Search in sources :

Example 1 with IssuerTransactionState

use of edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState in project OA4MP by ncsa.

the class OA2ATServlet method doAT.

protected IssuerTransactionState doAT(HttpServletRequest request, HttpServletResponse response, OA2Client client) throws Throwable {
    verifyClientSecret(client, getClientSecret(request));
    IssuerTransactionState state = doDelegation(client, request, response);
    ATIResponse2 atResponse = (ATIResponse2) state.getIssuerResponse();
    atResponse.setSignToken(client.isSignTokens());
    DebugUtil.dbg(this, "set token signing flag =" + atResponse.isSignToken());
    OA2ServiceTransaction st2 = (OA2ServiceTransaction) state.getTransaction();
    if (!client.isRTLifetimeEnabled() && ((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) {
        // Since this bit of information could be extremely useful if a service decides
        // eto start issuing refresh tokens after
        // clients have been registered, it should be logged.
        info("Refresh tokens are disabled for client " + client.getIdentifierString() + ", but enabled on the server. No refresh token will be madeg.");
    }
    if (client.isRTLifetimeEnabled() && ((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) {
        RefreshToken rt = atResponse.getRefreshToken();
        st2.setRefreshToken(rt);
        // First pass through the system should have the system default as the refresh token lifetime.
        st2.setRefreshTokenLifetime(((OA2SE) getServiceEnvironment()).getRefreshTokenLifetime());
        rt.setExpiresIn(computeRefreshLifetime(st2));
        st2.setRefreshTokenValid(true);
    } else {
        // Do not return a refresh token.
        atResponse.setRefreshToken(null);
    }
    getTransactionStore().save(st2);
    return state;
}
Also used : IssuerTransactionState(edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState) RefreshToken(edu.uiuc.ncsa.security.delegation.token.RefreshToken) OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)

Example 2 with IssuerTransactionState

use of edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState in project OA4MP by ncsa.

the class AccessTokenServlet method doDelegation.

@Override
protected IssuerTransactionState doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable, ServletException {
    IssuerTransactionState state = super.doDelegation(httpServletRequest, httpServletResponse);
    state.getIssuerResponse().write(httpServletResponse);
    return state;
}
Also used : IssuerTransactionState(edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState)

Example 3 with IssuerTransactionState

use of edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState in project OA4MP by ncsa.

the class OA2ATServlet method executeByGrant.

/**
 * Contains the tests for executing a request based on its grant type. over-ride this as needed by writing your
 * code then calling super. Return <code>true</code> is the request is serviced and false otherwise.
 * This is invoked in the {@link #doIt(HttpServletRequest, HttpServletResponse)} method. If a grant is given'
 * that is not supported in this method, the servlet should reject the request, as per the OAuth 2 spec.
 *
 * @param request
 * @param response
 * @throws Throwable
 */
protected boolean executeByGrant(String grantType, HttpServletRequest request, HttpServletResponse response) throws Throwable {
    OA2Client client = (OA2Client) getClient(request);
    if (grantType.equals(OA2Constants.REFRESH_TOKEN)) {
        String rawSecret = getClientSecret(request);
        if (!client.isPublicClient()) {
            // if there is a secret, verify it.
            verifyClientSecret(client, rawSecret);
        }
        doRefresh(client, request, response);
        return true;
    }
    if (grantType.equals(OA2Constants.AUTHORIZATION_CODE_VALUE)) {
        // public clients cannot get an access token
        IssuerTransactionState state = doAT(request, response, client);
        ATIResponse2 atResponse = (ATIResponse2) state.getIssuerResponse();
        atResponse.write(response);
        return true;
    }
    return false;
}
Also used : IssuerTransactionState(edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState)

Example 4 with IssuerTransactionState

use of edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState in project OA4MP by ncsa.

the class OA2ATServlet method doRefresh.

protected TransactionState doRefresh(OA2Client c, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    RefreshToken oldRT = getTF2().getRefreshToken(request.getParameter(OA2Constants.REFRESH_TOKEN));
    if (c == null) {
        throw new InvalidTokenException("Could not find the client associated with refresh token \"" + oldRT + "\"");
    }
    OA2ServiceTransaction t = getByRT(oldRT);
    if ((!((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) || (!c.isRTLifetimeEnabled())) {
        throw new OA2ATException(OA2Errors.REQUEST_NOT_SUPPORTED, "Refresh tokens are not supported on this server");
    }
    if (t == null || !t.isRefreshTokenValid()) {
        throw new OA2ATException(OA2Errors.INVALID_REQUEST, "Error: The refresh token is no longer valid.");
    }
    // this way if it fails at some point we know it is invalid.
    t.setRefreshTokenValid(false);
    AccessToken at = t.getAccessToken();
    RTIRequest rtiRequest = new RTIRequest(request, c, at);
    RTI2 rtIsuuer = new RTI2(getTF2(), getServiceEnvironment().getServiceAddress());
    RTIResponse rtiResponse = (RTIResponse) rtIsuuer.process(rtiRequest);
    rtiResponse.setSignToken(c.isSignTokens());
    populateClaims(request, rtiResponse.getParameters(), t);
    RefreshToken rt = rtiResponse.getRefreshToken();
    rt.setExpiresIn(computeRefreshLifetime(t));
    t.setRefreshToken(rtiResponse.getRefreshToken());
    t.setRefreshTokenValid(true);
    t.setAccessToken(rtiResponse.getAccessToken());
    // At this point, key in the transaction store is the grant, so changing the access token
    // over-writes the current value. This practically invalidates the previous access token.
    // this is necessary to clear any caches.
    getTransactionStore().remove(t.getIdentifier());
    ArrayList<String> targetScopes = new ArrayList<>();
    OA2SE oa2SE = (OA2SE) getServiceEnvironment();
    // set true if something is requested we don't support
    boolean returnScopes = false;
    for (String s : t.getScopes()) {
        if (oa2SE.getScopes().contains(s)) {
            targetScopes.add(s);
        } else {
            returnScopes = true;
        }
    }
    if (returnScopes) {
        rtiResponse.setSupportedScopes(targetScopes);
    }
    rtiResponse.setScopeHandlers(setupScopeHandlers(t, oa2SE));
    rtiResponse.setServiceTransaction(t);
    rtiResponse.setJsonWebKey(oa2SE.getJsonWebKeys().getDefault());
    getTransactionStore().save(t);
    rtiResponse.write(response);
    IssuerTransactionState state = new IssuerTransactionState(request, response, rtiResponse.getParameters(), t, rtiResponse);
    return state;
}
Also used : IssuerTransactionState(edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState) OA2SE(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE) ArrayList(java.util.ArrayList) RefreshToken(edu.uiuc.ncsa.security.delegation.token.RefreshToken) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)

Aggregations

IssuerTransactionState (edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState)4 OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)2 RefreshToken (edu.uiuc.ncsa.security.delegation.token.RefreshToken)2 OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)1 AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)1 ArrayList (java.util.ArrayList)1