JanssenProject · yurem · Jan 3, 2024 · Jan 3, 2024 · Jan 3, 2024 · Jan 3, 2024
@@ -892,6 +892,9 @@ public class AppConfiguration implements Configuration {
 
     @DocProperty(description = "Force Authentication Filtker to process OPTIONS request", defaultValue = "true")
     private Boolean skipAuthenticationFilterOptionsMethod = true;
+
+    @DocProperty(description = "Lock message Pub configuration", defaultValue = "false")
+    private LockMessageConfig lockMessageConfig;
 
     public int getArchivedJwkLifetimeInSeconds() {
         return archivedJwkLifetimeInSeconds;
@@ -3447,4 +3450,12 @@ public void setSkipAuthenticationFilterOptionsMethod(Boolean skipAuthenticationF
 		this.skipAuthenticationFilterOptionsMethod = skipAuthenticationFilterOptionsMethod;
 	}
 
+	public LockMessageConfig getLockMessageConfig() {
+		return lockMessageConfig;
+	}
+
+	public void setLockMessageConfig(LockMessageConfig lockMessageConfig) {
+		this.lockMessageConfig = lockMessageConfig;
+	}
+
 }
@@ -0,0 +1,46 @@
+package io.jans.as.model.configuration;
+
+import java.io.Serializable;
+
+import io.jans.doc.annotation.DocProperty;
+
+/**
+ * 
+ * Lock message Pub configuration
+ *
+ * @author Yuriy Movchan Date: 12/31/2023
+ *
+ */
+public class LockMessageConfig implements Serializable {
+
+	private static final long serialVersionUID = 8732855593629219229L;
+
+	@DocProperty(description = "Enable Publish messages on id_token issue/revoke")
+    private Boolean enableIdTokenMessages;
+
+	@DocProperty(description = "Channel for id_token messages")
+    private String idTokenMessagesChannel;
+
+
+    public Boolean getEnableIdTokenMessages() {
+		return enableIdTokenMessages;
+	}
+
+	public void setEnableIdTokenMessages(Boolean enableIdTokenMessages) {
+		this.enableIdTokenMessages = enableIdTokenMessages;
+	}
+
+	public String getIdTokenMessagesChannel() {
+		return idTokenMessagesChannel;
+	}
+
+	public void setIdTokenMessagesChannel(String idTokenMessagesChannel) {
+		this.idTokenMessagesChannel = idTokenMessagesChannel;
+	}
+
+	@Override
+	public String toString() {
+		return "LockMessageConfig [enableIdTokenMessages=" + enableIdTokenMessages + ", idTokenMessagesChannel="
+				+ idTokenMessagesChannel + "]";
+	}
+}
@@ -25,13 +25,13 @@
 import io.jans.as.server.model.common.AuthorizationCodeGrant;
 import io.jans.as.server.model.common.AuthorizationGrant;
 import io.jans.as.server.model.common.AuthorizationGrantList;
-import io.jans.as.server.model.ldap.TokenEntity;
 import io.jans.as.server.model.token.ClientAssertion;
 import io.jans.as.server.model.token.HttpAuthTokenType;
 import io.jans.as.server.service.*;
 import io.jans.as.server.service.token.TokenService;
 import io.jans.as.server.util.TokenHashUtil;
 import io.jans.model.security.Identity;
+import io.jans.model.token.TokenEntity;
 import io.jans.service.CacheService;
 import io.jans.util.StringHelper;
 import jakarta.inject.Inject;

@@ -14,11 +14,11 @@
 import io.jans.as.model.util.CertUtils;
 import io.jans.as.server.model.authorize.JwtAuthorizationRequest;
 import io.jans.as.server.model.authorize.ScopeChecker;
-import io.jans.as.server.model.ldap.TokenEntity;
 import io.jans.as.server.service.KeyGeneratorTimer;
 import io.jans.as.server.service.external.ExternalUpdateTokenService;
 import io.jans.as.server.service.external.context.ExternalUpdateTokenContext;
 import io.jans.as.server.util.TokenHashUtil;
+import io.jans.model.token.TokenEntity;
 import jakarta.inject.Inject;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;

@@ -20,8 +20,6 @@
 import io.jans.as.model.token.JsonWebResponse;
 import io.jans.as.model.util.JwtUtil;
 import io.jans.as.server.model.authorize.JwtAuthorizationRequest;
-import io.jans.as.server.model.ldap.TokenEntity;
-import io.jans.as.server.model.ldap.TokenType;
 import io.jans.as.server.model.token.HandleTokenFactory;
 import io.jans.as.server.model.token.IdTokenFactory;
 import io.jans.as.server.model.token.JwtSigner;
@@ -37,6 +35,8 @@
 import io.jans.as.server.util.ServerUtil;
 import io.jans.as.server.util.TokenHashUtil;
 import io.jans.model.metric.MetricType;
+import io.jans.model.token.TokenEntity;
+import io.jans.model.token.TokenType;
 import io.jans.service.CacheService;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.WebApplicationException;

@@ -14,13 +14,13 @@
 import io.jans.as.model.crypto.AbstractCryptoProvider;
 import io.jans.as.model.util.Util;
 import io.jans.as.server.model.authorize.JwtAuthorizationRequest;
-import io.jans.as.server.model.ldap.TokenEntity;
-import io.jans.as.server.model.ldap.TokenType;
 import io.jans.as.server.service.ClientService;
 import io.jans.as.server.service.GrantService;
 import io.jans.as.server.service.MetricService;
 import io.jans.as.server.util.TokenHashUtil;
 import io.jans.model.metric.MetricType;
+import io.jans.model.token.TokenEntity;
+import io.jans.model.token.TokenType;
 import io.jans.service.CacheService;
 import io.jans.util.StringHelper;
 
@@ -209,9 +209,9 @@ public AuthorizationCodeGrant getAuthorizationCodeGrant(String authorizationCode
     @Override
     public AuthorizationGrant getAuthorizationGrantByRefreshToken(String clientId, String refreshTokenCode) {
         if (isFalse(appConfiguration.getPersistRefreshToken())) {
-            return assertTokenType((TokenEntity) cacheService.get(TokenHashUtil.hash(refreshTokenCode)), io.jans.as.server.model.ldap.TokenType.REFRESH_TOKEN, clientId);
+            return assertTokenType((TokenEntity) cacheService.get(TokenHashUtil.hash(refreshTokenCode)), io.jans.model.token.TokenType.REFRESH_TOKEN, clientId);
         }
-        return assertTokenType(grantService.getGrantByCode(refreshTokenCode), io.jans.as.server.model.ldap.TokenType.REFRESH_TOKEN, clientId);
+        return assertTokenType(grantService.getGrantByCode(refreshTokenCode), io.jans.model.token.TokenType.REFRESH_TOKEN, clientId);
     }
 
     public AuthorizationGrant assertTokenType(TokenEntity tokenEntity, TokenType tokenType, String clientId) {
@@ -247,7 +247,7 @@ public List<AuthorizationGrant> getAuthorizationGrant(String clientId) {
     @Override
     public AuthorizationGrant getAuthorizationGrantByAccessToken(String accessToken) {
         final TokenEntity tokenEntity = grantService.getGrantByCode(accessToken);
-        if (tokenEntity != null && (tokenEntity.getTokenTypeEnum() == io.jans.as.server.model.ldap.TokenType.ACCESS_TOKEN || tokenEntity.getTokenTypeEnum() == io.jans.as.server.model.ldap.TokenType.LONG_LIVED_ACCESS_TOKEN)) {
+        if (tokenEntity != null && (tokenEntity.getTokenTypeEnum() == io.jans.model.token.TokenType.ACCESS_TOKEN || tokenEntity.getTokenTypeEnum() == io.jans.model.token.TokenType.LONG_LIVED_ACCESS_TOKEN)) {
             return asGrant(tokenEntity);
         }
         return null;
@@ -259,7 +259,7 @@ public AuthorizationGrant getAuthorizationGrantByIdToken(String idToken) {
             return null;
         }
         final TokenEntity tokenEntity = grantService.getGrantByCode(idToken);
-        if (tokenEntity != null && (tokenEntity.getTokenTypeEnum() == io.jans.as.server.model.ldap.TokenType.ID_TOKEN)) {
+        if (tokenEntity != null && (tokenEntity.getTokenTypeEnum() == io.jans.model.token.TokenType.ID_TOKEN)) {
             return asGrant(tokenEntity);
         }
         return null;

@@ -16,8 +16,8 @@
 import io.jans.as.model.token.JsonWebResponse;
 import io.jans.as.server.authorize.ws.rs.AuthzRequest;
 import io.jans.as.server.model.audit.OAuth2AuditLog;
-import io.jans.as.server.model.ldap.TokenEntity;
 import io.jans.model.custom.script.conf.CustomScriptConfiguration;
+import io.jans.model.token.TokenEntity;
 import jakarta.faces.context.ExternalContext;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;

@@ -10,7 +10,7 @@
 import io.jans.as.common.model.registration.Client;
 import io.jans.as.model.common.GrantType;
 import io.jans.as.server.model.authorize.JwtAuthorizationRequest;
-import io.jans.as.server.model.ldap.TokenEntity;
+import io.jans.model.token.TokenEntity;
 
 import java.util.Collection;
 import java.util.Date;

@@ -10,7 +10,7 @@
 import io.jans.as.common.model.registration.Client;
 import io.jans.as.model.common.GrantType;
 import io.jans.as.server.model.authorize.JwtAuthorizationRequest;
-import io.jans.as.server.model.ldap.TokenEntity;
+import io.jans.model.token.TokenEntity;
 
 import java.util.Collection;
 import java.util.Date;

@@ -19,14 +19,15 @@
 import io.jans.as.server.model.common.AuthorizationGrant;
 import io.jans.as.server.model.common.AuthorizationGrantList;
 import io.jans.as.server.model.common.ExecutionContext;
-import io.jans.as.server.model.ldap.TokenEntity;
-import io.jans.as.server.model.ldap.TokenType;
 import io.jans.as.server.model.session.SessionClient;
 import io.jans.as.server.security.Identity;
 import io.jans.as.server.service.ClientService;
 import io.jans.as.server.service.GrantService;
 import io.jans.as.server.service.external.ExternalRevokeTokenService;
 import io.jans.as.server.util.ServerUtil;
+import io.jans.model.token.TokenEntity;
+import io.jans.model.token.TokenType;
+
 import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.lang.BooleanUtils;
 import org.apache.commons.lang.StringUtils;

@@ -17,12 +17,12 @@
 import io.jans.as.persistence.model.ClientAuthorization;
 import io.jans.as.persistence.model.Par;
 import io.jans.as.persistence.model.Scope;
-import io.jans.as.server.model.ldap.TokenEntity;
 import io.jans.as.server.uma.authorization.UmaPCT;
 import io.jans.as.server.uma.service.UmaPctService;
 import io.jans.as.server.uma.service.UmaResourceService;
 import io.jans.model.ApplicationType;
 import io.jans.model.metric.ldap.MetricEntry;
+import io.jans.model.token.TokenEntity;
 import io.jans.orm.PersistenceEntryManager;
 import io.jans.orm.search.filter.Filter;
 import io.jans.service.cache.CacheProvider;

@@ -9,15 +9,18 @@
 import com.google.common.collect.Lists;
 import io.jans.as.model.config.StaticConfiguration;
 import io.jans.as.model.configuration.AppConfiguration;
+import io.jans.as.model.configuration.LockMessageConfig;
 import io.jans.as.server.model.common.AuthorizationGrant;
 import io.jans.as.server.model.common.CacheGrant;
-import io.jans.as.server.model.ldap.TokenEntity;
-import io.jans.as.server.model.ldap.TokenType;
 import io.jans.as.server.util.TokenHashUtil;
+import io.jans.model.token.TokenEntity;
+import io.jans.model.token.TokenType;
 import io.jans.orm.PersistenceEntryManager;
 import io.jans.orm.search.filter.Filter;
 import io.jans.service.CacheService;
+import io.jans.service.MessageService;
 import io.jans.service.cache.CacheConfiguration;
+import io.jans.util.StringHelper;
 import jakarta.ejb.Stateless;
 import jakarta.inject.Inject;
 import jakarta.inject.Named;
@@ -48,6 +51,9 @@ public class GrantService {
 
     @Inject
     private ClientService clientService;
+
+    @Inject
+    private MessageService messageService;
 
     @Inject
     private CacheService cacheService;
@@ -87,13 +93,29 @@ public void mergeSilently(TokenEntity token) {
 
     public void persist(TokenEntity token) {
         persistenceEntryManager.persist(token);
+
+        publishIdTokenLockMessage(token, "add");
     }
 
     public void remove(TokenEntity token) {
         persistenceEntryManager.remove(token);
         log.trace("Removed token from LDAP, code: {}", token.getTokenCode());
+
+        publishIdTokenLockMessage(token, "del");
     }
 
+	protected void publishIdTokenLockMessage(TokenEntity token, String opearation) {
+		LockMessageConfig lockMessageConfig = appConfiguration.getLockMessageConfig();
+        if (lockMessageConfig == null) {
+        	return;
+        }
+
+        if (Boolean.TRUE.equals(lockMessageConfig.getEnableIdTokenMessages()) && StringHelper.isNotEmpty(lockMessageConfig.getIdTokenMessagesChannel())) {
+        	String jsonMessage = String.format("{\"tknTyp\" : %s, \"tknCde\" : %s, \"tknOp\" : %s}", token.getTokenType(), token.getTokenCode(), opearation);
+            messageService.publish(lockMessageConfig.getIdTokenMessagesChannel(), jsonMessage);
+        }
+	}
+
     public void removeSilently(TokenEntity token) {
         try {
             remove(token);

@@ -14,10 +14,10 @@
 import io.jans.as.server.model.common.AccessToken;
 import io.jans.as.server.model.common.ClientCredentialsGrant;
 import io.jans.as.server.model.common.ExecutionContext;
-import io.jans.as.server.model.ldap.TokenEntity;
 import io.jans.as.server.model.token.HandleTokenFactory;
 import io.jans.as.server.uma.authorization.UmaPCT;
 import io.jans.as.server.uma.authorization.UmaRPT;
+import io.jans.model.token.TokenEntity;
 import io.jans.util.security.StringEncrypter;
 import jakarta.ws.rs.WebApplicationException;
 import org.testng.annotations.Test;

@@ -7,10 +7,11 @@
 package io.jans.as.server.comp;
 
 import io.jans.as.server.BaseComponentTest;
-import io.jans.as.server.model.ldap.TokenEntity;
-import io.jans.as.server.model.ldap.TokenType;
 import io.jans.as.server.service.GrantService;
 import io.jans.as.server.util.TokenHashUtil;
+import io.jans.model.token.TokenEntity;
+import io.jans.model.token.TokenType;
+
 import org.testng.annotations.Parameters;
 import org.testng.annotations.Test;
 

@@ -3,7 +3,7 @@
 import java.util.List;
 import java.util.Properties;
 
-import io.jans.as.server.model.ldap.TokenEntity;
+import io.jans.model.token.TokenEntity;
 import io.jans.orm.search.filter.Filter;
 import io.jans.orm.sql.impl.SqlEntryManager;
 import io.jans.orm.sql.impl.SqlEntryManagerFactory;

@@ -2,8 +2,8 @@
 
 import io.jans.as.model.config.StaticConfiguration;
 import io.jans.as.model.configuration.AppConfiguration;
-import io.jans.as.server.model.ldap.TokenEntity;
-import io.jans.as.server.model.ldap.TokenType;
+import io.jans.model.token.TokenEntity;
+import io.jans.model.token.TokenType;
 import io.jans.orm.PersistenceEntryManager;
 import io.jans.service.CacheService;
 import io.jans.service.cache.CacheConfiguration;

@@ -4,7 +4,7 @@
  * Copyright (c) 2020, Janssen Project
  */
 
-package io.jans.as.server.model.ldap;
+package io.jans.model.token;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
@@ -21,7 +21,8 @@
 )
 public class TokenAttributes implements Serializable {
 
-    @JsonProperty("x5cs256")
+	private static final long serialVersionUID = -3069575637747538483L;
+	@JsonProperty("x5cs256")
     private String x5cs256;
     @JsonProperty("online_access")
     private boolean onlineAccess;

@@ -4,19 +4,17 @@
  * Copyright (c) 2020, Janssen Project
  */
 
-package io.jans.as.server.model.ldap;
+package io.jans.model.token;
+
+import java.io.Serializable;
+import java.util.Date;
 
-import io.jans.as.model.common.GrantType;
 import io.jans.orm.annotation.AttributeName;
 import io.jans.orm.annotation.DN;
 import io.jans.orm.annotation.DataEntry;
 import io.jans.orm.annotation.Expiration;
 import io.jans.orm.annotation.JsonObject;
 import io.jans.orm.annotation.ObjectClass;
-import org.apache.commons.lang.StringUtils;
-
-import java.io.Serializable;
-import java.util.Date;
 
 /**
  * @author Yuriy Zabrovarnyy
@@ -28,7 +26,9 @@
 @ObjectClass(value = "jansToken")
 public class TokenEntity implements Serializable {
 
-    @DN
+	private static final long serialVersionUID = 8230052124866144708L;
+
+	@DN
     private String dn;
     @AttributeName(name = "grtId", consistency = true)
     private String grantId;
@@ -289,10 +289,6 @@ public void setSessionDn(String sessionDn) {
         this.sessionDn = sessionDn;
     }
 
-    public boolean isImplicitFlow() {
-        return StringUtils.isBlank(grantType) || grantType.equals(GrantType.IMPLICIT.getValue());
-    }
-
     public String getDpop() {
         return dpop;
     }