From dad44d9b4ddcf0c165a9b2116dce1898d5d0dded Mon Sep 17 00:00:00 2001 From: anhefti Date: Wed, 18 May 2022 09:11:10 +0200 Subject: [PATCH] exam service OAuth token handling fixes --- .../webservice/auth/OAuth2AuthorizationContextHolder.java | 4 +++- .../sebconfig/impl/ClientConfigServiceImpl.java | 1 + .../webservice/weblayer/WebServiceSecurityConfig.java | 6 ++---- .../weblayer/oauth/AuthorizationServerConfig.java | 1 + .../weblayer/oauth/DefaultTokenServicesFallback.java | 6 ++++++ src/main/resources/config/application-dev-ws.properties | 1 - src/main/resources/config/application-ws.properties | 1 - src/main/resources/config/ehcache.xml | 2 +- src/test/resources/application-test.properties | 2 -- 9 files changed, 14 insertions(+), 10 deletions(-) diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java index 2fef67f7..d8a52dce 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java +++ b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/OAuth2AuthorizationContextHolder.java @@ -85,7 +85,9 @@ public class OAuth2AuthorizationContextHolder implements AuthorizationContextHol @Override public SEBServerAuthorizationContext getAuthorizationContext(final HttpSession session) { - log.debug("Trying to get OAuth2AuthorizationContext from HttpSession: {}", session.getId()); + if (log.isTraceEnabled()) { + log.trace("Trying to get OAuth2AuthorizationContext from HttpSession: {}", session.getId()); + } OAuth2AuthorizationContext context = (OAuth2AuthorizationContext) session.getAttribute(CONTEXT_HOLDER_ATTRIBUTE); diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ClientConfigServiceImpl.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ClientConfigServiceImpl.java index ae10d83f..4fcbae41 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ClientConfigServiceImpl.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ClientConfigServiceImpl.java @@ -211,6 +211,7 @@ public class ClientConfigServiceImpl implements ClientConfigService { baseClientDetails.setScope(Collections.emptySet()); baseClientDetails.setClientSecret(Utils.toString(pwd)); baseClientDetails.setAccessTokenValiditySeconds(-1); // not expiring + baseClientDetails.setRefreshTokenValiditySeconds(-1); // not expiring if (log.isDebugEnabled()) { log.debug("Created new BaseClientDetails for id: {}", clientName); diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java index 722bdcb9..545bd136 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java @@ -101,8 +101,6 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter { private Integer adminAccessTokenValSec; @Value("${sebserver.webservice.api.admin.refreshTokenValiditySeconds:-1}") private Integer adminRefreshTokenValSec; - @Value("${sebserver.webservice.api.exam.accessTokenValiditySeconds:3600}") - private Integer examAccessTokenValSec; @Lazy @Bean @@ -181,7 +179,7 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter { this.webServiceClientDetails, authenticationManagerBean(), this.examAPIEndpoint, - this.examAccessTokenValSec); + -1); } @Bean @@ -250,7 +248,7 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter { true, 3, adminAccessTokenValSec, - -1); + 1); } } diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java index 568391da..2aa63173 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/AuthorizationServerConfig.java @@ -87,6 +87,7 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter); defaultTokenServices.setAccessTokenValiditySeconds(this.adminAccessTokenValSec); defaultTokenServices.setRefreshTokenValiditySeconds(this.adminRefreshTokenValSec); + defaultTokenServices.setClientDetailsService(this.webServiceClientDetails); endpoints .tokenStore(this.tokenStore) diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/DefaultTokenServicesFallback.java b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/DefaultTokenServicesFallback.java index 74069bf5..9a98829f 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/DefaultTokenServicesFallback.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/oauth/DefaultTokenServicesFallback.java @@ -21,6 +21,12 @@ public class DefaultTokenServicesFallback extends DefaultTokenServices { private static final Logger log = LoggerFactory.getLogger(DefaultTokenServicesFallback.class); + public DefaultTokenServicesFallback() { + super(); + super.setSupportRefreshToken(true); + super.setReuseRefreshToken(true); + } + @Override public OAuth2AccessToken createAccessToken(final OAuth2Authentication authentication) throws AuthenticationException { diff --git a/src/main/resources/config/application-dev-ws.properties b/src/main/resources/config/application-dev-ws.properties index 02df07a0..6d85c2b3 100644 --- a/src/main/resources/config/application-dev-ws.properties +++ b/src/main/resources/config/application-dev-ws.properties @@ -43,7 +43,6 @@ sebserver.webservice.api.exam.time-suffix=0 sebserver.webservice.api.exam.endpoint=/exam-api sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1 -sebserver.webservice.api.exam.accessTokenValiditySeconds=3600 sebserver.webservice.api.exam.event-handling-strategy=ASYNC_BATCH_STORE_STRATEGY sebserver.webservice.api.exam.enable-indicator-cache=true sebserver.webservice.api.exam.defaultPingInterval=1000 diff --git a/src/main/resources/config/application-ws.properties b/src/main/resources/config/application-ws.properties index 868810d0..8342c614 100644 --- a/src/main/resources/config/application-ws.properties +++ b/src/main/resources/config/application-ws.properties @@ -70,7 +70,6 @@ sebserver.webservice.api.exam.config.init.prohibitedProcesses=config/initialProh sebserver.webservice.api.exam.endpoint=/exam-api sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1 -sebserver.webservice.api.exam.accessTokenValiditySeconds=3600 sebserver.webservice.api.exam.event-handling-strategy=SINGLE_EVENT_STORE_STRATEGY sebserver.webservice.api.exam.enable-indicator-cache=true sebserver.webservice.api.pagination.maxPageSize=500 diff --git a/src/main/resources/config/ehcache.xml b/src/main/resources/config/ehcache.xml index a8577fce..8a12f3f4 100644 --- a/src/main/resources/config/ehcache.xml +++ b/src/main/resources/config/ehcache.xml @@ -97,7 +97,7 @@ java.lang.String ch.ethz.seb.sebserver.gbl.model.exam.QuizData - 10 + 5 10000 diff --git a/src/test/resources/application-test.properties b/src/test/resources/application-test.properties index 3d9af73e..6c98d938 100644 --- a/src/test/resources/application-test.properties +++ b/src/test/resources/application-test.properties @@ -34,8 +34,6 @@ sebserver.webservice.api.admin.refreshTokenValiditySeconds=-1 sebserver.webservice.api.exam.endpoint=/exam-api sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1 -sebserver.webservice.api.exam.accessTokenValiditySeconds=1800 -sebserver.webservice.api.exam.refreshTokenValiditySeconds=-1 sebserver.webservice.api.redirect.unauthorized=none # comma separated list of known possible OpenEdX API access token request endpoints sebserver.webservice.lms.openedx.api.token.request.paths=/oauth2/access_token