Example 1 with ApiAccessToken
use of cbit.vcell.modeldb.ApiAccessToken in project vcell by virtualcell.
the class AccessTokenServerResource method get_json.
@Override
public AccessTokenRepresentation get_json() {
VCellApiApplication application = ((VCellApiApplication) getApplication());
String clientId = getQueryValue(PARAM_CLIENT_ID);
String userId = getQueryValue(PARAM_USER_ID);
String userPassword = getQueryValue(PARAM_USER_PASSWORD);
try {
ApiClient apiClient = application.getUserVerifier().getApiClient(clientId);
if (apiClient == null) {
throw new RuntimeException("client not found");
}
User authenticatedUser = application.getUserVerifier().authenticateUser(userId, userPassword.toCharArray());
if (authenticatedUser == null) {
throw new RuntimeException("unable to authenticate user");
}
ApiAccessToken apiAccessToken = application.getUserVerifier().generateApiAccessToken(apiClient.getKey(), authenticatedUser);
AccessTokenRepresentation tokenRep = new AccessTokenRepresentation(apiAccessToken);
//
// indicate no caching of response.
//
ArrayList<CacheDirective> cacheDirectives = new ArrayList<CacheDirective>();
cacheDirectives.add(CacheDirective.noCache());
getResponse().setCacheDirectives(cacheDirectives);
return tokenRep;
} catch (Exception e) {
e.printStackTrace(System.out);
throw new RuntimeException(e.getMessage(), e);
}
}
Also used :
User(org.vcell.util.document.User)
CacheDirective(org.restlet.data.CacheDirective)
ApiAccessToken(cbit.vcell.modeldb.ApiAccessToken)
ArrayList(java.util.ArrayList)
VCellApiApplication(org.vcell.rest.VCellApiApplication)
ApiClient(cbit.vcell.modeldb.ApiClient)
AccessTokenRepresentation(org.vcell.rest.common.AccessTokenRepresentation)
ResourceException(org.restlet.resource.ResourceException)
Example 2 with ApiAccessToken
use of cbit.vcell.modeldb.ApiAccessToken in project vcell by virtualcell.
the class VCellCookieAuthenticator method login.
@Override
protected void login(Request request, Response response) {
// Login detected
Representation entity = request.getEntity();
Form form = new Form(entity);
Parameter identifier = form.getFirst(getIdentifierFormName());
Parameter secret = form.getFirst(getSecretFormName());
Parameter redirectURL = form.getFirst(getRedirectQueryName());
UserLoginInfo.DigestedPassword digestedPassword = new UserLoginInfo.DigestedPassword(secret.getValue());
try {
User user = vcellApiApplication.getUserVerifier().authenticateUser(identifier.getValue(), digestedPassword.getString().toCharArray());
if (user == null) {
response.setStatus(Status.CLIENT_ERROR_UNAUTHORIZED);
return;
}
ApiClient apiClient = vcellApiApplication.getUserVerifier().getApiClient(VCellApiApplication.BROWSER_CLIENTID);
ApiAccessToken accessToken = vcellApiApplication.getUserVerifier().generateApiAccessToken(apiClient.getKey(), user);
// Set credentials
ChallengeResponse cr = new ChallengeResponse(getScheme(), CustomAuthHelper.ACCESS_TOKEN, accessToken.getToken());
request.setChallengeResponse(cr);
getCredentialsCookie(request, response).setMaxAge(0);
getLogger().log(Level.INFO, "MyCookieAuthenticator.login(request,response) - created new accessToken '" + accessToken.getToken() + "' and assignd to ChallengeResponse, redirectURL='" + redirectURL.getValue() + "'");
response.redirectSeeOther(Reference.decode(redirectURL.getValue()));
} catch (SQLException e) {
e.printStackTrace();
getLogger().log(Level.SEVERE, "MyCookieAuthenticator.login(request,response) - exception", e);
} catch (DataAccessException e) {
e.printStackTrace();
getLogger().log(Level.SEVERE, "MyCookieAuthenticator.login(request,response) - exception", e);
}
}
Also used :
User(org.vcell.util.document.User)
Form(org.restlet.data.Form)
SQLException(java.sql.SQLException)
ApiAccessToken(cbit.vcell.modeldb.ApiAccessToken)
Parameter(org.restlet.data.Parameter)
Representation(org.restlet.representation.Representation)
UserLoginInfo(org.vcell.util.document.UserLoginInfo)
ApiClient(cbit.vcell.modeldb.ApiClient)
DataAccessException(org.vcell.util.DataAccessException)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Example 3 with ApiAccessToken
use of cbit.vcell.modeldb.ApiAccessToken in project vcell by virtualcell.
the class UserVerifier method invalidateApiAccessToken.
public void invalidateApiAccessToken(String accessToken) throws SQLException, DataAccessException {
ApiAccessToken apiAccessToken = getApiAccessToken(accessToken);
if (apiAccessToken != null) {
adminDbTopLevel.setApiAccessTokenStatus(apiAccessToken, AccessTokenStatus.invalidated, true);
accessTokenMap.remove(accessToken);
}
}
Also used :
ApiAccessToken(cbit.vcell.modeldb.ApiAccessToken)
Example 4 with ApiAccessToken
use of cbit.vcell.modeldb.ApiAccessToken in project vcell by virtualcell.
the class VCellCookieAuthenticator method logout.
@Override
protected int logout(Request request, Response response) {
try {
Cookie credentialsCookie = request.getCookies().getFirst(getCookieName());
if (credentialsCookie != null) {
ChallengeResponse challengeResponse = parseCredentials(credentialsCookie.getValue());
ApiAccessToken apiAccessToken = vcellApiApplication.getApiAccessToken(challengeResponse);
if (apiAccessToken != null) {
vcellApiApplication.getUserVerifier().invalidateApiAccessToken(apiAccessToken.getToken());
getLogger().log(Level.INFO, "MyCookieAuthenticator.login(request,response) - invalidated accessToken '" + apiAccessToken.getToken() + "'");
}
}
} catch (Exception e) {
e.printStackTrace(System.out);
getLogger().log(Level.SEVERE, "MyCookieAuthenticator.logout(request,response) - exception while invalidating '" + CustomAuthHelper.ACCESS_TOKEN + "'", e);
}
return super.logout(request, response);
}
Also used :
Cookie(org.restlet.data.Cookie)
ApiAccessToken(cbit.vcell.modeldb.ApiAccessToken)
DataAccessException(org.vcell.util.DataAccessException)
SQLException(java.sql.SQLException)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Example 5 with ApiAccessToken
use of cbit.vcell.modeldb.ApiAccessToken in project vcell by virtualcell.
the class AuthenticationTokenRestlet method handle.
@Override
public void handle(Request req, Response response) {
if (req.getMethod().equals(Method.GET)) {
try {
VCellApiApplication application = ((VCellApiApplication) getApplication());
HttpRequest request = (HttpRequest) req;
Form form = request.getResourceRef().getQueryAsForm();
String userId = form.getFirstValue(PARAM_USER_ID, false);
if (userId == null) {
throw new RuntimeException("expecting " + PARAM_USER_ID + " query parameter");
}
String clientId = form.getFirstValue(PARAM_CLIENT_ID, false);
if (clientId == null) {
throw new RuntimeException("expecting " + PARAM_CLIENT_ID + " query parameter");
}
String userPassword = form.getFirstValue(PARAM_USER_PASSWORD, false);
if (userPassword == null) {
throw new RuntimeException("expecting " + PARAM_USER_PASSWORD + " query parameter");
}
ApiClient apiClient = application.getUserVerifier().getApiClient(clientId);
if (apiClient == null) {
if (lg.isWarnEnabled())
lg.warn("client not found");
response.setStatus(Status.CLIENT_ERROR_UNAUTHORIZED);
response.setEntity("authentication error, unknown client", MediaType.TEXT_PLAIN);
return;
}
User authenticatedUser = application.getUserVerifier().authenticateUser(userId, userPassword.toCharArray());
if (authenticatedUser == null) {
if (lg.isWarnEnabled())
lg.warn("unable to authenticate user");
response.setStatus(Status.CLIENT_ERROR_UNAUTHORIZED);
response.setEntity("authentication error, either userid or password is incorrect", MediaType.TEXT_PLAIN);
return;
}
ApiAccessToken apiAccessToken = application.getUserVerifier().generateApiAccessToken(apiClient.getKey(), authenticatedUser);
AccessTokenRepresentation tokenRep = new AccessTokenRepresentation(apiAccessToken);
//
// indicate no caching of response.
//
ArrayList<CacheDirective> cacheDirectives = new ArrayList<CacheDirective>();
cacheDirectives.add(CacheDirective.noCache());
response.setCacheDirectives(cacheDirectives);
Gson gson = new Gson();
String tokenRepJSON = gson.toJson(tokenRep);
response.setStatus(Status.SUCCESS_OK, "authentication token returned");
response.setEntity(new JsonRepresentation(tokenRepJSON));
} catch (Exception e) {
lg.error(e.getMessage(), e);
response.setStatus(Status.SERVER_ERROR_INTERNAL);
response.setEntity("internal error returning authentication token: " + e.getMessage(), MediaType.TEXT_PLAIN);
}
}
}
Also used :
HttpRequest(org.restlet.engine.adapter.HttpRequest)
User(org.vcell.util.document.User)
Form(org.restlet.data.Form)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
ApiClient(cbit.vcell.modeldb.ApiClient)
CacheDirective(org.restlet.data.CacheDirective)
ApiAccessToken(cbit.vcell.modeldb.ApiAccessToken)
VCellApiApplication(org.vcell.rest.VCellApiApplication)
JsonRepresentation(org.restlet.ext.json.JsonRepresentation)
AccessTokenRepresentation(org.vcell.rest.common.AccessTokenRepresentation)
Aggregations
ApiAccessToken (cbit.vcell.modeldb.ApiAccessToken)5
ApiClient (cbit.vcell.modeldb.ApiClient)3
User (org.vcell.util.document.User)3
SQLException (java.sql.SQLException)2
ArrayList (java.util.ArrayList)2
CacheDirective (org.restlet.data.CacheDirective)2
ChallengeResponse (org.restlet.data.ChallengeResponse)2
Form (org.restlet.data.Form)2
VCellApiApplication (org.vcell.rest.VCellApiApplication)2
AccessTokenRepresentation (org.vcell.rest.common.AccessTokenRepresentation)2
DataAccessException (org.vcell.util.DataAccessException)2
Gson (com.google.gson.Gson)1
Cookie (org.restlet.data.Cookie)1
Parameter (org.restlet.data.Parameter)1
HttpRequest (org.restlet.engine.adapter.HttpRequest)1
JsonRepresentation (org.restlet.ext.json.JsonRepresentation)1
Representation (org.restlet.representation.Representation)1
ResourceException (org.restlet.resource.ResourceException)1
UserLoginInfo (org.vcell.util.document.UserLoginInfo)1
