org.springframework.security.oauth2.provider.token
Class JwtTokenServices

java.lang.Object
  org.springframework.security.oauth2.provider.token.JwtTokenServices

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, AuthorizationServerTokenServices, ResourceServerTokenServices

public class JwtTokenServices
extends Object
implements AuthorizationServerTokenServices, ResourceServerTokenServices, org.springframework.beans.factory.InitializingBean

Token services for authorization server and resource server based on JWT encoded token values. There is no need for shared storage because all of the state is carried in the token values.

Author:

Dave Syer

Field Summary

static String

TOKEN_ID Field name for token id.

Constructor Summary

JwtTokenServices()

Method Summary

void	afterPropertiesSet()
OAuth2AccessToken	createAccessToken(OAuth2Authentication authentication) Create an access token associated with the specified credentials.
OAuth2AccessToken	getAccessToken(OAuth2Authentication authentication) Retrieve an access token stored against the provided authentication key, if it exists.
protected int	getAccessTokenValiditySeconds(OAuth2Request authorizationRequest) The access token validity period in seconds
protected int	getRefreshTokenValiditySeconds(OAuth2Request authorizationRequest) The refresh token validity period in seconds
protected boolean	isExpired(OAuth2AccessToken expiringToken) Utility method to check if a token is expired.
protected boolean	isSupportRefreshToken(OAuth2Request authorizationRequest) Is a refresh token supported for this client (or the global setting if clientDetailsService is not set.
OAuth2Authentication	loadAuthentication(String token) Load the credentials for the specified access token.
OAuth2AccessToken	readAccessToken(String token) Retrieve the full access token details from just the value.
OAuth2AccessToken	refreshAccessToken(String refreshTokenValue, TokenRequest request) Refresh an access token.
void	setAccessTokenValiditySeconds(int accessTokenValiditySeconds) The default validity (in seconds) of the access token.
void	setAuthenticationKeyGenerator(AuthenticationKeyGenerator authenticationKeyGenerator) The key generator that is used to extract a unique identifier for an access token.
void	setClientDetailsService(ClientDetailsService clientDetailsService) The client details service to use for looking up clients (if necessary).
void	setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds) The validity (in seconds) of the refresh token.
void	setReuseRefreshToken(boolean reuseRefreshToken) Whether to reuse refresh tokens (until expired).
void	setSigningKey(String key) Sets the JWT signing key.
void	setSupportRefreshToken(boolean supportRefreshToken) Whether to support the refresh token.
void	setTokenEnhancer(TokenEnhancer accessTokenEnhancer) An access token enhancer that will be applied to a new token before it is saved in the token store.
void	setVerifierKey(String key) The key used for verifying signatures produced by this class.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TOKEN_ID

public static final String TOKEN_ID

Field name for token id.

See Also:

Constant Field Values

Constructor Detail

JwtTokenServices

public JwtTokenServices()

Method Detail

setSupportRefreshToken

public void setSupportRefreshToken(boolean supportRefreshToken)

Whether to support the refresh token.

Parameters:

supportRefreshToken - Whether to support the refresh token.

setReuseRefreshToken

public void setReuseRefreshToken(boolean reuseRefreshToken)

Whether to reuse refresh tokens (until expired).

Parameters:

reuseRefreshToken - Whether to reuse refresh tokens (until expired).

setTokenEnhancer

public void setTokenEnhancer(TokenEnhancer accessTokenEnhancer)

An access token enhancer that will be applied to a new token before it is saved in the token store.

Parameters:

accessTokenEnhancer - the access token enhancer to set

setRefreshTokenValiditySeconds

public void setRefreshTokenValiditySeconds(int refreshTokenValiditySeconds)

The validity (in seconds) of the refresh token.

Parameters:

refreshTokenValiditySeconds - The validity (in seconds) of the refresh token.

setAccessTokenValiditySeconds

public void setAccessTokenValiditySeconds(int accessTokenValiditySeconds)

The default validity (in seconds) of the access token. Zero or negative for non-expiring tokens. If a client details service is set the validity period will be read from he client, defaulting to this value if not defined by the client.

Parameters:

accessTokenValiditySeconds - The validity (in seconds) of the access token.

setClientDetailsService

public void setClientDetailsService(ClientDetailsService clientDetailsService)

The client details service to use for looking up clients (if necessary). Optional if the access token expiry is set globally via setAccessTokenValiditySeconds(int).

Parameters:

clientDetailsService - the client details service

setAuthenticationKeyGenerator

public void setAuthenticationKeyGenerator(AuthenticationKeyGenerator authenticationKeyGenerator)

The key generator that is used to extract a unique identifier for an access token.

Parameters:

authenticationKeyGenerator - a key generator

setVerifierKey

public void setVerifierKey(String key)

The key used for verifying signatures produced by this class. This is not used but is returned from the endpoint to allow resource servers to obtain the key.

Parameters:

key - the signature verification key (typically an RSA public key)

setSigningKey

public void setSigningKey(String key)

Sets the JWT signing key. It can be either a simple MAC key or an RSA key. RSA keys should be in OpenSSH format, as produced by ssh-keygen.

Parameters:

key - the key to be used for signing JWTs.

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

Exception

loadAuthentication

public OAuth2Authentication loadAuthentication(String token)
                                        throws org.springframework.security.core.AuthenticationException

Description copied from interface: ResourceServerTokenServices

Load the credentials for the specified access token.

Specified by:

loadAuthentication in interface ResourceServerTokenServices

Parameters:

token - The access token value.

Returns:

The authentication for the access token.

Throws:

org.springframework.security.core.AuthenticationException - If the access token is expired

readAccessToken

public OAuth2AccessToken readAccessToken(String token)

Description copied from interface: ResourceServerTokenServices

Retrieve the full access token details from just the value.

Specified by:

readAccessToken in interface ResourceServerTokenServices

Parameters:

token - the token value

Returns:

the full access token with client id etc.

createAccessToken

public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication)
                                    throws org.springframework.security.core.AuthenticationException

Description copied from interface: AuthorizationServerTokenServices

Create an access token associated with the specified credentials.

Specified by:

createAccessToken in interface AuthorizationServerTokenServices

Parameters:

authentication - The credentials associated with the access token.

Returns:

The access token.

Throws:

org.springframework.security.core.AuthenticationException - If the credentials are inadequate.

refreshAccessToken

public OAuth2AccessToken refreshAccessToken(String refreshTokenValue,
                                            TokenRequest request)
                                     throws org.springframework.security.core.AuthenticationException

Description copied from interface: AuthorizationServerTokenServices

Refresh an access token. The authorization request should be used for 2 things (at least): to validate that the client id of the original access token is the same as the one requesting the refresh, and to narrow the scopes (if provided).

Specified by:

refreshAccessToken in interface AuthorizationServerTokenServices

Parameters:

refreshTokenValue - The details about the refresh token.

request - The incoming token request.

Returns:

The (new) access token.

Throws:

org.springframework.security.core.AuthenticationException - If the refresh token is invalid or expired.

getAccessToken

public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication)

Description copied from interface: AuthorizationServerTokenServices

Retrieve an access token stored against the provided authentication key, if it exists.

Specified by:

getAccessToken in interface AuthorizationServerTokenServices

Parameters:

authentication - the authentication key for the access token

Returns:

the access token or null if there was none

isExpired

protected boolean isExpired(OAuth2AccessToken expiringToken)

Utility method to check if a token is expired.

Parameters:

expiringToken - an access token

Returns:

true if it is expired

isSupportRefreshToken

protected boolean isSupportRefreshToken(OAuth2Request authorizationRequest)

Is a refresh token supported for this client (or the global setting if clientDetailsService is not set.

Parameters:

authorizationRequest - the current authorization request

Returns:

boolean to indicate if refresh token is supported

getAccessTokenValiditySeconds

protected int getAccessTokenValiditySeconds(OAuth2Request authorizationRequest)

The access token validity period in seconds

Parameters:

authorizationRequest - the current authorization request

Returns:

the access token validity period in seconds

getRefreshTokenValiditySeconds

protected int getRefreshTokenValiditySeconds(OAuth2Request authorizationRequest)

The refresh token validity period in seconds

Parameters:

authorizationRequest - the current authorization request

Returns:

the refresh token validity period in seconds