Search in sources :

Example 1 with AccessToken

use of edu.uiuc.ncsa.security.delegation.token.AccessToken in project OA4MP by ncsa.

the class AbstractCertServlet method doDelegation.

protected void doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
    info("6.a. Starting to process cert request");
    PARequest paRequest = new PARequest(httpServletRequest, getClient(httpServletRequest));
    String cc = "client = " + paRequest.getClient().getIdentifier();
    paRequest.setAccessToken(getServiceEnvironment().getTokenForge().getAccessToken(httpServletRequest));
    PAResponse paResponse = (PAResponse) getPAI().process(paRequest);
    AccessToken accessToken = paResponse.getAccessToken();
    debug("6.a. " + cc);
    ServiceTransaction t = verifyAndGet(paResponse);
    info("6.a. Processing request for transaction " + t.getIdentifier());
    t.setAccessTokenValid(false);
    preprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
    debug("6.a. protected asset:" + (t.getProtectedAsset() == null ? "(null)" : "ok") + ", " + cc);
    HashMap<String, String> username = new HashMap<String, String>();
    username.put("username", t.getUsername());
    username.putAll(paResponse.getParameters());
    paResponse.setAdditionalInformation(username);
    paResponse.setProtectedAsset(t.getProtectedAsset());
    debug("6.a. Added username \"" + t.getUsername() + "\" & cert for request from " + cc);
    getTransactionStore().save(t);
    info("6.b. Done with cert request " + cc);
    paResponse.write(httpServletResponse);
    info("6.b. Completed transaction " + t.getIdentifierString() + ", " + cc);
    postprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
}
Also used : TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) HashMap(java.util.HashMap) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse) PARequest(edu.uiuc.ncsa.security.delegation.server.request.PARequest)

Example 2 with AccessToken

use of edu.uiuc.ncsa.security.delegation.token.AccessToken in project OA4MP by ncsa.

the class Client2AssetStoreTest method storeTest.

@Override
public Asset storeTest(AssetStore store) throws Exception {
    OA2Asset asset = (OA2Asset) super.storeTest(store);
    AccessToken at = new AccessTokenImpl(URI.create("oa4mp:accessToken:/" + ClientTestStoreUtil.getRandomString()));
    RefreshToken rt = new OA2RefreshTokenImpl(URI.create("oa4mp:refreshToken:/" + ClientTestStoreUtil.getRandomString()));
    rt.setExpiresIn(1000000L);
    asset.setAccessToken(at);
    asset.setRefreshToken(rt);
    store.save(asset);
    OA2Asset OA2Asset = (OA2Asset) store.get(asset.getIdentifier());
    assert asset.getAccessToken().equals(OA2Asset.getAccessToken()) : "Failed to match access tokens. " + "Expected \"" + asset.getAccessToken() + "\" and got \"" + OA2Asset.getAccessToken() + "\"";
    RefreshToken rt2 = OA2Asset.getRefreshToken();
    assert rt.getToken().equals(rt2.getToken()) : "Failed to match refresh tokens. " + "Expected \"" + rt.getToken() + "\" and got \"" + rt2.getToken() + "\"";
    assert rt.getExpiresIn() == rt2.getExpiresIn() : "Failed to match refresh lifetime. " + "Expected \"" + rt.getExpiresIn() + "\" and got \"" + rt2.getExpiresIn() + "\"";
    return asset;
}
Also used : RefreshToken(edu.uiuc.ncsa.security.delegation.token.RefreshToken) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) AccessTokenImpl(edu.uiuc.ncsa.security.delegation.token.impl.AccessTokenImpl) OA2RefreshTokenImpl(edu.uiuc.ncsa.security.oauth_2_0.OA2RefreshTokenImpl)

Example 3 with AccessToken

use of edu.uiuc.ncsa.security.delegation.token.AccessToken in project OA4MP by ncsa.

the class ACS2Impl method verifyAndGet.

public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
    PAResponse par = (PAResponse) iResponse;
    AccessToken accessToken = par.getAccessToken();
    ServiceTransaction t = (ServiceTransaction) getTransactionStore().get(accessToken);
    if (t == null) {
        throw new GeneralException("Error: no transaction found for access token \"" + accessToken + "\"");
    }
    if (!t.isAccessTokenValid()) {
        throw new GeneralException("Error: invalid access token. Request refused");
    }
    checkClientApproval(t.getClient());
    checkTimestamp(accessToken.getToken());
    return t;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)

Example 4 with AccessToken

use of edu.uiuc.ncsa.security.delegation.token.AccessToken in project OA4MP by ncsa.

the class OA2CertServlet method getAccessToken.

@Override
protected AccessToken getAccessToken(HttpServletRequest request) {
    try {
        return getServiceEnvironment().getTokenForge().getAccessToken(request);
    } catch (Throwable t) {
    // this just means that the access token was not sent as a parameter. It
    // might have been sent as a bearer token.
    }
    List<String> bearerTokens = HeaderUtils.getAuthHeader(request, "Bearer");
    if (bearerTokens.isEmpty()) {
        throw new GeneralException("Error: no access token");
    }
    if (1 < bearerTokens.size()) {
        throw new GeneralException("Error: too many access tokens");
    }
    AccessToken at = getServiceEnvironment().getTokenForge().getAccessToken(bearerTokens.get(0));
    return at;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken)

Example 5 with AccessToken

use of edu.uiuc.ncsa.security.delegation.token.AccessToken in project OA4MP by ncsa.

the class CertServlet method verifyAndGet.

public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
    PAResponse par = (PAResponse) iResponse;
    AccessToken accessToken = par.getAccessToken();
    ServiceTransaction t = (ServiceTransaction) getTransactionStore().get(accessToken);
    if (t == null) {
        throw new GeneralException("Error: no transaction found for access token \"" + accessToken + "\"");
    }
    if (!t.isAccessTokenValid()) {
        throw new GeneralException("Error: invalid access token. Request refused");
    }
    checkClientApproval(t.getClient());
    checkTimestamp(accessToken.getToken());
    return t;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)

Aggregations

AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)10 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)4 ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)4 OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)3 PAResponse (edu.uiuc.ncsa.security.delegation.server.request.PAResponse)3 OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)2 RefreshToken (edu.uiuc.ncsa.security.delegation.token.RefreshToken)2 IssuerTransactionState (edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState)1 InvalidTimestampException (edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException)1 PARequest (edu.uiuc.ncsa.security.delegation.server.request.PARequest)1 TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)1 AccessTokenImpl (edu.uiuc.ncsa.security.delegation.token.impl.AccessTokenImpl)1 OA2Client (edu.uiuc.ncsa.security.oauth_2_0.OA2Client)1 OA2GeneralError (edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError)1 OA2RefreshTokenImpl (edu.uiuc.ncsa.security.oauth_2_0.OA2RefreshTokenImpl)1 ClaimSource (edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource)1 PAIResponse2 (edu.uiuc.ncsa.security.oauth_2_0.server.PAIResponse2)1 UII2 (edu.uiuc.ncsa.security.oauth_2_0.server.UII2)1 UIIRequest2 (edu.uiuc.ncsa.security.oauth_2_0.server.UIIRequest2)1 UIIResponse2 (edu.uiuc.ncsa.security.oauth_2_0.server.UIIResponse2)1