use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.
the class ClientApplicationTokenCleaner method removeExpiredTokens.
@Schedule(dayOfWeek = "*", hour = "6", persistent = false)
private void removeExpiredTokens() {
int removed = 0;
Calendar calendar = new GregorianCalendar();
calendar.setTime(new Date());
calendar.add(Calendar.DATE, -1);
long threshold = calendar.getTimeInMillis() / 1000;
List<ClientApplicationAccessToken> tokens = clientApplicationAccessTokenDAO.listByExpired(threshold, BATCH_SIZE);
if (tokens.size() == BATCH_SIZE) {
logger.warning("Client application access tokens possibly piling up");
}
for (ClientApplicationAccessToken token : tokens) {
ClientApplicationAuthorizationCode authCode = token.getClientApplicationAuthorizationCode();
if (authCode.getUser().getRole() == Role.TRUSTED_SYSTEM) {
continue;
}
clientApplicationAccessTokenDAO.delete(token);
clientApplicationAuthorizationCodeDAO.delete(authCode);
removed++;
}
if (removed > 0) {
logger.info(String.format("Removed %d expired client application access tokens", removed));
}
}
use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.
the class ClientApplicationsViewController method processSend.
@Override
public void processSend(PageRequestContext requestContext) {
ClientApplicationDAO clientApplicationDAO = DAOFactory.getInstance().getClientApplicationDAO();
ClientApplicationAuthorizationCodeDAO clientApplicationAuthorizationCodeDAO = DAOFactory.getInstance().getClientApplicationAuthorizationCodeDAO();
ClientApplicationAccessTokenDAO clientApplicationAccessTokenDAO = DAOFactory.getInstance().getClientApplicationAccessTokenDAO();
Long clientApplicationsRowCount = requestContext.getLong("clientApplicationsTable.rowCount");
for (int i = 0; i < clientApplicationsRowCount; i++) {
String colPrefix = "clientApplicationsTable." + i;
Long id = requestContext.getLong(colPrefix + ".id");
Boolean remove = "1".equals(requestContext.getString(colPrefix + ".remove"));
Boolean regenerateSecret = "1".equals(requestContext.getString(colPrefix + ".regenerateSecret"));
Boolean skipPrompt = "1".equals(requestContext.getString(colPrefix + ".skipPrompt"));
String clientName = requestContext.getString(colPrefix + ".appName");
String clientId = requestContext.getString(colPrefix + ".appId");
String clientSecret = requestContext.getString(colPrefix + ".appSecret");
if (id == null && !remove) {
clientId = UUID.randomUUID().toString();
clientSecret = new OauthClientSecretGenerator(80).nextString();
clientApplicationDAO.create(clientName, clientId, clientSecret, skipPrompt);
} else if (id != null) {
ClientApplication clientApplication = clientApplicationDAO.findById(id);
if (remove) {
List<ClientApplicationAuthorizationCode> authCodes = clientApplicationAuthorizationCodeDAO.listByClientApplication(clientApplication);
for (ClientApplicationAuthorizationCode clientApplicationAuthorizationCode : authCodes) {
ClientApplicationAccessToken clientApplicationAccessToken = clientApplicationAccessTokenDAO.findByAuthCode(clientApplicationAuthorizationCode);
if (clientApplicationAccessToken != null) {
clientApplicationAccessTokenDAO.delete(clientApplicationAccessToken);
}
clientApplicationAuthorizationCodeDAO.delete(clientApplicationAuthorizationCode);
}
clientApplicationDAO.delete(clientApplication);
} else {
if (regenerateSecret) {
clientSecret = new OauthClientSecretGenerator(80).nextString();
clientApplicationDAO.updateClientSecret(clientApplication, clientSecret);
}
clientApplicationDAO.updateName(clientApplication, clientName);
clientApplicationDAO.updateSkipPrompt(clientApplication, skipPrompt);
}
}
}
processForm(requestContext);
}
use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.
the class ClientApplicationAuthorizationCodeDAO method listByUser.
public List<ClientApplicationAuthorizationCode> listByUser(User user) {
EntityManager entityManager = getEntityManager();
CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
CriteriaQuery<ClientApplicationAuthorizationCode> criteria = criteriaBuilder.createQuery(ClientApplicationAuthorizationCode.class);
Root<ClientApplicationAuthorizationCode> root = criteria.from(ClientApplicationAuthorizationCode.class);
criteria.select(root);
criteria.where(criteriaBuilder.equal(root.get(ClientApplicationAuthorizationCode_.user), user));
return entityManager.createQuery(criteria).getResultList();
}
use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.
the class ClientApplicationAuthorizationCodeDAO method listByClientApplication.
public List<ClientApplicationAuthorizationCode> listByClientApplication(ClientApplication clientApplication) {
EntityManager entityManager = getEntityManager();
CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
CriteriaQuery<ClientApplicationAuthorizationCode> criteria = criteriaBuilder.createQuery(ClientApplicationAuthorizationCode.class);
Root<ClientApplicationAuthorizationCode> root = criteria.from(ClientApplicationAuthorizationCode.class);
criteria.select(root);
criteria.where(criteriaBuilder.equal(root.get(ClientApplicationAuthorizationCode_.clientApplication), clientApplication));
return entityManager.createQuery(criteria).getResultList();
}
use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.
the class TokenEndpointRESTService method authorize.
@Unsecure
@Path("/token")
@POST
public Response authorize(@Context HttpServletResponse res, @Context HttpServletRequest req) throws OAuthSystemException {
OAuthTokenRequest oauthRequest;
boolean refreshing = false;
OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
try {
oauthRequest = new OAuthTokenRequest(req);
ClientApplication clientApplication = oauthController.findByClientIdAndClientSecret(oauthRequest.getClientId(), oauthRequest.getClientSecret());
if (clientApplication == null) {
logger.severe("Invalid client application");
OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FORBIDDEN).setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("Invalid client").buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
ClientApplicationAuthorizationCode clientApplicationAuthorizationCode = null;
if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.AUTHORIZATION_CODE.toString())) {
clientApplicationAuthorizationCode = oauthController.findByClientApplicationAndAuthorizationCode(clientApplication, oauthRequest.getParam(OAuth.OAUTH_CODE));
if (clientApplicationAuthorizationCode == null) {
logger.severe(String.format("Client application authorization code not found for token %s", oauthRequest.getParam(OAuth.OAUTH_CODE)));
OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FORBIDDEN).setError(OAuthError.TokenResponse.INVALID_GRANT).setErrorDescription("invalid authorization code").buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
} else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.REFRESH_TOKEN.toString())) {
refreshing = true;
} else {
return Response.status(HttpServletResponse.SC_NOT_IMPLEMENTED).build();
}
String accessToken = oauthIssuerImpl.accessToken();
String refreshToken = oauthIssuerImpl.refreshToken();
ClientApplicationAccessToken clientApplicationAccessToken;
Long expires = (System.currentTimeMillis() / 1000L) + TOKEN_LIFETIME;
if (refreshing) {
// New access token and expiration time but refresh token remains unchanged
refreshToken = oauthRequest.getParam(OAuth.OAUTH_REFRESH_TOKEN);
clientApplicationAccessToken = oauthController.findByRefreshToken(refreshToken);
if (clientApplicationAccessToken != null) {
oauthController.refresh(clientApplicationAccessToken, expires, accessToken);
} else {
logger.severe(String.format("Invalid refresh token %s", refreshToken));
OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FORBIDDEN).setError("Invalid refresh token").buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
} else {
clientApplicationAccessToken = oauthController.findByClientApplicationAuthorizationCode(clientApplicationAuthorizationCode);
if (clientApplicationAccessToken == null) {
oauthController.createAccessToken(accessToken, refreshToken, expires, clientApplication, clientApplicationAuthorizationCode);
} else {
oauthController.renewAccessToken(clientApplicationAccessToken, expires, accessToken, refreshToken);
}
}
OAuthResponse response = OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK).setAccessToken(accessToken).setRefreshToken(refreshToken).setExpiresIn(String.valueOf(TOKEN_LIFETIME)).buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
} catch (OAuthProblemException e) {
logger.log(Level.SEVERE, "Oauth problem", e);
OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e).buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
}
Aggregations