· 6 years ago · Dec 17, 2018, 10:28 PM
1public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
2 // ....
3 @Override
4 public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
5 endpoints
6 .tokenStore(tokenStore())
7 .authenticationManager(authenticationManager)
8 .accessTokenConverter(accessTokenConverter())
9 .reuseRefreshTokens(false)
10 .userDetailsService(userDetailsService);
11 }
12 @Bean
13 public TokenStore tokenStore() {
14 return new JwtTokenStore(accessTokenConverter());
15 }
16
17 @Bean
18 JwtAccessTokenConverter accessTokenConverter() {
19 JwtAccessTokenConverter converter = new CustomTokenEnhancer();
20 converter.setSigningKey(jwtSigningKey);
21 converter.setVerifierKey(jwtSigningKey);
22 return converter;
23 }
24 @Override
25 public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
26 Base64Utility base64 = new Base64Utility();
27 clients.inMemory()
28 .withClient(ApplicationConstants.CLIENT)
29 .resourceIds(securityConstants.audience)
30 .secret(...)
31 .scopes(AuthorizationConstants.READ)
32 .authorizedGrantTypes("password", "refresh_token")
33 .accessTokenValiditySeconds(securityConstants.getAccessTokenValiditySeconds())
34 .refreshTokenValiditySeconds(securityConstants.getRefreshTokenValiditySeconds());
35 }
36}
37
38function refreshToken() {
39 var client = jwtForm.client.value;
40 var clientSecret = getClientSecret();
41
42 var data = "grant_type=refresh_token&refresh_token=" + jwt.refresh_token;
43
44 var xhr = new XMLHttpRequest();
45 xhr.open("POST", authServer + "/oauth/token");
46 xhr.setRequestHeader ("Authorization", "Basic " + btoa(client + ":" + atob(clientSecret)));
47 xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
48
49 xhr.onreadystatechange = function () {
50 if(xhr.readyState == 4) {
51 processResponse(xhr);
52 }
53 };
54 xhr.send(data);
55}