Search in sources :

Example 1 with ClientApplicationAuthorizationCode

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.

the class ClientApplicationTokenCleaner method removeExpiredTokens.

@Schedule(dayOfWeek = "*", hour = "6", persistent = false)
private void removeExpiredTokens() {
    int removed = 0;
    Calendar calendar = new GregorianCalendar();
    calendar.setTime(new Date());
    calendar.add(Calendar.DATE, -1);
    long threshold = calendar.getTimeInMillis() / 1000;
    List<ClientApplicationAccessToken> tokens = clientApplicationAccessTokenDAO.listByExpired(threshold, BATCH_SIZE);
    if (tokens.size() == BATCH_SIZE) {
        logger.warning("Client application access tokens possibly piling up");
    }
    for (ClientApplicationAccessToken token : tokens) {
        ClientApplicationAuthorizationCode authCode = token.getClientApplicationAuthorizationCode();
        if (authCode.getUser().getRole() == Role.TRUSTED_SYSTEM) {
            continue;
        }
        clientApplicationAccessTokenDAO.delete(token);
        clientApplicationAuthorizationCodeDAO.delete(authCode);
        removed++;
    }
    if (removed > 0) {
        logger.info(String.format("Removed %d expired client application access tokens", removed));
    }
}
Also used : ClientApplicationAccessToken(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAccessToken) GregorianCalendar(java.util.GregorianCalendar) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) ClientApplicationAuthorizationCode(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode) Date(java.util.Date) Schedule(javax.ejb.Schedule)

Example 2 with ClientApplicationAuthorizationCode

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.

the class ClientApplicationsViewController method processSend.

@Override
public void processSend(PageRequestContext requestContext) {
    ClientApplicationDAO clientApplicationDAO = DAOFactory.getInstance().getClientApplicationDAO();
    ClientApplicationAuthorizationCodeDAO clientApplicationAuthorizationCodeDAO = DAOFactory.getInstance().getClientApplicationAuthorizationCodeDAO();
    ClientApplicationAccessTokenDAO clientApplicationAccessTokenDAO = DAOFactory.getInstance().getClientApplicationAccessTokenDAO();
    Long clientApplicationsRowCount = requestContext.getLong("clientApplicationsTable.rowCount");
    for (int i = 0; i < clientApplicationsRowCount; i++) {
        String colPrefix = "clientApplicationsTable." + i;
        Long id = requestContext.getLong(colPrefix + ".id");
        Boolean remove = "1".equals(requestContext.getString(colPrefix + ".remove"));
        Boolean regenerateSecret = "1".equals(requestContext.getString(colPrefix + ".regenerateSecret"));
        Boolean skipPrompt = "1".equals(requestContext.getString(colPrefix + ".skipPrompt"));
        String clientName = requestContext.getString(colPrefix + ".appName");
        String clientId = requestContext.getString(colPrefix + ".appId");
        String clientSecret = requestContext.getString(colPrefix + ".appSecret");
        if (id == null && !remove) {
            clientId = UUID.randomUUID().toString();
            clientSecret = new OauthClientSecretGenerator(80).nextString();
            clientApplicationDAO.create(clientName, clientId, clientSecret, skipPrompt);
        } else if (id != null) {
            ClientApplication clientApplication = clientApplicationDAO.findById(id);
            if (remove) {
                List<ClientApplicationAuthorizationCode> authCodes = clientApplicationAuthorizationCodeDAO.listByClientApplication(clientApplication);
                for (ClientApplicationAuthorizationCode clientApplicationAuthorizationCode : authCodes) {
                    ClientApplicationAccessToken clientApplicationAccessToken = clientApplicationAccessTokenDAO.findByAuthCode(clientApplicationAuthorizationCode);
                    if (clientApplicationAccessToken != null) {
                        clientApplicationAccessTokenDAO.delete(clientApplicationAccessToken);
                    }
                    clientApplicationAuthorizationCodeDAO.delete(clientApplicationAuthorizationCode);
                }
                clientApplicationDAO.delete(clientApplication);
            } else {
                if (regenerateSecret) {
                    clientSecret = new OauthClientSecretGenerator(80).nextString();
                    clientApplicationDAO.updateClientSecret(clientApplication, clientSecret);
                }
                clientApplicationDAO.updateName(clientApplication, clientName);
                clientApplicationDAO.updateSkipPrompt(clientApplication, skipPrompt);
            }
        }
    }
    processForm(requestContext);
}
Also used : ClientApplicationAccessTokenDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationAccessTokenDAO) ClientApplicationAuthorizationCodeDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationAuthorizationCodeDAO) ClientApplication(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication) ClientApplicationDAO(fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationDAO) ClientApplicationAccessToken(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAccessToken) List(java.util.List) ClientApplicationAuthorizationCode(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode) OauthClientSecretGenerator(fi.otavanopisto.pyramus.util.OauthClientSecretGenerator)

Example 3 with ClientApplicationAuthorizationCode

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.

the class ClientApplicationAuthorizationCodeDAO method listByUser.

public List<ClientApplicationAuthorizationCode> listByUser(User user) {
    EntityManager entityManager = getEntityManager();
    CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
    CriteriaQuery<ClientApplicationAuthorizationCode> criteria = criteriaBuilder.createQuery(ClientApplicationAuthorizationCode.class);
    Root<ClientApplicationAuthorizationCode> root = criteria.from(ClientApplicationAuthorizationCode.class);
    criteria.select(root);
    criteria.where(criteriaBuilder.equal(root.get(ClientApplicationAuthorizationCode_.user), user));
    return entityManager.createQuery(criteria).getResultList();
}
Also used : CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) EntityManager(javax.persistence.EntityManager) ClientApplicationAuthorizationCode(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode)

Example 4 with ClientApplicationAuthorizationCode

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.

the class ClientApplicationAuthorizationCodeDAO method listByClientApplication.

public List<ClientApplicationAuthorizationCode> listByClientApplication(ClientApplication clientApplication) {
    EntityManager entityManager = getEntityManager();
    CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
    CriteriaQuery<ClientApplicationAuthorizationCode> criteria = criteriaBuilder.createQuery(ClientApplicationAuthorizationCode.class);
    Root<ClientApplicationAuthorizationCode> root = criteria.from(ClientApplicationAuthorizationCode.class);
    criteria.select(root);
    criteria.where(criteriaBuilder.equal(root.get(ClientApplicationAuthorizationCode_.clientApplication), clientApplication));
    return entityManager.createQuery(criteria).getResultList();
}
Also used : CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) EntityManager(javax.persistence.EntityManager) ClientApplicationAuthorizationCode(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode)

Example 5 with ClientApplicationAuthorizationCode

use of fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode in project pyramus by otavanopisto.

the class TokenEndpointRESTService method authorize.

@Unsecure
@Path("/token")
@POST
public Response authorize(@Context HttpServletResponse res, @Context HttpServletRequest req) throws OAuthSystemException {
    OAuthTokenRequest oauthRequest;
    boolean refreshing = false;
    OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
    try {
        oauthRequest = new OAuthTokenRequest(req);
        ClientApplication clientApplication = oauthController.findByClientIdAndClientSecret(oauthRequest.getClientId(), oauthRequest.getClientSecret());
        if (clientApplication == null) {
            logger.severe("Invalid client application");
            OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FORBIDDEN).setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("Invalid client").buildJSONMessage();
            return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
        }
        ClientApplicationAuthorizationCode clientApplicationAuthorizationCode = null;
        if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.AUTHORIZATION_CODE.toString())) {
            clientApplicationAuthorizationCode = oauthController.findByClientApplicationAndAuthorizationCode(clientApplication, oauthRequest.getParam(OAuth.OAUTH_CODE));
            if (clientApplicationAuthorizationCode == null) {
                logger.severe(String.format("Client application authorization code not found for token %s", oauthRequest.getParam(OAuth.OAUTH_CODE)));
                OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FORBIDDEN).setError(OAuthError.TokenResponse.INVALID_GRANT).setErrorDescription("invalid authorization code").buildJSONMessage();
                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
            }
        } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.REFRESH_TOKEN.toString())) {
            refreshing = true;
        } else {
            return Response.status(HttpServletResponse.SC_NOT_IMPLEMENTED).build();
        }
        String accessToken = oauthIssuerImpl.accessToken();
        String refreshToken = oauthIssuerImpl.refreshToken();
        ClientApplicationAccessToken clientApplicationAccessToken;
        Long expires = (System.currentTimeMillis() / 1000L) + TOKEN_LIFETIME;
        if (refreshing) {
            // New access token and expiration time but refresh token remains unchanged
            refreshToken = oauthRequest.getParam(OAuth.OAUTH_REFRESH_TOKEN);
            clientApplicationAccessToken = oauthController.findByRefreshToken(refreshToken);
            if (clientApplicationAccessToken != null) {
                oauthController.refresh(clientApplicationAccessToken, expires, accessToken);
            } else {
                logger.severe(String.format("Invalid refresh token %s", refreshToken));
                OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FORBIDDEN).setError("Invalid refresh token").buildJSONMessage();
                return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
            }
        } else {
            clientApplicationAccessToken = oauthController.findByClientApplicationAuthorizationCode(clientApplicationAuthorizationCode);
            if (clientApplicationAccessToken == null) {
                oauthController.createAccessToken(accessToken, refreshToken, expires, clientApplication, clientApplicationAuthorizationCode);
            } else {
                oauthController.renewAccessToken(clientApplicationAccessToken, expires, accessToken, refreshToken);
            }
        }
        OAuthResponse response = OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK).setAccessToken(accessToken).setRefreshToken(refreshToken).setExpiresIn(String.valueOf(TOKEN_LIFETIME)).buildJSONMessage();
        return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
    } catch (OAuthProblemException e) {
        logger.log(Level.SEVERE, "Oauth problem", e);
        OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e).buildJSONMessage();
        return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
    }
}
Also used : OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) OAuthIssuerImpl(org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl) ClientApplication(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication) ClientApplicationAccessToken(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAccessToken) OAuthTokenRequest(org.apache.oltu.oauth2.as.request.OAuthTokenRequest) MD5Generator(org.apache.oltu.oauth2.as.issuer.MD5Generator) OAuthIssuer(org.apache.oltu.oauth2.as.issuer.OAuthIssuer) ClientApplicationAuthorizationCode(fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Unsecure(fi.otavanopisto.pyramus.rest.annotation.Unsecure)

Aggregations

ClientApplicationAuthorizationCode (fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAuthorizationCode)8 EntityManager (javax.persistence.EntityManager)4 ClientApplication (fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplication)3 ClientApplicationAccessToken (fi.otavanopisto.pyramus.domainmodel.clientapplications.ClientApplicationAccessToken)3 CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)3 DAOFactory (fi.otavanopisto.pyramus.dao.DAOFactory)1 ClientApplicationAccessTokenDAO (fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationAccessTokenDAO)1 ClientApplicationAuthorizationCodeDAO (fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationAuthorizationCodeDAO)1 ClientApplicationDAO (fi.otavanopisto.pyramus.dao.clientapplications.ClientApplicationDAO)1 User (fi.otavanopisto.pyramus.domainmodel.users.User)1 Unsecure (fi.otavanopisto.pyramus.rest.annotation.Unsecure)1 OauthClientSecretGenerator (fi.otavanopisto.pyramus.util.OauthClientSecretGenerator)1 InvalidScriptException (fi.otavanopisto.pyramus.util.dataimport.scripting.InvalidScriptException)1 Calendar (java.util.Calendar)1 Date (java.util.Date)1 GregorianCalendar (java.util.GregorianCalendar)1 List (java.util.List)1 Schedule (javax.ejb.Schedule)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1