Example 6 with CacheControl
use of javax.ws.rs.core.CacheControl in project oxAuth by GluuFederation.
the class RegisterRestWebServiceImpl method requestClientRead.
@Override
public Response requestClientRead(String clientId, String authorization, HttpServletRequest httpRequest, SecurityContext securityContext) {
String accessToken = tokenService.getTokenFromAuthorizationParameter(authorization);
log.debug("Attempting to read client: clientId = {}, registrationAccessToken = {} isSecure = {}", clientId, accessToken, securityContext.isSecure());
Response.ResponseBuilder builder = Response.ok();
OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpRequest), Action.CLIENT_READ);
oAuth2AuditLog.setClientId(clientId);
try {
if (appConfiguration.getDynamicRegistrationEnabled()) {
if (registerParamsValidator.validateParamsClientRead(clientId, accessToken)) {
Client client = clientService.getClient(clientId, accessToken);
if (client != null) {
oAuth2AuditLog.setScope(clientScopesToString(client));
oAuth2AuditLog.setSuccess(true);
builder.entity(clientAsEntity(client));
} else {
log.trace("The Access Token is not valid for the Client ID, returns invalid_token error.");
builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
builder.entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.INVALID_TOKEN));
}
} else {
log.trace("Client parameters are invalid.");
builder = Response.status(Response.Status.BAD_REQUEST);
builder.entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.INVALID_CLIENT_METADATA));
}
} else {
builder = Response.status(Response.Status.BAD_REQUEST);
builder.entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.ACCESS_DENIED));
}
} catch (JSONException e) {
builder = Response.status(500);
builder.entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.INVALID_CLIENT_METADATA));
log.error(e.getMessage(), e);
} catch (StringEncrypter.EncryptionException e) {
builder = Response.status(500);
builder.entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.INVALID_CLIENT_METADATA));
log.error(e.getMessage(), e);
}
CacheControl cacheControl = new CacheControl();
cacheControl.setNoTransform(false);
cacheControl.setNoStore(true);
builder.cacheControl(cacheControl);
builder.header("Pragma", "no-cache");
applicationAuditLogger.sendMessage(oAuth2AuditLog);
return builder.build();
}
Also used :
Response(javax.ws.rs.core.Response)
OAuth2AuditLog(org.xdi.oxauth.model.audit.OAuth2AuditLog)
JSONException(org.codehaus.jettison.json.JSONException)
CacheControl(javax.ws.rs.core.CacheControl)
Client(org.xdi.oxauth.model.registration.Client)
StringEncrypter(org.xdi.util.security.StringEncrypter)
Example 7 with CacheControl
use of javax.ws.rs.core.CacheControl in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceImpl method requestUserInfo.
public Response requestUserInfo(String accessToken, String authorization, HttpServletRequest request, SecurityContext securityContext) {
if (authorization != null && !authorization.isEmpty() && authorization.startsWith("Bearer ")) {
accessToken = authorization.substring(7);
}
log.debug("Attempting to request User Info, Access token = {}, Is Secure = {}", accessToken, securityContext.isSecure());
Response.ResponseBuilder builder = Response.ok();
OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(request), Action.USER_INFO);
try {
if (!UserInfoParamsValidator.validateParams(accessToken)) {
builder = Response.status(400);
builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INVALID_REQUEST));
} else {
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
if (authorizationGrant == null) {
builder = Response.status(400);
builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INVALID_TOKEN));
} else if (authorizationGrant.getAuthorizationGrantType() == AuthorizationGrantType.CLIENT_CREDENTIALS) {
builder = Response.status(403);
builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
} else if (!authorizationGrant.getScopes().contains(DefaultScope.OPEN_ID.toString()) && !authorizationGrant.getScopes().contains(DefaultScope.PROFILE.toString())) {
builder = Response.status(403);
builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
oAuth2AuditLog.updateOAuth2AuditLog(authorizationGrant, false);
} else {
oAuth2AuditLog.updateOAuth2AuditLog(authorizationGrant, true);
CacheControl cacheControl = new CacheControl();
cacheControl.setPrivate(true);
cacheControl.setNoTransform(false);
cacheControl.setNoStore(true);
builder.cacheControl(cacheControl);
builder.header("Pragma", "no-cache");
User currentUser = authorizationGrant.getUser();
try {
currentUser = userService.getUserByDn(authorizationGrant.getUserDn());
} catch (EntryPersistenceException ex) {
log.warn("Failed to reload user entry: '{}'", authorizationGrant.getUserDn());
}
if (authorizationGrant.getClient() != null && authorizationGrant.getClient().getUserInfoEncryptedResponseAlg() != null && authorizationGrant.getClient().getUserInfoEncryptedResponseEnc() != null) {
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(authorizationGrant.getClient().getUserInfoEncryptedResponseAlg());
BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.fromName(authorizationGrant.getClient().getUserInfoEncryptedResponseEnc());
builder.type("application/jwt");
builder.entity(getJweResponse(keyEncryptionAlgorithm, blockEncryptionAlgorithm, currentUser, authorizationGrant, authorizationGrant.getScopes()));
} else if (authorizationGrant.getClient() != null && authorizationGrant.getClient().getUserInfoSignedResponseAlg() != null) {
SignatureAlgorithm algorithm = SignatureAlgorithm.fromString(authorizationGrant.getClient().getUserInfoSignedResponseAlg());
builder.type("application/jwt");
builder.entity(getJwtResponse(algorithm, currentUser, authorizationGrant, authorizationGrant.getScopes()));
} else {
builder.type((MediaType.APPLICATION_JSON + ";charset=UTF-8"));
builder.entity(getJSonResponse(currentUser, authorizationGrant, authorizationGrant.getScopes()));
}
}
}
} catch (StringEncrypter.EncryptionException e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
} catch (InvalidJwtException e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
} catch (SignatureException e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
} catch (InvalidClaimException e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
} catch (Exception e) {
// 500
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
log.error(e.getMessage(), e);
}
applicationAuditLogger.sendMessage(oAuth2AuditLog);
return builder.build();
}
Also used :
InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException)
OAuth2AuditLog(org.xdi.oxauth.model.audit.OAuth2AuditLog)
EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)
SignatureAlgorithm(org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm)
SignatureException(java.security.SignatureException)
InvalidClaimException(org.xdi.oxauth.model.exception.InvalidClaimException)
StringEncrypter(org.xdi.util.security.StringEncrypter)
InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException)
SignatureException(java.security.SignatureException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InvalidClaimException(org.xdi.oxauth.model.exception.InvalidClaimException)
EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)
InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)
BlockEncryptionAlgorithm(org.xdi.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)
JsonWebResponse(org.xdi.oxauth.model.token.JsonWebResponse)
Response(javax.ws.rs.core.Response)
KeyEncryptionAlgorithm(org.xdi.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)
CacheControl(javax.ws.rs.core.CacheControl)
Example 8 with CacheControl
use of javax.ws.rs.core.CacheControl in project oxAuth by GluuFederation.
the class TokenRestWebServiceImpl method response.
private Response response(ResponseBuilder builder) {
CacheControl cacheControl = new CacheControl();
cacheControl.setNoTransform(false);
cacheControl.setNoStore(true);
builder.cacheControl(cacheControl);
builder.header("Pragma", "no-cache");
return builder.build();
}
Also used :
CacheControl(javax.ws.rs.core.CacheControl)
Example 9 with CacheControl
use of javax.ws.rs.core.CacheControl in project oxAuth by GluuFederation.
the class ServerUtil method cacheControl.
public static CacheControl cacheControl(boolean p_noStore, boolean p_noTransform) {
final CacheControl cacheControl = new CacheControl();
cacheControl.setNoStore(p_noStore);
cacheControl.setNoTransform(p_noTransform);
return cacheControl;
}
Also used :
CacheControl(javax.ws.rs.core.CacheControl)
Example 10 with CacheControl
use of javax.ws.rs.core.CacheControl in project stanbol by apache.
the class UserResource method store.
// **********************************
// ****** ADD PERMISSION TO USER ****
// **********************************
// **************************************
// ****** REMOVE PERMISSION FROM USER ***
// **************************************
// ************************************
// ****** ADD PERMISSION TO ROLE ******
// ************************************
// **************************************
// ****** REMOVE PERMISSION FROM ROLE ***
// **************************************
////////////////////////////////////////////////////////////////
/**
* Pushes user data into system graph
*
* @param userNode
* @param uriInfo
* @param currentUserName
* @param newUserName
* @param fullName
* @param email
* @param password
* @param roles
* @param permissions
* @return
*/
private Response store(GraphNode userNode, UriInfo uriInfo, String currentUserName, String newUserName, String fullName, String email, String password, List<String> roles, List<String> permissions) {
if (newUserName != null && !newUserName.equals("")) {
changeLiteral(userNode, PLATFORM.userName, newUserName);
}
if (fullName != null && !fullName.equals("")) {
changeLiteral(userNode, FOAF.name, fullName);
}
if (password != null && !password.equals("")) {
String passwordSha1 = PasswordUtil.convertPassword(password);
changeLiteral(userNode, PERMISSION.passwordSha1, passwordSha1);
}
if (email != null && !email.equals("")) {
changeResource(userNode, FOAF.mbox, new IRI("mailto:" + email));
}
BlankNodeOrIRI userResource = (BlankNodeOrIRI) userNode.getNode();
if (roles != null) {
clearRoles(userResource);
Lock writeLock = systemGraph.getLock().writeLock();
writeLock.lock();
try {
for (int i = 0; i < roles.size(); i++) {
roles.set(i, roles.get(i).trim());
if (!roles.get(i).equals("")) {
addRole(userNode, roles.get(i));
}
}
} finally {
writeLock.unlock();
}
}
if (permissions != null) {
clearPermissions(userResource);
Lock writeLock = systemGraph.getLock().writeLock();
writeLock.lock();
try {
for (int i = 0; i < permissions.size(); i++) {
permissions.set(i, permissions.get(i).trim());
if (!permissions.get(i).equals("")) {
addPermission(userNode, permissions.get(i));
}
}
} finally {
writeLock.unlock();
}
}
URI pageUri = uriInfo.getBaseUriBuilder().path("system/console/usermanagement").build();
// header Cache-control: no-cache, just in case intermediaries are
// holding onto old stuff
CacheControl cc = new CacheControl();
cc.setNoCache(true);
// the jax-rs things available
return Response.seeOther(pageUri).cacheControl(cc).build();
}
Also used :
IRI(org.apache.clerezza.commons.rdf.IRI)
BlankNodeOrIRI(org.apache.clerezza.commons.rdf.BlankNodeOrIRI)
BlankNodeOrIRI(org.apache.clerezza.commons.rdf.BlankNodeOrIRI)
CacheControl(javax.ws.rs.core.CacheControl)
URI(java.net.URI)
Lock(java.util.concurrent.locks.Lock)
Aggregations
CacheControl (javax.ws.rs.core.CacheControl)12
Response (javax.ws.rs.core.Response)4
URI (java.net.URI)3
Lock (java.util.concurrent.locks.Lock)2
BlankNodeOrIRI (org.apache.clerezza.commons.rdf.BlankNodeOrIRI)2
CacheControlProvider (org.glassfish.jersey.message.internal.CacheControlProvider)2
OAuth2AuditLog (org.xdi.oxauth.model.audit.OAuth2AuditLog)2
StringEncrypter (org.xdi.util.security.StringEncrypter)2
HashCode (com.google.common.hash.HashCode)1
File (java.io.File)1
FileInputStream (java.io.FileInputStream)1
InputStream (java.io.InputStream)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
FileSystem (java.nio.file.FileSystem)1
FileTime (java.nio.file.attribute.FileTime)1
SignatureException (java.security.SignatureException)1
ParseException (java.text.ParseException)1
Date (java.util.Date)1
GET (javax.ws.rs.GET)1
EntityTag (javax.ws.rs.core.EntityTag)1
