How to store OAuth token in database?

时间:2017-04-06 01:46:47

标签: java spring spring-security oauth oauth-2.0

Using Java 8 and Spring Boot 1.5.2

Spring Security: I'm trying to store tokens in Cassandra database. To achieve this I've implemented TokenStore. I ran the program and noticed that getAccessToken(...) method is called before storeAccessToken(...) and due to this token is always null. What do I need to do to first store access token in database and then query for it?

@Override
public OAuth2AccessToken getAccessToken(final OAuth2Authentication authentication) {
    OAuth2AccessToken accessToken = null;

    final String key = authenticationKeyGenerator.extractKey(authentication);

    final Select select = QueryBuilder.select("token_body").from("authentication_service", "oauth_access_token");
    select.where(QueryBuilder.eq("authentication_id", key));
    final ByteBuffer token = cassandraOperations.queryForObject(select, ByteBuffer.class);
    if (token != null) {
        accessToken = deserializeAccessToken(token.array());
        if (accessToken != null && !key.equals(authenticationKeyGenerator.extractKey(readAuthentication(accessToken.getValue())))) {
            removeAccessToken(accessToken.getValue());
            storeAccessToken(accessToken, authentication);
        }
    }
    return accessToken;
}

storeAccessToken(...)

@Override
public void storeAccessToken(final OAuth2AccessToken token, final OAuth2Authentication authentication) {
    String refreshToken = null;
    if (token.getRefreshToken() != null) {
        refreshToken = token.getRefreshToken().getValue();
    }

    if (readAccessToken(token.getValue()) != null) {
        removeAccessToken(token.getValue());
    }

    final AccessTokenBuilder accessTokenBuilder = new AccessTokenBuilder();
    accessTokenRepository.save(accessTokenBuilder
                                       .authenticationId(authenticationKeyGenerator.extractKey(authentication))
                                       .tokenId(extractTokenKey(token.getValue()))
                                       .tokenBody(ByteBuffer.wrap(serializeAccessToken(token)))
                                       .username(authentication.getName())
                                       .clientId(authentication.getOAuth2Request().getClientId())
                                       .authentication(ByteBuffer.wrap(serializeAuthentication(authentication)))
                                       .refreshTokenId(extractTokenKey(refreshToken))
                                       .createAccessToken());

}

0 个答案:

没有答案