Setting TokenResponse in place of RefreshToken
This commit is contained in:
parent
31b15c37ae
commit
061159b6cd
|
@ -3,8 +3,6 @@ package org.gcube.common.authorization.utils.clientid;
|
||||||
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
||||||
import org.gcube.common.authorization.utils.secret.Secret;
|
import org.gcube.common.authorization.utils.secret.Secret;
|
||||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||||
import org.gcube.common.keycloak.model.ModelUtils;
|
|
||||||
import org.gcube.common.keycloak.model.RefreshToken;
|
|
||||||
import org.gcube.common.keycloak.model.TokenResponse;
|
import org.gcube.common.keycloak.model.TokenResponse;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -21,13 +19,12 @@ public class ClienIDManager implements RenewalProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
public Secret getSecret() throws Exception {
|
public Secret getSecret() throws Exception {
|
||||||
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
|
TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
|
||||||
|
|
||||||
JWTSecret jwtSecret = new JWTSecret(tr.getAccessToken());
|
JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
|
||||||
jwtSecret.setRenewalProvider(this);
|
jwtSecret.setRenewalProvider(this);
|
||||||
|
|
||||||
RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(tr);
|
jwtSecret.setTokenResponse(tokenResponse);
|
||||||
jwtSecret.setRefreshToken(refreshToken);
|
|
||||||
|
|
||||||
return jwtSecret;
|
return jwtSecret;
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,9 @@ import org.gcube.common.authorization.utils.user.KeycloakUser;
|
||||||
import org.gcube.common.authorization.utils.user.User;
|
import org.gcube.common.authorization.utils.user.User;
|
||||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||||
import org.gcube.common.keycloak.model.AccessToken;
|
import org.gcube.common.keycloak.model.AccessToken;
|
||||||
|
import org.gcube.common.keycloak.model.ModelUtils;
|
||||||
import org.gcube.common.keycloak.model.RefreshToken;
|
import org.gcube.common.keycloak.model.RefreshToken;
|
||||||
|
import org.gcube.common.keycloak.model.TokenResponse;
|
||||||
import org.gcube.common.keycloak.model.util.Time;
|
import org.gcube.common.keycloak.model.util.Time;
|
||||||
import org.gcube.common.scope.impl.ScopeBean;
|
import org.gcube.common.scope.impl.ScopeBean;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
|
@ -40,7 +42,7 @@ public class JWTSecret extends Secret {
|
||||||
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
|
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
|
||||||
|
|
||||||
protected AccessToken accessToken;
|
protected AccessToken accessToken;
|
||||||
protected RefreshToken refreshToken;
|
protected TokenResponse tokenResponse;
|
||||||
protected RenewalProvider renewalProvider;
|
protected RenewalProvider renewalProvider;
|
||||||
|
|
||||||
public JWTSecret(String token) {
|
public JWTSecret(String token) {
|
||||||
|
@ -54,10 +56,9 @@ public class JWTSecret extends Secret {
|
||||||
|
|
||||||
if(Time.currentTimeMillis()>=(accessToken.getExp()-TOLERANCE)) {
|
if(Time.currentTimeMillis()>=(accessToken.getExp()-TOLERANCE)) {
|
||||||
expired = true;
|
expired = true;
|
||||||
if(refreshToken!=null) {
|
if(tokenResponse!=null) {
|
||||||
try {
|
try {
|
||||||
ObjectMapper mapper = new ObjectMapper();
|
KeycloakClientFactory.newInstance().refreshToken(getUsername(), tokenResponse);
|
||||||
KeycloakClientFactory.newInstance().refreshToken(getUsername(), mapper.writeValueAsString(refreshToken));
|
|
||||||
expired = false;
|
expired = false;
|
||||||
}catch (Exception e) {
|
}catch (Exception e) {
|
||||||
logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e);
|
logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e);
|
||||||
|
@ -153,8 +154,8 @@ public class JWTSecret extends Secret {
|
||||||
this.renewalProvider = renewalProvider;
|
this.renewalProvider = renewalProvider;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setRefreshToken(RefreshToken refreshToken) {
|
public void setTokenResponse(TokenResponse tokenResponse) {
|
||||||
this.refreshToken = refreshToken;
|
this.tokenResponse = tokenResponse;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected boolean isExpired(AccessToken accessToken) {
|
protected boolean isExpired(AccessToken accessToken) {
|
||||||
|
@ -168,7 +169,15 @@ public class JWTSecret extends Secret {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isRefreshable() {
|
public boolean isRefreshable() {
|
||||||
return refreshToken!=null && isExpired(refreshToken);
|
if(tokenResponse!=null) {
|
||||||
|
try {
|
||||||
|
RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(tokenResponse);
|
||||||
|
return isExpired(refreshToken);
|
||||||
|
} catch (Exception e) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
Loading…
Reference in New Issue