com.broadleafcommerce.auth.token.service

Class DefaultRotatingTokenStore

java.lang.Object

org.springframework.security.oauth2.provider.token.store.JwtTokenStore

com.broadleafcommerce.auth.token.service.DefaultRotatingTokenStore

All Implemented Interfaces:

RotatableTokenStore, org.springframework.security.oauth2.provider.token.TokenStore

public class DefaultRotatingTokenStore
extends org.springframework.security.oauth2.provider.token.store.JwtTokenStore
implements RotatableTokenStore

A specialized TokenStore concept used to support the refresh token rotation concept in Broadleaf. Used in close conjunction with DefaultRotatingTokenServices and DefaultTokenCleanupServices.

Field Summary

Fields

Modifier and Type	Field and Description
static String	OID

Constructor Summary

Constructors

Constructor and Description
DefaultRotatingTokenStore(org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter jwtTokenEnhancer, List<RefreshTokenRepository<RefreshToken>> repositories, TokenProperties properties, org.springframework.jdbc.core.JdbcTemplate jdbcTemplate)

Method Summary

Modifier and Type	Method and Description
String	cleanupBatch(String startingId, int partition) Given a refresh token primary key from which to start (i.e.
List<RefreshToken>	findByAncestor(String tokenValue) Find all refresh token instances derived from the original, root refresh token.
int	getPartition() Randomly retrieve a partition number with the bounds of the partitions currently available to the system.
int	getPartition(String tokenValue) Given an encoded refresh token string, find the partition on which that token is stored.
List<Integer>	getPartitions() List all the partitions known to the system
protected RefreshTokenRepository<RefreshToken>	getRepository(int partition) Find the correct handling repository for a given partition identifier
String	getRootId(String tokenValue) Given an encoded refresh token string, find the root token JTI for the inheritance line.
void	isolatedRemoveRefreshTokenById(int partition, String tokenId) Remove a specific refresh token using its primary key and partition
org.springframework.security.oauth2.common.OAuth2RefreshToken	readRefreshToken(String tokenValue)
RefreshToken	readRefreshTokenEntity(String tokenValue) Given an encoded refresh token string, return the RefreshToken instance matching from the datastore.
void	removeRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken token)
protected void	removeRefreshToken(String tokenValue) Given an encoded refresh token string, remove the refresh token from the datastore
void	rotate(String tokenValue) Given an encoded refresh token string, find that refresh token in the datastore and perform rotation setup on it.
void	storeRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication, String ancestor) Store a refresh token in the datastore, and include the JTI value of the original, root refresh token in the line.

Methods inherited from class org.springframework.security.oauth2.provider.token.store.JwtTokenStore

findTokensByClientId, findTokensByClientIdAndUserName, getAccessToken, readAccessToken, readAuthentication, readAuthentication, readAuthenticationForRefreshToken, removeAccessToken, removeAccessTokenUsingRefreshToken, setApprovalStore, setTokenEnhancer, storeAccessToken, storeRefreshToken

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.broadleafcommerce.auth.token.service.RotatableTokenStore

storeRefreshToken

Methods inherited from interface org.springframework.security.oauth2.provider.token.TokenStore

findTokensByClientId, findTokensByClientIdAndUserName, getAccessToken, readAccessToken, readAuthentication, readAuthentication, readAuthenticationForRefreshToken, removeAccessToken, removeAccessTokenUsingRefreshToken, storeAccessToken

Field Detail

OID

public static final String OID

See Also:

Constant Field Values

Constructor Detail

DefaultRotatingTokenStore

public DefaultRotatingTokenStore(org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter jwtTokenEnhancer,
                                 List<RefreshTokenRepository<RefreshToken>> repositories,
                                 TokenProperties properties,
                                 org.springframework.jdbc.core.JdbcTemplate jdbcTemplate)

Method Detail

storeRefreshToken

@Transactional
public void storeRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken,
                                             org.springframework.security.oauth2.provider.OAuth2Authentication authentication,
                                             String ancestor)

Description copied from interface: RotatableTokenStore

Store a refresh token in the datastore, and include the JTI value of the original, root refresh token in the line.

Specified by:

storeRefreshToken in interface RotatableTokenStore

Parameters:

refreshToken - The refresh token to store

authentication - The current authentication associated with the token

ancestor - The original, root refresh token JTI

readRefreshToken

public org.springframework.security.oauth2.common.OAuth2RefreshToken readRefreshToken(String tokenValue)

Specified by:

readRefreshToken in interface org.springframework.security.oauth2.provider.token.TokenStore

Overrides:

readRefreshToken in class org.springframework.security.oauth2.provider.token.store.JwtTokenStore

readRefreshTokenEntity

public RefreshToken readRefreshTokenEntity(@NonNull
                                           String tokenValue)

Description copied from interface: RotatableTokenStore

Given an encoded refresh token string, return the RefreshToken instance matching from the datastore.

Specified by:

readRefreshTokenEntity in interface RotatableTokenStore

Parameters:

tokenValue - The encoded refresh token string

Returns:

The RefreshToken instance matching from the datastore

removeRefreshToken

@Transactional
public void removeRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken token)

Specified by:

removeRefreshToken in interface org.springframework.security.oauth2.provider.token.TokenStore

Overrides:

removeRefreshToken in class org.springframework.security.oauth2.provider.token.store.JwtTokenStore

rotate

@Transactional(noRollbackFor=org.springframework.security.oauth2.common.exceptions.InvalidTokenException.class)
public void rotate(@NonNull
                                                                                                                                   String tokenValue)

Description copied from interface: RotatableTokenStore

Given an encoded refresh token string, find that refresh token in the datastore and perform rotation setup on it. Specifically, mark the token as rotation and set its rotation expiration.

Specified by:

rotate in interface RotatableTokenStore

Parameters:

tokenValue - The refresh token to rotate

cleanupBatch

@Transactional(propagation=REQUIRES_NEW)
public String cleanupBatch(String startingId,
                                                                    int partition)

Description copied from interface: RotatableTokenStore

Given a refresh token primary key from which to start (i.e. RefreshToken.getId(), delete all refresh tokens that have expired (either token expiration or rotation expiration) in a batch. The size of the batch is governed by TokenProperties.getCleanupBatchSize(). The intent is to call this method in succession until the response is null, indicating the whole table has been traversed.

Specified by:

cleanupBatch in interface RotatableTokenStore

Parameters:

startingId - The refresh token primary key from which to begin expiration detection and cleanup. This value should be null when run the first time.

partition - The partition on which to perform the check (the startingId should be available in this partition)

Returns:

The last member of the batch. Use this value in the next call to cleanupBatch. This can be null if no records are available, only one record is available, or if the end of the batch is reached.

findByAncestor

public List<RefreshToken> findByAncestor(@NonNull
                                         String tokenValue)

Description copied from interface: RotatableTokenStore

Find all refresh token instances derived from the original, root refresh token.

Specified by:

findByAncestor in interface RotatableTokenStore

Parameters:

tokenValue - The original, root refresh token

Returns:

All refresh token instances derived from the original, root refresh token

See Also:

RefreshTokenRepository.findByAncestor(String)

isolatedRemoveRefreshTokenById

@Transactional(propagation=REQUIRES_NEW)
public void isolatedRemoveRefreshTokenById(int partition,
                                                                                    @NonNull
                                                                                    String tokenId)

Description copied from interface: RotatableTokenStore

Remove a specific refresh token using its primary key and partition

Specified by:

isolatedRemoveRefreshTokenById in interface RotatableTokenStore

Parameters:

partition - The partition shard in which the refresh token entity exists

tokenId - The primary key value of the refresh token

getPartition

public int getPartition()

Description copied from interface: RotatableTokenStore

Randomly retrieve a partition number with the bounds of the partitions currently available to the system. This is the primary load balancing measure for distributing members across the available shards.

Specified by:

getPartition in interface RotatableTokenStore

Returns:

Random partition number with the bounds of the partitions currently available

getPartition

public int getPartition(@NonNull
                        String tokenValue)

Description copied from interface: RotatableTokenStore

Given an encoded refresh token string, find the partition on which that token is stored.

Specified by:

getPartition in interface RotatableTokenStore

Parameters:

tokenValue - The encoded refresh token string

Returns:

The partition on which that token is stored

getPartitions

public List<Integer> getPartitions()

Description copied from interface: RotatableTokenStore

List all the partitions known to the system

Specified by:

getPartitions in interface RotatableTokenStore

Returns:

All the partitions known to the system

getRootId

@NonNull
public String getRootId(@NonNull
                                 String tokenValue)

Description copied from interface: RotatableTokenStore

Given an encoded refresh token string, find the root token JTI for the inheritance line.

Specified by:

getRootId in interface RotatableTokenStore

Parameters:

tokenValue - The encoded refresh token string

Returns:

The the root token JTI for the inheritance line. If this token is itself the root, then the response will be this token's own JTI.

getRepository

protected RefreshTokenRepository<RefreshToken> getRepository(int partition)

Find the correct handling repository for a given partition identifier

Parameters:

partition - The partition identifier

Returns:

The handling repository

removeRefreshToken

protected void removeRefreshToken(String tokenValue)

Given an encoded refresh token string, remove the refresh token from the datastore

Parameters:

tokenValue - The encoded refresh token string