exam service OAuth token handling fixes

src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java

@@ -85,7 +85,9 @@ public class OAuth2AuthorizationContextHolder implements AuthorizationContextHol
 
     @Override
     public SEBServerAuthorizationContext getAuthorizationContext(final HttpSession session) {
-        log.debug("Trying to get OAuth2AuthorizationContext from HttpSession: {}", session.getId());
+        if (log.isTraceEnabled()) {
+            log.trace("Trying to get OAuth2AuthorizationContext from HttpSession: {}", session.getId());
+        }
 
         OAuth2AuthorizationContext context =
                 (OAuth2AuthorizationContext) session.getAttribute(CONTEXT_HOLDER_ATTRIBUTE);

src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ClientConfigServiceImpl.java

@@ -211,6 +211,7 @@ public class ClientConfigServiceImpl implements ClientConfigService {
                     baseClientDetails.setScope(Collections.emptySet());
                     baseClientDetails.setClientSecret(Utils.toString(pwd));
                     baseClientDetails.setAccessTokenValiditySeconds(-1); // not expiring
+                    baseClientDetails.setRefreshTokenValiditySeconds(-1); // not expiring
 
                     if (log.isDebugEnabled()) {
                         log.debug("Created new BaseClientDetails for id: {}", clientName);

src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java

@@ -101,8 +101,6 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
     private Integer adminAccessTokenValSec;
     @Value("${sebserver.webservice.api.admin.refreshTokenValiditySeconds:-1}")
     private Integer adminRefreshTokenValSec;
-    @Value("${sebserver.webservice.api.exam.accessTokenValiditySeconds:3600}")
-    private Integer examAccessTokenValSec;
 
     @Lazy
     @Bean
@@ -181,7 +179,7 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
                 this.webServiceClientDetails,
                 authenticationManagerBean(),
                 this.examAPIEndpoint,
-                this.examAccessTokenValSec);
+                -1);
     }
 
     @Bean
@@ -250,7 +248,7 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
                     true,
                     3,
                     adminAccessTokenValSec,
-                    -1);
+                    1);
         }
     }
 

src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java

@@ -87,6 +87,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
         defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter);
         defaultTokenServices.setAccessTokenValiditySeconds(this.adminAccessTokenValSec);
         defaultTokenServices.setRefreshTokenValiditySeconds(this.adminRefreshTokenValSec);
+        defaultTokenServices.setClientDetailsService(this.webServiceClientDetails);
 
         endpoints
                 .tokenStore(this.tokenStore)

src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/DefaultTokenServicesFallback.java

@@ -21,6 +21,12 @@ public class DefaultTokenServicesFallback extends DefaultTokenServices {
 
     private static final Logger log = LoggerFactory.getLogger(DefaultTokenServicesFallback.class);
 
+    public DefaultTokenServicesFallback() {
+        super();
+        super.setSupportRefreshToken(true);
+        super.setReuseRefreshToken(true);
+    }
+
     @Override
     public OAuth2AccessToken createAccessToken(final OAuth2Authentication authentication)
             throws AuthenticationException {

src/main/resources/config/application-dev-ws.properties

@@ -43,7 +43,6 @@ sebserver.webservice.api.exam.time-suffix=0
 sebserver.webservice.api.exam.endpoint=/exam-api
 sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery
 sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1
-sebserver.webservice.api.exam.accessTokenValiditySeconds=3600
 sebserver.webservice.api.exam.event-handling-strategy=ASYNC_BATCH_STORE_STRATEGY
 sebserver.webservice.api.exam.enable-indicator-cache=true
 sebserver.webservice.api.exam.defaultPingInterval=1000

src/main/resources/config/application-ws.properties

@@ -70,7 +70,6 @@ sebserver.webservice.api.exam.config.init.prohibitedProcesses=config/initialProh
 sebserver.webservice.api.exam.endpoint=/exam-api
 sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery
 sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1
-sebserver.webservice.api.exam.accessTokenValiditySeconds=3600
 sebserver.webservice.api.exam.event-handling-strategy=SINGLE_EVENT_STORE_STRATEGY
 sebserver.webservice.api.exam.enable-indicator-cache=true
 sebserver.webservice.api.pagination.maxPageSize=500

src/main/resources/config/ehcache.xml

@@ -97,7 +97,7 @@
         <key-type>java.lang.String</key-type>
         <value-type>ch.ethz.seb.sebserver.gbl.model.exam.QuizData</value-type>
         <expiry>
-            <ttl unit="minutes">10</ttl>
+            <ttl unit="minutes">5</ttl>
         </expiry>
         <resources>
             <heap unit="entries">10000</heap>

src/test/resources/application-test.properties

@@ -34,8 +34,6 @@ sebserver.webservice.api.admin.refreshTokenValiditySeconds=-1
 sebserver.webservice.api.exam.endpoint=/exam-api
 sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery
 sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1
-sebserver.webservice.api.exam.accessTokenValiditySeconds=1800
-sebserver.webservice.api.exam.refreshTokenValiditySeconds=-1
 sebserver.webservice.api.redirect.unauthorized=none
 # comma separated list of known possible OpenEdX API access token request endpoints
 sebserver.webservice.lms.openedx.api.token.request.paths=/oauth2/access_token