use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class OA2ClientCheck method check.
/**
* Note that all of the exceptions thrown here are because the callback cannot be verified, hence it is unclear
* where the error is to be sent.
* @param client
* @param redirect
*/
public static void check(Client client, String redirect) {
if (client == null) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no client id", HttpStatus.SC_BAD_REQUEST);
}
if (!(client instanceof OA2Client)) {
throw new NFWException("Internal error: Client is not an OA2Client");
}
OA2Client oa2Client = (OA2Client) client;
boolean foundCB = false;
if (oa2Client.getCallbackURIs() == null) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "client has not registered any callback URIs", HttpStatus.SC_BAD_REQUEST);
}
for (String uri : oa2Client.getCallbackURIs()) {
if (uri.equals(redirect)) {
foundCB = true;
break;
}
}
if (!foundCB) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "The given redirect \"" + redirect + "\" is not valid for this client", HttpStatus.SC_BAD_REQUEST);
// throw new GeneralException("Error: The given redirect is not valid for this client");
}
}
use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class UserInfoServlet method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
// The access token is sent in the authorization header and should look like
// Bearer oa4mp:...
AccessToken at = getAT(request);
ServiceTransaction transaction = (ServiceTransaction) getTransactionStore().get(at);
if (((OA2Client) transaction.getClient()).isPublicClient()) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "public client not authorized to access user information", HttpStatus.SC_UNAUTHORIZED);
}
if (transaction == null) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no transaction for the access token was found.", HttpStatus.SC_BAD_REQUEST);
}
if (!transaction.isAccessTokenValid()) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "invalid access token.", HttpStatus.SC_BAD_REQUEST);
}
try {
checkTimestamp(at.getToken());
} catch (InvalidTimestampException itx) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "token expired.", HttpStatus.SC_BAD_REQUEST);
}
OA2SE oa2SE = (OA2SE) getServiceEnvironment();
UII2 uis = new UII2(oa2SE.getTokenForge(), getServiceEnvironment().getServiceAddress());
UIIRequest2 uireq = new UIIRequest2(request, at);
uireq.setUsername(getUsername(transaction));
// Now we figure out which scope handler to use.
UIIResponse2 uiresp = (UIIResponse2) uis.process(uireq);
LinkedList<ClaimSource> claimSources = OA2ATServlet.setupScopeHandlers((OA2ServiceTransaction) transaction, oa2SE);
DebugUtil.dbg(this, "Invoking scope handler");
if (claimSources == null || claimSources.isEmpty()) {
DebugUtil.dbg(this, " ***** NO SCOPE HANDLERS ");
}
for (ClaimSource claimSource : claimSources) {
DebugUtil.dbg(this, " scope handler=" + claimSource.getClass().getSimpleName());
claimSource.process(uiresp.getUserInfo(), transaction);
}
uiresp.write(response);
}
use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class LDAPClaimSourceFactory method createScopeHandlers.
/**
* This creates a uniform list of scope handlers for both the access token servlet and the user info servlet.
* It will use a common handler if there is one and use the configured factory to create appropriate ones
* (and populate them with the right runtime environment otherwise.
* @param oa2SE
* @param client
* @return
*/
public static LinkedList<ClaimSource> createScopeHandlers(OA2SE oa2SE, OA2Client client) {
DebugUtil.dbg(LDAPClaimSourceFactory.class, "Starting to create LDAPScopeHandlers per client");
LinkedList<ClaimSource> scopeHandlers = new LinkedList<>();
if (client.getLdaps() == null || client.getLdaps().isEmpty()) {
DebugUtil.dbg(LDAPClaimSourceFactory.class, "using default scope handler=");
if (oa2SE.getClaimSource() instanceof BasicClaimsSourceImpl) {
BasicClaimsSourceImpl bb = (BasicClaimsSourceImpl) oa2SE.getClaimSource();
if (bb.getOa2SE() == null) {
DebugUtil.dbg(LDAPClaimSourceFactory.class, "setting scope handler environment #1");
bb.setOa2SE(oa2SE);
}
}
scopeHandlers.add(oa2SE.getClaimSource());
} else {
for (LDAPConfiguration cfg : client.getLdaps()) {
DebugUtil.dbg(LDAPClaimSourceFactory.class, "Got LDAP configuration for server " + cfg.getServer());
LDAPClaimSourceFactoryRequest req = new LDAPClaimSourceFactoryRequest(oa2SE.getMyLogger(), cfg, client.getScopes());
ClaimSource claimSource = ClaimSourceFactory.newInstance(req);
if (claimSource instanceof BasicClaimsSourceImpl) {
DebugUtil.dbg(LDAPClaimSourceFactory.class, "Scope handler\"" + claimSource.getClass().getSimpleName() + "\" is configured.");
((BasicClaimsSourceImpl) claimSource).setOa2SE(oa2SE);
DebugUtil.dbg(LDAPClaimSourceFactory.class, "setting scope handler environment #2");
}
scopeHandlers.add(claimSource);
}
}
return scopeHandlers;
}
use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class ClientManagerTest method testLDAPStore2.
/**
* Retrieve a configuration by its client id.
*
* @param ldapStore
* @param clientStore
* @throws Exception
*/
public void testLDAPStore2(LDAPStore<LDAPEntry> ldapStore, ClientStore clientStore) throws Exception {
OA2Client oa2Client = (OA2Client) clientStore.create();
LDAPConfiguration ldap = createLDAP();
LDAPEntry ldapEntry = ldapStore.create();
ldapEntry.setClientID(oa2Client.getIdentifier());
ldapEntry.setConfiguration(ldap);
ldapStore.save(ldapEntry);
LDAPEntry ldapEntry1 = ldapStore.getByClientID(ldapEntry.getClientID());
assert ldapEntry.equals(ldapEntry1);
}
use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class ClientManagerTest method testLDAPStore.
public void testLDAPStore(LDAPStore<LDAPEntry> ldapStore, ClientStore clientStore) throws Exception {
OA2Client oa2Client = (OA2Client) clientStore.create();
LDAPConfiguration ldap = createLDAP();
LDAPEntry ldapEntry = ldapStore.create();
ldapEntry.setClientID(oa2Client.getIdentifier());
ldapEntry.setConfiguration(ldap);
ldapStore.save(ldapEntry);
LDAPEntry ldapEntry1 = ldapStore.get(ldapEntry.getIdentifier());
assert ldapEntry.equals(ldapEntry1);
}
Aggregations