITY_CACHE_CONFIG_KEY
protected String	audience	The audience for generation and validation of access tokens
protected AuditServiceInternal	auditService
protected String	encryptPassword	The password for encrypting the access tokens
protected int	inactivityTimeout	Time in minutes after which inactive users will be required to login again
protected InstanceService	instanceService
protected String	issuer	The issuer for generation access tokens
protected Key	jwtEncryptKey
protected Key	jwtSignKey
protected RetryingDatabaseOperationFacade	retryingDatabaseOperationFacade
protected SecurityDAO	securityDao
protected int	sessionTimeout	Time in minutes after which active users will be required to login again
protected String	signPassword	The password for signing the access tokens
protected SiteService	siteService
protected StudioConfiguration	studioConfiguration
protected SystemStatusProvider	systemStatusProvider
protected com.google.common.cache.Cache<Long,Instant>	userActivity	Cache used to track the activity of the users
protected String[]	validIssuers	List of accepted issuers for validation of access tokens

Fields inherited from class org.springframework.web.util.CookieGenerator

DEFAULT_COOKIE_PATH

Constructor Summary

Constructors

Constructor

Description

AccessTokenServiceInternalImpl(String issuer, String[] validIssuers, int accessTokenExpiration, String signPassword, String encryptPassword, int sessionTimeout, int inactivityTimeout, SecurityDAO securityDao, InstanceService instanceService, AuditServiceInternal auditService, StudioConfiguration studioConfiguration, SiteService siteService, RetryingDatabaseOperationFacade retryingDatabaseOperationFacade, SystemStatusProvider systemStatusProvider)

Method Summary

Modifier and Type	Method	Description
void	afterPropertiesSet()
PersistentAccessToken	createAccessToken(String label, Instant expiresAt)	Creates a new access token for the current user
protected void	createAuditLog(String actor, long tokenId, String type, String operation)
protected void	createAuditLog(String actor, long tokenId, String type, String value, String operation)
protected void	createAuditLog(org.springframework.security.core.Authentication auth, long tokenId, String type, String operation)
protected String	createToken(Instant issuedAt, Instant expiresAt, String username, Long id)
AccessToken	createTokens(org.springframework.security.core.Authentication auth, javax.servlet.http.HttpServletResponse response)	Creates the access & refresh tokens for the given authentication
void	deleteAccessToken(long tokenId)	Deletes an access token for the current user
void	deleteExpiredRefreshTokens()	Deletes all expired refresh tokens
void	deleteRefreshToken(User user)	Deletes the refresh token for the given user
void	deleteRefreshToken(org.springframework.security.core.Authentication auth)	Deletes the refresh token for the given authentication
List<PersistentAccessToken>	getAccessTokens()	Get all existing access tokens for the current user
protected String	getActualAudience()
protected long	getUserId(org.springframework.security.core.Authentication auth)
String	getUsername(String token)	Returns the username for the given access token
boolean	hasValidRefreshToken(org.springframework.security.core.Authentication auth, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)	Checks if the given request contains a valid refresh token
void	setAudience(String audience)
PersistentAccessToken	updateAccessToken(long tokenId, boolean enabled)	Updates an access token for the current user
void	updateRefreshToken(org.springframework.security.core.Authentication auth, javax.servlet.http.HttpServletResponse response)	Updates the refresh token for the given response
void	updateUserActivity(org.springframework.security.core.Authentication authentication)	Updates the user activity record to extend the timeout

Methods inherited from class org.springframework.web.util.CookieGenerator

addCookie, createCookie, getCookieDomain, getCookieMaxAge, getCookieName, getCookiePath, isCookieHttpOnly, isCookieSecure, removeCookie, setCookieDomain, setCookieHttpOnly, setCookieMaxAge, setCookieName, setCookiePath, setCookieSecure

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACTIVITY_CACHE_CONFIG_KEY

public static final String ACTIVITY_CACHE_CONFIG_KEY

See Also:

Constant Field Values

issuer

protected String issuer

The issuer for generation access tokens

validIssuers

protected String[] validIssuers

List of accepted issuers for validation of access tokens

audience

protected String audience

The audience for generation and validation of access tokens

accessTokenExpiration

protected int accessTokenExpiration

The time in minutes for the expiration of the generated access tokens

signPassword

protected String signPassword

The password for signing the access tokens

encryptPassword

protected String encryptPassword

The password for encrypting the access tokens

sessionTimeout

protected int sessionTimeout

Time in minutes after which active users will be required to login again

inactivityTimeout

protected int inactivityTimeout

Time in minutes after which inactive users will be required to login again

userActivity

protected com.google.common.cache.Cache<Long,Instant> userActivity

Cache used to track the activity of the users

jwtSignKey

protected Key jwtSignKey

jwtEncryptKey

protected Key jwtEncryptKey

securityDao

protected SecurityDAO securityDao

instanceService

protected InstanceService instanceService

auditService

protected AuditServiceInternal auditService

studioConfiguration

protected StudioConfiguration studioConfiguration

siteService

protected SiteService siteService

retryingDatabaseOperationFacade

protected RetryingDatabaseOperationFacade retryingDatabaseOperationFacade

systemStatusProvider

protected SystemStatusProvider systemStatusProvider

Constructor Detail

AccessTokenServiceInternalImpl

@ConstructorProperties({"issuer","validIssuers","accessTokenExpiration","signPassword","encryptPassword","sessionTimeout","inactivityTimeout","securityDao","instanceService","auditService","studioConfiguration","siteService","retryingDatabaseOperationFacade","systemStatusProvider"})
public AccessTokenServiceInternalImpl(String issuer,
                                      String[] validIssuers,
                                      int accessTokenExpiration,
                                      String signPassword,
                                      String encryptPassword,
                                      int sessionTimeout,
                                      int inactivityTimeout,
                                      SecurityDAO securityDao,
                                      InstanceService instanceService,
                                      AuditServiceInternal auditService,
                                      StudioConfiguration studioConfiguration,
                                      SiteService siteService,
                                      RetryingDatabaseOperationFacade retryingDatabaseOperationFacade,
                                      SystemStatusProvider systemStatusProvider)

Method Detail

setAudience

public void setAudience(String audience)

afterPropertiesSet

public void afterPropertiesSet()

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

hasValidRefreshToken

public boolean hasValidRefreshToken(org.springframework.security.core.Authentication auth,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response)

Description copied from interface: AccessTokenServiceInternal

Checks if the given request contains a valid refresh token

Specified by:

hasValidRefreshToken in interface AccessTokenServiceInternal

Parameters:

auth - the current authentication

request - the request to check

response - the response

Returns:

true if the request contains a valid refresh token

updateRefreshToken

public void updateRefreshToken(org.springframework.security.core.Authentication auth,
                               javax.servlet.http.HttpServletResponse response)

Description copied from interface: AccessTokenServiceInternal

Updates the refresh token for the given response

Specified by:

updateRefreshToken in interface AccessTokenServiceInternal

Parameters:

auth - the current authentication

response - the response

createTokens

public AccessToken createTokens(org.springframework.security.core.Authentication auth,
                                javax.servlet.http.HttpServletResponse response)
                         throws ServiceLayerException

Description copied from interface: AccessTokenServiceInternal

Creates the access & refresh tokens for the given authentication

Specified by:

createTokens in interface AccessTokenServiceInternal

Parameters:

auth - the current authentication

response - the response

Returns:

the access token

Throws:

ServiceLayerException - if there is any error creating the access token

deleteRefreshToken

public void deleteRefreshToken(org.springframework.security.core.Authentication auth)

Description copied from interface: AccessTokenServiceInternal

Deletes the refresh token for the given authentication

Specified by:

deleteRefreshToken in interface AccessTokenServiceInternal

Parameters:

auth - the current authentication

deleteRefreshToken

public void deleteRefreshToken(User user)

Description copied from interface: AccessTokenServiceInternal

Deletes the refresh token for the given user

Specified by:

deleteRefreshToken in interface AccessTokenServiceInternal

Parameters:

user - the user

deleteExpiredRefreshTokens

public void deleteExpiredRefreshTokens()

Description copied from interface: AccessTokenServiceInternal

Deletes all expired refresh tokens

Specified by:

deleteExpiredRefreshTokens in interface AccessTokenServiceInternal

createAccessToken

public PersistentAccessToken createAccessToken(String label,
                                               Instant expiresAt)
                                        throws ServiceLayerException

Description copied from interface: AccessTokenServiceInternal

Creates a new access token for the current user

Specified by:

createAccessToken in interface AccessTokenServiceInternal

Parameters:

label - the label of the access token

expiresAt - the date of expiration of the access token

Returns:

the access token

Throws:

ServiceLayerException - if there is any error creating the access token

getAccessTokens

public List<PersistentAccessToken> getAccessTokens()

Description copied from interface: AccessTokenServiceInternal

Get all existing access tokens for the current user

Specified by:

getAccessTokens in interface AccessTokenServiceInternal

Returns:

the list of access tokens

updateAccessToken

public PersistentAccessToken updateAccessToken(long tokenId,
                                               boolean enabled)

Description copied from interface: AccessTokenServiceInternal

Updates an access token for the current user

Specified by:

updateAccessToken in interface AccessTokenServiceInternal

Parameters:

tokenId - the id of the access token

enabled - indicates if the token is enabled or not

Returns:

the updated access token

deleteAccessToken

public void deleteAccessToken(long tokenId)

Description copied from interface: AccessTokenServiceInternal

Deletes an access token for the current user

Specified by:

deleteAccessToken in interface AccessTokenServiceInternal

Parameters:

tokenId - the id of the access token

getActualAudience

protected String getActualAudience()

getUsername

public String getUsername(String token)

Description copied from interface: AccessTokenServiceInternal

Returns the username for the given access token

Specified by:

getUsername in interface AccessTokenServiceInternal

Parameters:

token - the access token

Returns:

the username, null if the access token is invalid

getUserId

protected long getUserId(org.springframework.security.core.Authentication auth)

createToken

protected String createToken(Instant issuedAt,
                             Instant expiresAt,
                             String username,
                             Long id)
                      throws ServiceLayerException

Throws:

ServiceLayerException

createAuditLog

protected void createAuditLog(org.springframework.security.core.Authentication auth,
                              long tokenId,
                              String type,
                              String operation)

createAuditLog

protected void createAuditLog(String actor,
                              long tokenId,
                              String type,
                              String operation)

createAuditLog

protected void createAuditLog(String actor,
                              long tokenId,
                              String type,
                              String value,
                              String operation)

updateUserActivity

public void updateUserActivity(org.springframework.security.core.Authentication authentication)

Description copied from interface: AccessTokenServiceInternal

Updates the user activity record to extend the timeout

Specified by:

updateUserActivity in interface AccessTokenServiceInternal

Parameters:

authentication - the current authentication