Examples with OAuth2AuthHandler io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler used on opensource projects

Search in sources :

Example 1 with OAuth2AuthHandler

use of io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler in project gravitee-access-management by gravitee-io.

the class AccountProvider method doStart.

@Override
protected void doStart() throws Exception {
    super.doStart();
    if (isSelfServiceAccountEnabled()) {
        // Create the account router
        final Router accountRouter = Router.router(vertx);
        // CORS handler
        accountRouter.route().handler(corsHandler);
        // Account resources are OAuth 2.0 secured
        OAuth2AuthHandler oAuth2AuthHandler = OAuth2AuthHandler.create(oAuth2AuthProvider);
        oAuth2AuthHandler.extractToken(true);
        oAuth2AuthHandler.extractClient(true);
        accountRouter.route().handler(oAuth2AuthHandler);
        // Account profile routes
        final AccountEndpointHandler accountHandler = new AccountEndpointHandler(accountService, domain);
        accountRouter.get(AccountRoutes.PROFILE.getRoute()).handler(accountHandler::getUser).handler(accountHandler::getProfile);
        accountRouter.put(AccountRoutes.PROFILE.getRoute()).handler(BodyHandler.create()).handler(accountHandler::getUser).handler(accountHandler::updateProfile);
        accountRouter.get(AccountRoutes.ACTIVITIES.getRoute()).handler(accountHandler::getUser).handler(accountHandler::getActivity);
        accountRouter.get(AccountRoutes.CHANGE_PASSWORD.getRoute()).handler(accountHandler::redirectForgotPassword);
        accountRouter.post(AccountRoutes.CHANGE_PASSWORD.getRoute()).handler(accountHandler::getUser).handler(accountHandler::changePassword);
        // Account factors routes
        AccountFactorsEndpointHandler accountFactorsEndpointHandler = new AccountFactorsEndpointHandler(accountService, factorManager, applicationContext);
        accountRouter.get(AccountRoutes.FACTORS.getRoute()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::listEnrolledFactors);
        accountRouter.get(AccountRoutes.FACTORS_CATALOG.getRoute()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::listAvailableFactors);
        accountRouter.get(AccountRoutes.FACTORS_BY_ID.getRoute()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::getEnrolledFactor);
        accountRouter.put(AccountRoutes.FACTORS_BY_ID.getRoute()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::updateEnrolledFactor);
        accountRouter.get(AccountRoutes.FACTORS_OTP_QR.getRoute()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::getEnrolledFactorQrCode);
        accountRouter.delete(AccountRoutes.FACTORS_BY_ID.getRoute()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::removeFactor);
        accountRouter.post(AccountRoutes.FACTORS.getRoute()).handler(BodyHandler.create()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::enrollFactor);
        accountRouter.post(AccountRoutes.FACTORS_VERIFY.getRoute()).handler(BodyHandler.create()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::verifyFactor);
        accountRouter.get(AccountRoutes.FACTORS_RECOVERY_CODE.getRoute()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::listRecoveryCodes);
        accountRouter.post(AccountRoutes.FACTORS_RECOVERY_CODE.getRoute()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::enrollRecoveryCode);
        accountRouter.delete(AccountRoutes.FACTORS_RECOVERY_CODE.getRoute()).handler(accountHandler::getUser).handler(accountFactorsEndpointHandler::deleteRecoveryCode);
        // WebAuthn credentials routes
        AccountWebAuthnCredentialsEndpointHandler accountWebAuthnCredentialsEndpointHandler = new AccountWebAuthnCredentialsEndpointHandler(accountService);
        accountRouter.get(AccountRoutes.WEBAUTHN_CREDENTIALS.getRoute()).handler(accountHandler::getUser).handler(accountWebAuthnCredentialsEndpointHandler::listEnrolledWebAuthnCredentials);
        accountRouter.get(AccountRoutes.WEBAUTHN_CREDENTIALS_BY_ID.getRoute()).handler(accountHandler::getUser).handler(accountWebAuthnCredentialsEndpointHandler::getEnrolledWebAuthnCredential);
        // error handler
        accountRouter.route().failureHandler(new ErrorHandler());
        // mount account router
        router.mountSubRouter(path(), accountRouter);
    }
}
Also used : ErrorHandler(io.gravitee.am.gateway.handler.common.vertx.web.handler.ErrorHandler) AccountFactorsEndpointHandler(io.gravitee.am.gateway.handler.account.resources.AccountFactorsEndpointHandler) AccountWebAuthnCredentialsEndpointHandler(io.gravitee.am.gateway.handler.account.resources.AccountWebAuthnCredentialsEndpointHandler) Router(io.vertx.reactivex.ext.web.Router) OAuth2AuthHandler(io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler) AccountEndpointHandler(io.gravitee.am.gateway.handler.account.resources.AccountEndpointHandler)

Example 2 with OAuth2AuthHandler

use of io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler in project gravitee-access-management by gravitee-io.

the class OIDCProvider method startOpenIDConnectProtocol.

private void startOpenIDConnectProtocol() {
    // Create the OpenID Connect router
    final Router oidcRouter = Router.router(vertx);
    // OpenID Provider Configuration Information Endpoint
    Handler<RoutingContext> openIDProviderConfigurationEndpoint = new ProviderConfigurationEndpoint();
    ((ProviderConfigurationEndpoint) openIDProviderConfigurationEndpoint).setDiscoveryService(discoveryService);
    oidcRouter.route("/.well-known/openid-configuration").handler(corsHandler);
    oidcRouter.route(HttpMethod.GET, "/.well-known/openid-configuration").handler(openIDProviderConfigurationEndpoint);
    // UserInfo Endpoint
    OAuth2AuthHandler userInfoAuthHandler = OAuth2AuthHandler.create(oAuth2AuthProvider, Scope.OPENID.getKey());
    userInfoAuthHandler.extractToken(true);
    userInfoAuthHandler.extractClient(true);
    userInfoAuthHandler.forceEndUserToken(true);
    Handler<RoutingContext> userInfoEndpoint = new UserInfoEndpoint(userService, jwtService, jweService, discoveryService);
    oidcRouter.route("/userinfo").handler(corsHandler);
    oidcRouter.route(HttpMethod.GET, "/userinfo").handler(userInfoAuthHandler).handler(userInfoEndpoint);
    oidcRouter.route(HttpMethod.POST, "/userinfo").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(userInfoAuthHandler).handler(userInfoEndpoint);
    // OpenID Provider JWK Set
    Handler<RoutingContext> openIDProviderJWKSetEndpoint = new ProviderJWKSetEndpoint(jwkService);
    oidcRouter.route("/.well-known/jwks.json").handler(corsHandler);
    oidcRouter.route(HttpMethod.GET, "/.well-known/jwks.json").handler(openIDProviderJWKSetEndpoint);
    // Dynamic Client Registration templates
    DynamicClientRegistrationTemplateHandler dynamicClientRegistrationTemplateHandler = new DynamicClientRegistrationTemplateHandler(domain);
    DynamicClientRegistrationTemplateEndpoint dynamicClientRegistrationTemplateEndpoint = new DynamicClientRegistrationTemplateEndpoint(clientSyncService);
    oidcRouter.route(HttpMethod.GET, "/register_templates").handler(dynamicClientRegistrationTemplateHandler).handler(dynamicClientRegistrationTemplateEndpoint);
    // Dynamic Client Registration
    OAuth2AuthHandler dynamicClientRegistrationAuthHandler = OAuth2AuthHandler.create(oAuth2AuthProvider, Scope.DCR_ADMIN.getKey());
    dynamicClientRegistrationAuthHandler.extractToken(true);
    dynamicClientRegistrationAuthHandler.extractClient(true);
    dynamicClientRegistrationAuthHandler.forceClientToken(true);
    DynamicClientRegistrationHandler dynamicClientRegistrationHandler = new DynamicClientRegistrationHandler(domain, dynamicClientRegistrationAuthHandler);
    DynamicClientRegistrationEndpoint dynamicClientRegistrationEndpoint = new DynamicClientRegistrationEndpoint(dcrService, clientSyncService);
    oidcRouter.route(HttpMethod.POST, "/register").consumes(MediaType.APPLICATION_JSON).handler(dynamicClientRegistrationHandler).handler(dynamicClientRegistrationEndpoint);
    // Dynamic Client Configuration
    OAuth2AuthHandler dynamicClientAccessAuthHandler = OAuth2AuthHandler.create(oAuth2AuthProvider, Scope.DCR_ADMIN.getKey());
    dynamicClientAccessAuthHandler.extractRawToken(true);
    dynamicClientAccessAuthHandler.extractToken(true);
    dynamicClientAccessAuthHandler.extractClient(true);
    dynamicClientAccessAuthHandler.forceClientToken(true);
    dynamicClientAccessAuthHandler.selfResource(true, CLIENT_ID, Scope.DCR.getKey());
    dynamicClientAccessAuthHandler.offlineVerification(true);
    DynamicClientAccessHandler dynamicClientAccessHandler = new DynamicClientAccessHandler(domain);
    DynamicClientAccessTokenHandler dynamicClientAccessTokenHandler = new DynamicClientAccessTokenHandler();
    DynamicClientAccessEndpoint dynamicClientAccessEndpoint = new DynamicClientAccessEndpoint(dcrService, clientSyncService);
    oidcRouter.route(HttpMethod.GET, "/register/:" + CLIENT_ID).handler(dynamicClientAccessHandler).handler(dynamicClientAccessAuthHandler).handler(dynamicClientAccessTokenHandler).handler(dynamicClientAccessEndpoint::read);
    oidcRouter.route(HttpMethod.PATCH, "/register/:" + CLIENT_ID).consumes(MediaType.APPLICATION_JSON).handler(dynamicClientAccessHandler).handler(dynamicClientAccessAuthHandler).handler(dynamicClientAccessTokenHandler).handler(dynamicClientAccessEndpoint::patch);
    oidcRouter.route(HttpMethod.PUT, "/register/:" + CLIENT_ID).consumes(MediaType.APPLICATION_JSON).handler(dynamicClientAccessHandler).handler(dynamicClientAccessAuthHandler).handler(dynamicClientAccessTokenHandler).handler(dynamicClientAccessEndpoint::update);
    oidcRouter.route(HttpMethod.DELETE, "/register/:" + CLIENT_ID).handler(dynamicClientAccessHandler).handler(dynamicClientAccessAuthHandler).handler(dynamicClientAccessTokenHandler).handler(dynamicClientAccessEndpoint::delete);
    oidcRouter.route(HttpMethod.POST, "/register/:" + CLIENT_ID + "/renew_secret").handler(dynamicClientAccessHandler).handler(dynamicClientAccessAuthHandler).handler(dynamicClientAccessTokenHandler).handler(dynamicClientAccessEndpoint::renewClientSecret);
    // client auth handler
    final String certificateHeader = environment.getProperty(ConstantKeys.HTTP_SSL_CERTIFICATE_HEADER);
    final Handler<RoutingContext> clientAuthHandler = ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, certificateHeader);
    // Request object registration
    oidcRouter.route(HttpMethod.POST, "/ros").handler(clientAuthHandler).handler(new RequestObjectRegistrationEndpoint(requestObjectService));
    oidcRouter.route("/ros").handler(clientAuthHandler).handler(new RequestObjectRegistrationEndpoint.MethodNotAllowedHandler());
    // error handler
    errorHandler(oidcRouter);
    router.mountSubRouter(path(), oidcRouter);
}
Also used : DynamicClientRegistrationHandler(io.gravitee.am.gateway.handler.oidc.resources.handler.DynamicClientRegistrationHandler) Router(io.vertx.reactivex.ext.web.Router) DynamicClientAccessHandler(io.gravitee.am.gateway.handler.oidc.resources.handler.DynamicClientAccessHandler) OAuth2AuthHandler(io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler) DynamicClientAccessTokenHandler(io.gravitee.am.gateway.handler.oidc.resources.handler.DynamicClientAccessTokenHandler) RoutingContext(io.vertx.reactivex.ext.web.RoutingContext) DynamicClientRegistrationTemplateHandler(io.gravitee.am.gateway.handler.oidc.resources.handler.DynamicClientRegistrationTemplateHandler)

Example 3 with OAuth2AuthHandler

use of io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler in project gravitee-access-management by gravitee-io.

the class UsersProvider method doStart.

@Override
protected void doStart() throws Exception {
    super.doStart();
    // Create the Users router
    final Router usersRouter = Router.router(vertx);
    final UserConsentsEndpointHandler userConsentsHandler = new UserConsentsEndpointHandler(userService, clientSyncService, domain);
    final UserConsentEndpointHandler userConsentHandler = new UserConsentEndpointHandler(userService, clientSyncService, domain);
    final OAuth2AuthHandler oAuth2AuthHandler = OAuth2AuthHandler.create(oAuth2AuthProvider, "consent_admin");
    oAuth2AuthHandler.extractToken(true);
    oAuth2AuthHandler.selfResource(true, "userId");
    // user consent routes
    usersRouter.routeWithRegex(".*consents.*").pathRegex("\\/(?<userId>[^\\/]+)\\/([^\\/]+)").handler(oAuth2AuthHandler);
    usersRouter.get("/:userId/consents").handler(userConsentsHandler::list);
    usersRouter.delete("/:userId/consents").handler(userConsentsHandler::revoke);
    usersRouter.get("/:userId/consents/:consentId").handler(userConsentHandler::get);
    usersRouter.delete("/:userId/consents/:consentId").handler(userConsentHandler::revoke);
    // error handler
    usersRouter.route().failureHandler(new ErrorHandler());
    router.mountSubRouter(path(), usersRouter);
}
Also used : ErrorHandler(io.gravitee.am.gateway.handler.common.vertx.web.handler.ErrorHandler) UserConsentsEndpointHandler(io.gravitee.am.gateway.handler.users.resources.consents.UserConsentsEndpointHandler) Router(io.vertx.reactivex.ext.web.Router) UserConsentEndpointHandler(io.gravitee.am.gateway.handler.users.resources.consents.UserConsentEndpointHandler) OAuth2AuthHandler(io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler)

Example 4 with OAuth2AuthHandler

use of io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler in project gravitee-access-management by gravitee-io.

the class SCIMProvider method doStart.

@Override
protected void doStart() throws Exception {
    super.doStart();
    if (isSCIMEnabled()) {
        // Create the SCIM router
        final Router scimRouter = Router.router(vertx);
        // CORS handler
        scimRouter.route().handler(corsHandler);
        // Declare SCIM routes
        // see <a href="https://tools.ietf.org/html/rfc7644#section-3.2">3.2. SCIM Endpoints and HTTP Methods</a>
        // Service Provider configuration
        ServiceProviderConfigurationEndpointHandler serviceProviderConfigurationEndpointHandler = ServiceProviderConfigurationEndpointHandler.create(serviceProviderConfigService);
        serviceProviderConfigurationEndpointHandler.setObjectMapper(objectMapper);
        scimRouter.get("/ServiceProviderConfig").handler(serviceProviderConfigurationEndpointHandler);
        // SCIM resources routes are OAuth 2.0 secured
        OAuth2AuthHandler oAuth2AuthHandler = OAuth2AuthHandler.create(oAuth2AuthProvider, "scim");
        oAuth2AuthHandler.extractToken(true);
        oAuth2AuthHandler.extractClient(true);
        scimRouter.route().handler(oAuth2AuthHandler);
        // Users resource
        UsersEndpoint usersEndpoint = new UsersEndpoint(domain, userService, objectMapper);
        UserEndpoint userEndpoint = new UserEndpoint(domain, userService, objectMapper);
        scimRouter.get("/Users").handler(usersEndpoint::list);
        scimRouter.get("/Users/:id").handler(userEndpoint::get);
        scimRouter.post("/Users").handler(usersEndpoint::create);
        scimRouter.put("/Users/:id").handler(userEndpoint::update);
        scimRouter.patch("/Users/:id").handler(userEndpoint::patch);
        scimRouter.delete("/Users/:id").handler(userEndpoint::delete);
        // Groups resource
        GroupsEndpoint groupsEndpoint = new GroupsEndpoint(groupService, objectMapper, userService);
        GroupEndpoint groupEndpoint = new GroupEndpoint(groupService, objectMapper, userService);
        scimRouter.get("/Groups").handler(groupsEndpoint::list);
        scimRouter.get("/Groups/:id").handler(groupEndpoint::get);
        scimRouter.post("/Groups").handler(groupsEndpoint::create);
        scimRouter.put("/Groups/:id").handler(groupEndpoint::update);
        scimRouter.patch("/Groups/:id").handler(groupEndpoint::patch);
        scimRouter.delete("/Groups/:id").handler(groupEndpoint::delete);
        // error handler
        scimRouter.route().failureHandler(new ErrorHandler());
        // mount SCIM router
        router.mountSubRouter(path(), scimRouter);
    }
}
Also used : GroupsEndpoint(io.gravitee.am.gateway.handler.scim.resources.groups.GroupsEndpoint) UsersEndpoint(io.gravitee.am.gateway.handler.scim.resources.users.UsersEndpoint) ErrorHandler(io.gravitee.am.gateway.handler.scim.resources.ErrorHandler) ServiceProviderConfigurationEndpointHandler(io.gravitee.am.gateway.handler.scim.resources.configuration.ServiceProviderConfigurationEndpointHandler) Router(io.vertx.reactivex.ext.web.Router) GroupEndpoint(io.gravitee.am.gateway.handler.scim.resources.groups.GroupEndpoint) OAuth2AuthHandler(io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler) UserEndpoint(io.gravitee.am.gateway.handler.scim.resources.users.UserEndpoint)

Example 5 with OAuth2AuthHandler

use of io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler in project gravitee-access-management by gravitee-io.

the class UserInfoEndpointHandlerTest method createOAuth2AuthHandler.

private OAuth2AuthHandler createOAuth2AuthHandler(OAuth2AuthProvider oAuth2AuthProvider) {
    OAuth2AuthHandler userInfoAuthHandler = OAuth2AuthHandler.create(oAuth2AuthProvider, Scope.OPENID.getKey());
    userInfoAuthHandler.extractToken(true);
    userInfoAuthHandler.extractClient(true);
    userInfoAuthHandler.forceEndUserToken(true);
    return userInfoAuthHandler;
}
Also used : OAuth2AuthHandler(io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler)

Aggregations

OAuth2AuthHandler (io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthHandler)6 Router (io.vertx.reactivex.ext.web.Router)5 ErrorHandler (io.gravitee.am.gateway.handler.common.vertx.web.handler.ErrorHandler)2 RoutingContext (io.vertx.reactivex.ext.web.RoutingContext)2 AccountEndpointHandler (io.gravitee.am.gateway.handler.account.resources.AccountEndpointHandler)1 AccountFactorsEndpointHandler (io.gravitee.am.gateway.handler.account.resources.AccountFactorsEndpointHandler)1 AccountWebAuthnCredentialsEndpointHandler (io.gravitee.am.gateway.handler.account.resources.AccountWebAuthnCredentialsEndpointHandler)1 DynamicClientAccessHandler (io.gravitee.am.gateway.handler.oidc.resources.handler.DynamicClientAccessHandler)1 DynamicClientAccessTokenHandler (io.gravitee.am.gateway.handler.oidc.resources.handler.DynamicClientAccessTokenHandler)1 DynamicClientRegistrationHandler (io.gravitee.am.gateway.handler.oidc.resources.handler.DynamicClientRegistrationHandler)1 DynamicClientRegistrationTemplateHandler (io.gravitee.am.gateway.handler.oidc.resources.handler.DynamicClientRegistrationTemplateHandler)1 ErrorHandler (io.gravitee.am.gateway.handler.scim.resources.ErrorHandler)1 ServiceProviderConfigurationEndpointHandler (io.gravitee.am.gateway.handler.scim.resources.configuration.ServiceProviderConfigurationEndpointHandler)1 GroupEndpoint (io.gravitee.am.gateway.handler.scim.resources.groups.GroupEndpoint)1 GroupsEndpoint (io.gravitee.am.gateway.handler.scim.resources.groups.GroupsEndpoint)1 UserEndpoint (io.gravitee.am.gateway.handler.scim.resources.users.UserEndpoint)1 UsersEndpoint (io.gravitee.am.gateway.handler.scim.resources.users.UsersEndpoint)1 PermissionEndpoint (io.gravitee.am.gateway.handler.uma.resources.endpoint.PermissionEndpoint)1 ProviderConfigurationEndpoint (io.gravitee.am.gateway.handler.uma.resources.endpoint.ProviderConfigurationEndpoint)1 ResourceAccessPoliciesEndpoint (io.gravitee.am.gateway.handler.uma.resources.endpoint.ResourceAccessPoliciesEndpoint)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial