Examples with AuthScopeExpression com.google.api.server.spi.config.scope.AuthScopeExpression used on opensource projects

Example 1 with AuthScopeExpression

use of com.google.api.server.spi.config.scope.AuthScopeExpression in project endpoints-java by cloudendpoints.

the class DiscoveryGenerator method writeApiMethod.

private void writeApiMethod(ApiConfig config, String servicePath, RestDescription doc, ApiMethodConfig methodConfig, SchemaRepository schemaRepo, AuthScopeRepository scopeRepo) {
    List<String> parts = DOT_SPLITTER.splitToList(methodConfig.getFullMethodName());
    Map<String, RestMethod> methods = getMethodMapFromDoc(doc, parts);
    Map<String, JsonSchema> parameters = convertMethodParameters(methodConfig);
    AuthScopeExpression scopeExpression = methodConfig.getScopeExpression();
    RestMethod method = new RestMethod().setDescription(methodConfig.getDescription()).setHttpMethod(methodConfig.getHttpMethod()).setId(methodConfig.getFullMethodName()).setPath(methodConfig.getCanonicalPath().substring(servicePath.length())).setScopes(AuthScopeExpressions.encodeMutable(scopeExpression));
    scopeRepo.add(scopeExpression);
    List<String> parameterOrder = computeParameterOrder(methodConfig);
    if (!parameterOrder.isEmpty()) {
        method.setParameterOrder(parameterOrder);
    }
    if (!parameters.isEmpty()) {
        method.setParameters(parameters);
    }
    ApiParameterConfig requestParamConfig = getAndCheckMethodRequestResource(methodConfig);
    if (requestParamConfig != null) {
        TypeToken<?> requestType = requestParamConfig.getSchemaBaseType();
        Schema schema = schemaRepo.getOrAdd(requestType, config);
        method.setRequest(new Request().set$ref(schema.name()).setParameterName("resource"));
    }
    if (methodConfig.hasResourceInResponse()) {
        TypeToken<?> returnType = ApiAnnotationIntrospector.getSchemaType(methodConfig.getReturnType(), config);
        Schema schema = schemaRepo.getOrAdd(returnType, config);
        method.setResponse(new Response().set$ref(schema.name()));
    }
    methods.put(parts.get(parts.size() - 1), method);
}

Example 2 with AuthScopeExpression

use of com.google.api.server.spi.config.scope.AuthScopeExpression in project endpoints-java by cloudendpoints.

the class GoogleAppEngineAuthenticator method getOAuth2User.

@VisibleForTesting
com.google.appengine.api.users.User getOAuth2User(HttpServletRequest request, ApiMethodConfig config) throws ServiceUnavailableException {
    String token = GoogleAuth.getAuthToken(request);
    if (!GoogleAuth.isOAuth2Token(token)) {
        return null;
    }
    AuthScopeExpression scopeExpression = config.getScopeExpression();
    String[] allScopes = scopeExpression.getAllScopes();
    String clientId = null;
    if (EnvUtil.isRunningOnAppEngineProd()) {
        try {
            String[] authorizedScopes = oauthService.getAuthorizedScopes(allScopes);
            boolean authorized = false;
            if (authorizedScopes != null) {
                // Authorize against the scopes based on the scope expression.
                authorized = scopeExpression.isAuthorized(ImmutableSet.copyOf(authorizedScopes));
            }
            if (!authorized) {
                logger.atWarning().log("Access token does not contain sufficient scopes from: %s", scopeExpression);
                return null;
            }
            clientId = oauthService.getClientId(allScopes);
        } catch (OAuthRequestException e) {
            logger.atWarning().withCause(e).log("Failed to get client id for '%s'", scopeExpression);
            return null;
        }
    } else {
        // Dev env.
        clientId = getOAuth2ClientIdDev(token);
    }
    // Check client id.
    if ((Attribute.from(request).isEnabled(Attribute.ENABLE_CLIENT_ID_WHITELIST) && !GoogleAuth.checkClientId(clientId, config.getClientIds(), true))) {
        logger.atWarning().log("ClientId is not allowed: %s", clientId);
        return null;
    }
    try {
        com.google.appengine.api.users.User appEngineUser = oauthService.getCurrentUser(allScopes);
        return appEngineUser;
    } catch (OAuthRequestException e) {
        logger.atWarning().withCause(e).log("Failed to get user for '%s'", scopeExpression);
    }
    return null;
}

Example 3 with AuthScopeExpression

use of com.google.api.server.spi.config.scope.AuthScopeExpression in project endpoints-java by cloudendpoints.

the class ApiClassConfigTest method testDefaultsOverriddenWithLocal.

@Test
public void testDefaultsOverriddenWithLocal() {
    config.setResource("bleh");
    config.setAuthLevel(AuthLevel.REQUIRED);
    AuthScopeExpression scopes = AuthScopeExpressions.interpret("scope1", "scope2");
    config.setScopeExpression(scopes);
    List<String> audiences = Lists.newArrayList("audience1", "audience2");
    config.setAudiences(audiences);
    List<String> clientIds = Lists.newArrayList("ci1", "ci2");
    config.setClientIds(clientIds);
    config.setUseDatastore(true);
    assertEquals("bleh", config.getResource());
    assertEquals(AuthLevel.REQUIRED, config.getAuthLevel());
    assertEquals(scopes, config.getScopeExpression());
    assertEquals(audiences, config.getAudiences());
    assertEquals(clientIds, config.getClientIds());
    assertTrue(config.getUseDatastore());
}