From 061159b6cd672b679b894cdb80f3c8345b0fc978 Mon Sep 17 00:00:00 2001 From: Luca Frosini Date: Wed, 15 Dec 2021 15:58:32 +0100 Subject: [PATCH] Setting TokenResponse in place of RefreshToken --- .../utils/clientid/ClienIDManager.java | 9 +++----- .../authorization/utils/secret/JWTSecret.java | 23 +++++++++++++------ 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java b/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java index 5e9f394..ecaf4f7 100644 --- a/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java +++ b/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java @@ -3,8 +3,6 @@ package org.gcube.common.authorization.utils.clientid; import org.gcube.common.authorization.utils.secret.JWTSecret; import org.gcube.common.authorization.utils.secret.Secret; import org.gcube.common.keycloak.KeycloakClientFactory; -import org.gcube.common.keycloak.model.ModelUtils; -import org.gcube.common.keycloak.model.RefreshToken; import org.gcube.common.keycloak.model.TokenResponse; /** @@ -21,13 +19,12 @@ public class ClienIDManager implements RenewalProvider { } public Secret getSecret() throws Exception { - TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null); + TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null); - JWTSecret jwtSecret = new JWTSecret(tr.getAccessToken()); + JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken()); jwtSecret.setRenewalProvider(this); - RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(tr); - jwtSecret.setRefreshToken(refreshToken); + jwtSecret.setTokenResponse(tokenResponse); return jwtSecret; } diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java index fdc8c0a..2dfe86d 100644 --- a/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java +++ b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java @@ -19,7 +19,9 @@ import org.gcube.common.authorization.utils.user.KeycloakUser; import org.gcube.common.authorization.utils.user.User; import org.gcube.common.keycloak.KeycloakClientFactory; import org.gcube.common.keycloak.model.AccessToken; +import org.gcube.common.keycloak.model.ModelUtils; import org.gcube.common.keycloak.model.RefreshToken; +import org.gcube.common.keycloak.model.TokenResponse; import org.gcube.common.keycloak.model.util.Time; import org.gcube.common.scope.impl.ScopeBean; import org.slf4j.Logger; @@ -40,7 +42,7 @@ public class JWTSecret extends Secret { public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200); protected AccessToken accessToken; - protected RefreshToken refreshToken; + protected TokenResponse tokenResponse; protected RenewalProvider renewalProvider; public JWTSecret(String token) { @@ -54,10 +56,9 @@ public class JWTSecret extends Secret { if(Time.currentTimeMillis()>=(accessToken.getExp()-TOLERANCE)) { expired = true; - if(refreshToken!=null) { + if(tokenResponse!=null) { try { - ObjectMapper mapper = new ObjectMapper(); - KeycloakClientFactory.newInstance().refreshToken(getUsername(), mapper.writeValueAsString(refreshToken)); + KeycloakClientFactory.newInstance().refreshToken(getUsername(), tokenResponse); expired = false; }catch (Exception e) { logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e); @@ -153,8 +154,8 @@ public class JWTSecret extends Secret { this.renewalProvider = renewalProvider; } - public void setRefreshToken(RefreshToken refreshToken) { - this.refreshToken = refreshToken; + public void setTokenResponse(TokenResponse tokenResponse) { + this.tokenResponse = tokenResponse; } protected boolean isExpired(AccessToken accessToken) { @@ -168,7 +169,15 @@ public class JWTSecret extends Secret { @Override public boolean isRefreshable() { - return refreshToken!=null && isExpired(refreshToken); + if(tokenResponse!=null) { + try { + RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(tokenResponse); + return isExpired(refreshToken); + } catch (Exception e) { + return false; + } + } + return false; } @Override