use of com.apifest.oauth20.bean.ClientCredentials in project xian by happyyangyuan.
the class Authenticator method issueAccessToken.
/**
* 支持json和form两种表单形式
*/
public AccessToken issueAccessToken(FullHttpRequest req) throws OAuthException {
TokenRequest tokenRequest = TokenRequest.create(req);
tokenRequest.validate();
// check valid client_id, client_secret and status of the client app should be active
if (!isActiveClient(tokenRequest.getClientId(), tokenRequest.getClientSecret())) {
throw new OAuthException(ResponseBuilder.INVALID_CLIENT_CREDENTIALS, HttpResponseStatus.BAD_REQUEST);
}
AccessToken accessToken = null;
if (TokenRequest.AUTHORIZATION_CODE.equals(tokenRequest.getGrantType())) {
AuthCode authCode = findAuthCode(tokenRequest);
// TODO: REVISIT: Move client_id check to db query
if (authCode != null) {
if (!tokenRequest.getClientId().equals(authCode.getClientId())) {
throw new OAuthException(ResponseBuilder.INVALID_CLIENT_ID, HttpResponseStatus.BAD_REQUEST);
}
if (authCode.getRedirectUri() != null && !tokenRequest.getRedirectUri().equals(authCode.getRedirectUri())) {
throw new OAuthException(ResponseBuilder.INVALID_REDIRECT_URI, HttpResponseStatus.BAD_REQUEST);
} else {
// invalidate the auth code
db.updateAuthCodeValidStatus(authCode.getCode(), false);
accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, authCode.getScope()), authCode.getScope(), getExpiresIn(TokenRequest.REFRESH_TOKEN, authCode.getScope()));
accessToken.setUserId(authCode.getUserId());
accessToken.setClientId(authCode.getClientId());
accessToken.setCodeId(authCode.getId());
db.storeAccessToken(accessToken);
}
} else {
throw new OAuthException(ResponseBuilder.INVALID_AUTH_CODE, HttpResponseStatus.BAD_REQUEST);
}
} else if (TokenRequest.REFRESH_TOKEN.equals(tokenRequest.getGrantType())) {
accessToken = db.findAccessTokenByRefreshToken(tokenRequest.getRefreshToken(), tokenRequest.getClientId());
if (accessToken != null) {
if (!accessToken.refreshTokenExpired()) {
String validScope;
if (tokenRequest.getScope() != null) {
if (scopeService.scopeAllowed(tokenRequest.getScope(), accessToken.getScope())) {
validScope = tokenRequest.getScope();
} else {
throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
}
} else {
validScope = accessToken.getScope();
}
db.updateAccessTokenValidStatus(accessToken.getToken(), false);
AccessToken newAccessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, validScope), validScope, accessToken.getRefreshToken(), accessToken.getRefreshExpiresIn());
newAccessToken.setUserId(accessToken.getUserId());
newAccessToken.setDetails(accessToken.getDetails());
newAccessToken.setClientId(accessToken.getClientId());
db.storeAccessToken(newAccessToken);
db.removeAccessToken(accessToken.getToken());
return newAccessToken;
} else {
db.removeAccessToken(accessToken.getToken());
throw new OAuthException(ResponseBuilder.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
}
} else {
throw new OAuthException(ResponseBuilder.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
}
} else if (TokenRequest.CLIENT_CREDENTIALS.equals(tokenRequest.getGrantType())) {
ClientCredentials clientCredentials = db.findClientCredentials(tokenRequest.getClientId());
String scope = scopeService.getValidScopeByScope(tokenRequest.getScope(), clientCredentials.getScope());
if (scope == null) {
throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
}
accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.CLIENT_CREDENTIALS, scope), scope, false, null);
accessToken.setClientId(tokenRequest.getClientId());
Map<String, String> applicationDetails = clientCredentials.getApplicationDetails();
if ((applicationDetails != null) && (applicationDetails.size() > 0)) {
// For backward compatibility
accessToken.setDetails(applicationDetails);
accessToken.setApplicationDetails(applicationDetails);
}
db.storeAccessToken(accessToken);
} else if (TokenRequest.PASSWORD.equals(tokenRequest.getGrantType())) {
ClientCredentials clientCredentials = db.findClientCredentials(tokenRequest.getClientId());
String scope = scopeService.getValidScopeByScope(tokenRequest.getScope(), clientCredentials.getScope());
if (scope == null) {
throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
}
try {
UserDetails userDetails = authenticateUser(tokenRequest.getUsername(), tokenRequest.getPassword(), req);
if (userDetails != null && userDetails.getUserId() != null) {
accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, scope), scope, getExpiresIn(TokenRequest.REFRESH_TOKEN, scope));
accessToken.setUserId(userDetails.getUserId());
accessToken.setDetails(userDetails.getDetails());
accessToken.setClientId(tokenRequest.getClientId());
accessToken.setApplicationDetails(clientCredentials.getApplicationDetails());
db.storeAccessToken(accessToken);
} else {
throw new OAuthException(ResponseBuilder.INVALID_USERNAME_PASSWORD, HttpResponseStatus.UNAUTHORIZED);
}
} catch (AuthenticationException e) {
// for instance, if the user authentication requires more user details as a subsequent step
if (e.getResponse() != null) {
String responseContent = ((FullHttpResponse) (e.getResponse())).content().toString(CharsetUtil.UTF_8);
throw new OAuthException(e, responseContent, e.getResponse().getStatus());
} else {
LOG.error("Cannot authenticate user", e);
// NOSONAR
throw new OAuthException(e, ResponseBuilder.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
}
}
} else if (tokenRequest.getGrantType().equals(OAuthConfig.getCustomGrantType())) {
String scope = scopeService.getValidScope(tokenRequest.getScope(), tokenRequest.getClientId());
if (scope == null) {
throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
}
try {
accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, scope), scope, getExpiresIn(TokenRequest.REFRESH_TOKEN, scope));
accessToken.setClientId(tokenRequest.getClientId());
UserDetails userDetails = callCustomGrantTypeHandler(req);
if (userDetails != null && userDetails.getUserId() != null) {
accessToken.setUserId(userDetails.getUserId());
accessToken.setDetails(userDetails.getDetails());
}
db.storeAccessToken(accessToken);
} catch (AuthenticationException e) {
LOG.error("Cannot authenticate user", e);
throw new OAuthException(e, ResponseBuilder.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
}
}
return accessToken;
}
use of com.apifest.oauth20.bean.ClientCredentials in project xian by happyyangyuan.
the class ScopeService method getScopes.
protected String getScopes(String clientId) throws OAuthException {
ClientCredentials credentials = DBManagerFactory.getInstance().findClientCredentials(clientId);
String jsonString;
if (credentials != null) {
// scopes are separated by comma
String scopes = credentials.getScope();
String[] s = scopes.split(SPACE);
List<Scope> result = new ArrayList<Scope>();
for (String name : s) {
Scope scope = DBManagerFactory.getInstance().findScope(name);
result.add(scope);
}
try {
jsonString = JSON.toJSONString(result);
} catch (Exception e) {
LOG.error("cannot load scopes per LOCAL_NODE_ID", e);
throw new OAuthException(e, null, HttpResponseStatus.BAD_REQUEST);
}
} else {
throw new OAuthException(null, HttpResponseStatus.NOT_FOUND);
}
return jsonString;
}
use of com.apifest.oauth20.bean.ClientCredentials in project xian by happyyangyuan.
the class OAuth20Handler method handleRegister.
@DocOAuth20Sub(name = "handleRegister", dec = "注册application", method = "POST", url = "/oauth2.0/applications", args = { @DocOAuth20SubIn(name = "name", dec = "application名称", require = true, type = String.class), @DocOAuth20SubIn(name = "scope", dec = "支持由空格分割的多个scope", require = true, type = String.class), @DocOAuth20SubIn(name = "redirect_uri", dec = "redirect_uri", require = true, type = String.class), @DocOAuth20SubIn(name = "client_id", dec = "client_id", require = false, type = String.class), @DocOAuth20SubIn(name = "client_secret", dec = "client_secret", require = false, type = String.class), @DocOAuth20SubIn(name = "description", dec = "用户自定义application描述", require = false, type = String.class), @DocOAuth20SubIn(name = "application_details", dec = "用户自定义的多个键值对", require = false, type = Map.class) })
FullHttpResponse handleRegister(FullHttpRequest req) {
FullHttpResponse response = null;
try {
ClientCredentials creds = auth.issueClientCredentials(req);
String jsonString = JSON.toJSONString(creds);
LOG.info("credentials:" + jsonString);
response = ResponseBuilder.createOkResponse(jsonString);
} catch (OAuthException ex) {
response = ResponseBuilder.createOAuthExceptionResponse(ex);
invokeExceptionHandler(ex, req);
} catch (Exception e1) {
LOG.error("error handle register", e1);
invokeExceptionHandler(e1, req);
}
if (response == null) {
LOG.warn("response is null !", new Throwable());
response = ResponseBuilder.createBadRequestResponse(ResponseBuilder.CANNOT_REGISTER_APP);
}
return response;
}
use of com.apifest.oauth20.bean.ClientCredentials in project xian by happyyangyuan.
the class RedisDBManager method getAllApplications.
@Override
public List<ApplicationInfo> getAllApplications() {
List<ApplicationInfo> list = new ArrayList<ApplicationInfo>();
Collection<String> values = CacheMapUtil.values(CLIENT_CREDENTIALS_KEY);
for (String json : values) {
ClientCredentials creds = JSON.parseObject(json, ClientCredentials.class);
ApplicationInfo app = ApplicationInfo.loadFromClientCredentials(creds);
if (app != null) {
list.add(app);
}
}
return list;
}
Aggregations