diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java index 0fc0cf97..0b53abc7 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java @@ -9,7 +9,7 @@ package ch.ethz.seb.sebserver.webservice.weblayer; import org.springframework.context.annotation.Lazy; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; @@ -45,8 +45,8 @@ public class WebServiceUserDetails throws UsernameNotFoundException { final Object principal = token.getPrincipal(); - if (principal instanceof UsernamePasswordAuthenticationToken) { - return loadUserByUsername(((UsernamePasswordAuthenticationToken) principal).getName()); + if (principal instanceof AbstractAuthenticationToken) { + return loadUserByUsername(((AbstractAuthenticationToken) principal).getName()); } throw new UsernameNotFoundException("No User for principal: " + principal + " found"); diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java index 70b9f61a..27ad8904 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java @@ -99,7 +99,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap defaultTokenServices.setTokenStore(this.tokenStore); defaultTokenServices.setAuthenticationManager(this.authenticationManager); defaultTokenServices.setSupportRefreshToken(true); - defaultTokenServices.setReuseRefreshToken(true); + defaultTokenServices.setReuseRefreshToken(false); defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter); defaultTokenServices.setAccessTokenValiditySeconds(this.adminAccessTokenValSec); defaultTokenServices.setRefreshTokenValiditySeconds(this.adminRefreshTokenValSec); diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/CachableJdbcTokenStore.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/CachableJdbcTokenStore.java index e8e61dae..fa1d0027 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/CachableJdbcTokenStore.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/CachableJdbcTokenStore.java @@ -135,6 +135,10 @@ public class CachableJdbcTokenStore implements TokenStore { } @Override + @Caching(evict = { + @CacheEvict(cacheNames = AUTHENTICATION_TOKEN_CACHE, allEntries = true), + @CacheEvict(cacheNames = ACCESS_TOKEN_CACHE_NAME, allEntries = true) + }) public void removeAccessTokenUsingRefreshToken(final OAuth2RefreshToken refreshToken) { this.jdbcTokenStore.removeAccessTokenUsingRefreshToken(refreshToken); } diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java index ec308629..5f3adb5a 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java @@ -135,7 +135,7 @@ public abstract class WebserviceResourceConfiguration extends ResourceServerConf tokenService.setTokenStore(this.tokenStore); tokenService.setClientDetailsService(this.webServiceClientDetails); tokenService.setSupportRefreshToken(this.supportRefreshToken); - tokenService.setSupportRefreshToken(this.supportRefreshToken); + tokenService.setReuseRefreshToken(false); tokenService.setAuthenticationManager(this.authenticationManager); tokenService.setAccessTokenValiditySeconds(this.accessTokenValiditySeconds); tokenService.setRefreshTokenValiditySeconds(this.refreshTokenValiditySeconds);