use of info.xiancloud.core.support.authen.AccessToken in project xian by happyyangyuan.
the class ValidateAccessToken method fetchAccessTokenAndReturnScope.
/**
* query for access token info and put it into originalMap
* and return the scope of current token.
*
* @return the scope of the request.
* @throws AccessTokenFailure no token string is provided.
*/
private static String fetchAccessTokenAndReturnScope(UnitRequest request) throws AccessTokenFailure /*, UnknownScopeException*/
{
String ip = request.getContext().getIp();
if (StringUtil.isEmpty(ip))
throw new IllegalArgumentException("Client's ip is empty, please check!");
if (isWhiteIp(ip)) {
return Scope.api_all;
}
String accessToken = request.getContext().getHeader() == null ? null : request.getContext().getHeader().getOrDefault(Constant.XIAN_REQUEST_TOKEN_HEADER, null);
if (StringUtil.isEmpty(accessToken)) {
throw new AccessTokenFailure(null);
} else {
AccessToken accessTokenObject = forToken(accessToken);
request.getContext().setAccessToken(accessTokenObject);
return accessTokenObject.getScope();
}
}
use of info.xiancloud.core.support.authen.AccessToken in project xian by happyyangyuan.
the class RedisDBManager method updateAccessTokenValidStatus.
@Override
public void updateAccessTokenValidStatus(String accessToken, boolean valid) {
AccessToken updatedTokenObject = CacheObjectUtil.get("at:" + accessToken, AccessToken.class).setValid(valid);
CacheObjectUtil.set("at:" + accessToken, updatedTokenObject);
}
use of info.xiancloud.core.support.authen.AccessToken in project xian by happyyangyuan.
the class Authenticator method isValidToken.
public AccessToken isValidToken(String token) {
AccessToken accessToken = db.findAccessToken(token);
LOG.info("token详情:" + accessToken);
if (accessToken != null && accessToken.isValid()) {
if (accessToken.tokenExpired()) {
LOG.info("accessToken 已过期,client_id= " + accessToken.getClientId());
db.updateAccessTokenValidStatus(accessToken.getToken(), false);
return null;
}
return accessToken;
}
return null;
}
use of info.xiancloud.core.support.authen.AccessToken in project xian by happyyangyuan.
the class Authenticator method issueAccessToken.
/**
* 支持json和form两种表单形式
*/
public AccessToken issueAccessToken(FullHttpRequest req) throws OAuthException {
TokenRequest tokenRequest = TokenRequest.create(req);
tokenRequest.validate();
// check valid client_id, client_secret and status of the client app should be active
if (!isActiveClient(tokenRequest.getClientId(), tokenRequest.getClientSecret())) {
throw new OAuthException(ResponseBuilder.INVALID_CLIENT_CREDENTIALS, HttpResponseStatus.BAD_REQUEST);
}
AccessToken accessToken = null;
if (TokenRequest.AUTHORIZATION_CODE.equals(tokenRequest.getGrantType())) {
AuthCode authCode = findAuthCode(tokenRequest);
// TODO: REVISIT: Move client_id check to db query
if (authCode != null) {
if (!tokenRequest.getClientId().equals(authCode.getClientId())) {
throw new OAuthException(ResponseBuilder.INVALID_CLIENT_ID, HttpResponseStatus.BAD_REQUEST);
}
if (authCode.getRedirectUri() != null && !tokenRequest.getRedirectUri().equals(authCode.getRedirectUri())) {
throw new OAuthException(ResponseBuilder.INVALID_REDIRECT_URI, HttpResponseStatus.BAD_REQUEST);
} else {
// invalidate the auth code
db.updateAuthCodeValidStatus(authCode.getCode(), false);
accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, authCode.getScope()), authCode.getScope(), getExpiresIn(TokenRequest.REFRESH_TOKEN, authCode.getScope()));
accessToken.setUserId(authCode.getUserId());
accessToken.setClientId(authCode.getClientId());
accessToken.setCodeId(authCode.getId());
db.storeAccessToken(accessToken);
}
} else {
throw new OAuthException(ResponseBuilder.INVALID_AUTH_CODE, HttpResponseStatus.BAD_REQUEST);
}
} else if (TokenRequest.REFRESH_TOKEN.equals(tokenRequest.getGrantType())) {
accessToken = db.findAccessTokenByRefreshToken(tokenRequest.getRefreshToken(), tokenRequest.getClientId());
if (accessToken != null) {
if (!accessToken.refreshTokenExpired()) {
String validScope;
if (tokenRequest.getScope() != null) {
if (scopeService.scopeAllowed(tokenRequest.getScope(), accessToken.getScope())) {
validScope = tokenRequest.getScope();
} else {
throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
}
} else {
validScope = accessToken.getScope();
}
db.updateAccessTokenValidStatus(accessToken.getToken(), false);
AccessToken newAccessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, validScope), validScope, accessToken.getRefreshToken(), accessToken.getRefreshExpiresIn());
newAccessToken.setUserId(accessToken.getUserId());
newAccessToken.setDetails(accessToken.getDetails());
newAccessToken.setClientId(accessToken.getClientId());
db.storeAccessToken(newAccessToken);
db.removeAccessToken(accessToken.getToken());
return newAccessToken;
} else {
db.removeAccessToken(accessToken.getToken());
throw new OAuthException(ResponseBuilder.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
}
} else {
throw new OAuthException(ResponseBuilder.INVALID_REFRESH_TOKEN, HttpResponseStatus.BAD_REQUEST);
}
} else if (TokenRequest.CLIENT_CREDENTIALS.equals(tokenRequest.getGrantType())) {
ClientCredentials clientCredentials = db.findClientCredentials(tokenRequest.getClientId());
String scope = scopeService.getValidScopeByScope(tokenRequest.getScope(), clientCredentials.getScope());
if (scope == null) {
throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
}
accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.CLIENT_CREDENTIALS, scope), scope, false, null);
accessToken.setClientId(tokenRequest.getClientId());
Map<String, String> applicationDetails = clientCredentials.getApplicationDetails();
if ((applicationDetails != null) && (applicationDetails.size() > 0)) {
// For backward compatibility
accessToken.setDetails(applicationDetails);
accessToken.setApplicationDetails(applicationDetails);
}
db.storeAccessToken(accessToken);
} else if (TokenRequest.PASSWORD.equals(tokenRequest.getGrantType())) {
ClientCredentials clientCredentials = db.findClientCredentials(tokenRequest.getClientId());
String scope = scopeService.getValidScopeByScope(tokenRequest.getScope(), clientCredentials.getScope());
if (scope == null) {
throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
}
try {
UserDetails userDetails = authenticateUser(tokenRequest.getUsername(), tokenRequest.getPassword(), req);
if (userDetails != null && userDetails.getUserId() != null) {
accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, scope), scope, getExpiresIn(TokenRequest.REFRESH_TOKEN, scope));
accessToken.setUserId(userDetails.getUserId());
accessToken.setDetails(userDetails.getDetails());
accessToken.setClientId(tokenRequest.getClientId());
accessToken.setApplicationDetails(clientCredentials.getApplicationDetails());
db.storeAccessToken(accessToken);
} else {
throw new OAuthException(ResponseBuilder.INVALID_USERNAME_PASSWORD, HttpResponseStatus.UNAUTHORIZED);
}
} catch (AuthenticationException e) {
// for instance, if the user authentication requires more user details as a subsequent step
if (e.getResponse() != null) {
String responseContent = ((FullHttpResponse) (e.getResponse())).content().toString(CharsetUtil.UTF_8);
throw new OAuthException(e, responseContent, e.getResponse().getStatus());
} else {
LOG.error("Cannot authenticate user", e);
// NOSONAR
throw new OAuthException(e, ResponseBuilder.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
}
}
} else if (tokenRequest.getGrantType().equals(OAuthConfig.getCustomGrantType())) {
String scope = scopeService.getValidScope(tokenRequest.getScope(), tokenRequest.getClientId());
if (scope == null) {
throw new OAuthException(ResponseBuilder.SCOPE_NOK_MESSAGE, HttpResponseStatus.BAD_REQUEST);
}
try {
accessToken = new AccessToken(TOKEN_TYPE_BEARER, getExpiresIn(TokenRequest.PASSWORD, scope), scope, getExpiresIn(TokenRequest.REFRESH_TOKEN, scope));
accessToken.setClientId(tokenRequest.getClientId());
UserDetails userDetails = callCustomGrantTypeHandler(req);
if (userDetails != null && userDetails.getUserId() != null) {
accessToken.setUserId(userDetails.getUserId());
accessToken.setDetails(userDetails.getDetails());
}
db.storeAccessToken(accessToken);
} catch (AuthenticationException e) {
LOG.error("Cannot authenticate user", e);
throw new OAuthException(e, ResponseBuilder.CANNOT_AUTHENTICATE_USER, HttpResponseStatus.UNAUTHORIZED);
}
}
return accessToken;
}
use of info.xiancloud.core.support.authen.AccessToken in project xian by happyyangyuan.
the class OAuth20Handler method handleTokenValidate.
@DocOAuth20Sub(name = "handleTokenValidate", dec = "验证access_token是否有效", method = "GET", url = "/oauth2.0/tokens/validate", args = { @DocOAuth20SubIn(name = "access_token", dec = "access_token", require = true, type = String.class) })
FullHttpResponse handleTokenValidate(FullHttpRequest req) {
FullHttpResponse response;
QueryStringDecoder dec = new QueryStringDecoder(req.uri());
Map<String, List<String>> params = dec.parameters();
String tokenParam = QueryParameter.getFirstElement(params, QueryParameter.TOKEN);
if (tokenParam == null || tokenParam.isEmpty()) {
response = ResponseBuilder.createBadRequestResponse();
} else {
AccessToken token = auth.isValidToken(tokenParam);
if (token != null) {
String json = JSON.toJSONString(token);
LOG.debug(json);
response = ResponseBuilder.createOkResponse(json);
} else {
response = ResponseBuilder.createUnauthorizedResponse();
}
}
return response;
}
Aggregations