Package com.broadleafcommerce.auth.token.service

Class DefaultRotatingTokenStore

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String OID  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      String cleanupBatch​(String startingId, int partition)
      Given a refresh token primary key from which to start (i.e.
      List<RefreshToken> findByAncestor​(String tokenValue)
      Find all refresh token instances derived from the original, root refresh token.
      int getPartition()
      Randomly retrieve a partition number with the bounds of the partitions currently available to the system.
      int getPartition​(String tokenValue)
      Given an encoded refresh token string, find the partition on which that token is stored.
      List<Integer> getPartitions()
      List all the partitions known to the system
      protected RefreshTokenRepository<RefreshToken> getRepository​(int partition)
      Find the correct handling repository for a given partition identifier
      String getRootId​(String tokenValue)
      Given an encoded refresh token string, find the root token JTI for the inheritance line.
      void isolatedRemoveRefreshTokenById​(int partition, String tokenId)
      Remove a specific refresh token using its primary key and partition
      org.springframework.security.oauth2.common.OAuth2RefreshToken readRefreshToken​(String tokenValue)  
      RefreshToken readRefreshTokenEntity​(String tokenValue)
      Given an encoded refresh token string, return the RefreshToken instance matching from the datastore.
      protected void removeRefreshToken​(String tokenValue)
      Given an encoded refresh token string, remove the refresh token from the datastore
      void removeRefreshToken​(org.springframework.security.oauth2.common.OAuth2RefreshToken token)  
      void rotate​(String tokenValue)
      Given an encoded refresh token string, find that refresh token in the datastore and perform rotation setup on it.
      void storeRefreshToken​(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication, String ancestor)
      Store a refresh token in the datastore, and include the JTI value of the original, root refresh token in the line.

      • Methods inherited from class org.springframework.security.oauth2.provider.token.store.JwtTokenStore

        findTokensByClientId, findTokensByClientIdAndUserName, getAccessToken, readAccessToken, readAuthentication, readAuthentication, readAuthenticationForRefreshToken, removeAccessToken, removeAccessTokenUsingRefreshToken, setApprovalStore, setTokenEnhancer, storeAccessToken, storeRefreshToken

      • Methods inherited from interface org.springframework.security.oauth2.provider.token.TokenStore

        findTokensByClientId, findTokensByClientIdAndUserName, getAccessToken, readAccessToken, readAuthentication, readAuthentication, readAuthenticationForRefreshToken, removeAccessToken, removeAccessTokenUsingRefreshToken, storeAccessToken

    • Constructor Detail

      • DefaultRotatingTokenStore

        public DefaultRotatingTokenStore​(org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter jwtTokenEnhancer,
                                 List<RefreshTokenRepository<RefreshToken>> repositories,
                                 TokenProperties properties,
                                 org.springframework.jdbc.core.JdbcTemplate jdbcTemplate)

    • Method Detail

      • storeRefreshToken

        @Transactional
public void storeRefreshToken​(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken,
                              org.springframework.security.oauth2.provider.OAuth2Authentication authentication,
                              String ancestor)
        Description copied from interface: RotatableTokenStore
        Store a refresh token in the datastore, and include the JTI value of the original, root refresh token in the line.
        Specified by:
        storeRefreshToken in interface RotatableTokenStore
        Parameters:
        refreshToken - The refresh token to store
        authentication - The current authentication associated with the token
        ancestor - The original, root refresh token JTI

      • readRefreshToken

        public org.springframework.security.oauth2.common.OAuth2RefreshToken readRefreshToken​(String tokenValue)
        Specified by:
        readRefreshToken in interface org.springframework.security.oauth2.provider.token.TokenStore
        Overrides:
        readRefreshToken in class org.springframework.security.oauth2.provider.token.store.JwtTokenStore

      • removeRefreshToken

        @Transactional
public void removeRefreshToken​(org.springframework.security.oauth2.common.OAuth2RefreshToken token)
        Specified by:
        removeRefreshToken in interface org.springframework.security.oauth2.provider.token.TokenStore
        Overrides:
        removeRefreshToken in class org.springframework.security.oauth2.provider.token.store.JwtTokenStore

      • rotate

        @Transactional(noRollbackFor=org.springframework.security.oauth2.common.exceptions.InvalidTokenException.class)
public void rotate​(@NonNull
                   String tokenValue)
        Description copied from interface: RotatableTokenStore
        Given an encoded refresh token string, find that refresh token in the datastore and perform rotation setup on it. Specifically, mark the token as rotation and set its rotation expiration.
        Specified by:
        rotate in interface RotatableTokenStore
        Parameters:
        tokenValue - The refresh token to rotate

      • cleanupBatch

        @Transactional(propagation=REQUIRES_NEW)
public String cleanupBatch​(String startingId,
                           int partition)
        Description copied from interface: RotatableTokenStore
        Given a refresh token primary key from which to start (i.e. RefreshToken.getId(), delete all refresh tokens that have expired (either token expiration or rotation expiration) in a batch. The size of the batch is governed by TokenProperties.getCleanupBatchSize(). The intent is to call this method in succession until the response is null, indicating the whole table has been traversed.
        Specified by:
        cleanupBatch in interface RotatableTokenStore
        Parameters:
        startingId - The refresh token primary key from which to begin expiration detection and cleanup. This value should be null when run the first time.
        partition - The partition on which to perform the check (the startingId should be available in this partition)
        Returns:
        The last member of the batch. Use this value in the next call to cleanupBatch. This can be null if no records are available, only one record is available, or if the end of the batch is reached.

      • isolatedRemoveRefreshTokenById

        @Transactional(propagation=REQUIRES_NEW)
public void isolatedRemoveRefreshTokenById​(int partition,
                                           @NonNull
                                           String tokenId)
        Description copied from interface: RotatableTokenStore
        Remove a specific refresh token using its primary key and partition
        Specified by:
        isolatedRemoveRefreshTokenById in interface RotatableTokenStore
        Parameters:
        partition - The partition shard in which the refresh token entity exists
        tokenId - The primary key value of the refresh token

      • getPartition

        public int getPartition()
        Description copied from interface: RotatableTokenStore
        Randomly retrieve a partition number with the bounds of the partitions currently available to the system. This is the primary load balancing measure for distributing members across the available shards.
        Specified by:
        getPartition in interface RotatableTokenStore
        Returns:
        Random partition number with the bounds of the partitions currently available

      • getPartition

        public int getPartition​(@NonNull
                        String tokenValue)
        Description copied from interface: RotatableTokenStore
        Given an encoded refresh token string, find the partition on which that token is stored.
        Specified by:
        getPartition in interface RotatableTokenStore
        Parameters:
        tokenValue - The encoded refresh token string
        Returns:
        The partition on which that token is stored

      • getRootId

        @NonNull
public String getRootId​(@NonNull
                        String tokenValue)
        Description copied from interface: RotatableTokenStore
        Given an encoded refresh token string, find the root token JTI for the inheritance line.
        Specified by:
        getRootId in interface RotatableTokenStore
        Parameters:
        tokenValue - The encoded refresh token string
        Returns:
        The the root token JTI for the inheritance line. If this token is itself the root, then the response will be this token's own JTI.

      • getRepository

        protected RefreshTokenRepository<RefreshToken> getRepository​(int partition)
        Find the correct handling repository for a given partition identifier
        Parameters:
        partition - The partition identifier
        Returns:
        The handling repository

      • removeRefreshToken

        protected void removeRefreshToken​(String tokenValue)
        Given an encoded refresh token string, remove the refresh token from the datastore
        Parameters:
        tokenValue - The encoded refresh token string