update dependencies, migrate RandomStringUtils
This commit is contained in:
@@ -107,14 +107,14 @@ public class OidcClientManager {
|
||||
oidcClient.setAlwaysPermitted(alwaysPermitted);
|
||||
oidcClient.setTokenLifetime(OIDC_CLIENT_TOKEN_LIFETIME);
|
||||
|
||||
String clientId = RandomStringUtils.random(OIDC_CLIENT_CLIENT_ID_LENGTH, true, true);
|
||||
String clientId = RandomStringUtils.secure().next(OIDC_CLIENT_CLIENT_ID_LENGTH, true, true);
|
||||
|
||||
while (oidcClientRepository.findOne(qOidcClient.clientId.eq(clientId)).isPresent()) {
|
||||
clientId = RandomStringUtils.random(OIDC_CLIENT_CLIENT_ID_LENGTH, true, true);
|
||||
clientId = RandomStringUtils.secure().next(OIDC_CLIENT_CLIENT_ID_LENGTH, true, true);
|
||||
}
|
||||
|
||||
oidcClient.setClientId(clientId);
|
||||
oidcClient.setClientSecret(RandomStringUtils.random(OIDC_CLIENT_CLIENT_SECRET_LENGTH, true, true));
|
||||
oidcClient.setClientSecret(RandomStringUtils.secure().next(OIDC_CLIENT_CLIENT_SECRET_LENGTH, true, true));
|
||||
|
||||
return oidcClientRepository.save(oidcClient);
|
||||
}
|
||||
@@ -138,7 +138,7 @@ public class OidcClientManager {
|
||||
public OidcClient createNewSecretByClientName(String clientName) {
|
||||
OidcClient oidcClient = getByClientName(clientName);
|
||||
Assert.notNull(oidcClient, "No client found for name '" + clientName + "'");
|
||||
oidcClient.setClientSecret(RandomStringUtils.random(OIDC_CLIENT_CLIENT_SECRET_LENGTH, true, true));
|
||||
oidcClient.setClientSecret(RandomStringUtils.secure().next(OIDC_CLIENT_CLIENT_SECRET_LENGTH, true, true));
|
||||
|
||||
return oidcClientRepository.save(oidcClient);
|
||||
}
|
||||
|
||||
@@ -72,11 +72,11 @@ public class OidcSessionManager {
|
||||
* @return the string
|
||||
*/
|
||||
public String createSid() {
|
||||
String sid = new StringBuilder(RandomStringUtils.random(SID_LENGTH, true, true)).insert(8, "-").insert(13, "-")
|
||||
String sid = new StringBuilder(RandomStringUtils.secure().next(SID_LENGTH, true, true)).insert(8, "-").insert(13, "-")
|
||||
.insert(18, "-").insert(23, "-").toString();
|
||||
|
||||
while (oidcSessionRepository.exists(qOidcSession.sid.eq(sid))) {
|
||||
sid = new StringBuilder(RandomStringUtils.random(SID_LENGTH, true, true)).insert(8, "-").insert(13, "-")
|
||||
sid = new StringBuilder(RandomStringUtils.secure().next(SID_LENGTH, true, true)).insert(8, "-").insert(13, "-")
|
||||
.insert(18, "-").insert(23, "-").toString();
|
||||
}
|
||||
return sid;
|
||||
@@ -401,7 +401,7 @@ public class OidcSessionManager {
|
||||
claimsSetBuilder.issuer(issuer);
|
||||
claimsSetBuilder.audience(client.getClientId());
|
||||
claimsSetBuilder.issueTime(new Date());
|
||||
claimsSetBuilder.jwtID(RandomStringUtils.random(JWT_ID_LENGTH, true, true));
|
||||
claimsSetBuilder.jwtID(RandomStringUtils.secure().next(JWT_ID_LENGTH, true, true));
|
||||
if (StringUtils.hasText(sid)) {
|
||||
claimsSetBuilder.claim("sid", sid);
|
||||
}
|
||||
|
||||
@@ -133,7 +133,7 @@ public class OidcTokenManager implements SmartInitializingSingleton {
|
||||
*/
|
||||
public OidcToken createToken(OidcClient client, Long userId, boolean refreshToken) {
|
||||
return createToken(client, userId,
|
||||
refreshToken ? RandomStringUtils.random(REFRESH_TOKEN_LENGTH, true, true) : null);
|
||||
refreshToken ? RandomStringUtils.secure().next(REFRESH_TOKEN_LENGTH, true, true) : null);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -148,7 +148,7 @@ public class OidcTokenManager implements SmartInitializingSingleton {
|
||||
OidcToken token = new OidcToken();
|
||||
token.setClient(client.getId());
|
||||
token.setUserId(userId);
|
||||
token.setAccessToken(RandomStringUtils.random(ACCESS_TOKEN_LENGTH, true, true));
|
||||
token.setAccessToken(RandomStringUtils.secure().next(ACCESS_TOKEN_LENGTH, true, true));
|
||||
if (StringUtils.hasText(refreshToken)) {
|
||||
token.setRefreshToken(refreshToken);
|
||||
}
|
||||
@@ -179,7 +179,7 @@ public class OidcTokenManager implements SmartInitializingSingleton {
|
||||
|
||||
token.setUserId(user.getId());
|
||||
token.setAlias(alias);
|
||||
token.setAccessToken(RandomStringUtils.random(ACCESS_TOKEN_LENGTH, true, true));
|
||||
token.setAccessToken(RandomStringUtils.secure().next(ACCESS_TOKEN_LENGTH, true, true));
|
||||
token.setExpiresIn(client.getTokenLifetime());
|
||||
|
||||
Builder claimsSetBuilder = createUserClaims(client, user, alias);
|
||||
|
||||
@@ -41,7 +41,7 @@ public class OidcAuthorizationCode {
|
||||
this.clientId = clientId;
|
||||
this.redirectUri = redirectUri;
|
||||
this.scopes = scopes;
|
||||
this.code = RandomStringUtils.random(CODE_LENGTH, true, true);
|
||||
this.code = RandomStringUtils.secure().next(CODE_LENGTH, true, true);
|
||||
this.expiry = Instant.now().plus(EXPIRY_MINUTES, ChronoUnit.MINUTES);
|
||||
this.userId = userId;
|
||||
this.nonce = nonce;
|
||||
|
||||
Reference in New Issue
Block a user