Search in sources :

Example 1 with Attribute

use of com.google.api.server.spi.request.Attribute in project endpoints-java by cloudendpoints.

the class EndpointsAuthenticator method authenticate.

@Override
public User authenticate(HttpServletRequest request) throws ServiceUnavailableException {
    Attribute attr = Attribute.from(request);
    User user = jwtAuthenticator.authenticate(request);
    if (user == null) {
        if (EnvUtil.isRunningOnAppEngine() && attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
            user = appEngineAuthenticator.authenticate(request);
        } else {
            user = oauth2Authenticator.authenticate(request);
        }
    }
    return user;
}
Also used : User(com.google.api.server.spi.auth.common.User) Attribute(com.google.api.server.spi.request.Attribute)

Example 2 with Attribute

use of com.google.api.server.spi.request.Attribute in project endpoints-java by cloudendpoints.

the class GoogleJwtAuthenticator method authenticate.

@Override
public User authenticate(HttpServletRequest request) {
    Attribute attr = Attribute.from(request);
    if (attr.isEnabled(Attribute.SKIP_TOKEN_AUTH)) {
        return null;
    }
    String token = GoogleAuth.getAuthToken(request);
    if (!GoogleAuth.isJwt(token)) {
        return null;
    }
    GoogleIdToken idToken = verifyToken(token);
    if (idToken == null) {
        return null;
    }
    attr.set(Attribute.ID_TOKEN, idToken);
    String clientId = idToken.getPayload().getAuthorizedParty();
    String audience = (String) idToken.getPayload().getAudience();
    ApiMethodConfig config = attr.get(Attribute.API_METHOD_CONFIG);
    // Check client id.
    if ((attr.isEnabled(Attribute.ENABLE_CLIENT_ID_WHITELIST) && !GoogleAuth.checkClientId(clientId, config.getClientIds(), false))) {
        logger.atWarning().log("ClientId is not allowed: %s", clientId);
        return null;
    }
    // Check audience.
    if (!GoogleAuth.checkAudience(audience, config.getAudiences(), clientId)) {
        logger.atWarning().log("Audience is not allowed: %s", audience);
        return null;
    }
    String userId = idToken.getPayload().getSubject();
    String email = idToken.getPayload().getEmail();
    User user = (userId == null && email == null) ? null : new User(userId, email);
    if (attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
        com.google.appengine.api.users.User appEngineUser = (email == null) ? null : new com.google.appengine.api.users.User(email, "");
        attr.set(Attribute.AUTHENTICATED_APPENGINE_USER, appEngineUser);
    }
    return user;
}
Also used : ApiMethodConfig(com.google.api.server.spi.config.model.ApiMethodConfig) User(com.google.api.server.spi.auth.common.User) Attribute(com.google.api.server.spi.request.Attribute) GoogleIdToken(com.google.api.client.googleapis.auth.oauth2.GoogleIdToken)

Example 3 with Attribute

use of com.google.api.server.spi.request.Attribute in project endpoints-java by cloudendpoints.

the class GoogleOAuth2Authenticator method authenticate.

@Override
public User authenticate(HttpServletRequest request) throws ServiceUnavailableException {
    Attribute attr = Attribute.from(request);
    if (attr.isEnabled(Attribute.SKIP_TOKEN_AUTH)) {
        return null;
    }
    String token = GoogleAuth.getAuthToken(request);
    if (!GoogleAuth.isOAuth2Token(token)) {
        return null;
    }
    GoogleAuth.TokenInfo tokenInfo = getTokenInfoRemote(token);
    if (tokenInfo == null) {
        return null;
    }
    attr.set(Attribute.TOKEN_INFO, tokenInfo);
    ApiMethodConfig config = (ApiMethodConfig) request.getAttribute(Attribute.API_METHOD_CONFIG);
    // Check scopes.
    if (Strings.isEmptyOrWhitespace(tokenInfo.scopes)) {
        logger.atWarning().log("Access token does not contain a valid scope");
        return null;
    }
    String[] authorizedScopes = tokenInfo.scopes.split("\\s+");
    if (!config.getScopeExpression().isAuthorized(ImmutableSet.copyOf(authorizedScopes))) {
        logger.atWarning().log("Access token does not contain sufficient scopes from: %s", config.getScopeExpression());
        return null;
    }
    // Check clientId.
    if (attr.isEnabled(Attribute.ENABLE_CLIENT_ID_WHITELIST) && !GoogleAuth.checkClientId(tokenInfo.clientId, config.getClientIds(), true)) {
        logger.atWarning().log("ClientId is not allowed: %s", tokenInfo.clientId);
        return null;
    }
    User user = new User(tokenInfo.userId, tokenInfo.email);
    if (attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
        com.google.appengine.api.users.User appEngineUser = new com.google.appengine.api.users.User(tokenInfo.email, "");
        request.setAttribute(Attribute.AUTHENTICATED_APPENGINE_USER, appEngineUser);
    }
    return user;
}
Also used : User(com.google.api.server.spi.auth.common.User) TokenInfo(com.google.api.server.spi.auth.GoogleAuth.TokenInfo) Attribute(com.google.api.server.spi.request.Attribute) ApiMethodConfig(com.google.api.server.spi.config.model.ApiMethodConfig)

Example 4 with Attribute

use of com.google.api.server.spi.request.Attribute in project endpoints-java by cloudendpoints.

the class GoogleAppEngineAuthenticator method authenticate.

@Override
public User authenticate(HttpServletRequest request) throws ServiceUnavailableException {
    Attribute attr = Attribute.from(request);
    if (!EnvUtil.isRunningOnAppEngine()) {
        return null;
    }
    com.google.appengine.api.users.User appEngineUser = null;
    ApiMethodConfig config = attr.get(Attribute.API_METHOD_CONFIG);
    if (!attr.isEnabled(Attribute.SKIP_TOKEN_AUTH)) {
        appEngineUser = getOAuth2User(request, config);
    }
    if (appEngineUser == null && shouldTryCookieAuth(config)) {
        appEngineUser = userService.getCurrentUser();
    }
    if (appEngineUser == null) {
        return null;
    }
    User user = new User(appEngineUser.getEmail());
    if (attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
        attr.set(Attribute.AUTHENTICATED_APPENGINE_USER, appEngineUser);
    }
    return user;
}
Also used : ApiMethodConfig(com.google.api.server.spi.config.model.ApiMethodConfig) User(com.google.api.server.spi.auth.common.User) Attribute(com.google.api.server.spi.request.Attribute)

Aggregations

User (com.google.api.server.spi.auth.common.User)4 Attribute (com.google.api.server.spi.request.Attribute)4 ApiMethodConfig (com.google.api.server.spi.config.model.ApiMethodConfig)3 GoogleIdToken (com.google.api.client.googleapis.auth.oauth2.GoogleIdToken)1 TokenInfo (com.google.api.server.spi.auth.GoogleAuth.TokenInfo)1