use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.
the class OA2ATServlet method doAT.
protected IssuerTransactionState doAT(HttpServletRequest request, HttpServletResponse response, OA2Client client) throws Throwable {
verifyClientSecret(client, getClientSecret(request));
IssuerTransactionState state = doDelegation(client, request, response);
ATIResponse2 atResponse = (ATIResponse2) state.getIssuerResponse();
atResponse.setSignToken(client.isSignTokens());
DebugUtil.dbg(this, "set token signing flag =" + atResponse.isSignToken());
OA2ServiceTransaction st2 = (OA2ServiceTransaction) state.getTransaction();
if (!client.isRTLifetimeEnabled() && ((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) {
// Since this bit of information could be extremely useful if a service decides
// eto start issuing refresh tokens after
// clients have been registered, it should be logged.
info("Refresh tokens are disabled for client " + client.getIdentifierString() + ", but enabled on the server. No refresh token will be madeg.");
}
if (client.isRTLifetimeEnabled() && ((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) {
RefreshToken rt = atResponse.getRefreshToken();
st2.setRefreshToken(rt);
// First pass through the system should have the system default as the refresh token lifetime.
st2.setRefreshTokenLifetime(((OA2SE) getServiceEnvironment()).getRefreshTokenLifetime());
rt.setExpiresIn(computeRefreshLifetime(st2));
st2.setRefreshTokenValid(true);
} else {
// Do not return a refresh token.
atResponse.setRefreshToken(null);
}
getTransactionStore().save(st2);
return state;
}
use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.
the class OA2ATServlet method preprocess.
@Override
public void preprocess(TransactionState state) throws Throwable {
super.preprocess(state);
state.getResponse().setHeader("Cache-Control", "no-store");
state.getResponse().setHeader("Pragma", "no-cache");
OA2ServiceTransaction st = (OA2ServiceTransaction) state.getTransaction();
Map<String, String> p = state.getParameters();
String givenRedirect = p.get(OA2Constants.REDIRECT_URI);
try {
st.setCallback(URI.create(givenRedirect));
} catch (Throwable t) {
throw new InvalidURIException("Invalid redirect URI \"" + givenRedirect + "\"", t);
}
// Spec says that the redirect must match one of the ones stored and if not, the request is rejected.
OA2ClientCheck.check(st.getClient(), givenRedirect);
// Here is where we put the information from the session for generating claims in the id_token
if (st.getNonce() != null && 0 < st.getNonce().length()) {
p.put(OA2Constants.NONCE, st.getNonce());
}
p.put(OA2Constants.CLIENT_ID, st.getClient().getIdentifierString());
populateClaims(state.getRequest(), p, st);
}
use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.
the class RefreshTokenStoreTest method testRT.
public void testRT(TransactionStore tStore) throws Exception {
if (!(tStore instanceof RefreshTokenStore)) {
// fail here if can't cast
throw new IllegalStateException("Error: The store " + tStore.getClass().getSimpleName() + " is not of a type RefreshTokenStore");
}
RefreshTokenStore rts = (RefreshTokenStore) tStore;
OA2ServiceTransaction st2 = (OA2ServiceTransaction) tStore.create();
OA2TokenForge tf2 = new OA2TokenForge("http://localhost/test/");
RefreshToken rt = tf2.getRefreshToken();
st2.setRefreshToken(rt);
// the auth grant is used to retrieve this later and should in this case just be set to the identifier.
AuthorizationGrant ag = tf2.getAuthorizationGrant(st2.getIdentifierString());
st2.setAuthorizationGrant(ag);
st2.setRefreshTokenLifetime(EXPIRES_IN);
tStore.save(st2);
OA2ServiceTransaction testST = rts.get(rt);
assert testST.equals(st2) : "Error: created transaction is not fetched faithfully from the store";
// get another one and retry since we have to be able to show the store can handle updating the refresh token
rt = tf2.getRefreshToken();
st2.setRefreshToken(rt);
st2.setRefreshTokenValid(false);
tStore.save(st2);
assert rts.get(rt).equals(st2) : "Error: updating refresh token fails.";
}
use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.
the class OA2AuthorizationServer method prepare.
@Override
public void prepare(PresentableState state) throws Throwable {
super.prepare(state);
if (state.getState() == AUTHORIZATION_ACTION_START) {
state.getRequest().setAttribute(AUTHORIZATION_REFRESH_TOKEN_LIFETIME_KEY, AUTHORIZATION_REFRESH_TOKEN_LIFETIME_KEY);
}
if (state.getState() == AUTHORIZATION_ACTION_OK) {
AuthorizedState authorizedState = (AuthorizedState) state;
((OA2ServiceTransaction) authorizedState.getTransaction()).setAuthTime(new Date());
}
}
use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.
the class RefreshCleanup method getSortedKeys.
@Override
public Set<K> getSortedKeys() {
TreeSet targetList = new TreeSet<>();
for (Object key : rts.keySet()) {
OA2ServiceTransaction st2 = (OA2ServiceTransaction) rts.get(key);
targetList.add(st2.getRefreshToken());
}
return targetList;
}
Aggregations