Search in sources :

Example 1 with FormRequestWrapper

use of de.ids_mannheim.korap.web.utils.FormRequestWrapper in project Kustvakt by KorAP.

the class OAuth2Controller method requestAuthorizationCode.

/**
 * Requests an authorization code.
 *
 * Kustvakt supports authorization only with Kalamar as the
 * authorization web-frontend or user interface. Thus
 * authorization code request requires user authentication
 * using authorization header.
 *
 * <br /><br />
 * RFC 6749:
 * If the client omits the scope parameter when requesting
 * authorization, the authorization server MUST either process the
 * request using a pre-defined default value or fail the request
 * indicating an invalid scope.
 *
 * @param request
 *            HttpServletRequest
 * @param form
 *            form parameters
 * @return a redirect URL
 */
@POST
@Path("authorize")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response requestAuthorizationCode(@Context HttpServletRequest request, @Context SecurityContext context, @FormParam("state") String state, MultivaluedMap<String, String> form) {
    TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
    String username = tokenContext.getUsername();
    ZonedDateTime authTime = tokenContext.getAuthenticationTime();
    try {
        scopeService.verifyScope(tokenContext, OAuth2Scope.AUTHORIZE);
        HttpServletRequest requestWithForm = new FormRequestWrapper(request, form);
        OAuth2AuthorizationRequest authzRequest = new OAuth2AuthorizationRequest(requestWithForm);
        String uri = authorizationService.requestAuthorizationCode(requestWithForm, authzRequest, username, authTime);
        return responseHandler.sendRedirect(uri);
    } catch (OAuthSystemException e) {
        throw responseHandler.throwit(e, state);
    } catch (OAuthProblemException e) {
        throw responseHandler.throwit(e, state);
    } catch (KustvaktException e) {
        throw responseHandler.throwit(e, state);
    }
}
Also used : TokenContext(de.ids_mannheim.korap.security.context.TokenContext) HttpServletRequest(javax.servlet.http.HttpServletRequest) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) FormRequestWrapper(de.ids_mannheim.korap.web.utils.FormRequestWrapper) KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException) ZonedDateTime(java.time.ZonedDateTime) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuth2AuthorizationRequest(de.ids_mannheim.korap.oauth2.oltu.OAuth2AuthorizationRequest) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 2 with FormRequestWrapper

use of de.ids_mannheim.korap.web.utils.FormRequestWrapper in project Kustvakt by KorAP.

the class OAuth2Controller method revokeAllClientTokensViaSuperClient.

/**
 * Revokes all tokens of a client for the authenticated user from
 * a super client. This service is not part of the OAUTH2
 * specification. It requires user authentication via
 * authorization header, and super client
 * via URL-encoded form parameters.
 *
 * @param request
 * @param form
 *            containing client_id, super_client_id,
 *            super_client_secret
 * @return 200 if token invalidation is successful or the given
 *         token is invalid
 */
@POST
@Path("revoke/super/all")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response revokeAllClientTokensViaSuperClient(@Context SecurityContext context, @Context HttpServletRequest request, MultivaluedMap<String, String> form) {
    TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
    String username = tokenContext.getUsername();
    try {
        OAuth2RevokeAllTokenSuperRequest revokeTokenRequest = new OAuth2RevokeAllTokenSuperRequest(new FormRequestWrapper(request, form));
        tokenService.revokeAllClientTokensViaSuperClient(username, revokeTokenRequest);
        return Response.ok("SUCCESS").build();
    } catch (OAuthSystemException e) {
        throw responseHandler.throwit(e);
    } catch (OAuthProblemException e) {
        throw responseHandler.throwit(e);
    } catch (KustvaktException e) {
        throw responseHandler.throwit(e);
    }
}
Also used : TokenContext(de.ids_mannheim.korap.security.context.TokenContext) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) FormRequestWrapper(de.ids_mannheim.korap.web.utils.FormRequestWrapper) OAuth2RevokeAllTokenSuperRequest(de.ids_mannheim.korap.oauth2.oltu.OAuth2RevokeAllTokenSuperRequest) KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 3 with FormRequestWrapper

use of de.ids_mannheim.korap.web.utils.FormRequestWrapper in project Kustvakt by KorAP.

the class OAuth2Controller method revokeAccessToken.

/**
 * Revokes either an access token or a refresh token. Revoking a
 * refresh token also revokes all access token associated with the
 * refresh token.
 *
 * RFC 7009
 * Client authentication for confidential client
 *
 * @param request
 * @param form
 *            containing
 *            client_id,
 *            client_secret (required for confidential clients),
 *            token,
 *            token_type (optional)
 * @return 200 if token invalidation is successful or the given
 *         token is invalid
 */
@POST
@Path("revoke")
@ResourceFilters({ APIVersionFilter.class })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response revokeAccessToken(@Context HttpServletRequest request, MultivaluedMap<String, String> form) {
    try {
        OAuth2RevokeTokenRequest revokeTokenRequest = new OAuth2RevokeTokenRequest(new FormRequestWrapper(request, form));
        tokenService.revokeToken(revokeTokenRequest);
        return Response.ok("SUCCESS").build();
    } catch (OAuthProblemException e) {
        throw responseHandler.throwit(e);
    } catch (OAuthSystemException e) {
        throw responseHandler.throwit(e);
    } catch (KustvaktException e) {
        throw responseHandler.throwit(e);
    }
}
Also used : OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) FormRequestWrapper(de.ids_mannheim.korap.web.utils.FormRequestWrapper) KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuth2RevokeTokenRequest(de.ids_mannheim.korap.oauth2.oltu.OAuth2RevokeTokenRequest) Path(javax.ws.rs.Path) ResourceFilters(com.sun.jersey.spi.container.ResourceFilters) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 4 with FormRequestWrapper

use of de.ids_mannheim.korap.web.utils.FormRequestWrapper in project Kustvakt by KorAP.

the class OAuth2Controller method revokeTokenViaSuperClient.

@POST
@Path("revoke/super")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response revokeTokenViaSuperClient(@Context SecurityContext context, @Context HttpServletRequest request, MultivaluedMap<String, String> form) {
    TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
    String username = tokenContext.getUsername();
    try {
        OAuth2RevokeTokenSuperRequest revokeTokenRequest = new OAuth2RevokeTokenSuperRequest(new FormRequestWrapper(request, form));
        tokenService.revokeTokensViaSuperClient(username, revokeTokenRequest);
        return Response.ok("SUCCESS").build();
    } catch (OAuthSystemException e) {
        throw responseHandler.throwit(e);
    } catch (OAuthProblemException e) {
        throw responseHandler.throwit(e);
    } catch (KustvaktException e) {
        throw responseHandler.throwit(e);
    }
}
Also used : TokenContext(de.ids_mannheim.korap.security.context.TokenContext) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) FormRequestWrapper(de.ids_mannheim.korap.web.utils.FormRequestWrapper) KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuth2RevokeTokenSuperRequest(de.ids_mannheim.korap.oauth2.oltu.OAuth2RevokeTokenSuperRequest) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 5 with FormRequestWrapper

use of de.ids_mannheim.korap.web.utils.FormRequestWrapper in project Kustvakt by KorAP.

the class OAuth2Controller method requestAccessToken.

/**
 * Grants a client an access token, namely a string used in
 * authenticated requests representing user authorization for
 * the client to access user resources. An additional refresh
 * token strictly associated to the access token is also granted
 * for confidential clients. Both public and confidential clients
 * may issue multiple access tokens.
 *
 * <br /><br />
 *
 * Confidential clients may request refresh access token using
 * this endpoint. This request will grant a new access token.
 *
 * Usually the given refresh token is not changed and can be used
 * until it expires. However, currently there is a limitation of
 * one access token per one refresh token. Thus, the given refresh
 * token will be revoked, and a new access token and a new refresh
 * token will be returned.
 *
 * <br /><br />
 *
 * Client credentials for authentication can be provided either as
 * an authorization header with Basic authentication scheme or as
 * form parameters in the request body.
 *
 * <br /><br />
 *
 * OAuth2 specification describes various ways of requesting an
 * access token. Kustvakt supports:
 * <ul>
 * <li> Authorization code grant: obtains authorization from a
 * third party application. Required parameters: grant_type,
 * code, client_id, redirect_uri (if specified in the
 * authorization request), client_secret (if the client is
 * confidential or issued a secret).
 * </li>
 * <li> Resource owner password grant: strictly for clients that
 * are parts of KorAP. Clients use user credentials, e.g. Kalamar
 * (front-end) with login form. Required parameters: grant_type,
 * username, password, client_id, client_secret (if the client is
 * confidential or issued a secret). Optional parameters: scope.
 * </li>
 * <li> Client credentials grant: strictly for clients that are
 * parts of KorAP. Clients access their own resources, not on
 * behalf of a user. Required parameters: grant_type, client_id,
 * client_secret. Optional parameters: scope.
 * </li>
 * </ul>
 *
 * RFC 6749: The value of the scope parameter is expressed as a
 * list of space-delimited, case-sensitive strings defined by the
 * authorization server.
 *
 * @param request
 *            the request
 * @param form
 *            form parameters in a map
 * @return a JSON object containing an access token, a refresh
 *         token, a token type and the token expiration in seconds
 *         if successful, an error code and an error description
 *         otherwise.
 */
@POST
@Path("token")
@ResourceFilters({ APIVersionFilter.class })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
public Response requestAccessToken(@Context HttpServletRequest request, @FormParam("grant_type") String grantType, MultivaluedMap<String, String> form) {
    try {
        boolean grantTypeExist = grantType != null && !grantType.isEmpty();
        AbstractOAuthTokenRequest oAuthRequest = null;
        if (grantTypeExist && grantType.equals(GrantType.CLIENT_CREDENTIALS.toString())) {
            oAuthRequest = new OAuthTokenRequest(new FormRequestWrapper(request, form));
        } else {
            oAuthRequest = new OAuthUnauthenticatedTokenRequest(new FormRequestWrapper(request, form));
        }
        OAuthResponse oAuthResponse = tokenService.requestAccessToken(oAuthRequest);
        return responseHandler.createResponse(oAuthResponse);
    } catch (KustvaktException e) {
        throw responseHandler.throwit(e);
    } catch (OAuthProblemException e) {
        throw responseHandler.throwit(e);
    } catch (OAuthSystemException e) {
        throw responseHandler.throwit(e);
    }
}
Also used : OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) FormRequestWrapper(de.ids_mannheim.korap.web.utils.FormRequestWrapper) KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException) AbstractOAuthTokenRequest(org.apache.oltu.oauth2.as.request.AbstractOAuthTokenRequest) OAuthUnauthenticatedTokenRequest(org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuthTokenRequest(org.apache.oltu.oauth2.as.request.OAuthTokenRequest) AbstractOAuthTokenRequest(org.apache.oltu.oauth2.as.request.AbstractOAuthTokenRequest) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) Path(javax.ws.rs.Path) ResourceFilters(com.sun.jersey.spi.container.ResourceFilters) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Aggregations

KustvaktException (de.ids_mannheim.korap.exceptions.KustvaktException)5 FormRequestWrapper (de.ids_mannheim.korap.web.utils.FormRequestWrapper)5 Consumes (javax.ws.rs.Consumes)5 POST (javax.ws.rs.POST)5 Path (javax.ws.rs.Path)5 OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)5 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)5 TokenContext (de.ids_mannheim.korap.security.context.TokenContext)3 ResourceFilters (com.sun.jersey.spi.container.ResourceFilters)2 OAuth2AuthorizationRequest (de.ids_mannheim.korap.oauth2.oltu.OAuth2AuthorizationRequest)1 OAuth2RevokeAllTokenSuperRequest (de.ids_mannheim.korap.oauth2.oltu.OAuth2RevokeAllTokenSuperRequest)1 OAuth2RevokeTokenRequest (de.ids_mannheim.korap.oauth2.oltu.OAuth2RevokeTokenRequest)1 OAuth2RevokeTokenSuperRequest (de.ids_mannheim.korap.oauth2.oltu.OAuth2RevokeTokenSuperRequest)1 ZonedDateTime (java.time.ZonedDateTime)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 Produces (javax.ws.rs.Produces)1 AbstractOAuthTokenRequest (org.apache.oltu.oauth2.as.request.AbstractOAuthTokenRequest)1 OAuthTokenRequest (org.apache.oltu.oauth2.as.request.OAuthTokenRequest)1 OAuthUnauthenticatedTokenRequest (org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest)1 OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)1