Example 1 with SessionNonceStore
use of com.peterphi.usermanager.guice.nonce.SessionNonceStore in project stdlib by petergeneric.
the class UserManagerOAuthServiceImpl method getAuth.
@Override
@AuthConstraint(id = "oauth2server_auth", role = "authenticated", comment = "Must be logged in to the User Manager to initiate a service login")
@Retry
public Response getAuth(final String responseType, final String clientId, final String redirectUri, final String state, final String scope) {
// Has the current user approved this client+scope before? If so just redirect straight back
// Otherwise, bring up the authorisation UI
final Response response = createSessionAndRedirect(responseType, clientId, redirectUri, state, scope, autoGrantInteractiveAccessToAllServices);
if (response != null) {
return response;
} else {
final OAuthServiceEntity client = serviceDao.getByClientIdAndEndpoint(clientId, redirectUri);
if (client == null)
throw new IllegalArgumentException("Unknown client_id=" + clientId + " or invalid redirect uri for this service: " + redirectUri);
final TemplateCall call = templater.template("connect_to_service");
SessionNonceStore nonceStore = nonceStoreProvider.get();
// Provide additional client information
call.set("client", client);
call.set("nonce", nonceStore.allocate());
// Scopes as a list
if (StringUtils.isBlank(scope))
call.set("scopes", Collections.emptyList());
else
call.set("scopes", Arrays.asList(StringUtils.trimToEmpty(scope).split(" ")));
// Copy the request info
call.set("clientId", client.getId());
call.set("responseType", responseType);
call.set("redirectUri", redirectUri);
call.set("scope", scope);
call.set("state", state);
return call.process(Response.ok().type(MediaType.APPLICATION_XML).cacheControl(CacheControl.valueOf(NO_CACHE)));
}
}
Also used :
OAuth2TokenResponse(com.peterphi.usermanager.rest.iface.oauth2server.types.OAuth2TokenResponse)
Response(javax.ws.rs.core.Response)
OAuthServiceEntity(com.peterphi.usermanager.db.entity.OAuthServiceEntity)
SessionNonceStore(com.peterphi.usermanager.guice.nonce.SessionNonceStore)
TemplateCall(com.peterphi.std.guice.web.rest.templating.TemplateCall)
AuthConstraint(com.peterphi.std.guice.common.auth.annotations.AuthConstraint)
Retry(com.peterphi.std.guice.common.retry.annotation.Retry)
Example 2 with SessionNonceStore
use of com.peterphi.usermanager.guice.nonce.SessionNonceStore in project stdlib by petergeneric.
the class UserManagerOAuthServiceImpl method userMadeAuthDecision.
@Override
public Response userMadeAuthDecision(final String responseType, final String clientId, final String redirectUri, final String state, final String scope, final String nonce, final String decision) {
final SessionNonceStore nonceStore = nonceStoreProvider.get();
// Make sure the nonce is valid before we do anything. This makes sure we are responding to a real user interacting with our UI
nonceStore.validate(nonce);
if (StringUtils.equalsIgnoreCase(decision, "allow")) {
// Create a new Session (creating an approval record for this client+scope) and redirect the user back to the calling site
return createSessionAndRedirect(responseType, clientId, redirectUri, state, scope, true);
} else {
return redirectError(redirectUri, state, "access_denied", "The Deny button was clicked, denying authorisation to the user account for this service");
}
}
Also used :
SessionNonceStore(com.peterphi.usermanager.guice.nonce.SessionNonceStore)
Aggregations
SessionNonceStore (com.peterphi.usermanager.guice.nonce.SessionNonceStore)2
AuthConstraint (com.peterphi.std.guice.common.auth.annotations.AuthConstraint)1
Retry (com.peterphi.std.guice.common.retry.annotation.Retry)1
TemplateCall (com.peterphi.std.guice.web.rest.templating.TemplateCall)1
OAuthServiceEntity (com.peterphi.usermanager.db.entity.OAuthServiceEntity)1
OAuth2TokenResponse (com.peterphi.usermanager.rest.iface.oauth2server.types.OAuth2TokenResponse)1
Response (javax.ws.rs.core.Response)1
