gCubeSystem
/
authorization-utils
15
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Setting TokenResponse in place of RefreshToken

This commit is contained in:
Luca Frosini 2021-12-15 15:58:32 +01:00
parent 31b15c37ae
commit 061159b6cd
2 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java
View File

@ -3,8 +3,6 @@ package org.gcube.common.authorization.utils.clientid;
import org.gcube.common.authorization.utils.secret.JWTSecret;
import org.gcube.common.authorization.utils.secret.Secret;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.RefreshToken;
import org.gcube.common.keycloak.model.TokenResponse;
/**
@ -21,13 +19,12 @@ public class ClienIDManager implements RenewalProvider {
}
public Secret getSecret() throws Exception {
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
JWTSecret jwtSecret = new JWTSecret(tr.getAccessToken());
JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
jwtSecret.setRenewalProvider(this);
RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(tr);
jwtSecret.setRefreshToken(refreshToken);
jwtSecret.setTokenResponse(tokenResponse);
return jwtSecret;
}

23
src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
View File

@ -19,7 +19,9 @@ import org.gcube.common.authorization.utils.user.KeycloakUser;
import org.gcube.common.authorization.utils.user.User;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.AccessToken;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.RefreshToken;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.keycloak.model.util.Time;
import org.gcube.common.scope.impl.ScopeBean;
import org.slf4j.Logger;
@ -40,7 +42,7 @@ public class JWTSecret extends Secret {
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
protected AccessToken accessToken;
protected RefreshToken refreshToken;
protected TokenResponse tokenResponse;
protected RenewalProvider renewalProvider;
public JWTSecret(String token) {
@ -54,10 +56,9 @@ public class JWTSecret extends Secret {
if(Time.currentTimeMillis()>=(accessToken.getExp()-TOLERANCE)) {
expired = true;
if(refreshToken!=null) {
if(tokenResponse!=null) {
try {
ObjectMapper mapper = new ObjectMapper();
KeycloakClientFactory.newInstance().refreshToken(getUsername(), mapper.writeValueAsString(refreshToken));
KeycloakClientFactory.newInstance().refreshToken(getUsername(), tokenResponse);
expired = false;
}catch (Exception e) {
logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e);
@ -153,8 +154,8 @@ public class JWTSecret extends Secret {
this.renewalProvider = renewalProvider;
}
public void setRefreshToken(RefreshToken refreshToken) {
this.refreshToken = refreshToken;
public void setTokenResponse(TokenResponse tokenResponse) {
this.tokenResponse = tokenResponse;
}
protected boolean isExpired(AccessToken accessToken) {
@ -168,7 +169,15 @@ public class JWTSecret extends Secret {
@Override
public boolean isRefreshable() {
return refreshToken!=null && isExpired(refreshToken);
if(tokenResponse!=null) {
try {
RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(tokenResponse);
return isExpired(refreshToken);
} catch (Exception e) {
return false;
}
}
return false;
}
@Override