Package com.broadleafcommerce.auth.token.service

Interface RotatableTokenStore

  • All Superinterfaces:
    org.springframework.security.oauth2.provider.token.TokenStore
    All Known Implementing Classes:
    DefaultRotatingTokenStore
    public interface RotatableTokenStore
extends org.springframework.security.oauth2.provider.token.TokenStore
    A specialized TokenStore concept used to support the refresh token rotation concept in Broadleaf.

    • Method Summary

      All Methods Instance Methods Abstract Methods Default Methods 
      Modifier and Type Method Description
      String cleanupBatch​(String startingId, int partition)
      Given a refresh token primary key from which to start (i.e.
      List<RefreshToken> findByAncestor​(String tokenValue)
      Find all refresh token instances derived from the original, root refresh token.
      int getPartition()
      Randomly retrieve a partition number with the bounds of the partitions currently available to the system.
      int getPartition​(String tokenValue)
      Given an encoded refresh token string, find the partition on which that token is stored.
      List<Integer> getPartitions()
      List all the partitions known to the system
      String getRootId​(String tokenValue)
      Given an encoded refresh token string, find the root token JTI for the inheritance line.
      void isolatedRemoveRefreshTokenById​(int partition, String tokenId)
      Remove a specific refresh token using its primary key and partition
      RefreshToken readRefreshTokenEntity​(String tokenValue)
      Given an encoded refresh token string, return the RefreshToken instance matching from the datastore.
      void rotate​(String tokenValue)
      Given an encoded refresh token string, find that refresh token in the datastore and perform rotation setup on it.
      default void storeRefreshToken​(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)  
      void storeRefreshToken​(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication, String ancestorRefreshToken)
      Store a refresh token in the datastore, and include the JTI value of the original, root refresh token in the line.

      • Methods inherited from interface org.springframework.security.oauth2.provider.token.TokenStore

        findTokensByClientId, findTokensByClientIdAndUserName, getAccessToken, readAccessToken, readAuthentication, readAuthentication, readAuthenticationForRefreshToken, readRefreshToken, removeAccessToken, removeAccessTokenUsingRefreshToken, removeRefreshToken, storeAccessToken

    • Method Detail

      • rotate

        void rotate​(@NonNull
            String tokenValue)
        Given an encoded refresh token string, find that refresh token in the datastore and perform rotation setup on it. Specifically, mark the token as rotation and set its rotation expiration.
        Parameters:
        tokenValue - The refresh token to rotate
        Throws:
        org.springframework.security.oauth2.common.exceptions.InvalidTokenException - Thrown if the rotation fails

      • findByAncestor

        @NonNull
List<RefreshToken> findByAncestor​(@NonNull
                                  String tokenValue)
        Find all refresh token instances derived from the original, root refresh token.
        Parameters:
        tokenValue - The original, root refresh token
        Returns:
        All refresh token instances derived from the original, root refresh token
        See Also:
        RefreshTokenRepository.findByAncestor(String)

      • isolatedRemoveRefreshTokenById

        void isolatedRemoveRefreshTokenById​(int partition,
                                    @NonNull
                                    String tokenId)
        Remove a specific refresh token using its primary key and partition
        Parameters:
        partition - The partition shard in which the refresh token entity exists
        tokenId - The primary key value of the refresh token

      • storeRefreshToken

        void storeRefreshToken​(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken,
                       org.springframework.security.oauth2.provider.OAuth2Authentication authentication,
                       String ancestorRefreshToken)
        Store a refresh token in the datastore, and include the JTI value of the original, root refresh token in the line.
        Parameters:
        refreshToken - The refresh token to store
        authentication - The current authentication associated with the token
        ancestorRefreshToken - The original, root refresh token JTI

      • storeRefreshToken

        default void storeRefreshToken​(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken,
                               org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
        Specified by:
        storeRefreshToken in interface org.springframework.security.oauth2.provider.token.TokenStore

      • getPartition

        int getPartition()
        Randomly retrieve a partition number with the bounds of the partitions currently available to the system. This is the primary load balancing measure for distributing members across the available shards.
        Returns:
        Random partition number with the bounds of the partitions currently available

      • getPartition

        int getPartition​(@NonNull
                 String tokenValue)
        Given an encoded refresh token string, find the partition on which that token is stored.
        Parameters:
        tokenValue - The encoded refresh token string
        Returns:
        The partition on which that token is stored

      • getPartitions

        @NonNull
List<Integer> getPartitions()
        List all the partitions known to the system
        Returns:
        All the partitions known to the system

      • readRefreshTokenEntity

        @Nullable
RefreshToken readRefreshTokenEntity​(@NonNull
                                    String tokenValue)
        Given an encoded refresh token string, return the RefreshToken instance matching from the datastore.
        Parameters:
        tokenValue - The encoded refresh token string
        Returns:
        The RefreshToken instance matching from the datastore

      • cleanupBatch

        @Nullable
String cleanupBatch​(@Nullable
                    String startingId,
                    int partition)
        Given a refresh token primary key from which to start (i.e. RefreshToken.getId(), delete all refresh tokens that have expired (either token expiration or rotation expiration) in a batch. The size of the batch is governed by TokenProperties.getCleanupBatchSize(). The intent is to call this method in succession until the response is null, indicating the whole table has been traversed.
        Parameters:
        startingId - The refresh token primary key from which to begin expiration detection and cleanup. This value should be null when run the first time.
        partition - The partition on which to perform the check (the startingId should be available in this partition)
        Returns:
        The last member of the batch. Use this value in the next call to cleanupBatch. This can be null if no records are available, only one record is available, or if the end of the batch is reached.

      • getRootId

        @NonNull
String getRootId​(@NonNull
                 String tokenValue)
        Given an encoded refresh token string, find the root token JTI for the inheritance line.
        Parameters:
        tokenValue - The encoded refresh token string
        Returns:
        The the root token JTI for the inheritance line. If this token is itself the root, then the response will be this token's own JTI.