fixed OAuth2 JDBCTokenStore cache

src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/CachableJdbcTokenStore.java

@@ -50,10 +50,6 @@ public class CachableJdbcTokenStore implements TokenStore {
     }
 
     @Override
-    @Cacheable(
-            cacheNames = CACHE_NAME,
-            key = "#token",
-            unless = "#result == null")
     public OAuth2Authentication readAuthentication(final OAuth2AccessToken token) {
         if (log.isDebugEnabled()) {
             log.debug("Read authentication from persistent and cache if available");
@@ -68,6 +64,10 @@ public class CachableJdbcTokenStore implements TokenStore {
     }
 
     @Override
+    @Cacheable(
+            cacheNames = CACHE_NAME,
+            key = "#tokenValue",
+            unless = "#result == null")
     public OAuth2AccessToken readAccessToken(final String tokenValue) {
         return this.jdbcTokenStore.readAccessToken(tokenValue);
     }
@@ -75,7 +75,7 @@ public class CachableJdbcTokenStore implements TokenStore {
     @Override
     @CacheEvict(
             cacheNames = CACHE_NAME,
-            key = "#token")
+            key = "#token.getValue()")
     public void removeAccessToken(final OAuth2AccessToken token) {
         if (log.isDebugEnabled()) {
             log.debug("Evict token from cache and remove it also from persistent store");

src/main/resources/config/ehcache.xml

@@ -61,10 +61,10 @@
     </cache>
     
     <cache alias="ACCESS_TOKEN_STORE_CACHE">
-        <key-type>org.springframework.security.oauth2.common.OAuth2AccessToken</key-type>
+        <key-type>java.lang.String</key-type>
-        <value-type>org.springframework.security.oauth2.provider.OAuth2Authentication</value-type>
+        <value-type>org.springframework.security.oauth2.common.OAuth2AccessToken</value-type>
         <expiry>
-            <ttl unit="hours">24</ttl>
+            <ttl unit="hours">1</ttl>
         </expiry>
         <resources>
             <heap unit="entries">100</heap>