DefaultRotatingTokenServices (Broadleaf Authentication Services 1.6.1-SNAPSHOT API)

java.lang.Object
- com.broadleafcommerce.auth.token.service.DefaultRotatingTokenServices

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices, org.springframework.security.oauth2.provider.token.ConsumerTokenServices, org.springframework.security.oauth2.provider.token.ResourceServerTokenServices
```
public class DefaultRotatingTokenServices
extends Object
implements org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices, org.springframework.security.oauth2.provider.token.ResourceServerTokenServices, org.springframework.security.oauth2.provider.token.ConsumerTokenServices, org.springframework.beans.factory.InitializingBean
```
Based on DefaultTokenServices. Honors refresh token rotation behavior.

Broadleaf primarily supports the notion of oauth refresh tokens in the context of the auth code flow, and only through the use of rotation. This means that, when enabled, a new refresh token is returned with every acquisition of access token from the auth server. Furthermore, each of these refresh tokens may be used only once, with the exception of the boundary defined in RefreshToken.getRotationExpiration().

There are several requirements to use refresh token rotation:
1. The JpaAuthorizedClient.getGrantTypes() list must include refresh_token when that client is targeted in an oauth flow
2. The property broadleaf.auth.token.support-refresh-token-rotation must be set to true in your application property file
3. The scopes requested during both auth code and token acquisition API calls must include the OFFLINE_ACCESS scope
The combinations of these three factors should allow for granular refresh token use cases, even within the context of a single oauth client.

Constructor Summary

Constructors
Constructor and Description

DefaultRotatingTokenServices(TokenProperties properties)

Constructors
Constructor and Description
`DefaultRotatingTokenServices(TokenProperties properties)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`afterPropertiesSet()` Initialize these token services.
`org.springframework.security.oauth2.common.OAuth2AccessToken`	`createAccessToken(org.springframework.security.oauth2.provider.OAuth2Authentication authentication)`
`org.springframework.security.oauth2.common.OAuth2AccessToken`	`getAccessToken(org.springframework.security.oauth2.provider.OAuth2Authentication authentication)`
`protected int`	`getAccessTokenValiditySeconds(org.springframework.security.oauth2.provider.OAuth2Request clientAuth)` The access token validity period in seconds
`String`	`getClientId(String tokenValue)`
`protected int`	`getRefreshTokenValiditySeconds(org.springframework.security.oauth2.provider.OAuth2Request clientAuth)` The refresh token validity period in seconds
`protected void`	`invalidateLine(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken)` Delete a refresh token and any associated members in the line
`protected boolean`	`isExpired(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken)` Whether or not the refresh token is expired
`protected boolean`	`isSupportRefreshToken(org.springframework.security.oauth2.provider.OAuth2Request clientAuth)` Is a refresh token supported for this client (or the global setting if `clientDetailsService` is not set.
`org.springframework.security.oauth2.provider.OAuth2Authentication`	`loadAuthentication(String accessTokenValue)`
`org.springframework.security.oauth2.common.OAuth2AccessToken`	`readAccessToken(String accessToken)`
`org.springframework.security.oauth2.common.OAuth2AccessToken`	`refreshAccessToken(String refreshTokenValue, org.springframework.security.oauth2.provider.TokenRequest tokenRequest)`
`boolean`	`revokeToken(String tokenValue)` Revoke a refresh token
`protected void`	`rotate(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken)` Given a refresh token that is being used to request a new access token, perform rotation setup on it.
`void`	`setAccessTokenValiditySeconds(int accessTokenValiditySeconds)` The default validity (in seconds) of the access token.
`void`	`setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager authenticationManager)` An authentication manager that will be used (if provided) to check the user authentication when a token is refreshed.
`void`	`setClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService)` The client details service to use for looking up clients (if necessary).
`void`	`setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds)` The validity (in seconds) of the refresh token.
`void`	`setTokenEnhancer(org.springframework.security.oauth2.provider.token.TokenEnhancer accessTokenEnhancer)` An access token enhancer that will be applied to a new token before it is saved in the token store.
`void`	`setTokenStore(RotatableTokenStore tokenStore)` The persistence strategy for token storage.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - DefaultRotatingTokenServices
```
public DefaultRotatingTokenServices(TokenProperties properties)
```
- Method Detail
  - afterPropertiesSet
```
public void afterPropertiesSet()
                        throws Exception
```
    Initialize these token services.
    
    Specified by:
    
    afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
    
    Throws:
    
    Exception
  - createAccessToken
```
@Transactional
public org.springframework.security.oauth2.common.OAuth2AccessToken createAccessToken(org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
                                                                                              throws org.springframework.security.core.AuthenticationException
```
    Specified by:
    
    createAccessToken in interface org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices
    
    Throws:
    
    org.springframework.security.core.AuthenticationException
  - refreshAccessToken
```
@Transactional(noRollbackFor={org.springframework.security.oauth2.common.exceptions.InvalidTokenException.class,org.springframework.security.oauth2.common.exceptions.InvalidGrantException.class})
public org.springframework.security.oauth2.common.OAuth2AccessToken refreshAccessToken(String refreshTokenValue,
                                                                                                                                                                                                                                                                                           org.springframework.security.oauth2.provider.TokenRequest tokenRequest)
                                                                                                                                                                                                                                                                                    throws org.springframework.security.core.AuthenticationException
```
    Specified by:
    
    refreshAccessToken in interface org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices
    
    Throws:
    
    org.springframework.security.core.AuthenticationException
  - loadAuthentication
```
public org.springframework.security.oauth2.provider.OAuth2Authentication loadAuthentication(String accessTokenValue)
                                                                                     throws org.springframework.security.core.AuthenticationException,
                                                                                            org.springframework.security.oauth2.common.exceptions.InvalidTokenException
```
    Specified by:
    
    loadAuthentication in interface org.springframework.security.oauth2.provider.token.ResourceServerTokenServices
    
    Throws:
    
    org.springframework.security.core.AuthenticationException
    
    org.springframework.security.oauth2.common.exceptions.InvalidTokenException
  - getClientId
```
public String getClientId(String tokenValue)
```
  - revokeToken
```
public boolean revokeToken(String tokenValue)
```
    Revoke a refresh token
    
    Specified by:
    
    revokeToken in interface org.springframework.security.oauth2.provider.token.ConsumerTokenServices
    
    Parameters:
    
    tokenValue - Refresh token
    
    Returns:
    
    true if token is invalidated, false if token is not found
  - getAccessToken
```
public org.springframework.security.oauth2.common.OAuth2AccessToken getAccessToken(org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
```
    Specified by:
    
    getAccessToken in interface org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices
  - readAccessToken
```
public org.springframework.security.oauth2.common.OAuth2AccessToken readAccessToken(String accessToken)
```
    Specified by:
    
    readAccessToken in interface org.springframework.security.oauth2.provider.token.ResourceServerTokenServices
  - setTokenEnhancer
```
public void setTokenEnhancer(org.springframework.security.oauth2.provider.token.TokenEnhancer accessTokenEnhancer)
```
    An access token enhancer that will be applied to a new token before it is saved in the token store.
    
    Parameters:
    
    accessTokenEnhancer - the access token enhancer to set
  - setRefreshTokenValiditySeconds
```
public void setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds)
```
    The validity (in seconds) of the refresh token. If less than or equal to zero then the tokens will be non-expiring.
    
    Parameters:
    
    refreshTokenValiditySeconds - The validity (in seconds) of the refresh token.
  - setAccessTokenValiditySeconds
```
public void setAccessTokenValiditySeconds(int accessTokenValiditySeconds)
```
    The default validity (in seconds) of the access token. Zero or negative for non-expiring tokens. If a client details service is set the validity period will be read from the client, defaulting to this value if not defined by the client.
    
    Parameters:
    
    accessTokenValiditySeconds - The validity (in seconds) of the access token.
  - setTokenStore
```
public void setTokenStore(RotatableTokenStore tokenStore)
```
    The persistence strategy for token storage.
    
    Parameters:
    
    tokenStore - the store for access and refresh tokens.
  - setAuthenticationManager
```
public void setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager authenticationManager)
```
    An authentication manager that will be used (if provided) to check the user authentication when a token is refreshed.
    
    Parameters:
    
    authenticationManager - the authenticationManager to set
  - setClientDetailsService
```
public void setClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService)
```
    The client details service to use for looking up clients (if necessary). Optional if the access token expiry is set globally via setAccessTokenValiditySeconds(int).
    
    Parameters:
    
    clientDetailsService - the client details service
  - getAccessTokenValiditySeconds
```
protected int getAccessTokenValiditySeconds(org.springframework.security.oauth2.provider.OAuth2Request clientAuth)
```
    The access token validity period in seconds
    
    Parameters:
    
    clientAuth - the current authorization request
    
    Returns:
    
    the access token validity period in seconds
  - getRefreshTokenValiditySeconds
```
protected int getRefreshTokenValiditySeconds(org.springframework.security.oauth2.provider.OAuth2Request clientAuth)
```
    The refresh token validity period in seconds
    
    Parameters:
    
    clientAuth - the current authorization request
    
    Returns:
    
    the refresh token validity period in seconds
  - isSupportRefreshToken
```
protected boolean isSupportRefreshToken(org.springframework.security.oauth2.provider.OAuth2Request clientAuth)
```
    Is a refresh token supported for this client (or the global setting if clientDetailsService is not set.
    
    Parameters:
    
    clientAuth - the current authorization request
    
    Returns:
    
    boolean to indicate if refresh token is supported
  - rotate
```
protected void rotate(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken)
```
    Given a refresh token that is being used to request a new access token, perform rotation setup on it. This includes marking the token as rotated and setting the rotation expiration threshold in the datastore.
    
    Parameters:
    
    refreshToken - A Spring-specific representation of the refresh token
  - invalidateLine
```
protected void invalidateLine(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken)
```
    Delete a refresh token and any associated members in the line
    
    Parameters:
    
    refreshToken - A Spring-specific representation of the refresh token
  - isExpired
```
protected boolean isExpired(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken)
```
    Whether or not the refresh token is expired
    
    Parameters:
    
    refreshToken - A Spring-specific representation of the refresh token
    
    Returns:
    
    Whether or not the refresh token is expired

Class DefaultRotatingTokenServices

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

DefaultRotatingTokenServices

Method Detail

afterPropertiesSet

createAccessToken

refreshAccessToken

loadAuthentication

getClientId

revokeToken

getAccessToken

readAccessToken

setTokenEnhancer

setRefreshTokenValiditySeconds

setAccessTokenValiditySeconds

setTokenStore

setAuthenticationManager

setClientDetailsService

getAccessTokenValiditySeconds

getRefreshTokenValiditySeconds

isSupportRefreshToken

rotate

invalidateLine

isExpired