Example 1 with Attribute
use of com.google.api.server.spi.request.Attribute in project endpoints-java by cloudendpoints.
the class EndpointsAuthenticator method authenticate.
@Override
public User authenticate(HttpServletRequest request) throws ServiceUnavailableException {
Attribute attr = Attribute.from(request);
User user = jwtAuthenticator.authenticate(request);
if (user == null) {
if (EnvUtil.isRunningOnAppEngine() && attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
user = appEngineAuthenticator.authenticate(request);
} else {
user = oauth2Authenticator.authenticate(request);
}
}
return user;
}Example 2 with Attribute
use of com.google.api.server.spi.request.Attribute in project endpoints-java by cloudendpoints.
the class GoogleJwtAuthenticator method authenticate.
@Override
public User authenticate(HttpServletRequest request) {
Attribute attr = Attribute.from(request);
if (attr.isEnabled(Attribute.SKIP_TOKEN_AUTH)) {
return null;
}
String token = GoogleAuth.getAuthToken(request);
if (!GoogleAuth.isJwt(token)) {
return null;
}
GoogleIdToken idToken = verifyToken(token);
if (idToken == null) {
return null;
}
attr.set(Attribute.ID_TOKEN, idToken);
String clientId = idToken.getPayload().getAuthorizedParty();
String audience = (String) idToken.getPayload().getAudience();
ApiMethodConfig config = attr.get(Attribute.API_METHOD_CONFIG);
// Check client id.
if ((attr.isEnabled(Attribute.ENABLE_CLIENT_ID_WHITELIST) && !GoogleAuth.checkClientId(clientId, config.getClientIds(), false))) {
logger.atWarning().log("ClientId is not allowed: %s", clientId);
return null;
}
// Check audience.
if (!GoogleAuth.checkAudience(audience, config.getAudiences(), clientId)) {
logger.atWarning().log("Audience is not allowed: %s", audience);
return null;
}
String userId = idToken.getPayload().getSubject();
String email = idToken.getPayload().getEmail();
User user = (userId == null && email == null) ? null : new User(userId, email);
if (attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
com.google.appengine.api.users.User appEngineUser = (email == null) ? null : new com.google.appengine.api.users.User(email, "");
attr.set(Attribute.AUTHENTICATED_APPENGINE_USER, appEngineUser);
}
return user;
}
Also used :
ApiMethodConfig(com.google.api.server.spi.config.model.ApiMethodConfig)
User(com.google.api.server.spi.auth.common.User)
Attribute(com.google.api.server.spi.request.Attribute)
GoogleIdToken(com.google.api.client.googleapis.auth.oauth2.GoogleIdToken)
Example 3 with Attribute
use of com.google.api.server.spi.request.Attribute in project endpoints-java by cloudendpoints.
the class GoogleOAuth2Authenticator method authenticate.
@Override
public User authenticate(HttpServletRequest request) throws ServiceUnavailableException {
Attribute attr = Attribute.from(request);
if (attr.isEnabled(Attribute.SKIP_TOKEN_AUTH)) {
return null;
}
String token = GoogleAuth.getAuthToken(request);
if (!GoogleAuth.isOAuth2Token(token)) {
return null;
}
GoogleAuth.TokenInfo tokenInfo = getTokenInfoRemote(token);
if (tokenInfo == null) {
return null;
}
attr.set(Attribute.TOKEN_INFO, tokenInfo);
ApiMethodConfig config = (ApiMethodConfig) request.getAttribute(Attribute.API_METHOD_CONFIG);
// Check scopes.
if (Strings.isEmptyOrWhitespace(tokenInfo.scopes)) {
logger.atWarning().log("Access token does not contain a valid scope");
return null;
}
String[] authorizedScopes = tokenInfo.scopes.split("\\s+");
if (!config.getScopeExpression().isAuthorized(ImmutableSet.copyOf(authorizedScopes))) {
logger.atWarning().log("Access token does not contain sufficient scopes from: %s", config.getScopeExpression());
return null;
}
// Check clientId.
if (attr.isEnabled(Attribute.ENABLE_CLIENT_ID_WHITELIST) && !GoogleAuth.checkClientId(tokenInfo.clientId, config.getClientIds(), true)) {
logger.atWarning().log("ClientId is not allowed: %s", tokenInfo.clientId);
return null;
}
User user = new User(tokenInfo.userId, tokenInfo.email);
if (attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
com.google.appengine.api.users.User appEngineUser = new com.google.appengine.api.users.User(tokenInfo.email, "");
request.setAttribute(Attribute.AUTHENTICATED_APPENGINE_USER, appEngineUser);
}
return user;
}
Also used :
User(com.google.api.server.spi.auth.common.User)
TokenInfo(com.google.api.server.spi.auth.GoogleAuth.TokenInfo)
Attribute(com.google.api.server.spi.request.Attribute)
ApiMethodConfig(com.google.api.server.spi.config.model.ApiMethodConfig)
Example 4 with Attribute
use of com.google.api.server.spi.request.Attribute in project endpoints-java by cloudendpoints.
the class GoogleAppEngineAuthenticator method authenticate.
@Override
public User authenticate(HttpServletRequest request) throws ServiceUnavailableException {
Attribute attr = Attribute.from(request);
if (!EnvUtil.isRunningOnAppEngine()) {
return null;
}
com.google.appengine.api.users.User appEngineUser = null;
ApiMethodConfig config = attr.get(Attribute.API_METHOD_CONFIG);
if (!attr.isEnabled(Attribute.SKIP_TOKEN_AUTH)) {
appEngineUser = getOAuth2User(request, config);
}
if (appEngineUser == null && shouldTryCookieAuth(config)) {
appEngineUser = userService.getCurrentUser();
}
if (appEngineUser == null) {
return null;
}
User user = new User(appEngineUser.getEmail());
if (attr.isEnabled(Attribute.REQUIRE_APPENGINE_USER)) {
attr.set(Attribute.AUTHENTICATED_APPENGINE_USER, appEngineUser);
}
return user;
}
Also used :
ApiMethodConfig(com.google.api.server.spi.config.model.ApiMethodConfig)
User(com.google.api.server.spi.auth.common.User)
Attribute(com.google.api.server.spi.request.Attribute)
Aggregations
User (com.google.api.server.spi.auth.common.User)4
Attribute (com.google.api.server.spi.request.Attribute)4
ApiMethodConfig (com.google.api.server.spi.config.model.ApiMethodConfig)3
GoogleIdToken (com.google.api.client.googleapis.auth.oauth2.GoogleIdToken)1
TokenInfo (com.google.api.server.spi.auth.GoogleAuth.TokenInfo)1
