org.mitre.oauth2.web.RevocationEndpoint 連携図

公開メンバ関数
String	revoke (@RequestParam("token") String tokenValue, @RequestParam(value="token_type_hint", required=false) String tokenType, Authentication auth, Model model)

静的公開変数類
static final String	URL = "revoke"

非公開変数類
ClientDetailsEntityService	clientService

OAuth2TokenEntityService	tokenServices

静的非公開変数類
static final Logger	logger = LoggerFactory.getLogger(RevocationEndpoint.class)

詳解

関数詳解

◆ revoke()

String org.mitre.oauth2.web.RevocationEndpoint.revoke	(	@RequestParam("token") String	tokenValue,
		@RequestParam(value="token_type_hint", required=false) String	tokenType,
		Authentication	auth,
		Model	model
	)

inline

                                                                                                                                                                                       {
 
                 // This is the token as passed in from OAuth (in case we need it some day)
                 //OAuth2AccessTokenEntity tok = tokenServices.getAccessToken((OAuth2Authentication) principal);
 
                 ClientDetailsEntity authClient = null;
 
                 if (auth instanceof OAuth2Authentication) {
                         // the client authenticated with OAuth, do our UMA checks
                         ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
                         // get out the client that was issued the access token (not the token being revoked)
                         OAuth2Authentication o2a = (OAuth2Authentication) auth;
 
                         String authClientId = o2a.getOAuth2Request().getClientId();
                         authClient = clientService.loadClientByClientId(authClientId);
 
                         // the owner is the user who authorized the token in the first place
                         String ownerId = o2a.getUserAuthentication().getName();
 
                 } else {
                         // the client authenticated directly, make sure it's got the right access
 
                         String authClientId = auth.getName(); // direct authentication puts the client_id into the authentication's name field
                         authClient = clientService.loadClientByClientId(authClientId);
 
                 }
 
                 try {
                         // check and handle access tokens first
 
                         OAuth2AccessTokenEntity accessToken = tokenServices.readAccessToken(tokenValue);
 
                         // client acting on its own, make sure it owns the token
                         if (!accessToken.getClient().getClientId().equals(authClient.getClientId())) {
                                 // trying to revoke a token we don't own, throw a 403
 
                                 logger.info("Client " + authClient.getClientId() + " tried to revoke a token owned by " + accessToken.getClient().getClientId());
 
                                 model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                                 return HttpCodeView.VIEWNAME;
                         }
 
                         // if we got this far, we're allowed to do this
                         tokenServices.revokeAccessToken(accessToken);
 
                         logger.debug("Client " + authClient.getClientId() + " revoked access token " + tokenValue);
 
                         model.addAttribute(HttpCodeView.CODE, HttpStatus.OK);
                         return HttpCodeView.VIEWNAME;
 
                 } catch (InvalidTokenException e) {
 
                         // access token wasn't found, check the refresh token
 
                         try {
                                 OAuth2RefreshTokenEntity refreshToken = tokenServices.getRefreshToken(tokenValue);
                                 // client acting on its own, make sure it owns the token
                                 if (!refreshToken.getClient().getClientId().equals(authClient.getClientId())) {
                                         // trying to revoke a token we don't own, throw a 403
 
                                         logger.info("Client " + authClient.getClientId() + " tried to revoke a token owned by " + refreshToken.getClient().getClientId());
 
                                         model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
                                         return HttpCodeView.VIEWNAME;
                                 }
 
                                 // if we got this far, we're allowed to do this
                                 tokenServices.revokeRefreshToken(refreshToken);
 
                                 logger.debug("Client " + authClient.getClientId() + " revoked access token " + tokenValue);
 
                                 model.addAttribute(HttpCodeView.CODE, HttpStatus.OK);
                                 return HttpCodeView.VIEWNAME;
 
                         } catch (InvalidTokenException e1) {
 
                                 // neither token type was found, simply say "OK" and be on our way.
 
                                 logger.debug("Failed to revoke token " + tokenValue);
 
                                 model.addAttribute(HttpCodeView.CODE, HttpStatus.OK);
                                 return HttpCodeView.VIEWNAME;
                         }
                 }
         }

メンバ詳解

◆ clientService

ClientDetailsEntityService org.mitre.oauth2.web.RevocationEndpoint.clientService

private

◆ logger

final Logger org.mitre.oauth2.web.RevocationEndpoint.logger = LoggerFactory.getLogger(RevocationEndpoint.class)

staticprivate

Logger for this class

◆ tokenServices

OAuth2TokenEntityService org.mitre.oauth2.web.RevocationEndpoint.tokenServices

private

◆ URL

final String org.mitre.oauth2.web.RevocationEndpoint.URL = "revoke"

static

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/mitreid-connect/src/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java

公開メンバ関数

静的公開変数類

非公開変数類

静的非公開変数類