Fixing race conditions in refresh token generation

revert-dabc3590
Megala 8 years ago
parent bb1435e273
commit 600e2529bd

@ -96,7 +96,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password);
tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());
} }
synchronized(tokenInfo) { synchronized(this) {
if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) {
tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token());
tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());

@ -79,9 +79,11 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password); tokenInfo = tokenIssuerService.getToken(PASSWORD_GRANT_TYPE, username, password);
tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());
} }
if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) { synchronized (this) {
tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token()); if (System.currentTimeMillis() + refreshTimeOffset > tokenInfo.getExpires_in()) {
tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in()); tokenInfo = tokenIssuerService.getToken(REFRESH_GRANT_TYPE, tokenInfo.getRefresh_token());
tokenInfo.setExpires_in(System.currentTimeMillis() + tokenInfo.getExpires_in());
}
} }
String headerValue = "Bearer " + tokenInfo.getAccess_token(); String headerValue = "Bearer " + tokenInfo.getAccess_token();
template.header("Authorization", headerValue); template.header("Authorization", headerValue);

Loading…
Cancel
Save