gCubeSystem
/
authorization-utils
16
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Setting TokenResponse in place of RefreshToken

This commit is contained in:
Luca Frosini 2021-12-15 15:58:32 +01:00
parent 31b15c37ae
commit 061159b6cd
2 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java
View File

@ -3,8 +3,6 @@ package org.gcube.common.authorization.utils.clientid;
import org.gcube.common.authorization.utils.secret.JWTSecret; import org.gcube.common.authorization.utils.secret.JWTSecret;
import org.gcube.common.authorization.utils.secret.Secret; import org.gcube.common.authorization.utils.secret.Secret;
import org.gcube.common.keycloak.KeycloakClientFactory; import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.RefreshToken;
import org.gcube.common.keycloak.model.TokenResponse; import org.gcube.common.keycloak.model.TokenResponse;
/** /**
@ -21,13 +19,12 @@ public class ClienIDManager implements RenewalProvider {
} }
public Secret getSecret() throws Exception { public Secret getSecret() throws Exception {
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null); TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
JWTSecret jwtSecret = new JWTSecret(tr.getAccessToken()); JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
jwtSecret.setRenewalProvider(this); jwtSecret.setRenewalProvider(this);
RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(tr); jwtSecret.setTokenResponse(tokenResponse);
jwtSecret.setRefreshToken(refreshToken);
return jwtSecret; return jwtSecret;
} }

23
src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
View File

@ -19,7 +19,9 @@ import org.gcube.common.authorization.utils.user.KeycloakUser;
import org.gcube.common.authorization.utils.user.User; import org.gcube.common.authorization.utils.user.User;
import org.gcube.common.keycloak.KeycloakClientFactory; import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.AccessToken; import org.gcube.common.keycloak.model.AccessToken;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.RefreshToken; import org.gcube.common.keycloak.model.RefreshToken;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.keycloak.model.util.Time; import org.gcube.common.keycloak.model.util.Time;
import org.gcube.common.scope.impl.ScopeBean; import org.gcube.common.scope.impl.ScopeBean;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -40,7 +42,7 @@ public class JWTSecret extends Secret {
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200); public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
protected AccessToken accessToken; protected AccessToken accessToken;
protected RefreshToken refreshToken; protected TokenResponse tokenResponse;
protected RenewalProvider renewalProvider; protected RenewalProvider renewalProvider;
public JWTSecret(String token) { public JWTSecret(String token) {
@ -54,10 +56,9 @@ public class JWTSecret extends Secret {
if(Time.currentTimeMillis()>=(accessToken.getExp()-TOLERANCE)) { if(Time.currentTimeMillis()>=(accessToken.getExp()-TOLERANCE)) {
expired = true; expired = true;
if(refreshToken!=null) { if(tokenResponse!=null) {
try { try {
ObjectMapper mapper = new ObjectMapper(); KeycloakClientFactory.newInstance().refreshToken(getUsername(), tokenResponse);
KeycloakClientFactory.newInstance().refreshToken(getUsername(), mapper.writeValueAsString(refreshToken));
expired = false; expired = false;
}catch (Exception e) { }catch (Exception e) {
logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e); logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e);
@ -153,8 +154,8 @@ public class JWTSecret extends Secret {
this.renewalProvider = renewalProvider; this.renewalProvider = renewalProvider;
} }
public void setRefreshToken(RefreshToken refreshToken) { public void setTokenResponse(TokenResponse tokenResponse) {
this.refreshToken = refreshToken; this.tokenResponse = tokenResponse;
} }
protected boolean isExpired(AccessToken accessToken) { protected boolean isExpired(AccessToken accessToken) {
@ -168,7 +169,15 @@ public class JWTSecret extends Secret {
@Override @Override
public boolean isRefreshable() { public boolean isRefreshable() {
return refreshToken!=null && isExpired(refreshToken); if(tokenResponse!=null) {
try {
RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(tokenResponse);
return isExpired(refreshToken);
} catch (Exception e) {
return false;
}
}
return false;
} }
@Override @Override