fixed refresh token request

2023-07-18 15:15:48 +02:00 · 2023-07-18 15:15:48 +02:00 · 26178f66fb
commit 26178f66fb
parent cda0ddb926
4 changed files with 9 additions and 5 deletions
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceUserDetails.java
@ -9,7 +9,7 @@
 package ch.ethz.seb.sebserver.webservice.weblayer;
 import org.springframework.context.annotation.Lazy;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@ -45,8 +45,8 @@ public class WebServiceUserDetails
            throws UsernameNotFoundException {
        final Object principal = token.getPrincipal();
-        if (principal instanceof UsernamePasswordAuthenticationToken) {
+        if (principal instanceof AbstractAuthenticationToken) {
-            return loadUserByUsername(((UsernamePasswordAuthenticationToken) principal).getName());
+            return loadUserByUsername(((AbstractAuthenticationToken) principal).getName());
        }
        throw new UsernameNotFoundException("No User for principal: " + principal + " found");
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java
@ -99,7 +99,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
        defaultTokenServices.setTokenStore(this.tokenStore);
        defaultTokenServices.setAuthenticationManager(this.authenticationManager);
        defaultTokenServices.setSupportRefreshToken(true);
-        defaultTokenServices.setReuseRefreshToken(true);
+        defaultTokenServices.setReuseRefreshToken(false);
        defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter);
        defaultTokenServices.setAccessTokenValiditySeconds(this.adminAccessTokenValSec);
        defaultTokenServices.setRefreshTokenValiditySeconds(this.adminRefreshTokenValSec);
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/CachableJdbcTokenStore.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/CachableJdbcTokenStore.java
@ -135,6 +135,10 @@ public class CachableJdbcTokenStore implements TokenStore {
    }
    @Override
    @Caching(evict = {
            @CacheEvict(cacheNames = AUTHENTICATION_TOKEN_CACHE, allEntries = true),
            @CacheEvict(cacheNames = ACCESS_TOKEN_CACHE_NAME, allEntries = true)
    })
    public void removeAccessTokenUsingRefreshToken(final OAuth2RefreshToken refreshToken) {
        this.jdbcTokenStore.removeAccessTokenUsingRefreshToken(refreshToken);
    }
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/WebserviceResourceConfiguration.java
@ -135,7 +135,7 @@ public abstract class WebserviceResourceConfiguration extends ResourceServerConf
            tokenService.setTokenStore(this.tokenStore);
            tokenService.setClientDetailsService(this.webServiceClientDetails);
            tokenService.setSupportRefreshToken(this.supportRefreshToken);
-            tokenService.setSupportRefreshToken(this.supportRefreshToken);
+            tokenService.setReuseRefreshToken(false);
            tokenService.setAuthenticationManager(this.authenticationManager);
            tokenService.setAccessTokenValiditySeconds(this.accessTokenValiditySeconds);
            tokenService.setRefreshTokenValiditySeconds(this.refreshTokenValiditySeconds);