Added username filtering to token revocation service via super client Change-Id: I6ae4ace9ff464b8bcd13fbd0705061bd833726b7

commit: db457bcb5a643014113966b1a0a47b70f8df48e6 [log] [tgz]
author: margaretha <margaretha@ids-mannheim.de> Thu Nov 21 14:38:56 2019 +0100
committer: margaretha <margaretha@ids-mannheim.de> Thu Nov 21 14:39:43 2019 +0100
tree: d92769353b5084acb885b124328beb1987f2753e
parent: 43aceb59c7e797ff07cc498ad4e2a665396fe80c [diff]
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
index feafc87..ebc7252 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java

@@ -424,7 +424,7 @@
         }
     }
 
-    public void revokeTokenViaSuperClient (
+    public void revokeTokenViaSuperClient (String username,
             OAuth2RevokeTokenSuperRequest revokeTokenRequest)
             throws KustvaktException {
         String superClientId = revokeTokenRequest.getSuperClientId();
@@ -442,7 +442,9 @@
                 tokenDao.retrieveRefreshTokenByClientId(clientId);
 
         for (RefreshToken r : refreshTokens) {
-            revokeRefreshToken(r);
+            if (r.getUserId().equals(username)){
+                revokeRefreshToken(r);
+            }
         }
     }
     

diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
index bbe1122..a287ce4 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java

@@ -273,14 +273,18 @@
     @ResourceFilters({ AuthenticationFilter.class, BlockingFilter.class })
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
     public Response revokeTokenViaSuperClient (
+            @Context SecurityContext context,
             @Context HttpServletRequest request,
             MultivaluedMap<String, String> form) {
 
+        TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
+        String username = tokenContext.getUsername();
+        
         try {
             OAuth2RevokeTokenSuperRequest revokeTokenRequest =
                     new OAuth2RevokeTokenSuperRequest(
                             new FormRequestWrapper(request, form));
-            tokenService.revokeTokenViaSuperClient(revokeTokenRequest);
+            tokenService.revokeTokenViaSuperClient(username, revokeTokenRequest);
             return Response.ok("SUCCESS").build();
         }
         catch (OAuthSystemException e) {
commit	db457bcb5a643014113966b1a0a47b70f8df48e6	[log] [tgz]
author	margaretha <margaretha@ids-mannheim.de>	Thu Nov 21 14:38:56 2019 +0100
committer	margaretha <margaretha@ids-mannheim.de>	Thu Nov 21 14:39:43 2019 +0100
tree	d92769353b5084acb885b124328beb1987f2753e
parent	43aceb59c7e797ff07cc498ad4e2a665396fe80c [diff]