Package com.broadleafcommerce.auth.token.service

Class DefaultRotatingTokenStore

java.lang.Object
org.springframework.security.oauth2.provider.token.store.JwtTokenStore
com.broadleafcommerce.auth.token.service.DefaultRotatingTokenStore
All Implemented Interfaces:
RotatableTokenStore, org.springframework.security.oauth2.provider.token.TokenStore
public class DefaultRotatingTokenStore extends org.springframework.security.oauth2.provider.token.store.JwtTokenStore implements RotatableTokenStore
A specialized TokenStore concept used to support the refresh token rotation concept in Broadleaf. Used in close conjunction with DefaultRotatingTokenServices and DefaultTokenCleanupServices.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    OID
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    DefaultRotatingTokenStore(org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter jwtTokenEnhancer, List<RefreshTokenRepository<RefreshToken>> repositories, TokenProperties properties, org.springframework.jdbc.core.JdbcTemplate jdbcTemplate)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    cleanupBatch(String startingId, int partition)
    Given a refresh token primary key from which to start (i.e.
    List<RefreshToken>
    findByAncestor(String tokenValue)
    Find all refresh token instances derived from the original, root refresh token.
    int
    getPartition()
    Randomly retrieve a partition number with the bounds of the partitions currently available to the system.
    int
    getPartition(String tokenValue)
    Given an encoded refresh token string, find the partition on which that token is stored.
    List<Integer>
    getPartitions()
    List all the partitions known to the system
    protected RefreshTokenRepository<RefreshToken>
    getRepository(int partition)
    Find the correct handling repository for a given partition identifier
    String
    getRootId(String tokenValue)
    Given an encoded refresh token string, find the root token JTI for the inheritance line.
    void
    isolatedRemoveRefreshTokenById(int partition, String tokenId)
    Remove a specific refresh token using its primary key and partition
    org.springframework.security.oauth2.common.OAuth2RefreshToken
    readRefreshToken(String tokenValue)
     
    RefreshToken
    readRefreshTokenEntity(String tokenValue)
    Given an encoded refresh token string, return the RefreshToken instance matching from the datastore.
    protected void
    removeRefreshToken(String tokenValue)
    Given an encoded refresh token string, remove the refresh token from the datastore
    void
    removeRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken token)
     
    void
    rotate(String tokenValue)
    Given an encoded refresh token string, find that refresh token in the datastore and perform rotation setup on it.
    void
    storeRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication, String ancestor)
    Store a refresh token in the datastore, and include the JTI value of the original, root refresh token in the line.

    Methods inherited from class org.springframework.security.oauth2.provider.token.store.JwtTokenStore

    findTokensByClientId, findTokensByClientIdAndUserName, getAccessToken, readAccessToken, readAuthentication, readAuthentication, readAuthenticationForRefreshToken, removeAccessToken, removeAccessTokenUsingRefreshToken, setApprovalStore, setTokenEnhancer, storeAccessToken, storeRefreshToken

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface com.broadleafcommerce.auth.token.service.RotatableTokenStore

    storeRefreshToken

    Methods inherited from interface org.springframework.security.oauth2.provider.token.TokenStore

    findTokensByClientId, findTokensByClientIdAndUserName, getAccessToken, readAccessToken, readAuthentication, readAuthentication, readAuthenticationForRefreshToken, removeAccessToken, removeAccessTokenUsingRefreshToken, storeAccessToken

  • Field Details

  • Constructor Details

    • DefaultRotatingTokenStore

      public DefaultRotatingTokenStore(org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter jwtTokenEnhancer, List<RefreshTokenRepository<RefreshToken>> repositories, TokenProperties properties, org.springframework.jdbc.core.JdbcTemplate jdbcTemplate)

  • Method Details

    • storeRefreshToken

      @Transactional public void storeRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken refreshToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication, String ancestor)
      Description copied from interface: RotatableTokenStore
      Store a refresh token in the datastore, and include the JTI value of the original, root refresh token in the line.
      Specified by:
      storeRefreshToken in interface RotatableTokenStore
      Parameters:
      refreshToken - The refresh token to store
      authentication - The current authentication associated with the token
      ancestor - The original, root refresh token JTI

    • readRefreshToken

      public org.springframework.security.oauth2.common.OAuth2RefreshToken readRefreshToken(String tokenValue)
      Specified by:
      readRefreshToken in interface org.springframework.security.oauth2.provider.token.TokenStore
      Overrides:
      readRefreshToken in class org.springframework.security.oauth2.provider.token.store.JwtTokenStore

    • readRefreshTokenEntity

      public RefreshToken readRefreshTokenEntity(@NonNull String tokenValue)
      Description copied from interface: RotatableTokenStore
      Given an encoded refresh token string, return the RefreshToken instance matching from the datastore.
      Specified by:
      readRefreshTokenEntity in interface RotatableTokenStore
      Parameters:
      tokenValue - The encoded refresh token string
      Returns:
      The RefreshToken instance matching from the datastore

    • removeRefreshToken

      @Transactional public void removeRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken token)
      Specified by:
      removeRefreshToken in interface org.springframework.security.oauth2.provider.token.TokenStore
      Overrides:
      removeRefreshToken in class org.springframework.security.oauth2.provider.token.store.JwtTokenStore

    • rotate

      @Transactional(noRollbackFor=org.springframework.security.oauth2.common.exceptions.InvalidTokenException.class) public void rotate(@NonNull String tokenValue)
      Description copied from interface: RotatableTokenStore
      Given an encoded refresh token string, find that refresh token in the datastore and perform rotation setup on it. Specifically, mark the token as rotation and set its rotation expiration.
      Specified by:
      rotate in interface RotatableTokenStore
      Parameters:
      tokenValue - The refresh token to rotate

    • cleanupBatch

      @Transactional(propagation=REQUIRES_NEW) public String cleanupBatch(String startingId, int partition)
      Description copied from interface: RotatableTokenStore
      Given a refresh token primary key from which to start (i.e. RefreshToken.getId(), delete all refresh tokens that have expired (either token expiration or rotation expiration) in a batch. The size of the batch is governed by TokenProperties.getCleanupBatchSize(). The intent is to call this method in succession until the response is null, indicating the whole table has been traversed.
      Specified by:
      cleanupBatch in interface RotatableTokenStore
      Parameters:
      startingId - The refresh token primary key from which to begin expiration detection and cleanup. This value should be null when run the first time.
      partition - The partition on which to perform the check (the startingId should be available in this partition)
      Returns:
      The last member of the batch. Use this value in the next call to cleanupBatch. This can be null if no records are available, only one record is available, or if the end of the batch is reached.

    • findByAncestor

      public List<RefreshToken> findByAncestor(@NonNull String tokenValue)
      Description copied from interface: RotatableTokenStore
      Find all refresh token instances derived from the original, root refresh token.
      Specified by:
      findByAncestor in interface RotatableTokenStore
      Parameters:
      tokenValue - The original, root refresh token
      Returns:
      All refresh token instances derived from the original, root refresh token
      See Also:

    • isolatedRemoveRefreshTokenById

      @Transactional(propagation=REQUIRES_NEW) public void isolatedRemoveRefreshTokenById(int partition, @NonNull String tokenId)
      Description copied from interface: RotatableTokenStore
      Remove a specific refresh token using its primary key and partition
      Specified by:
      isolatedRemoveRefreshTokenById in interface RotatableTokenStore
      Parameters:
      partition - The partition shard in which the refresh token entity exists
      tokenId - The primary key value of the refresh token

    • getPartition

      public int getPartition()
      Description copied from interface: RotatableTokenStore
      Randomly retrieve a partition number with the bounds of the partitions currently available to the system. This is the primary load balancing measure for distributing members across the available shards.
      Specified by:
      getPartition in interface RotatableTokenStore
      Returns:
      Random partition number with the bounds of the partitions currently available

    • getPartition

      public int getPartition(@NonNull String tokenValue)
      Description copied from interface: RotatableTokenStore
      Given an encoded refresh token string, find the partition on which that token is stored.
      Specified by:
      getPartition in interface RotatableTokenStore
      Parameters:
      tokenValue - The encoded refresh token string
      Returns:
      The partition on which that token is stored

    • getPartitions

      public List<Integer> getPartitions()
      Description copied from interface: RotatableTokenStore
      List all the partitions known to the system
      Specified by:
      getPartitions in interface RotatableTokenStore
      Returns:
      All the partitions known to the system

    • getRootId

      @NonNull public String getRootId(@NonNull String tokenValue)
      Description copied from interface: RotatableTokenStore
      Given an encoded refresh token string, find the root token JTI for the inheritance line.
      Specified by:
      getRootId in interface RotatableTokenStore
      Parameters:
      tokenValue - The encoded refresh token string
      Returns:
      The the root token JTI for the inheritance line. If this token is itself the root, then the response will be this token's own JTI.

    • getRepository

      protected RefreshTokenRepository<RefreshToken> getRepository(int partition)
      Find the correct handling repository for a given partition identifier
      Parameters:
      partition - The partition identifier
      Returns:
      The handling repository

    • removeRefreshToken

      protected void removeRefreshToken(String tokenValue)
      Given an encoded refresh token string, remove the refresh token from the datastore
      Parameters:
      tokenValue - The encoded refresh token string