Search in sources :

Example 16 with OA2Client

use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.

the class OA2ClientCheck method check.

/**
 * Note that all of the exceptions thrown here are because the callback cannot be verified, hence it is unclear
 * where the error is to be sent.
 * @param client
 * @param redirect
 */
public static void check(Client client, String redirect) {
    if (client == null) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no client id", HttpStatus.SC_BAD_REQUEST);
    }
    if (!(client instanceof OA2Client)) {
        throw new NFWException("Internal error: Client is not an OA2Client");
    }
    OA2Client oa2Client = (OA2Client) client;
    boolean foundCB = false;
    if (oa2Client.getCallbackURIs() == null) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "client has not registered any callback URIs", HttpStatus.SC_BAD_REQUEST);
    }
    for (String uri : oa2Client.getCallbackURIs()) {
        if (uri.equals(redirect)) {
            foundCB = true;
            break;
        }
    }
    if (!foundCB) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "The given redirect \"" + redirect + "\" is not valid for this client", HttpStatus.SC_BAD_REQUEST);
    // throw new GeneralException("Error: The given redirect is not valid for this client");
    }
}
Also used : NFWException(edu.uiuc.ncsa.security.core.exceptions.NFWException) OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) OA2GeneralError(edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError)

Example 17 with OA2Client

use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.

the class UserInfoServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    // The access token is sent in the authorization header and should look like
    // Bearer oa4mp:...
    AccessToken at = getAT(request);
    ServiceTransaction transaction = (ServiceTransaction) getTransactionStore().get(at);
    if (((OA2Client) transaction.getClient()).isPublicClient()) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "public client not authorized to access user information", HttpStatus.SC_UNAUTHORIZED);
    }
    if (transaction == null) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no transaction for the access token was found.", HttpStatus.SC_BAD_REQUEST);
    }
    if (!transaction.isAccessTokenValid()) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "invalid access token.", HttpStatus.SC_BAD_REQUEST);
    }
    try {
        checkTimestamp(at.getToken());
    } catch (InvalidTimestampException itx) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "token expired.", HttpStatus.SC_BAD_REQUEST);
    }
    OA2SE oa2SE = (OA2SE) getServiceEnvironment();
    UII2 uis = new UII2(oa2SE.getTokenForge(), getServiceEnvironment().getServiceAddress());
    UIIRequest2 uireq = new UIIRequest2(request, at);
    uireq.setUsername(getUsername(transaction));
    // Now we figure out which scope handler to use.
    UIIResponse2 uiresp = (UIIResponse2) uis.process(uireq);
    LinkedList<ClaimSource> claimSources = OA2ATServlet.setupScopeHandlers((OA2ServiceTransaction) transaction, oa2SE);
    DebugUtil.dbg(this, "Invoking scope handler");
    if (claimSources == null || claimSources.isEmpty()) {
        DebugUtil.dbg(this, " ***** NO SCOPE HANDLERS ");
    }
    for (ClaimSource claimSource : claimSources) {
        DebugUtil.dbg(this, " scope handler=" + claimSource.getClass().getSimpleName());
        claimSource.process(uiresp.getUserInfo(), transaction);
    }
    uiresp.write(response);
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) OA2SE(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) UIIRequest2(edu.uiuc.ncsa.security.oauth_2_0.server.UIIRequest2) OA2GeneralError(edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError) InvalidTimestampException(edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException) UII2(edu.uiuc.ncsa.security.oauth_2_0.server.UII2) ClaimSource(edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource) UIIResponse2(edu.uiuc.ncsa.security.oauth_2_0.server.UIIResponse2)

Example 18 with OA2Client

use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.

the class LDAPClaimSourceFactory method createScopeHandlers.

/**
 * This creates a uniform list of scope handlers for both the access token servlet and the user info servlet.
 * It will use a common handler if there is one and use the configured factory to create appropriate ones
 * (and populate them with the right runtime environment otherwise.
 * @param oa2SE
 * @param client
 * @return
 */
public static LinkedList<ClaimSource> createScopeHandlers(OA2SE oa2SE, OA2Client client) {
    DebugUtil.dbg(LDAPClaimSourceFactory.class, "Starting to create LDAPScopeHandlers per client");
    LinkedList<ClaimSource> scopeHandlers = new LinkedList<>();
    if (client.getLdaps() == null || client.getLdaps().isEmpty()) {
        DebugUtil.dbg(LDAPClaimSourceFactory.class, "using default scope handler=");
        if (oa2SE.getClaimSource() instanceof BasicClaimsSourceImpl) {
            BasicClaimsSourceImpl bb = (BasicClaimsSourceImpl) oa2SE.getClaimSource();
            if (bb.getOa2SE() == null) {
                DebugUtil.dbg(LDAPClaimSourceFactory.class, "setting scope handler environment #1");
                bb.setOa2SE(oa2SE);
            }
        }
        scopeHandlers.add(oa2SE.getClaimSource());
    } else {
        for (LDAPConfiguration cfg : client.getLdaps()) {
            DebugUtil.dbg(LDAPClaimSourceFactory.class, "Got LDAP configuration for server " + cfg.getServer());
            LDAPClaimSourceFactoryRequest req = new LDAPClaimSourceFactoryRequest(oa2SE.getMyLogger(), cfg, client.getScopes());
            ClaimSource claimSource = ClaimSourceFactory.newInstance(req);
            if (claimSource instanceof BasicClaimsSourceImpl) {
                DebugUtil.dbg(LDAPClaimSourceFactory.class, "Scope handler\"" + claimSource.getClass().getSimpleName() + "\" is configured.");
                ((BasicClaimsSourceImpl) claimSource).setOa2SE(oa2SE);
                DebugUtil.dbg(LDAPClaimSourceFactory.class, "setting scope handler environment #2");
            }
            scopeHandlers.add(claimSource);
        }
    }
    return scopeHandlers;
}
Also used : ClaimSource(edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource) LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration) LinkedList(java.util.LinkedList)

Example 19 with OA2Client

use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.

the class ClientManagerTest method testLDAPStore2.

/**
 * Retrieve a configuration by its client id.
 *
 * @param ldapStore
 * @param clientStore
 * @throws Exception
 */
public void testLDAPStore2(LDAPStore<LDAPEntry> ldapStore, ClientStore clientStore) throws Exception {
    OA2Client oa2Client = (OA2Client) clientStore.create();
    LDAPConfiguration ldap = createLDAP();
    LDAPEntry ldapEntry = ldapStore.create();
    ldapEntry.setClientID(oa2Client.getIdentifier());
    ldapEntry.setConfiguration(ldap);
    ldapStore.save(ldapEntry);
    LDAPEntry ldapEntry1 = ldapStore.getByClientID(ldapEntry.getClientID());
    assert ldapEntry.equals(ldapEntry1);
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) LDAPEntry(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.ldap.LDAPEntry) LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)

Example 20 with OA2Client

use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.

the class ClientManagerTest method testLDAPStore.

public void testLDAPStore(LDAPStore<LDAPEntry> ldapStore, ClientStore clientStore) throws Exception {
    OA2Client oa2Client = (OA2Client) clientStore.create();
    LDAPConfiguration ldap = createLDAP();
    LDAPEntry ldapEntry = ldapStore.create();
    ldapEntry.setClientID(oa2Client.getIdentifier());
    ldapEntry.setConfiguration(ldap);
    ldapStore.save(ldapEntry);
    LDAPEntry ldapEntry1 = ldapStore.get(ldapEntry.getIdentifier());
    assert ldapEntry.equals(ldapEntry1);
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) LDAPEntry(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.ldap.LDAPEntry) LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)

Aggregations

OA2Client (edu.uiuc.ncsa.security.oauth_2_0.OA2Client)31 JSONObject (net.sf.json.JSONObject)10 OA2ClientKeys (edu.uiuc.ncsa.security.oauth_2_0.OA2ClientKeys)7 LinkedList (java.util.LinkedList)7 ColumnMap (edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)6 LDAPConfiguration (edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)5 AdminClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)4 Permission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission)4 Identifier (edu.uiuc.ncsa.security.core.Identifier)4 OA2ClientConverter (edu.uiuc.ncsa.security.oauth_2_0.OA2ClientConverter)4 JSONArray (net.sf.json.JSONArray)4 TypeAttribute (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypeAttribute)3 TypePermission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)3 ClientApproval (edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)3 OA2GeneralError (edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError)3 LDAPEntry (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.ldap.LDAPEntry)2 ActionAdd (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionAdd)2 TypeClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypeClient)2 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)2 ClaimSource (edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource)2