Search in sources :

Example 1 with ClaimSource

use of edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource in project OA4MP by ncsa.

the class OA2ConfigurationLoader method getClaimSource.

public ClaimSource getClaimSource() throws ClassNotFoundException, IllegalAccessException, InstantiationException {
    DebugUtil.dbg(this, "Getting scope handler " + claimSource);
    if (claimSource == null) {
        // This gets the scopes if any and injects them into the scope handler.
        if (0 < cn.getChildrenCount(SCOPES)) {
            String scopeHandlerName = getFirstAttribute(Configurations.getFirstNode(cn, SCOPES), SCOPE_HANDLER);
            if (scopeHandlerName != null) {
                Class<?> k = Class.forName(scopeHandlerName);
                Object x = k.newInstance();
                if (!(x instanceof ClaimSource)) {
                    throw new GeneralException("The scope handler specified by the class name \"" + scopeHandlerName + "\" does not extend the ScopeHandler " + "interface and therefore cannot be used to handle scopes.");
                }
                claimSource = (ClaimSource) x;
            } else {
                info("Scope handler attribute found in configuration, but no value was found for it. Skipping custom loaded scope handling.");
            }
        }
        // no scopes element, so just use the basic handler.
        if (claimSource == null) {
            DebugUtil.dbg(this, "No server-wide configured Scope handler");
            if (getLdapConfiguration().isEnabled()) {
                DebugUtil.dbg(this, "   LDAP scope handler enabled, creating default");
                claimSource = new LDAPClaimsSource(getLdapConfiguration(), myLogger);
            } else {
                DebugUtil.dbg(this, "   LDAP scope handler disabled, creating basic");
                claimSource = new BasicClaimsSourceImpl();
            }
        }
        claimSource.setScopes(getScopes());
        DebugUtil.dbg(this, "   Actual scope handler = " + claimSource.getClass().getSimpleName());
    }
    return claimSource;
}
Also used : LDAPClaimsSource(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.LDAPClaimsSource) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) BasicClaimsSourceImpl(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.BasicClaimsSourceImpl) ClaimSource(edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource)

Example 2 with ClaimSource

use of edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource in project OA4MP by ncsa.

the class UserInfoServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    // The access token is sent in the authorization header and should look like
    // Bearer oa4mp:...
    AccessToken at = getAT(request);
    ServiceTransaction transaction = (ServiceTransaction) getTransactionStore().get(at);
    if (((OA2Client) transaction.getClient()).isPublicClient()) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "public client not authorized to access user information", HttpStatus.SC_UNAUTHORIZED);
    }
    if (transaction == null) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no transaction for the access token was found.", HttpStatus.SC_BAD_REQUEST);
    }
    if (!transaction.isAccessTokenValid()) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "invalid access token.", HttpStatus.SC_BAD_REQUEST);
    }
    try {
        checkTimestamp(at.getToken());
    } catch (InvalidTimestampException itx) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "token expired.", HttpStatus.SC_BAD_REQUEST);
    }
    OA2SE oa2SE = (OA2SE) getServiceEnvironment();
    UII2 uis = new UII2(oa2SE.getTokenForge(), getServiceEnvironment().getServiceAddress());
    UIIRequest2 uireq = new UIIRequest2(request, at);
    uireq.setUsername(getUsername(transaction));
    // Now we figure out which scope handler to use.
    UIIResponse2 uiresp = (UIIResponse2) uis.process(uireq);
    LinkedList<ClaimSource> claimSources = OA2ATServlet.setupScopeHandlers((OA2ServiceTransaction) transaction, oa2SE);
    DebugUtil.dbg(this, "Invoking scope handler");
    if (claimSources == null || claimSources.isEmpty()) {
        DebugUtil.dbg(this, " ***** NO SCOPE HANDLERS ");
    }
    for (ClaimSource claimSource : claimSources) {
        DebugUtil.dbg(this, " scope handler=" + claimSource.getClass().getSimpleName());
        claimSource.process(uiresp.getUserInfo(), transaction);
    }
    uiresp.write(response);
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) OA2SE(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) UIIRequest2(edu.uiuc.ncsa.security.oauth_2_0.server.UIIRequest2) OA2GeneralError(edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError) InvalidTimestampException(edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException) UII2(edu.uiuc.ncsa.security.oauth_2_0.server.UII2) ClaimSource(edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource) UIIResponse2(edu.uiuc.ncsa.security.oauth_2_0.server.UIIResponse2)

Example 3 with ClaimSource

use of edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource in project OA4MP by ncsa.

the class LDAPClaimSourceFactory method createScopeHandlers.

/**
 * This creates a uniform list of scope handlers for both the access token servlet and the user info servlet.
 * It will use a common handler if there is one and use the configured factory to create appropriate ones
 * (and populate them with the right runtime environment otherwise.
 * @param oa2SE
 * @param client
 * @return
 */
public static LinkedList<ClaimSource> createScopeHandlers(OA2SE oa2SE, OA2Client client) {
    DebugUtil.dbg(LDAPClaimSourceFactory.class, "Starting to create LDAPScopeHandlers per client");
    LinkedList<ClaimSource> scopeHandlers = new LinkedList<>();
    if (client.getLdaps() == null || client.getLdaps().isEmpty()) {
        DebugUtil.dbg(LDAPClaimSourceFactory.class, "using default scope handler=");
        if (oa2SE.getClaimSource() instanceof BasicClaimsSourceImpl) {
            BasicClaimsSourceImpl bb = (BasicClaimsSourceImpl) oa2SE.getClaimSource();
            if (bb.getOa2SE() == null) {
                DebugUtil.dbg(LDAPClaimSourceFactory.class, "setting scope handler environment #1");
                bb.setOa2SE(oa2SE);
            }
        }
        scopeHandlers.add(oa2SE.getClaimSource());
    } else {
        for (LDAPConfiguration cfg : client.getLdaps()) {
            DebugUtil.dbg(LDAPClaimSourceFactory.class, "Got LDAP configuration for server " + cfg.getServer());
            LDAPClaimSourceFactoryRequest req = new LDAPClaimSourceFactoryRequest(oa2SE.getMyLogger(), cfg, client.getScopes());
            ClaimSource claimSource = ClaimSourceFactory.newInstance(req);
            if (claimSource instanceof BasicClaimsSourceImpl) {
                DebugUtil.dbg(LDAPClaimSourceFactory.class, "Scope handler\"" + claimSource.getClass().getSimpleName() + "\" is configured.");
                ((BasicClaimsSourceImpl) claimSource).setOa2SE(oa2SE);
                DebugUtil.dbg(LDAPClaimSourceFactory.class, "setting scope handler environment #2");
            }
            scopeHandlers.add(claimSource);
        }
    }
    return scopeHandlers;
}
Also used : ClaimSource(edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource) LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration) LinkedList(java.util.LinkedList)

Aggregations

ClaimSource (edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource)3 OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)1 OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)1 BasicClaimsSourceImpl (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.BasicClaimsSourceImpl)1 LDAPClaimsSource (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.LDAPClaimsSource)1 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)1 InvalidTimestampException (edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException)1 ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)1 AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)1 OA2Client (edu.uiuc.ncsa.security.oauth_2_0.OA2Client)1 OA2GeneralError (edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError)1 UII2 (edu.uiuc.ncsa.security.oauth_2_0.server.UII2)1 UIIRequest2 (edu.uiuc.ncsa.security.oauth_2_0.server.UIIRequest2)1 UIIResponse2 (edu.uiuc.ncsa.security.oauth_2_0.server.UIIResponse2)1 LDAPConfiguration (edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)1 LinkedList (java.util.LinkedList)1