fixed refresh token request

This commit is contained in:
anhefti 2023-07-18 15:15:48 +02:00
parent cda0ddb926
commit 26178f66fb
4 changed files with 9 additions and 5 deletions

View file

@ -9,7 +9,7 @@
package ch.ethz.seb.sebserver.webservice.weblayer;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
@ -45,8 +45,8 @@ public class WebServiceUserDetails
throws UsernameNotFoundException {
final Object principal = token.getPrincipal();
if (principal instanceof UsernamePasswordAuthenticationToken) {
return loadUserByUsername(((UsernamePasswordAuthenticationToken) principal).getName());
if (principal instanceof AbstractAuthenticationToken) {
return loadUserByUsername(((AbstractAuthenticationToken) principal).getName());
}
throw new UsernameNotFoundException("No User for principal: " + principal + " found");

View file

@ -99,7 +99,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
defaultTokenServices.setTokenStore(this.tokenStore);
defaultTokenServices.setAuthenticationManager(this.authenticationManager);
defaultTokenServices.setSupportRefreshToken(true);
defaultTokenServices.setReuseRefreshToken(true);
defaultTokenServices.setReuseRefreshToken(false);
defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter);
defaultTokenServices.setAccessTokenValiditySeconds(this.adminAccessTokenValSec);
defaultTokenServices.setRefreshTokenValiditySeconds(this.adminRefreshTokenValSec);

View file

@ -135,6 +135,10 @@ public class CachableJdbcTokenStore implements TokenStore {
}
@Override
@Caching(evict = {
@CacheEvict(cacheNames = AUTHENTICATION_TOKEN_CACHE, allEntries = true),
@CacheEvict(cacheNames = ACCESS_TOKEN_CACHE_NAME, allEntries = true)
})
public void removeAccessTokenUsingRefreshToken(final OAuth2RefreshToken refreshToken) {
this.jdbcTokenStore.removeAccessTokenUsingRefreshToken(refreshToken);
}

View file

@ -135,7 +135,7 @@ public abstract class WebserviceResourceConfiguration extends ResourceServerConf
tokenService.setTokenStore(this.tokenStore);
tokenService.setClientDetailsService(this.webServiceClientDetails);
tokenService.setSupportRefreshToken(this.supportRefreshToken);
tokenService.setSupportRefreshToken(this.supportRefreshToken);
tokenService.setReuseRefreshToken(false);
tokenService.setAuthenticationManager(this.authenticationManager);
tokenService.setAccessTokenValiditySeconds(this.accessTokenValiditySeconds);
tokenService.setRefreshTokenValiditySeconds(this.refreshTokenValiditySeconds);