org.mitre.oauth2.web.TokenAPI クラス

org.mitre.oauth2.web.TokenAPI 連携図

公開メンバ関数
String	getAllAccessTokens (ModelMap m, Principal p)
String	getAccessTokenById (@PathVariable("id") Long id, ModelMap m, Principal p)
String	deleteAccessTokenById (@PathVariable("id") Long id, ModelMap m, Principal p)
String	getAccessTokensByClientId (@PathVariable("clientId") String clientId, ModelMap m, Principal p)
String	getRegistrationTokenByClientId (@PathVariable("clientId") String clientId, ModelMap m, Principal p)
String	rotateRegistrationTokenByClientId (@PathVariable("clientId") String clientId, ModelMap m, Principal p)
String	getAllRefreshTokens (ModelMap m, Principal p)
String	getRefreshTokenById (@PathVariable("id") Long id, ModelMap m, Principal p)
String	deleteRefreshTokenById (@PathVariable("id") Long id, ModelMap m, Principal p)

静的公開変数類
static final String	URL = RootController.API_URL + "/tokens"

非公開変数類
OAuth2TokenEntityService	tokenService
ClientDetailsEntityService	clientService
OIDCTokenService	oidcTokenService

静的非公開変数類
static final Logger	logger = LoggerFactory.getLogger(TokenAPI.class)

詳解

REST-ish API for managing access tokens (GET/DELETE only)

著者

Amanda Anganes

関数詳解

deleteAccessTokenById()

String org.mitre.oauth2.web.TokenAPI.deleteAccessTokenById ( @PathVariable("id") Long  id, ModelMap  m, Principal  p  )

inline

                                                                                                  {

                OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id);

                if (token == null) {
                        logger.error("getToken failed; token not found: " + id);
                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found.");
                        return JsonErrorView.VIEWNAME;
                } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
                        logger.error("getToken failed; token does not belong to principal " + p.getName());
                        m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token");
                        return JsonErrorView.VIEWNAME;
                } else {
                        tokenService.revokeAccessToken(token);

                        return HttpCodeView.VIEWNAME;
                }
        }

deleteRefreshTokenById()

String org.mitre.oauth2.web.TokenAPI.deleteRefreshTokenById ( @PathVariable("id") Long  id, ModelMap  m, Principal  p  )

inline

                                                                                                   {

                OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id);

                if (token == null) {
                        logger.error("refresh token not found: " + id);
                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found.");
                        return JsonErrorView.VIEWNAME;
                } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
                        logger.error("refresh token " + id + " does not belong to principal " + p.getName());
                        m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token");
                        return JsonErrorView.VIEWNAME;
                } else {
                        tokenService.revokeRefreshToken(token);

                        return HttpCodeView.VIEWNAME;
                }
        }

getAccessTokenById()

String org.mitre.oauth2.web.TokenAPI.getAccessTokenById ( @PathVariable("id") Long  id, ModelMap  m, Principal  p  )

inline

                                                                                               {

                OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id);

                if (token == null) {
                        logger.error("getToken failed; token not found: " + id);
                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found.");
                        return JsonErrorView.VIEWNAME;
                } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
                        logger.error("getToken failed; token does not belong to principal " + p.getName());
                        m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token");
                        return JsonErrorView.VIEWNAME;
                } else {
                        m.put(JsonEntityView.ENTITY, token);
                        return TokenApiView.VIEWNAME;
                }
        }

getAccessTokensByClientId()

String org.mitre.oauth2.web.TokenAPI.getAccessTokensByClientId ( @PathVariable("clientId") String  clientId, ModelMap  m, Principal  p  )

inline

                                                                                                                    {

                ClientDetailsEntity client = clientService.loadClientByClientId(clientId);

                if (client != null) {
                        List<OAuth2AccessTokenEntity> tokens = tokenService.getAccessTokensForClient(client);
                        m.put(JsonEntityView.ENTITY, tokens);
                        return TokenApiView.VIEWNAME;
                } else {
                        // client not found
                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.put(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + clientId + " could not be found.");
                        return JsonErrorView.VIEWNAME;
                }

        }

getAllAccessTokens()

String org.mitre.oauth2.web.TokenAPI.getAllAccessTokens ( ModelMap  m, Principal  p  )

inline

                                                                  {

                Set<OAuth2AccessTokenEntity> allTokens = tokenService.getAllAccessTokensForUser(p.getName());
                m.put(JsonEntityView.ENTITY, allTokens);
                return TokenApiView.VIEWNAME;
        }

getAllRefreshTokens()

String org.mitre.oauth2.web.TokenAPI.getAllRefreshTokens ( ModelMap  m, Principal  p  )

inline

                                                                   {

                Set<OAuth2RefreshTokenEntity> allTokens = tokenService.getAllRefreshTokensForUser(p.getName());
                m.put(JsonEntityView.ENTITY, allTokens);
                return TokenApiView.VIEWNAME;


        }

getRefreshTokenById()

String org.mitre.oauth2.web.TokenAPI.getRefreshTokenById ( @PathVariable("id") Long  id, ModelMap  m, Principal  p  )

inline

                                                                                                {

                OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id);

                if (token == null) {
                        logger.error("refresh token not found: " + id);
                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found.");
                        return JsonErrorView.VIEWNAME;
                } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
                        logger.error("refresh token " + id + " does not belong to principal " + p.getName());
                        m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                        m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token");
                        return JsonErrorView.VIEWNAME;
                } else {
                        m.put(JsonEntityView.ENTITY, token);
                        return TokenApiView.VIEWNAME;
                }
        }

getRegistrationTokenByClientId()

String org.mitre.oauth2.web.TokenAPI.getRegistrationTokenByClientId ( @PathVariable("clientId") String  clientId, ModelMap  m, Principal  p  )

inline

                                                                                                                         {

                ClientDetailsEntity client = clientService.loadClientByClientId(clientId);

                if (client != null) {
                        OAuth2AccessTokenEntity token = tokenService.getRegistrationAccessTokenForClient(client);
                        if (token != null) {
                                m.put(JsonEntityView.ENTITY, token);
                                return TokenApiView.VIEWNAME;
                        } else {
                                m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                                m.put(JsonErrorView.ERROR_MESSAGE, "No registration token could be found.");
                                return JsonErrorView.VIEWNAME;
                        }
                } else {
                        // client not found
                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.put(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + clientId + " could not be found.");
                        return JsonErrorView.VIEWNAME;
                }

        }

rotateRegistrationTokenByClientId()

String org.mitre.oauth2.web.TokenAPI.rotateRegistrationTokenByClientId ( @PathVariable("clientId") String  clientId, ModelMap  m, Principal  p  )

inline

                                                                                                                            {
                ClientDetailsEntity client = clientService.loadClientByClientId(clientId);

                if (client != null) {
                        OAuth2AccessTokenEntity token = oidcTokenService.rotateRegistrationAccessTokenForClient(client);
                        token = tokenService.saveAccessToken(token);

                        if (token != null) {
                                m.put(JsonEntityView.ENTITY, token);
                                return TokenApiView.VIEWNAME;
                        } else {
                                m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                                m.put(JsonErrorView.ERROR_MESSAGE, "No registration token could be found.");
                                return JsonErrorView.VIEWNAME;
                        }
                } else {
                        // client not found
                        m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        m.put(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + clientId + " could not be found.");
                        return JsonErrorView.VIEWNAME;
                }

        }

メンバ詳解

clientService

ClientDetailsEntityService org.mitre.oauth2.web.TokenAPI.clientService

private

logger

final Logger org.mitre.oauth2.web.TokenAPI.logger = LoggerFactory.getLogger(TokenAPI.class)

staticprivate

Logger for this class

oidcTokenService

OIDCTokenService org.mitre.oauth2.web.TokenAPI.oidcTokenService

private

tokenService

OAuth2TokenEntityService org.mitre.oauth2.web.TokenAPI.tokenService

private

URL

final String org.mitre.oauth2.web.TokenAPI.URL = RootController.API_URL + "/tokens"

static

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/mitreid-connect/src/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java