use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.
the class RequestTokenRequest method postReqTokenRequest.
/**
* POST method for creating a request for a Request Token
* @param content representation for the resource
* @return an HTTP response with content of the updated or created resource.
*/
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/x-www-form-urlencoded")
public Response postReqTokenRequest(@Context HttpContext hc, String content) {
boolean sigIsOk = false;
OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
try {
OAuthServerRequest request = new OAuthServerRequest(hc.getRequest());
OAuthParameters params = new OAuthParameters();
params.readRequest(request);
String tok = params.getToken();
if ((tok != null) && (!tok.contentEquals("")))
throw new WebApplicationException(new Throwable(OAUTH_TOKEN + " MUST not be present."), BAD_REQUEST);
String conskey = params.getConsumerKey();
if (conskey == null) {
throw new WebApplicationException(new Throwable("Consumer key is missing."), BAD_REQUEST);
}
String signatureMethod = params.getSignatureMethod();
if (signatureMethod == null) {
throw new WebApplicationException(new Throwable("Signature Method is missing."), BAD_REQUEST);
}
String callback = params.get(OAUTH_CALLBACK);
if ((callback == null) || (callback.isEmpty())) {
throw new WebApplicationException(new Throwable("Callback URL is missing."), BAD_REQUEST);
}
if (!callback.equals(OAUTH_OOB)) {
try {
URL url = new URL(callback);
} catch (MalformedURLException me) {
throw new WebApplicationException(new Throwable("Callback URL is not valid."), BAD_REQUEST);
}
}
Map<String, String> searchMap = new HashMap<String, String>();
searchMap.put(CONSUMER_KEY, conskey);
List<Consumer> consumers = oauthResMgr.searchConsumers(searchMap);
if ((consumers != null) && (!consumers.isEmpty())) {
cons = consumers.get(0);
}
if (cons == null) {
throw new WebApplicationException(new Throwable("Consumer key invalid or service not registered"), BAD_REQUEST);
}
String secret = null;
if (signatureMethod.equalsIgnoreCase(RSA_SHA1.NAME)) {
secret = cons.getConsRsakey();
} else {
secret = cons.getConsSecret();
}
OAuthSecrets secrets = new OAuthSecrets().consumerSecret(secret).tokenSecret("");
try {
sigIsOk = OAuthSignature.verify(request, params, secrets);
} catch (OAuthSignatureException ex) {
Logger.getLogger(RequestTokenRequest.class.getName()).log(Level.SEVERE, null, ex);
}
if (!sigIsOk)
throw new WebApplicationException(new Throwable("Signature invalid."), BAD_REQUEST);
// We're good to go.
RequestToken rt = new RequestToken();
rt.setConsumerId(cons);
String baseUri = context.getBaseUri().toString();
if (baseUri.endsWith("/")) {
baseUri = baseUri.substring(0, baseUri.length() - 1);
}
URI loc = URI.create(baseUri + PathDefs.REQUEST_TOKENS_PATH + "/" + new UniqueRandomString().getString());
rt.setReqtUri(loc.toString());
rt.setReqtSecret(new UniqueRandomString().getString());
// Same value for now
rt.setReqtVal(loc.toString());
// Set the callback URL
rt.setCallback(callback);
//oauthResMgr.createConsumer(null, cons);
oauthResMgr.createRequestToken(null, rt);
String resp = OAUTH_TOKEN + "=" + rt.getReqtVal() + "&" + OAUTH_TOKEN_SECRET + "=" + rt.getReqtSecret() + "&" + OAUTH_CALLBACK_CONFIRMED + "=true";
return Response.created(loc).entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
} catch (OAuthServiceException e) {
Logger.getLogger(RequestTokenRequest.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
}
}
use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.
the class RequestTokenResource method deleteReqtoken.
@DELETE
@Consumes(MediaType.TEXT_PLAIN)
public Response deleteReqtoken() {
OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
try {
String tokenuri = context.getAbsolutePath().toString();
Map<String, String> searchMap = new HashMap<String, String>();
searchMap.put(REQUEST_TOKEN_URI, tokenuri);
List<RequestToken> reqTokens = oauthResMgr.searchRequestTokens(searchMap);
RequestToken token = null;
if ((reqTokens != null) && (!reqTokens.isEmpty())) {
token = reqTokens.get(0);
}
if (token == null) {
return Response.status(UNAUTHORIZED).build();
}
oauthResMgr.deleteRequestToken(token);
return Response.ok().build();
} catch (OAuthServiceException e) {
Logger.getLogger(RequestTokenResource.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
}
}
use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.
the class AccessTokenRequest method postAccessTokenRequest.
/**
* POST method for creating a request for Rquest Token
* @param content representation for the resource
* @return an HTTP response with content of the updated or created resource.
*/
@POST
@Consumes("application/x-www-form-urlencoded")
public Response postAccessTokenRequest(@Context HttpContext hc, @Context Request req, String content) {
boolean sigIsOk = false;
OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
try {
Consumer cons = null;
OAuthServerRequest request = new OAuthServerRequest(hc.getRequest());
OAuthParameters params = new OAuthParameters();
params.readRequest(request);
if (params.getToken() == null)
throw new WebApplicationException(new Throwable(OAUTH_TOKEN + " MUST be present."), BAD_REQUEST);
// Check the existence of oauth verifier
String requestVerifier = params.get(OAUTH_VERIFIER);
if ((requestVerifier == null) || (requestVerifier.isEmpty())) {
throw new WebApplicationException(new Throwable(OAUTH_VERIFIER + " MUST be present."), BAD_REQUEST);
}
Map<String, String> searchMap = new HashMap<String, String>();
searchMap.put(REQUEST_TOKEN_URI, params.getToken());
List<RequestToken> reqTokens = oauthResMgr.searchRequestTokens(searchMap);
RequestToken rt = null;
if ((reqTokens != null) && (!reqTokens.isEmpty())) {
rt = reqTokens.get(0);
}
if (rt == null) {
throw new WebApplicationException(new Throwable("Token invalid."), BAD_REQUEST);
}
String conskey = params.getConsumerKey();
if (conskey == null) {
throw new WebApplicationException(new Throwable("Consumer key is missing."), BAD_REQUEST);
}
String signatureMethod = params.getSignatureMethod();
if (signatureMethod == null) {
throw new WebApplicationException(new Throwable("Signature Method is missing."), BAD_REQUEST);
}
// Check that the verifiers match
String reqTokenVerifier = rt.getVerifier();
if (!requestVerifier.equals(reqTokenVerifier)) {
throw new WebApplicationException(new Throwable("The oauth_verifier parameter is not valid."), BAD_REQUEST);
}
cons = rt.getConsumerId();
if (cons == null) {
throw new WebApplicationException(new Throwable("Consumer key invalid or service not registered"), BAD_REQUEST);
}
String secret = null;
if (signatureMethod.equalsIgnoreCase(RSA_SHA1.NAME)) {
secret = cons.getConsRsakey();
} else {
secret = cons.getConsSecret();
}
OAuthSecrets secrets = new OAuthSecrets().consumerSecret(secret).tokenSecret(rt.getReqtSecret());
try {
sigIsOk = OAuthSignature.verify(request, params, secrets);
} catch (OAuthSignatureException ex) {
Logger.getLogger(AccessTokenRequest.class.getName()).log(Level.SEVERE, null, ex);
}
if (!sigIsOk) {
throw new WebApplicationException(new Throwable("Signature invalid."), BAD_REQUEST);
}
// We're good to go.
AccessToken newtok = new AccessToken();
newtok.setAcctOnetime((short) 1);
newtok.setAcctPpalid(rt.getReqtPpalid());
String baseUri = context.getBaseUri().toString();
if (baseUri.endsWith("/")) {
baseUri = baseUri.substring(0, baseUri.length() - 1);
}
URI loc = URI.create(baseUri + PathDefs.ACCESS_TOKENS_PATH + "/" + new UniqueRandomString().getString());
newtok.setAcctUri(loc.toString());
newtok.setAcctSecret(new UniqueRandomString().getString());
newtok.setConsumerId(rt.getConsumerId());
// for now val = uri
newtok.setAcctVal(newtok.getAcctUri());
oauthResMgr.createAccessToken(null, newtok);
oauthResMgr.deleteRequestToken(rt);
// Preparing the response.
String resp = OAUTH_TOKEN + "=" + newtok.getAcctVal() + "&" + OAUTH_TOKEN_SECRET + "=" + newtok.getAcctSecret();
return Response.created(loc).entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
} catch (OAuthServiceException e) {
Logger.getLogger(AccessTokenRequest.class.getName()).log(Level.SEVERE, null, e);
// 500 error
throw new WebApplicationException(e);
}
}
use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.
the class AuthorizationFactory method createAuthorization.
/**
* GET method for obtaining user's consent
* @param token OAuth token
* @param cbk OAuth Callback URI
* @param uid OAuth User Id
* @return an HTTP form with content of the updated or created resource.
*/
@GET
@Consumes("application/xml")
public Response createAuthorization(@QueryParam(OAUTH_TOKEN) String token, // @QueryParam(OAUTH_CALLBACK) String cbk,
@QueryParam(OAUTH_ID) String uid) {
if (token == null)
throw new WebApplicationException(new Throwable("No OAuth token."));
// throw new WebApplicationException(new Throwable("No callback URI."));
if (uid == null)
throw new WebApplicationException(new Throwable("No User iD."));
// From here, we're good to go.
OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
try {
Map<String, String> searchMap = new HashMap<String, String>();
searchMap.put(REQUEST_TOKEN_URI, token);
List<RequestToken> reqTokens = oauthResMgr.searchRequestTokens(searchMap);
RequestToken rt = null;
if ((reqTokens != null) && (!reqTokens.isEmpty())) {
rt = reqTokens.get(0);
}
if (rt == null)
throw new WebApplicationException(new Throwable("Request token invalid."));
rt.setReqtPpalid(uid);
// generate a verfier for the token authorization
String verifier = new UniqueRandomString().getString();
rt.setVerifier(verifier);
String cbk = rt.getCallback();
oauthResMgr.updateRequestToken(rt);
// Preparing the response.
String resp = OAUTH_TOKEN + "=" + token + "&" + OAUTH_VERIFIER + "=" + verifier;
if (cbk.equals(OAUTH_OOB)) {
// No callback URL is provided by the consumer
return Response.ok(resp, MediaType.TEXT_PLAIN).build();
}
// Sends the response based on the callback URL
if (cbk.contains("?")) {
resp = cbk + "&" + resp;
} else {
resp = cbk + "?" + resp;
}
URI respURI = new URI(resp);
return Response.seeOther(respURI).build();
} catch (URISyntaxException ex) {
Logger.getLogger(AuthorizationFactory.class.getName()).log(Level.SEVERE, null, ex);
return Response.serverError().build();
} catch (Exception e) {
Logger.getLogger(AuthorizationFactory.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
}
}
use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.
the class NoBrowserAuthorization method NoBrowserAuthorization.
/**
* GET method to authenticate & obtain user's consent.
* This endpoint does not use callback and does not rely on
* browser-based authorization but rather submits the credentials
* to a predefined OpenSSO endpoint.
*
* @param username (@String) is the user name to authenticate at the OpenSSO
* instance
* @param password (@String) is the user's password
* @param requestToken (@String) is the request token to authorize
* @return 200 in case of success, 403 if authentications fails, 400 otherwise.
*/
@GET
public Response NoBrowserAuthorization(@QueryParam(USERNAME) String username, @QueryParam(PASSWORD) String password, @QueryParam(REQUEST_TOKEN) String requestToken) {
if (username == null || password == null || requestToken == null) {
throw new WebApplicationException(new Throwable("Request invalid."));
}
// authenticate the user and get the OpenSSO session token
String tokenId = null;
try {
tokenId = OAuthServiceUtils.authenticate(username, password, false);
} catch (OAuthServiceException oe) {
Logger.getLogger(NoBrowserAuthorization.class.getName()).log(Level.SEVERE, null, oe);
return Response.status(FORBIDDEN).build();
}
if (tokenId == null) {
return Response.status(BAD_REQUEST).build();
}
// Based on the session token, get the UUID of the user
String subject = null;
try {
subject = OAuthServiceUtils.getUUIDByTokenId(tokenId);
} catch (OAuthServiceException oe) {
Logger.getLogger(NoBrowserAuthorization.class.getName()).log(Level.SEVERE, null, oe);
return Response.status(FORBIDDEN).build();
}
if (subject == null) {
return Response.status(FORBIDDEN).build();
}
OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
try {
Map<String, String> searchMap = new HashMap<String, String>();
searchMap.put(REQUEST_TOKEN_URI, requestToken);
List<RequestToken> reqTokens = oauthResMgr.searchRequestTokens(searchMap);
RequestToken rt = null;
if ((reqTokens != null) && (!reqTokens.isEmpty())) {
rt = reqTokens.get(0);
}
if (rt == null) {
throw new WebApplicationException(new Throwable("Request token invalid."));
}
rt.setReqtPpalid(subject);
oauthResMgr.updateRequestToken(rt);
return Response.ok().build();
} catch (OAuthServiceException e) {
Logger.getLogger(NoBrowserAuthorization.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
}
}
Aggregations