From 7ce467d3176dc4f7e3c758340fc8c17e9e1f30af Mon Sep 17 00:00:00 2001 From: Yuriy Movchan Date: Wed, 3 Jan 2024 12:06:28 +0300 Subject: [PATCH 1/3] chore: move token entry to core-service to allow reuse Signed-off-by: Yuriy Movchan --- .../io/jans/as/server/auth/AuthenticationFilter.java | 2 +- .../model/common/AbstractAuthorizationGrant.java | 2 +- .../as/server/model/common/AuthorizationGrant.java | 4 ++-- .../server/model/common/AuthorizationGrantList.java | 12 ++++++------ .../as/server/model/common/ExecutionContext.java | 2 +- .../as/server/model/common/IAuthorizationGrant.java | 2 +- .../model/common/UnmodifiableAuthorizationGrant.java | 2 +- .../as/server/revoke/RevokeRestWebServiceImpl.java | 5 +++-- .../java/io/jans/as/server/service/CleanerTimer.java | 2 +- .../java/io/jans/as/server/service/GrantService.java | 4 ++-- .../io/jans/as/server/comp/CleanerTimerTest.java | 2 +- .../io/jans/as/server/comp/GrantServiceTest.java | 5 +++-- .../test/java/io/jans/as/server/dev/TokenTest.java | 2 +- .../io/jans/as/server/service/GrantServiceTest.java | 4 ++-- .../java/io/jans/model/token}/TokenAttributes.java | 2 +- .../main/java/io/jans/model/token}/TokenEntity.java | 2 +- .../main/java/io/jans/model/token}/TokenType.java | 2 +- 17 files changed, 29 insertions(+), 27 deletions(-) rename {jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap => jans-core/service/src/main/java/io/jans/model/token}/TokenAttributes.java (98%) rename {jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap => jans-core/service/src/main/java/io/jans/model/token}/TokenEntity.java (99%) rename {jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap => jans-core/service/src/main/java/io/jans/model/token}/TokenType.java (96%) diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/auth/AuthenticationFilter.java b/jans-auth-server/server/src/main/java/io/jans/as/server/auth/AuthenticationFilter.java index dd16f5318a3..ec2daa7c6c8 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/auth/AuthenticationFilter.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/auth/AuthenticationFilter.java @@ -25,13 +25,13 @@ import io.jans.as.server.model.common.AuthorizationCodeGrant; import io.jans.as.server.model.common.AuthorizationGrant; import io.jans.as.server.model.common.AuthorizationGrantList; -import io.jans.as.server.model.ldap.TokenEntity; import io.jans.as.server.model.token.ClientAssertion; import io.jans.as.server.model.token.HttpAuthTokenType; import io.jans.as.server.service.*; import io.jans.as.server.service.token.TokenService; import io.jans.as.server.util.TokenHashUtil; import io.jans.model.security.Identity; +import io.jans.model.token.TokenEntity; import io.jans.service.CacheService; import io.jans.util.StringHelper; import jakarta.inject.Inject; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AbstractAuthorizationGrant.java b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AbstractAuthorizationGrant.java index 377207f7ec1..80cd1ce61dd 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AbstractAuthorizationGrant.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AbstractAuthorizationGrant.java @@ -14,11 +14,11 @@ import io.jans.as.model.util.CertUtils; import io.jans.as.server.model.authorize.JwtAuthorizationRequest; import io.jans.as.server.model.authorize.ScopeChecker; -import io.jans.as.server.model.ldap.TokenEntity; import io.jans.as.server.service.KeyGeneratorTimer; import io.jans.as.server.service.external.ExternalUpdateTokenService; import io.jans.as.server.service.external.context.ExternalUpdateTokenContext; import io.jans.as.server.util.TokenHashUtil; +import io.jans.model.token.TokenEntity; import jakarta.inject.Inject; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AuthorizationGrant.java b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AuthorizationGrant.java index b174e024875..a19bfee0431 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AuthorizationGrant.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AuthorizationGrant.java @@ -20,8 +20,6 @@ import io.jans.as.model.token.JsonWebResponse; import io.jans.as.model.util.JwtUtil; import io.jans.as.server.model.authorize.JwtAuthorizationRequest; -import io.jans.as.server.model.ldap.TokenEntity; -import io.jans.as.server.model.ldap.TokenType; import io.jans.as.server.model.token.HandleTokenFactory; import io.jans.as.server.model.token.IdTokenFactory; import io.jans.as.server.model.token.JwtSigner; @@ -37,6 +35,8 @@ import io.jans.as.server.util.ServerUtil; import io.jans.as.server.util.TokenHashUtil; import io.jans.model.metric.MetricType; +import io.jans.model.token.TokenEntity; +import io.jans.model.token.TokenType; import io.jans.service.CacheService; import jakarta.inject.Inject; import jakarta.ws.rs.WebApplicationException; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AuthorizationGrantList.java b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AuthorizationGrantList.java index 0a281eb6ccd..ea989463ccf 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AuthorizationGrantList.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/AuthorizationGrantList.java @@ -14,13 +14,13 @@ import io.jans.as.model.crypto.AbstractCryptoProvider; import io.jans.as.model.util.Util; import io.jans.as.server.model.authorize.JwtAuthorizationRequest; -import io.jans.as.server.model.ldap.TokenEntity; -import io.jans.as.server.model.ldap.TokenType; import io.jans.as.server.service.ClientService; import io.jans.as.server.service.GrantService; import io.jans.as.server.service.MetricService; import io.jans.as.server.util.TokenHashUtil; import io.jans.model.metric.MetricType; +import io.jans.model.token.TokenEntity; +import io.jans.model.token.TokenType; import io.jans.service.CacheService; import io.jans.util.StringHelper; @@ -209,9 +209,9 @@ public AuthorizationCodeGrant getAuthorizationCodeGrant(String authorizationCode @Override public AuthorizationGrant getAuthorizationGrantByRefreshToken(String clientId, String refreshTokenCode) { if (isFalse(appConfiguration.getPersistRefreshToken())) { - return assertTokenType((TokenEntity) cacheService.get(TokenHashUtil.hash(refreshTokenCode)), io.jans.as.server.model.ldap.TokenType.REFRESH_TOKEN, clientId); + return assertTokenType((TokenEntity) cacheService.get(TokenHashUtil.hash(refreshTokenCode)), io.jans.model.token.TokenType.REFRESH_TOKEN, clientId); } - return assertTokenType(grantService.getGrantByCode(refreshTokenCode), io.jans.as.server.model.ldap.TokenType.REFRESH_TOKEN, clientId); + return assertTokenType(grantService.getGrantByCode(refreshTokenCode), io.jans.model.token.TokenType.REFRESH_TOKEN, clientId); } public AuthorizationGrant assertTokenType(TokenEntity tokenEntity, TokenType tokenType, String clientId) { @@ -247,7 +247,7 @@ public List getAuthorizationGrant(String clientId) { @Override public AuthorizationGrant getAuthorizationGrantByAccessToken(String accessToken) { final TokenEntity tokenEntity = grantService.getGrantByCode(accessToken); - if (tokenEntity != null && (tokenEntity.getTokenTypeEnum() == io.jans.as.server.model.ldap.TokenType.ACCESS_TOKEN || tokenEntity.getTokenTypeEnum() == io.jans.as.server.model.ldap.TokenType.LONG_LIVED_ACCESS_TOKEN)) { + if (tokenEntity != null && (tokenEntity.getTokenTypeEnum() == io.jans.model.token.TokenType.ACCESS_TOKEN || tokenEntity.getTokenTypeEnum() == io.jans.model.token.TokenType.LONG_LIVED_ACCESS_TOKEN)) { return asGrant(tokenEntity); } return null; @@ -259,7 +259,7 @@ public AuthorizationGrant getAuthorizationGrantByIdToken(String idToken) { return null; } final TokenEntity tokenEntity = grantService.getGrantByCode(idToken); - if (tokenEntity != null && (tokenEntity.getTokenTypeEnum() == io.jans.as.server.model.ldap.TokenType.ID_TOKEN)) { + if (tokenEntity != null && (tokenEntity.getTokenTypeEnum() == io.jans.model.token.TokenType.ID_TOKEN)) { return asGrant(tokenEntity); } return null; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/ExecutionContext.java b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/ExecutionContext.java index a4c528e05f7..eac8f235db1 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/ExecutionContext.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/ExecutionContext.java @@ -16,8 +16,8 @@ import io.jans.as.model.token.JsonWebResponse; import io.jans.as.server.authorize.ws.rs.AuthzRequest; import io.jans.as.server.model.audit.OAuth2AuditLog; -import io.jans.as.server.model.ldap.TokenEntity; import io.jans.model.custom.script.conf.CustomScriptConfiguration; +import io.jans.model.token.TokenEntity; import jakarta.faces.context.ExternalContext; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/IAuthorizationGrant.java b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/IAuthorizationGrant.java index 90eb0138719..56be235c38d 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/IAuthorizationGrant.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/IAuthorizationGrant.java @@ -10,7 +10,7 @@ import io.jans.as.common.model.registration.Client; import io.jans.as.model.common.GrantType; import io.jans.as.server.model.authorize.JwtAuthorizationRequest; -import io.jans.as.server.model.ldap.TokenEntity; +import io.jans.model.token.TokenEntity; import java.util.Collection; import java.util.Date; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/UnmodifiableAuthorizationGrant.java b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/UnmodifiableAuthorizationGrant.java index 04c192119bc..dd80aa7463c 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/UnmodifiableAuthorizationGrant.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/model/common/UnmodifiableAuthorizationGrant.java @@ -10,7 +10,7 @@ import io.jans.as.common.model.registration.Client; import io.jans.as.model.common.GrantType; import io.jans.as.server.model.authorize.JwtAuthorizationRequest; -import io.jans.as.server.model.ldap.TokenEntity; +import io.jans.model.token.TokenEntity; import java.util.Collection; import java.util.Date; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/revoke/RevokeRestWebServiceImpl.java b/jans-auth-server/server/src/main/java/io/jans/as/server/revoke/RevokeRestWebServiceImpl.java index ca9a3acdee2..30c3ca2977b 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/revoke/RevokeRestWebServiceImpl.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/revoke/RevokeRestWebServiceImpl.java @@ -19,14 +19,15 @@ import io.jans.as.server.model.common.AuthorizationGrant; import io.jans.as.server.model.common.AuthorizationGrantList; import io.jans.as.server.model.common.ExecutionContext; -import io.jans.as.server.model.ldap.TokenEntity; -import io.jans.as.server.model.ldap.TokenType; import io.jans.as.server.model.session.SessionClient; import io.jans.as.server.security.Identity; import io.jans.as.server.service.ClientService; import io.jans.as.server.service.GrantService; import io.jans.as.server.service.external.ExternalRevokeTokenService; import io.jans.as.server.util.ServerUtil; +import io.jans.model.token.TokenEntity; +import io.jans.model.token.TokenType; + import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.BooleanUtils; import org.apache.commons.lang.StringUtils; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/CleanerTimer.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/CleanerTimer.java index 50de4c2ab1d..f123f673d51 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/CleanerTimer.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/CleanerTimer.java @@ -17,12 +17,12 @@ import io.jans.as.persistence.model.ClientAuthorization; import io.jans.as.persistence.model.Par; import io.jans.as.persistence.model.Scope; -import io.jans.as.server.model.ldap.TokenEntity; import io.jans.as.server.uma.authorization.UmaPCT; import io.jans.as.server.uma.service.UmaPctService; import io.jans.as.server.uma.service.UmaResourceService; import io.jans.model.ApplicationType; import io.jans.model.metric.ldap.MetricEntry; +import io.jans.model.token.TokenEntity; import io.jans.orm.PersistenceEntryManager; import io.jans.orm.search.filter.Filter; import io.jans.service.cache.CacheProvider; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/GrantService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/GrantService.java index 05a6fca6679..28db371a521 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/GrantService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/GrantService.java @@ -11,9 +11,9 @@ import io.jans.as.model.configuration.AppConfiguration; import io.jans.as.server.model.common.AuthorizationGrant; import io.jans.as.server.model.common.CacheGrant; -import io.jans.as.server.model.ldap.TokenEntity; -import io.jans.as.server.model.ldap.TokenType; import io.jans.as.server.util.TokenHashUtil; +import io.jans.model.token.TokenEntity; +import io.jans.model.token.TokenType; import io.jans.orm.PersistenceEntryManager; import io.jans.orm.search.filter.Filter; import io.jans.service.CacheService; diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/comp/CleanerTimerTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/comp/CleanerTimerTest.java index 39fea76554b..4eee5ecd4d7 100644 --- a/jans-auth-server/server/src/test/java/io/jans/as/server/comp/CleanerTimerTest.java +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/comp/CleanerTimerTest.java @@ -14,10 +14,10 @@ import io.jans.as.server.model.common.AccessToken; import io.jans.as.server.model.common.ClientCredentialsGrant; import io.jans.as.server.model.common.ExecutionContext; -import io.jans.as.server.model.ldap.TokenEntity; import io.jans.as.server.model.token.HandleTokenFactory; import io.jans.as.server.uma.authorization.UmaPCT; import io.jans.as.server.uma.authorization.UmaRPT; +import io.jans.model.token.TokenEntity; import io.jans.util.security.StringEncrypter; import jakarta.ws.rs.WebApplicationException; import org.testng.annotations.Test; diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/comp/GrantServiceTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/comp/GrantServiceTest.java index 4aacc0875cb..c7db79a7c6c 100644 --- a/jans-auth-server/server/src/test/java/io/jans/as/server/comp/GrantServiceTest.java +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/comp/GrantServiceTest.java @@ -7,10 +7,11 @@ package io.jans.as.server.comp; import io.jans.as.server.BaseComponentTest; -import io.jans.as.server.model.ldap.TokenEntity; -import io.jans.as.server.model.ldap.TokenType; import io.jans.as.server.service.GrantService; import io.jans.as.server.util.TokenHashUtil; +import io.jans.model.token.TokenEntity; +import io.jans.model.token.TokenType; + import org.testng.annotations.Parameters; import org.testng.annotations.Test; diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/dev/TokenTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/dev/TokenTest.java index a79bf40a44b..6a59d973a0d 100644 --- a/jans-auth-server/server/src/test/java/io/jans/as/server/dev/TokenTest.java +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/dev/TokenTest.java @@ -3,7 +3,7 @@ import java.util.List; import java.util.Properties; -import io.jans.as.server.model.ldap.TokenEntity; +import io.jans.model.token.TokenEntity; import io.jans.orm.search.filter.Filter; import io.jans.orm.sql.impl.SqlEntryManager; import io.jans.orm.sql.impl.SqlEntryManagerFactory; diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/service/GrantServiceTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/service/GrantServiceTest.java index 973054276c9..696f7769eae 100644 --- a/jans-auth-server/server/src/test/java/io/jans/as/server/service/GrantServiceTest.java +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/service/GrantServiceTest.java @@ -2,8 +2,8 @@ import io.jans.as.model.config.StaticConfiguration; import io.jans.as.model.configuration.AppConfiguration; -import io.jans.as.server.model.ldap.TokenEntity; -import io.jans.as.server.model.ldap.TokenType; +import io.jans.model.token.TokenEntity; +import io.jans.model.token.TokenType; import io.jans.orm.PersistenceEntryManager; import io.jans.service.CacheService; import io.jans.service.cache.CacheConfiguration; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap/TokenAttributes.java b/jans-core/service/src/main/java/io/jans/model/token/TokenAttributes.java similarity index 98% rename from jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap/TokenAttributes.java rename to jans-core/service/src/main/java/io/jans/model/token/TokenAttributes.java index bcbde39f8ed..5846fc68bfa 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap/TokenAttributes.java +++ b/jans-core/service/src/main/java/io/jans/model/token/TokenAttributes.java @@ -4,7 +4,7 @@ * Copyright (c) 2020, Janssen Project */ -package io.jans.as.server.model.ldap; +package io.jans.model.token; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap/TokenEntity.java b/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java similarity index 99% rename from jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap/TokenEntity.java rename to jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java index a4413e7d6f4..25de3752882 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap/TokenEntity.java +++ b/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java @@ -4,7 +4,7 @@ * Copyright (c) 2020, Janssen Project */ -package io.jans.as.server.model.ldap; +package io.jans.model.token; import io.jans.as.model.common.GrantType; import io.jans.orm.annotation.AttributeName; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap/TokenType.java b/jans-core/service/src/main/java/io/jans/model/token/TokenType.java similarity index 96% rename from jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap/TokenType.java rename to jans-core/service/src/main/java/io/jans/model/token/TokenType.java index 1bf55aa9768..46e715c2864 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/model/ldap/TokenType.java +++ b/jans-core/service/src/main/java/io/jans/model/token/TokenType.java @@ -4,7 +4,7 @@ * Copyright (c) 2020, Janssen Project */ -package io.jans.as.server.model.ldap; +package io.jans.model.token; import org.apache.commons.lang.StringUtils; From 007a4610d01b40061d4e0a3b0cb8867fc40a7675 Mon Sep 17 00:00:00 2001 From: Yuriy Movchan Date: Wed, 3 Jan 2024 12:13:32 +0300 Subject: [PATCH 2/3] chore: remove unused reference and method Signed-off-by: Yuriy Movchan --- .../main/java/io/jans/model/token/TokenEntity.java | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java b/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java index 25de3752882..cbe7e852017 100644 --- a/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java +++ b/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java @@ -6,17 +6,15 @@ package io.jans.model.token; -import io.jans.as.model.common.GrantType; +import java.io.Serializable; +import java.util.Date; + import io.jans.orm.annotation.AttributeName; import io.jans.orm.annotation.DN; import io.jans.orm.annotation.DataEntry; import io.jans.orm.annotation.Expiration; import io.jans.orm.annotation.JsonObject; import io.jans.orm.annotation.ObjectClass; -import org.apache.commons.lang.StringUtils; - -import java.io.Serializable; -import java.util.Date; /** * @author Yuriy Zabrovarnyy @@ -289,10 +287,6 @@ public void setSessionDn(String sessionDn) { this.sessionDn = sessionDn; } - public boolean isImplicitFlow() { - return StringUtils.isBlank(grantType) || grantType.equals(GrantType.IMPLICIT.getValue()); - } - public String getDpop() { return dpop; } From dd9d1219c2ace483d2b26cc1177b60826ff7b855 Mon Sep 17 00:00:00 2001 From: Yuriy Movchan Date: Wed, 3 Jan 2024 13:11:33 +0300 Subject: [PATCH 3/3] feat: publish Lock message on id_token issue/revoke #7244 Signed-off-by: Yuriy Movchan --- .../model/configuration/AppConfiguration.java | 11 +++++ .../configuration/LockMessageConfig.java | 46 +++++++++++++++++++ .../jans/as/server/service/GrantService.java | 22 +++++++++ .../io/jans/model/token/TokenAttributes.java | 3 +- .../java/io/jans/model/token/TokenEntity.java | 4 +- .../jans/lock/service/ServiceInitializer.java | 1 - 6 files changed, 84 insertions(+), 3 deletions(-) create mode 100644 jans-auth-server/model/src/main/java/io/jans/as/model/configuration/LockMessageConfig.java diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java index a6ca0a4dd3f..19f2e43a7ce 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java @@ -892,6 +892,9 @@ public class AppConfiguration implements Configuration { @DocProperty(description = "Force Authentication Filtker to process OPTIONS request", defaultValue = "true") private Boolean skipAuthenticationFilterOptionsMethod = true; + + @DocProperty(description = "Lock message Pub configuration", defaultValue = "false") + private LockMessageConfig lockMessageConfig; public int getArchivedJwkLifetimeInSeconds() { return archivedJwkLifetimeInSeconds; @@ -3447,4 +3450,12 @@ public void setSkipAuthenticationFilterOptionsMethod(Boolean skipAuthenticationF this.skipAuthenticationFilterOptionsMethod = skipAuthenticationFilterOptionsMethod; } + public LockMessageConfig getLockMessageConfig() { + return lockMessageConfig; + } + + public void setLockMessageConfig(LockMessageConfig lockMessageConfig) { + this.lockMessageConfig = lockMessageConfig; + } + } diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/LockMessageConfig.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/LockMessageConfig.java new file mode 100644 index 00000000000..a52d747d3b3 --- /dev/null +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/LockMessageConfig.java @@ -0,0 +1,46 @@ +package io.jans.as.model.configuration; + +import java.io.Serializable; + +import io.jans.doc.annotation.DocProperty; + +/** + * + * Lock message Pub configuration + * + * @author Yuriy Movchan Date: 12/31/2023 + * + */ +public class LockMessageConfig implements Serializable { + + private static final long serialVersionUID = 8732855593629219229L; + + @DocProperty(description = "Enable Publish messages on id_token issue/revoke") + private Boolean enableIdTokenMessages; + + @DocProperty(description = "Channel for id_token messages") + private String idTokenMessagesChannel; + + + public Boolean getEnableIdTokenMessages() { + return enableIdTokenMessages; + } + + public void setEnableIdTokenMessages(Boolean enableIdTokenMessages) { + this.enableIdTokenMessages = enableIdTokenMessages; + } + + public String getIdTokenMessagesChannel() { + return idTokenMessagesChannel; + } + + public void setIdTokenMessagesChannel(String idTokenMessagesChannel) { + this.idTokenMessagesChannel = idTokenMessagesChannel; + } + + @Override + public String toString() { + return "LockMessageConfig [enableIdTokenMessages=" + enableIdTokenMessages + ", idTokenMessagesChannel=" + + idTokenMessagesChannel + "]"; + } +} diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/GrantService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/GrantService.java index 28db371a521..0d03424013a 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/GrantService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/GrantService.java @@ -9,6 +9,7 @@ import com.google.common.collect.Lists; import io.jans.as.model.config.StaticConfiguration; import io.jans.as.model.configuration.AppConfiguration; +import io.jans.as.model.configuration.LockMessageConfig; import io.jans.as.server.model.common.AuthorizationGrant; import io.jans.as.server.model.common.CacheGrant; import io.jans.as.server.util.TokenHashUtil; @@ -17,7 +18,9 @@ import io.jans.orm.PersistenceEntryManager; import io.jans.orm.search.filter.Filter; import io.jans.service.CacheService; +import io.jans.service.MessageService; import io.jans.service.cache.CacheConfiguration; +import io.jans.util.StringHelper; import jakarta.ejb.Stateless; import jakarta.inject.Inject; import jakarta.inject.Named; @@ -48,6 +51,9 @@ public class GrantService { @Inject private ClientService clientService; + + @Inject + private MessageService messageService; @Inject private CacheService cacheService; @@ -87,13 +93,29 @@ public void mergeSilently(TokenEntity token) { public void persist(TokenEntity token) { persistenceEntryManager.persist(token); + + publishIdTokenLockMessage(token, "add"); } public void remove(TokenEntity token) { persistenceEntryManager.remove(token); log.trace("Removed token from LDAP, code: {}", token.getTokenCode()); + + publishIdTokenLockMessage(token, "del"); } + protected void publishIdTokenLockMessage(TokenEntity token, String opearation) { + LockMessageConfig lockMessageConfig = appConfiguration.getLockMessageConfig(); + if (lockMessageConfig == null) { + return; + } + + if (Boolean.TRUE.equals(lockMessageConfig.getEnableIdTokenMessages()) && StringHelper.isNotEmpty(lockMessageConfig.getIdTokenMessagesChannel())) { + String jsonMessage = String.format("{\"tknTyp\" : %s, \"tknCde\" : %s, \"tknOp\" : %s}", token.getTokenType(), token.getTokenCode(), opearation); + messageService.publish(lockMessageConfig.getIdTokenMessagesChannel(), jsonMessage); + } + } + public void removeSilently(TokenEntity token) { try { remove(token); diff --git a/jans-core/service/src/main/java/io/jans/model/token/TokenAttributes.java b/jans-core/service/src/main/java/io/jans/model/token/TokenAttributes.java index 5846fc68bfa..e84a9b9ebab 100644 --- a/jans-core/service/src/main/java/io/jans/model/token/TokenAttributes.java +++ b/jans-core/service/src/main/java/io/jans/model/token/TokenAttributes.java @@ -21,7 +21,8 @@ ) public class TokenAttributes implements Serializable { - @JsonProperty("x5cs256") + private static final long serialVersionUID = -3069575637747538483L; + @JsonProperty("x5cs256") private String x5cs256; @JsonProperty("online_access") private boolean onlineAccess; diff --git a/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java b/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java index cbe7e852017..d7374065eed 100644 --- a/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java +++ b/jans-core/service/src/main/java/io/jans/model/token/TokenEntity.java @@ -26,7 +26,9 @@ @ObjectClass(value = "jansToken") public class TokenEntity implements Serializable { - @DN + private static final long serialVersionUID = 8230052124866144708L; + + @DN private String dn; @AttributeName(name = "grtId", consistency = true) private String grantId; diff --git a/jans-lock/service/src/main/java/io/jans/lock/service/ServiceInitializer.java b/jans-lock/service/src/main/java/io/jans/lock/service/ServiceInitializer.java index ecd1d035969..13cad8e45ef 100644 --- a/jans-lock/service/src/main/java/io/jans/lock/service/ServiceInitializer.java +++ b/jans-lock/service/src/main/java/io/jans/lock/service/ServiceInitializer.java @@ -11,7 +11,6 @@ import io.jans.lock.service.config.ConfigurationFactory; import io.jans.lock.service.message.TokenSubService; import io.jans.lock.service.policy.PolicyDownloadService; -import io.jans.lock.service.policy.event.PolicyDownloadEvent; import io.jans.service.cdi.event.ApplicationInitializedEvent; import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.event.Observes;