use of edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState in project OA4MP by ncsa.
the class OA2ATServlet method doAT.
protected IssuerTransactionState doAT(HttpServletRequest request, HttpServletResponse response, OA2Client client) throws Throwable {
verifyClientSecret(client, getClientSecret(request));
IssuerTransactionState state = doDelegation(client, request, response);
ATIResponse2 atResponse = (ATIResponse2) state.getIssuerResponse();
atResponse.setSignToken(client.isSignTokens());
DebugUtil.dbg(this, "set token signing flag =" + atResponse.isSignToken());
OA2ServiceTransaction st2 = (OA2ServiceTransaction) state.getTransaction();
if (!client.isRTLifetimeEnabled() && ((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) {
// Since this bit of information could be extremely useful if a service decides
// eto start issuing refresh tokens after
// clients have been registered, it should be logged.
info("Refresh tokens are disabled for client " + client.getIdentifierString() + ", but enabled on the server. No refresh token will be madeg.");
}
if (client.isRTLifetimeEnabled() && ((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) {
RefreshToken rt = atResponse.getRefreshToken();
st2.setRefreshToken(rt);
// First pass through the system should have the system default as the refresh token lifetime.
st2.setRefreshTokenLifetime(((OA2SE) getServiceEnvironment()).getRefreshTokenLifetime());
rt.setExpiresIn(computeRefreshLifetime(st2));
st2.setRefreshTokenValid(true);
} else {
// Do not return a refresh token.
atResponse.setRefreshToken(null);
}
getTransactionStore().save(st2);
return state;
}
use of edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState in project OA4MP by ncsa.
the class AccessTokenServlet method doDelegation.
@Override
protected IssuerTransactionState doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable, ServletException {
IssuerTransactionState state = super.doDelegation(httpServletRequest, httpServletResponse);
state.getIssuerResponse().write(httpServletResponse);
return state;
}
use of edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState in project OA4MP by ncsa.
the class OA2ATServlet method executeByGrant.
/**
* Contains the tests for executing a request based on its grant type. over-ride this as needed by writing your
* code then calling super. Return <code>true</code> is the request is serviced and false otherwise.
* This is invoked in the {@link #doIt(HttpServletRequest, HttpServletResponse)} method. If a grant is given'
* that is not supported in this method, the servlet should reject the request, as per the OAuth 2 spec.
*
* @param request
* @param response
* @throws Throwable
*/
protected boolean executeByGrant(String grantType, HttpServletRequest request, HttpServletResponse response) throws Throwable {
OA2Client client = (OA2Client) getClient(request);
if (grantType.equals(OA2Constants.REFRESH_TOKEN)) {
String rawSecret = getClientSecret(request);
if (!client.isPublicClient()) {
// if there is a secret, verify it.
verifyClientSecret(client, rawSecret);
}
doRefresh(client, request, response);
return true;
}
if (grantType.equals(OA2Constants.AUTHORIZATION_CODE_VALUE)) {
// public clients cannot get an access token
IssuerTransactionState state = doAT(request, response, client);
ATIResponse2 atResponse = (ATIResponse2) state.getIssuerResponse();
atResponse.write(response);
return true;
}
return false;
}
use of edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState in project OA4MP by ncsa.
the class OA2ATServlet method doRefresh.
protected TransactionState doRefresh(OA2Client c, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
RefreshToken oldRT = getTF2().getRefreshToken(request.getParameter(OA2Constants.REFRESH_TOKEN));
if (c == null) {
throw new InvalidTokenException("Could not find the client associated with refresh token \"" + oldRT + "\"");
}
OA2ServiceTransaction t = getByRT(oldRT);
if ((!((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) || (!c.isRTLifetimeEnabled())) {
throw new OA2ATException(OA2Errors.REQUEST_NOT_SUPPORTED, "Refresh tokens are not supported on this server");
}
if (t == null || !t.isRefreshTokenValid()) {
throw new OA2ATException(OA2Errors.INVALID_REQUEST, "Error: The refresh token is no longer valid.");
}
// this way if it fails at some point we know it is invalid.
t.setRefreshTokenValid(false);
AccessToken at = t.getAccessToken();
RTIRequest rtiRequest = new RTIRequest(request, c, at);
RTI2 rtIsuuer = new RTI2(getTF2(), getServiceEnvironment().getServiceAddress());
RTIResponse rtiResponse = (RTIResponse) rtIsuuer.process(rtiRequest);
rtiResponse.setSignToken(c.isSignTokens());
populateClaims(request, rtiResponse.getParameters(), t);
RefreshToken rt = rtiResponse.getRefreshToken();
rt.setExpiresIn(computeRefreshLifetime(t));
t.setRefreshToken(rtiResponse.getRefreshToken());
t.setRefreshTokenValid(true);
t.setAccessToken(rtiResponse.getAccessToken());
// At this point, key in the transaction store is the grant, so changing the access token
// over-writes the current value. This practically invalidates the previous access token.
// this is necessary to clear any caches.
getTransactionStore().remove(t.getIdentifier());
ArrayList<String> targetScopes = new ArrayList<>();
OA2SE oa2SE = (OA2SE) getServiceEnvironment();
// set true if something is requested we don't support
boolean returnScopes = false;
for (String s : t.getScopes()) {
if (oa2SE.getScopes().contains(s)) {
targetScopes.add(s);
} else {
returnScopes = true;
}
}
if (returnScopes) {
rtiResponse.setSupportedScopes(targetScopes);
}
rtiResponse.setScopeHandlers(setupScopeHandlers(t, oa2SE));
rtiResponse.setServiceTransaction(t);
rtiResponse.setJsonWebKey(oa2SE.getJsonWebKeys().getDefault());
getTransactionStore().save(t);
rtiResponse.write(response);
IssuerTransactionState state = new IssuerTransactionState(request, response, rtiResponse.getParameters(), t, rtiResponse);
return state;
}
Aggregations