Issue grails#437 - Expanded API for store and remove token

longwa · Apr 8, 2020 · d2d258a · d2d258a
1 parent d323c08
commit d2d258a
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 10 deletions.
diff --git a/...curity-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy b/...curity-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy
@@ -98,7 +98,7 @@ class RestOauthService {
         log.debug "Generated REST authentication token: ${accessToken}"
 
         log.debug "Storing token on the token storage"
-        tokenStorageService.storeToken(accessToken.accessToken, userDetails)
+        tokenStorageService.storeToken(accessToken)
 
         authenticationEventPublisher.publishTokenCreation(accessToken)
 

diff --git a/...ty-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy b/...ty-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy
@@ -108,7 +108,7 @@ class RestAuthenticationFilter extends GenericFilterBean {
                         AccessToken accessToken = tokenGenerator.generateAccessToken(authenticationResult.principal as UserDetails)
                         log.debug "Generated token: ${accessToken}"
 
-                        tokenStorageService.storeToken(accessToken.accessToken, authenticationResult.principal as UserDetails)
+                        tokenStorageService.storeToken(accessToken)
                         authenticationEventPublisher.publishTokenCreation(accessToken)
                         authenticationSuccessHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, accessToken)
                         SecurityContextHolder.context.setAuthentication(accessToken)

diff --git a/...g-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy b/...g-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy
@@ -69,13 +69,13 @@ class RestLogoutFilter extends GenericFilterBean {
 
                 try {
                     log.debug "Trying to remove the token"
-                    tokenStorageService.removeToken accessToken.accessToken
+                    tokenStorageService.removeToken accessToken
                 } catch (TokenNotFoundException ignored) {
-                    servletResponse.setStatus HttpServletResponse.SC_NOT_FOUND, "Token not found"
+                    servletResponse.sendError HttpServletResponse.SC_NOT_FOUND, "Token not found"
                 }
             } else {
                 log.debug "Token is missing. Sending a ${HttpServletResponse.SC_BAD_REQUEST} Bad Request response"
-                servletResponse.setStatus HttpServletResponse.SC_BAD_REQUEST, "Token header is missing"
+                servletResponse.sendError HttpServletResponse.SC_BAD_REQUEST, "Token header is missing"
             }
 
         } else {

diff --git a/...rc/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy b/...rc/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy
@@ -16,32 +16,47 @@
  */
 package grails.plugin.springsecurity.rest.token.storage
 
+import grails.plugin.springsecurity.rest.token.AccessToken
 import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.security.core.Authentication
 
 /**
  * Implementations of this interface are responsible to load user information from a token storage system, and to store
  * token information into it.
  */
-interface TokenStorageService {
-
+trait TokenStorageService {
     /**
      * Returns a principal object given the passed token value
      * @throws TokenNotFoundException if no token is found in the storage
      */
-    UserDetails loadUserByToken(String tokenValue) throws TokenNotFoundException
+    abstract UserDetails loadUserByToken(String tokenValue) throws TokenNotFoundException
 
     /**
      * Stores a token. It receives the principal to store any additional information together with the token,
      * like the username associated.
      *
      * @see Authentication#getPrincipal()
      */
-    void storeToken(String tokenValue, UserDetails principal)
+    void storeToken(String tokenValue, UserDetails principal) {}
+
+    /**
+     * Stores the access token. Allows for handling of refresh token and other JWT claims as needed.
+     */
+    void storeToken(AccessToken accessToken) {
+        storeToken(accessToken.accessToken, accessToken.principal)
+    }
 
     /**
      * Removes a token from the storage.
      * @throws TokenNotFoundException if the given token is not found in the storage
      */
-    void removeToken(String tokenValue) throws TokenNotFoundException
+    void removeToken(String tokenValue) throws TokenNotFoundException {}
+
+    /**
+     * Remove the given accessToken from storage. Allows for handling of refresh token and other JWT claims as needed.
+     * @throws TokenNotFoundException if the given token is not found in the storage
+     */
+    void removeToken(AccessToken accessToken) throws TokenNotFoundException {
+        removeToken(accessToken.accessToken)
+    }
 }