Examples with MasterToken - net.petafuel.styx.core.persistence.models.MasterToken

Example 1 with MasterToken

use of net.petafuel.styx.core.persistence.models.MasterToken in project styx by petafuel.

the class AccessTokenFilter method checkToken.

@Override
public boolean checkToken(String tokenHash) {
    AccessToken accessToken;
    try {
        accessToken = PersistentAccessToken.get(tokenHash);
    } catch (PersistenceEmptyResultSetException persistenceEmptyResultSetException) {
        // if there was no matching token found in the database, always return unauthorized
        ResponseEntity responseEntity = new ResponseEntity(ResponseConstant.UNAUTHORIZED, ResponseCategory.ERROR, ResponseOrigin.CLIENT);
        throw new StyxException(responseEntity);
    }
    if (accessToken.getLastUsedOn() == null && (TimeUnit.MILLISECONDS.toSeconds(new Date().getTime() - accessToken.getCreatedAt().getTime())) > accessToken.getExpiresIn()) {
        MasterToken masterToken = PersistentClientApp.get(accessToken.getClientMasterToken());
        LOG.warn("Access token expired before first usage, invalidated. master={}, access_token_created={}, serviceBinding={}", masterToken.getName(), accessToken.getCreatedAt(), accessToken.getServiceType());
        PersistentAccessToken.setValid(tokenHash, false);
        return false;
    }
    // get master token and check restrictions
    MasterToken masterToken = PersistentClientApp.get(accessToken.getClientMasterToken());
    checkRestrictions(masterToken, accessToken.getServiceType());
    // check if maxUsages is reached
    checkMaxUsages(masterToken, accessToken);
    // log necessary token information
    LOG.info("Request sent with following token information: accessToken={} valid={} serviceType={} usages={} clientReference={} createdAt={} masterTokenName={} masterTokenEnabled={}", accessToken.getId(), accessToken.isValid(), accessToken.getServiceType(), accessToken.getUsages(), accessToken.getClientReference(), accessToken.getCreatedAt(), masterToken.getName(), masterToken.isEnabled());
    // get service requirements from Target-Resource class or method
    List<XS2ATokenType> serviceRequirements = null;
    if (ri.getResourceMethod().getAnnotation(CheckAccessToken.class) != null) {
        serviceRequirements = Arrays.asList(ri.getResourceMethod().getAnnotation(CheckAccessToken.class).allowedServices());
    } else if (ri.getResourceClass().getAnnotation(CheckAccessToken.class) != null) {
        serviceRequirements = Arrays.asList(ri.getResourceClass().getAnnotation(CheckAccessToken.class).allowedServices());
    }
    // Get all TokenTypeMapperSPI implementations
    List<TokenTypeMapperSPI> tokenTypeMapperImpls = new TokenTypeMapperService().providers();
    TokenTypeMapperSPI concreteTokenTypeMapper = tokenTypeMapperImpls.stream().filter(tokenTypeMapperSPI -> tokenTypeMapperSPI.getMapping(accessToken.getServiceType()) != null).findFirst().orElse(null);
    if (concreteTokenTypeMapper == null || (serviceRequirements != null && !serviceRequirements.contains(concreteTokenTypeMapper.getMapping(accessToken.getServiceType())))) {
        if (concreteTokenTypeMapper == null) {
            LOG.error("There was not TokenTypeMapperSPI implementation found within the classpath, tokens cannot be validated against access controll");
        }
        ResponseEntity responseEntity = new ResponseEntity(ResponseConstant.STYX_TOKEN_ACCESS_VIOLATION, ResponseCategory.ERROR, ResponseOrigin.CLIENT);
        throw new StyxException(responseEntity);
    }
    // update lastUsedOn and increase usages of accessToken
    if (ri.getResourceClass().isAnnotationPresent(CheckAccessToken.class) && ri.getResourceClass().getAnnotation(CheckAccessToken.class).incrementUsage()) {
        PersistentAccessToken.updateLastUsedOn(tokenHash);
    }
    return accessToken.isValid() && masterToken.isEnabled();
}

Also used : ResponseEntity(net.petafuel.styx.api.exception.ResponseEntity) MasterToken(net.petafuel.styx.core.persistence.models.MasterToken) CheckAccessToken(net.petafuel.styx.api.filter.authentication.boundary.CheckAccessToken) TokenTypeMapperSPI(net.petafuel.styx.spi.tokentypemapper.spi.TokenTypeMapperSPI) AccessToken(net.petafuel.styx.core.persistence.models.AccessToken) CheckAccessToken(net.petafuel.styx.api.filter.authentication.boundary.CheckAccessToken) PersistentAccessToken(net.petafuel.styx.core.persistence.layers.PersistentAccessToken) PersistenceEmptyResultSetException(net.petafuel.styx.core.persistence.PersistenceEmptyResultSetException) TokenTypeMapperService(net.petafuel.styx.spi.tokentypemapper.TokenTypeMapperService) XS2ATokenType(net.petafuel.styx.spi.tokentypemapper.api.XS2ATokenType) StyxException(net.petafuel.styx.api.exception.StyxException) Date(java.util.Date)

Example 2 with MasterToken

use of net.petafuel.styx.core.persistence.models.MasterToken in project styx by petafuel.

the class AccessTokenFilterUnitTest method testMasterTokenInvalidConfiguration.

@Test
void testMasterTokenInvalidConfiguration() {
    MasterToken masterToken = prepareMasterToken("pis", null);
    AccessTokenFilter accessTokenFilter = new AccessTokenFilter();
    Assertions.assertThrows(StyxException.class, () -> accessTokenFilter.checkRestrictions(masterToken, "pis"));
    try {
        accessTokenFilter.checkRestrictions(masterToken, "pis");
    } catch (StyxException exception) {
        ResponseEntity response = exception.getResponseEntity();
        Assertions.assertEquals(ResponseConstant.STYX_MASTER_TOKEN_RESTRICTED.getReasonPhrase(), response.getMessage());
        Assertions.assertEquals(ResponseConstant.STYX_MASTER_TOKEN_RESTRICTED.getStatusCode(), response.getCode().getStatusCode());
        Assertions.assertEquals(ResponseCategory.ERROR, response.getCategory());
        Assertions.assertEquals(ResponseOrigin.STYX, response.getOrigin());
    }
}

Also used : MasterToken(net.petafuel.styx.core.persistence.models.MasterToken) ResponseEntity(net.petafuel.styx.api.exception.ResponseEntity) StyxException(net.petafuel.styx.api.exception.StyxException) Test(org.junit.jupiter.api.Test)

Example 3 with MasterToken

use of net.petafuel.styx.core.persistence.models.MasterToken in project styx by petafuel.

the class AccessTokenFilterUnitTest method testCheckMaxUsagesNotReached.

@Test
void testCheckMaxUsagesNotReached() {
    AccessToken accessToken = new AccessToken();
    accessToken.setServiceType("pis");
    MasterToken masterToken = prepareMasterToken("pis", 5);
    AccessTokenFilter accessTokenFilter = new AccessTokenFilter();
    accessToken.setUsages(1);
    Assertions.assertDoesNotThrow(() -> accessTokenFilter.checkMaxUsages(masterToken, accessToken));
}

Also used : MasterToken(net.petafuel.styx.core.persistence.models.MasterToken) AccessToken(net.petafuel.styx.core.persistence.models.AccessToken) Test(org.junit.jupiter.api.Test)

Example 4 with MasterToken

use of net.petafuel.styx.core.persistence.models.MasterToken in project styx by petafuel.

the class AccessTokenFilterUnitTest method testMasterTokenRestrictions.

@Test
void testMasterTokenRestrictions() {
    MasterToken masterToken = prepareMasterToken("pis", 5);
    AccessTokenFilter accessTokenFilter = new AccessTokenFilter();
    Assertions.assertDoesNotThrow(() -> accessTokenFilter.checkRestrictions(masterToken, "pis"));
}

Also used : MasterToken(net.petafuel.styx.core.persistence.models.MasterToken) Test(org.junit.jupiter.api.Test)

Example 5 with MasterToken

use of net.petafuel.styx.core.persistence.models.MasterToken in project styx by petafuel.

the class AccessTokenFilterUnitTest method prepareMasterToken.

/**
 * helper method which sets up a masterToken object with given service Type and maxUsage
 *
 * @param serviceType string service type for which maxUsages will be set
 * @param maxUsage    amount of maxUsage for serviceType
 * @return object of MasterToken
 */
private MasterToken prepareMasterToken(String serviceType, Integer maxUsage) {
    MasterToken masterToken = new MasterToken();
    MasterTokenRestriction masterTokenRestriction = new MasterTokenRestriction();
    masterTokenRestriction.setMaxUsages(maxUsage);
    Map<String, MasterTokenRestriction> restrictionMap = new HashMap<>();
    restrictionMap.put(serviceType, masterTokenRestriction);
    masterToken.setRestrictions(restrictionMap);
    return masterToken;
}

Also used : MasterToken(net.petafuel.styx.core.persistence.models.MasterToken) MasterTokenRestriction(net.petafuel.styx.core.persistence.models.MasterTokenRestriction) HashMap(java.util.HashMap)

Aggregations

MasterToken (net.petafuel.styx.core.persistence.models.MasterToken)15 Test (org.junit.jupiter.api.Test)10 ResponseEntity (net.petafuel.styx.api.exception.ResponseEntity)6 StyxException (net.petafuel.styx.api.exception.StyxException)6 AccessToken (net.petafuel.styx.core.persistence.models.AccessToken)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 CallableStatement (java.sql.CallableStatement)1 Connection (java.sql.Connection)1 ResultSet (java.sql.ResultSet)1 SQLException (java.sql.SQLException)1 Date (java.util.Date)1 HashMap (java.util.HashMap)1 JsonObject (javax.json.JsonObject)1 ApplicationPath (javax.ws.rs.ApplicationPath)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 CheckAccessToken (net.petafuel.styx.api.filter.authentication.boundary.CheckAccessToken)1 CheckMasterToken (net.petafuel.styx.api.filter.authentication.boundary.CheckMasterToken)1 PersistenceEmptyResultSetException (net.petafuel.styx.core.persistence.PersistenceEmptyResultSetException)1 PersistentAccessToken (net.petafuel.styx.core.persistence.layers.PersistentAccessToken)1