Example 6 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class OAuth2Controller method revokeAllClientTokensViaSuperClient.
/**
* Revokes all tokens of a client for the authenticated user from
* a super client. This service is not part of the OAUTH2
* specification. It requires user authentication via
* authorization header, and super client
* via URL-encoded form parameters.
*
* @param request
* @param form
* containing client_id, super_client_id,
* super_client_secret
* @return 200 if token invalidation is successful or the given
* token is invalid
*/
@POST
@Path("revoke/super/all")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response revokeAllClientTokensViaSuperClient(@Context SecurityContext context, @Context HttpServletRequest request, MultivaluedMap<String, String> form) {
TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
String username = tokenContext.getUsername();
try {
OAuth2RevokeAllTokenSuperRequest revokeTokenRequest = new OAuth2RevokeAllTokenSuperRequest(new FormRequestWrapper(request, form));
tokenService.revokeAllClientTokensViaSuperClient(username, revokeTokenRequest);
return Response.ok("SUCCESS").build();
} catch (OAuthSystemException e) {
throw responseHandler.throwit(e);
} catch (OAuthProblemException e) {
throw responseHandler.throwit(e);
} catch (KustvaktException e) {
throw responseHandler.throwit(e);
}
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException)
FormRequestWrapper(de.ids_mannheim.korap.web.utils.FormRequestWrapper)
OAuth2RevokeAllTokenSuperRequest(de.ids_mannheim.korap.oauth2.oltu.OAuth2RevokeAllTokenSuperRequest)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Example 7 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class OAuth2Controller method revokeTokenViaSuperClient.
@POST
@Path("revoke/super")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response revokeTokenViaSuperClient(@Context SecurityContext context, @Context HttpServletRequest request, MultivaluedMap<String, String> form) {
TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
String username = tokenContext.getUsername();
try {
OAuth2RevokeTokenSuperRequest revokeTokenRequest = new OAuth2RevokeTokenSuperRequest(new FormRequestWrapper(request, form));
tokenService.revokeTokensViaSuperClient(username, revokeTokenRequest);
return Response.ok("SUCCESS").build();
} catch (OAuthSystemException e) {
throw responseHandler.throwit(e);
} catch (OAuthProblemException e) {
throw responseHandler.throwit(e);
} catch (KustvaktException e) {
throw responseHandler.throwit(e);
}
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException)
FormRequestWrapper(de.ids_mannheim.korap.web.utils.FormRequestWrapper)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
OAuth2RevokeTokenSuperRequest(de.ids_mannheim.korap.oauth2.oltu.OAuth2RevokeTokenSuperRequest)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Example 8 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class OAuth2Controller method listUserToken.
@POST
@Path("token/list")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
public List<OAuth2TokenDto> listUserToken(@Context SecurityContext context, @FormParam("super_client_id") String superClientId, @FormParam("super_client_secret") String superClientSecret, // optional
@FormParam("client_id") String clientId, @FormParam("token_type") String tokenType) {
TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
String username = tokenContext.getUsername();
try {
if (tokenType.equals("access_token")) {
return tokenService.listUserAccessToken(username, superClientId, superClientSecret, clientId);
} else if (tokenType.equals("refresh_token")) {
return tokenService.listUserRefreshToken(username, superClientId, superClientSecret, clientId);
} else {
throw new KustvaktException(StatusCodes.MISSING_PARAMETER, "Missing token_type parameter value", OAuth2Error.INVALID_REQUEST);
}
} catch (KustvaktException e) {
throw responseHandler.throwit(e);
}
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Example 9 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class OAuth2WithOpenIdController method requestAuthorizationCode.
/**
* Required parameters for OpenID authentication requests:
*
* <ul>
* <li>scope: MUST contain "openid" for OpenID Connect
* requests</li>
* <li>response_type: only "code" is supported</li>
* <li>client_id: client identifier given by Kustvakt during
* client registration</li>
* <li>redirect_uri: MUST match a pre-registered redirect uri
* during client registration</li>
* </ul>
*
* Other parameters:
*
* <ul>
* <li>state (recommended): Opaque value used to maintain state
* between the request and the callback.</li>
* <li>response_mode (optional) : mechanism to be used for
* returning parameters, only "query" is supported</li>
* <li>nonce (optional): String value used to associate a Client
* session with an ID Token,
* and to mitigate replay attacks. </li>
* <li>display (optional): specifies how the Authorization Server
* displays the authentication and consent user interface
* pages. Options: page (default), popup, touch, wap. This
* parameter is more relevant for Kalamar. </li>
* <li>prompt (optional): specifies if the Authorization Server
* prompts the End-User for reauthentication and consent. Defined
* values: none, login, consent, select_account </li>
* <li>max_age (optional): maximum Authentication Age.</li>
* <li>ui_locales (optional): preferred languages and scripts for
* the user interface represented as a space-separated list of
* BCP47 [RFC5646] </li>
* <li>id_token_hint (optional): ID Token previously issued by the
* Authorization Server being passed as a hint</li>
* <li>login_hint (optional): hint to the Authorization Server
* about the login identifier the End-User might use to log
* in</li>
* <li>acr_values (optional): requested Authentication Context
* Class Reference values. </li>
* </ul>
*
* @see "OpenID Connect Core 1.0 specification"
*
* @param request
* @param context
* @param form
* @return a redirect to client redirect uri
*/
@POST
@Path("authorize")
@ResourceFilters({ AuthenticationFilter.class, BlockingFilter.class })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
public Response requestAuthorizationCode(@Context HttpServletRequest request, @Context SecurityContext context, MultivaluedMap<String, String> form) {
TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
String username = tokenContext.getUsername();
ZonedDateTime authTime = tokenContext.getAuthenticationTime();
Map<String, String> map = MapUtils.toMap(form);
State state = authzService.retrieveState(map);
ResponseMode responseMode = authzService.retrieveResponseMode(map);
boolean isAuthentication = false;
if (map.containsKey("scope") && map.get("scope").contains("openid")) {
isAuthentication = true;
}
URI uri = null;
try {
scopeService.verifyScope(tokenContext, OAuth2Scope.AUTHORIZE);
if (isAuthentication) {
authzService.checkRedirectUriParam(map);
}
uri = authzService.requestAuthorizationCode(form, username, isAuthentication, authTime);
} catch (ParseException e) {
return openIdResponseHandler.createErrorResponse(e, state);
} catch (KustvaktException e) {
return openIdResponseHandler.createAuthorizationErrorResponse(e, isAuthentication, e.getRedirectUri(), state, responseMode);
}
ResponseBuilder builder = Response.temporaryRedirect(uri);
return builder.build();
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
ZonedDateTime(java.time.ZonedDateTime)
ResponseMode(com.nimbusds.oauth2.sdk.ResponseMode)
State(com.nimbusds.oauth2.sdk.id.State)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
ResponseBuilder(javax.ws.rs.core.Response.ResponseBuilder)
URI(java.net.URI)
Path(javax.ws.rs.Path)
ResourceFilters(com.sun.jersey.spi.container.ResourceFilters)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Example 10 with TokenContext
use of de.ids_mannheim.korap.security.context.TokenContext in project Kustvakt by KorAP.
the class OAuthClientController method deregisterClient.
/**
* Deregisters a client requires client owner authentication.
*
* @param securityContext
* @param clientId
* the client id
* @return HTTP Response OK if successful.
*/
@DELETE
@Path("deregister/{client_id}")
public Response deregisterClient(@Context SecurityContext securityContext, @PathParam("client_id") String clientId) {
TokenContext context = (TokenContext) securityContext.getUserPrincipal();
try {
scopeService.verifyScope(context, OAuth2Scope.DEREGISTER_CLIENT);
clientService.deregisterClient(clientId, context.getUsername());
return Response.ok().build();
} catch (KustvaktException e) {
throw responseHandler.throwit(e);
}
}
Also used :
TokenContext(de.ids_mannheim.korap.security.context.TokenContext)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Aggregations
TokenContext (de.ids_mannheim.korap.security.context.TokenContext)62
KustvaktException (de.ids_mannheim.korap.exceptions.KustvaktException)54
Path (javax.ws.rs.Path)40
Consumes (javax.ws.rs.Consumes)21
POST (javax.ws.rs.POST)19
User (de.ids_mannheim.korap.user.User)16
ResourceFilters (com.sun.jersey.spi.container.ResourceFilters)15
GET (javax.ws.rs.GET)11
KorAPUser (de.ids_mannheim.korap.user.KorAPUser)10
DELETE (javax.ws.rs.DELETE)10
Produces (javax.ws.rs.Produces)9
Userdata (de.ids_mannheim.korap.user.Userdata)5
ZonedDateTime (java.time.ZonedDateTime)5
HashMap (java.util.HashMap)4
PUT (javax.ws.rs.PUT)4
AuthorizationData (de.ids_mannheim.korap.authentication.http.AuthorizationData)3
FormRequestWrapper (de.ids_mannheim.korap.web.utils.FormRequestWrapper)3
HashSet (java.util.HashSet)3
OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)3
OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)3
