java - Spring OAuth2 Generate Access Token per request to the Token Endpoint -

-

is possible generate multiple valid access tokens using client_credentials or password grant type per request?

generating token using above grant types gives new token when current 1 expires per request.

i can use password grant type generate refresh token , generate multiple access tokens, doing invalidate previous access tokens.

any idea how change allow access token generated per request /oauth/token endpoint , insure previous tokens not invalidated?

below xml configuration of oauth server.

<!-- oauth2 config start-->   <sec:http pattern="/test/oauth/token" create-session="never"               authentication-manager-ref="authenticationmanager" >          <sec:intercept-url pattern="/test/oauth/token" access="is_authenticated_fully" />         <sec:anonymous enabled="false" />         <sec:http-basic entry-point-ref="clientauthenticationentrypoint"/>         <sec:custom-filter ref="clientcredentialstokenendpointfilter" before="basic_auth_filter" />          <sec:access-denied-handler ref="oauthaccessdeniedhandler" />      </sec:http>       <bean id="clientcredentialstokenendpointfilter"           class="org.springframework.security.oauth2.provider.client.clientcredentialstokenendpointfilter">         <property name="authenticationmanager" ref="authenticationmanager" />     </bean>      <sec:authentication-manager alias="authenticationmanager">         <sec:authentication-provider user-service-ref="clientdetailsuserservice" />     </sec:authentication-manager>      <bean id="clientdetailsuserservice"           class="org.springframework.security.oauth2.provider.client.clientdetailsuserdetailsservice">         <constructor-arg ref="clientdetails" />     </bean>      <bean id="clientdetails" class="org.security.oauth2.clientdetailsserviceimpl"></bean>      <bean id="clientauthenticationentrypoint"           class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint">         <property name="realmname" value="springsec/client" />         <property name="typename" value="basic" />     </bean>      <bean id="oauthaccessdeniedhandler"           class="org.springframework.security.oauth2.provider.error.oauth2accessdeniedhandler"/>      <oauth:authorization-server         client-details-service-ref="clientdetails" token-services-ref="tokenservices">         <oauth:authorization-code />         <oauth:implicit/>         <oauth:refresh-token/>         <oauth:client-credentials />         <oauth:password authentication-manager-ref="userauthenticationmanager"/>     </oauth:authorization-server>      <sec:authentication-manager id="userauthenticationmanager">         <sec:authentication-provider  ref="customuserauthenticationprovider">         </sec:authentication-provider>     </sec:authentication-manager>      <bean id="customuserauthenticationprovider"           class="org.security.oauth2.customuserauthenticationprovider">     </bean>      <bean id="tokenservices"            class="org.springframework.security.oauth2.provider.token.defaulttokenservices">         <property name="tokenstore" ref="tokenstore" />         <property name="supportrefreshtoken" value="true" />         <property name="accesstokenvalidityseconds" value="300"></property>         <property name="clientdetailsservice" ref="clientdetails" />     </bean>      <bean id="tokenstore" class="org.springframework.security.oauth2.provider.token.store.jdbctokenstore">         <constructor-arg ref="jdbctemplate" />     </bean>      <bean id="jdbctemplate"            class="org.springframework.jdbc.datasource.drivermanagerdatasource">         <property name="driverclassname" value="com.mysql.jdbc.driver"/>         <property name="url" value="jdbc:mysql://localhost:3306/oauthdb"/>         <property name="username" value="root"/>         <property name="password" value="password"/>     </bean>     <bean id="oauthauthenticationentrypoint"           class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint">     </bean>

updated on 21/11/2014

when double check, found inmemorytokenstore use oauth2authentication's hash string key of serveral map. , when use same username, client_id, scope.. , got same key. may leading problem. think old way deprecated. following did avoid problem.

create authenticationkeygenerator can calculate unique key, called uniqueauthenticationkeygenerator

/*  * copyright 2006-2011 original author or authors.  *   * licensed under apache license, version 2.0 (the "license"); may not use file except in compliance  * license. may obtain copy of license @  *   * http://www.apache.org/licenses/license-2.0  *   * unless required applicable law or agreed in writing, software distributed under license distributed on  * "as is" basis, without warranties or conditions of kind, either express or implied. see license  * specific language governing permissions , limitations under license.  */  /**  * basic key generator taking account client id, scope, resource ids , username (principal name) if  * exist.  *   * @author dave syer  * @author thanh  */ public class uniqueauthenticationkeygenerator implements authenticationkeygenerator {      private static final string client_id = "client_id";      private static final string scope = "scope";      private static final string username = "username";      private static final string uuid_key = "uuid";      public string extractkey(oauth2authentication authentication) {         map<string, string> values = new linkedhashmap<string, string>();         oauth2request authorizationrequest = authentication.getoauth2request();         if (!authentication.isclientonly()) {             values.put(username, authentication.getname());         }         values.put(client_id, authorizationrequest.getclientid());         if (authorizationrequest.getscope() != null) {             values.put(scope, oauth2utils.formatparameterlist(authorizationrequest.getscope()));         }         map<string, serializable> extentions = authorizationrequest.getextensions();         string uuid = null;         if (extentions == null) {             extentions = new hashmap<string, serializable>(1);             uuid = uuid.randomuuid().tostring();             extentions.put(uuid_key, uuid);         } else {             uuid = (string) extentions.get(uuid_key);             if (uuid == null) {                 uuid = uuid.randomuuid().tostring();                 extentions.put(uuid_key, uuid);             }         }         values.put(uuid_key, uuid);          messagedigest digest;         try {             digest = messagedigest.getinstance("md5");         }         catch (nosuchalgorithmexception e) {             throw new illegalstateexception("md5 algorithm not available.  fatal (should in jdk).");         }          try {             byte[] bytes = digest.digest(values.tostring().getbytes("utf-8"));             return string.format("%032x", new biginteger(1, bytes));         }         catch (unsupportedencodingexception e) {             throw new illegalstateexception("utf-8 encoding not available.  fatal (should in jdk).");         }     } }

finally, wire them up

<bean id="tokenstore" class="org.springframework.security.oauth2.provider.token.store.jdbctokenstore">     <constructor-arg ref="jdbctemplate" />     <property name="authenticationkeygenerator">         <bean class="your.package.uniqueauthenticationkeygenerator" />     </property> </bean>

below way may leading problem, see updated answer!!!

using defaulttokenservices. try code , make sure re-define `tokenservices` package com.thanh.backend.oauth2.core; import java.util.date; import java.util.uuid; import org.springframework.security.core.authenticationexception; import org.springframework.security.oauth2.common.defaultexpiringoauth2refreshtoken; import org.springframework.security.oauth2.common.defaultoauth2accesstoken; import org.springframework.security.oauth2.common.expiringoauth2refreshtoken; import org.springframework.security.oauth2.common.oauth2accesstoken; import org.springframework.security.oauth2.common.oauth2refreshtoken; import org.springframework.security.oauth2.provider.oauth2authentication; import org.springframework.security.oauth2.provider.token.defaulttokenservices; import org.springframework.security.oauth2.provider.token.tokenenhancer; import org.springframework.security.oauth2.provider.token.tokenstore; /** * @author thanh */ public class simpletokenservice extends defaulttokenservices { private tokenstore tokenstore; private tokenenhancer accesstokenenhancer; @override public oauth2accesstoken createaccesstoken(oauth2authentication authentication) throws authenticationexception { oauth2refreshtoken refreshtoken = createrefreshtoken(authentication);; oauth2accesstoken accesstoken = createaccesstoken(authentication, refreshtoken); tokenstore.storeaccesstoken(accesstoken, authentication); tokenstore.storerefreshtoken(refreshtoken, authentication); return accesstoken; } private oauth2accesstoken createaccesstoken(oauth2authentication authentication, oauth2refreshtoken refreshtoken) { defaultoauth2accesstoken token = new defaultoauth2accesstoken(uuid.randomuuid().tostring()); int validityseconds = getaccesstokenvalidityseconds(authentication.getoauth2request()); if (validityseconds > 0) { token.setexpiration(new date(system.currenttimemillis() + (validityseconds * 1000l))); } token.setrefreshtoken(refreshtoken); token.setscope(authentication.getoauth2request().getscope()); return accesstokenenhancer != null ? accesstokenenhancer.enhance(token, authentication) : token; } private expiringoauth2refreshtoken createrefreshtoken(oauth2authentication authentication) { if (!issupportrefreshtoken(authentication.getoauth2request())) { return null; } int validityseconds = getrefreshtokenvalidityseconds(authentication.getoauth2request()); expiringoauth2refreshtoken refreshtoken = new defaultexpiringoauth2refreshtoken(uuid.randomuuid().tostring(), new date(system.currenttimemillis() + (validityseconds * 1000l))); return refreshtoken; } @override public void settokenenhancer(tokenenhancer accesstokenenhancer) { super.settokenenhancer(accesstokenenhancer); this.accesstokenenhancer = accesstokenenhancer; } @override public void settokenstore(tokenstore tokenstore) { super.settokenstore(tokenstore); this.tokenstore = tokenstore; } }

Comments

Post a Comment

Popular posts from this blog

java - Oracle EBS .ClassNotFoundException: oracle.apps.fnd.formsClient.FormsLauncher.class ERROR -

-
i need in configuring java on machine because, when try loading forms, loader goes in circles , gives error: java.lang.classnotfoundexception: oracle.apps.fnd.formsclient.formslauncher.class @ sun.plugin2.applet.applet2classloader.findclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass0(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ java.lang.classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadcode(unknown source) @ sun.plugin2.applet.plugin2manager.createapplet(unknown source) @ sun.plugin2.applet.plugin2manager$appletexecutionrunnable.run (unknown source) @ java.lang.thread.run(unknown source) i have tried re-installing firefox, older versions of java runtime environments, disabling proxy. what missing? application working on other machines. i spent around 100 hours finding s...
Read more

c# - how to use buttonedit in devexpress gridcontrol -

-
Image
i trying create gridcontrol buttonedit in 1 of columns. when user clicks button edit, popups form select product. when selection done on popup, returns datarow selection main grid below. but when column loses focus, value wrote column disappear. here code creates gridcontrol's data , buttonedit's click event. private void frmsiparisnew_load(object sender, eventargs e) { dt = new datatable(); dt.columns.add("malzeme_kodu",typeof(string)); dt.columns.add("malzeme_aciklama", typeof(string)); dt.columns.add("adet", typeof(decimal)); dt.columns.add("birim", typeof(string)); dt.columns.add("fiyat", typeof(decimal)); dt.columns.add("kur", typeof(string)); dt.columns.add("tutar", typeof(decimal)); datarow dr = dt.newrow(); dt.rows.add(dr); gc.datasource = dt; } private void repositoryitembuttoneditmal...
Read more

How do you convert a timestamp into a datetime in python with the correct timezone? -

-
you naively expect work: import pytz datetime import datetime def tz_datetime_from_timestamp(timestamp): """convert timestamp datetime """ tz = pytz.timezone('australia/perth') server_time = datetime.utcnow() delta = tz.utcoffset(server_time) value = datetime.utcfromtimestamp(timestamp).replace(tzinfo=tz) return value + delta print tz_datetime_from_timestamp(1416387060) and convert timestamp 1416387060 wed nov 19 16:51:00 2014 gmt+8:00. ...but not. prints: 2014-11-19 16:51:00+07:43 the timezone of australia/perth not gmt+7:43. it gmt+8:00. unequivocally stated on australian government website http://www.australia.gov.au/about-australia/our-country/time : awst equal coordinated universal time plus 8 hours (utc +8). so, heck pytz pulling 7.43 from? well, turns out pytz pulls data http://www.iana.org/time-zones time zone database, , database states: # western australia # # rule name type in on @...
Read more