Examples with OAuthProblemException org.apache.amber.oauth2.common.exception.OAuthProblemException used on opensource projects

Search in sources :

Example 11 with OAuthProblemException

use of org.apache.amber.oauth2.common.exception.OAuthProblemException in project identity-test-integration by wso2-incubator.

the class LoginProxy method handleCallback.

/**
 * this is the method, which gets fired when the identity server returns back the authorization code, after
 * authenticating the user. in addition to the authorization code, the response from the identity server must also
 * include the state parameter, which contains the value we set when we initiate the authorization grant.
 *
 * @param code the authorization code generated by the identity server. the proxy application will exchange this
 *            token to get an access token from the identity server.
 * @param state this is the same value we set as state, when we initiate the authorization grant request to the
 *            identity server.
 * @return
 */
@Path("callback")
@GET
public Response handleCallback(@QueryParam("code") String code, @QueryParam("state") String state) {
    if (code == null || code.isEmpty()) {
        return ProxyUtils.handleResponse(ProxyUtils.OperationStatus.BAD_REQUEST, ProxyFaultCodes.ERROR_002, ProxyFaultCodes.Name.INVALID_INPUTS, "The value of the code cannot be null.");
    }
    if (state == null || state.isEmpty()) {
        return ProxyUtils.handleResponse(ProxyUtils.OperationStatus.BAD_REQUEST, ProxyFaultCodes.ERROR_002, ProxyFaultCodes.Name.INVALID_INPUTS, "The value of the state cannot be null.");
    }
    HttpServletResponse resp = context.getHttpServletResponse();
    HttpServletRequest req = context.getHttpServletRequest();
    Cookie[] cookies = req.getCookies();
    String spaName = null;
    // try to load the cookie corresponding to the value of the state.
    if (cookies != null && cookies.length > 0) {
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equals(state)) {
                spaName = cookies[i].getValue();
                break;
            }
        }
    }
    if (spaName == null) {
        return ProxyUtils.handleResponse(ProxyUtils.OperationStatus.BAD_REQUEST, ProxyFaultCodes.ERROR_002, ProxyFaultCodes.Name.INVALID_INPUTS, "No valid cookie found.");
    }
    // loads the client key corresponding to the SPA. you do not need to have SPA specific consumer keys, rather
    // can use one client key for all the SPAs. you get the consumer key from the identity server, at the time you
    // register the service provider, and configure it in oauth_proxy.properties file.
    String consumerKey = ProxyUtils.getConsumerKey(spaName);
    // loads the client secret corresponding to the SPA. you do not need to have SPA specific client secret, rather
    // can use one client secret for all the SPAs. you get the client secret from the identity server, at the time
    // you register the service provider, and configure it in oauth_proxy.properties file.
    String consumerSecret = ProxyUtils.getConsumerSecret(spaName);
    // this is the OAuth 2.0 token end-point of the identity server.
    String tokenEndpoint = ProxyUtils.getTokenEp();
    // load the callback URL of the proxy. there is only one callback URL. even when you create multiple service
    // providers in identity server to get multiple client key/client secret pairs, the callback URL would be the
    // same.
    String callbackUrl = ProxyUtils.getCallbackUrl();
    OAuthClientRequest accessRequest = null;
    try {
        // create an OAuth 2.0 token request.
        accessRequest = OAuthClientRequest.tokenLocation(tokenEndpoint).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(consumerKey).setClientSecret(consumerSecret).setRedirectURI(callbackUrl).setCode(code).buildBodyMessage();
    } catch (OAuthSystemException e) {
        log.error(e);
        return ProxyUtils.handleResponse(ProxyUtils.OperationStatus.INTERNAL_SERVER_ERROR, ProxyFaultCodes.ERROR_003, ProxyFaultCodes.Name.INTERNAL_SERVER_ERROR, e.getMessage());
    }
    // create an OAuth 2.0 client that uses custom HTTP client under the hood
    OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
    OAuthClientResponse oAuthResponse = null;
    try {
        // talk to the OAuth token end-point of identity server to get the OAuth access token, refresh token and id
        // token.
        oAuthResponse = oAuthClient.accessToken(accessRequest);
    } catch (OAuthSystemException e) {
        log.error(e);
        return ProxyUtils.handleResponse(ProxyUtils.OperationStatus.INTERNAL_SERVER_ERROR, ProxyFaultCodes.ERROR_003, ProxyFaultCodes.Name.INTERNAL_SERVER_ERROR, e.getMessage());
    } catch (OAuthProblemException e) {
        log.error(e);
        return ProxyUtils.handleResponse(ProxyUtils.OperationStatus.INTERNAL_SERVER_ERROR, ProxyFaultCodes.ERROR_003, ProxyFaultCodes.Name.INTERNAL_SERVER_ERROR, e.getMessage());
    }
    // read the access token from the OAuth token end-point response.
    String accessToken = oAuthResponse.getParam(ProxyUtils.ACCESS_TOKEN);
    // read the refresh token from the OAuth token end-point response.
    String refreshToken = oAuthResponse.getParam(ProxyUtils.REFRESH_TOKEN);
    // read the expiration from the OAuth token endpoint response.
    long expiration = Long.parseLong(oAuthResponse.getParam(ProxyUtils.EXPIRATION));
    // read the id token from the OAuth token end-point response.
    String idToken = oAuthResponse.getParam(ProxyUtils.ID_TOKEN);
    if (idToken != null) {
        // extract out the content of the JWT, which comes in the id token.
        String[] idTkElements = idToken.split(Pattern.quote("."));
        idToken = idTkElements[1];
    }
    // create a JSON object aggregating OAuth access token, refresh token and id token
    JSONObject json = new JSONObject();
    try {
        json.put(ProxyUtils.ID_TOKEN, idToken);
        json.put(ProxyUtils.ACCESS_TOKEN, accessToken);
        json.put(ProxyUtils.REFRESH_TOKEN, refreshToken);
        json.put(ProxyUtils.SPA_NAME, spaName);
        json.put(ProxyUtils.EXPIRATION, new Long(expiration));
    } catch (JSONException e) {
        return ProxyUtils.handleResponse(ProxyUtils.OperationStatus.INTERNAL_SERVER_ERROR, ProxyFaultCodes.ERROR_003, ProxyFaultCodes.Name.INTERNAL_SERVER_ERROR, e.getMessage());
    }
    try {
        // encrypt the JSON message.
        String encryptedCookieValue = ProxyUtils.encrypt(json.toString());
        // create a cookie under the proxy domain with the encrypted message. cookie name is set to the value of the
        // code, initially passed by the SPA.
        Cookie cookie = new Cookie(state, encryptedCookieValue);
        // the cookie is only accessible by the HTTPS transport.
        cookie.setSecure(true);
        // add cookie to the response.
        resp.addCookie(cookie);
        // get the SPA callback URL. each SPA has its own callback URL, which is defined in the
        // oauth_proxy.properties file
        resp.sendRedirect(ProxyUtils.getSpaCallbackUrl(spaName));
        return null;
    } catch (Exception e) {
        return ProxyUtils.handleResponse(ProxyUtils.OperationStatus.INTERNAL_SERVER_ERROR, ProxyFaultCodes.ERROR_003, ProxyFaultCodes.Name.INTERNAL_SERVER_ERROR, e.getMessage());
    }
}
Also used : Cookie(javax.servlet.http.Cookie) OAuthClient(org.apache.amber.oauth2.client.OAuthClient) OAuthSystemException(org.apache.amber.oauth2.common.exception.OAuthSystemException) HttpServletResponse(javax.servlet.http.HttpServletResponse) JSONException(org.codehaus.jettison.json.JSONException) OAuthClientResponse(org.apache.amber.oauth2.client.response.OAuthClientResponse) OAuthSystemException(org.apache.amber.oauth2.common.exception.OAuthSystemException) OAuthProblemException(org.apache.amber.oauth2.common.exception.OAuthProblemException) IOException(java.io.IOException) JSONException(org.codehaus.jettison.json.JSONException) HttpServletRequest(javax.servlet.http.HttpServletRequest) OAuthProblemException(org.apache.amber.oauth2.common.exception.OAuthProblemException) URLConnectionClient(org.apache.amber.oauth2.client.URLConnectionClient) JSONObject(org.codehaus.jettison.json.JSONObject) OAuthClientRequest(org.apache.amber.oauth2.client.request.OAuthClientRequest) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Example 12 with OAuthProblemException

use of org.apache.amber.oauth2.common.exception.OAuthProblemException in project incubator-gobblin by apache.

the class SalesforceRestWriter method onConnect.

/**
 * Retrieve access token, if needed, retrieve instance url, and set server host URL
 * {@inheritDoc}
 * @see org.apache.gobblin.writer.http.HttpWriter#onConnect(org.apache.http.HttpHost)
 */
@Override
public void onConnect(URI serverHost) throws IOException {
    if (!StringUtils.isEmpty(accessToken)) {
        // No need to be called if accessToken is active.
        return;
    }
    try {
        getLog().info("Getting Oauth2 access token.");
        OAuthClientRequest request = OAuthClientRequest.tokenLocation(serverHost.toString()).setGrantType(GrantType.PASSWORD).setClientId(clientId).setClientSecret(clientSecret).setUsername(userId).setPassword(password + securityToken).buildQueryMessage();
        OAuthClient client = new OAuthClient(new URLConnectionClient());
        OAuthJSONAccessTokenResponse response = client.accessToken(request, OAuth.HttpMethod.POST);
        accessToken = response.getAccessToken();
        setCurServerHost(new URI(response.getParam("instance_url")));
    } catch (OAuthProblemException e) {
        throw new NonTransientException("Error while authenticating with Oauth2", e);
    } catch (OAuthSystemException e) {
        throw new RuntimeException("Failed getting access token", e);
    } catch (URISyntaxException e) {
        throw new RuntimeException("Failed due to invalid instance url", e);
    }
}
Also used : OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) NonTransientException(org.apache.gobblin.exception.NonTransientException) URLConnectionClient(org.apache.oltu.oauth2.client.URLConnectionClient) OAuthClient(org.apache.oltu.oauth2.client.OAuthClient) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuthJSONAccessTokenResponse(org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse) URISyntaxException(java.net.URISyntaxException) OAuthClientRequest(org.apache.oltu.oauth2.client.request.OAuthClientRequest) URI(java.net.URI)

Example 13 with OAuthProblemException

use of org.apache.amber.oauth2.common.exception.OAuthProblemException in project tesla by linking12.

the class OauthTokenController method authorize.

@RequestMapping("token")
public void authorize(HttpServletRequest request, HttpServletResponse response) throws OAuthSystemException {
    try {
        OAuthTokenxRequest tokenRequest = new OAuthTokenxRequest(request);
        OAuthTokenHandleDispatcher tokenHandleDispatcher = new OAuthTokenHandleDispatcher(tokenRequest, response);
        tokenHandleDispatcher.dispatch();
    } catch (OAuthProblemException e) {
        LOG.debug(e.getMessage(), e);
        OAuthResponse oAuthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).location(e.getRedirectUri()).error(e).buildJSONMessage();
        WebUtils.writeOAuthJsonResponse(response, oAuthResponse);
    }
}
Also used : OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) OAuthTokenxRequest(io.github.tesla.authz.controller.oauth2.OAuthTokenxRequest) OAuthTokenHandleDispatcher(io.github.tesla.authz.controller.oauth2.token.OAuthTokenHandleDispatcher) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 14 with OAuthProblemException

use of org.apache.amber.oauth2.common.exception.OAuthProblemException in project components by Talend.

the class Oauth2ImplicitClient method getToken.

public <T extends OAuthAccessTokenResponse> T getToken(Class<T> tokenResponseClass) {
    try {
        TokenRequestBuilder builder = // 
        OAuthClientRequest.tokenLocation(// 
        tokenLocation.toString()).setGrantType(// 
        grantType).setClientId(// 
        clientID).setClientSecret(clientSecret);
        if (GrantType.AUTHORIZATION_CODE == grantType) {
            builder = // 
            builder.setRedirectURI(callbackURL.toString()).setCode(getAuthorizationCode());
        } else if (GrantType.REFRESH_TOKEN == grantType) {
            builder = builder.setRefreshToken(refreshToken);
        }
        OAuthClientRequest request = builder.buildQueryMessage();
        OAuthClient oauthClient = new OAuthClient(new URLConnectionClient());
        return oauthClient.accessToken(request, tokenResponseClass);
    } catch (OAuthSystemException e) {
        throw new RuntimeException(e);
    } catch (OAuthProblemException e) {
        throw new RuntimeException(e);
    }
}
Also used : TokenRequestBuilder(org.apache.oltu.oauth2.client.request.OAuthClientRequest.TokenRequestBuilder) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) URLConnectionClient(org.apache.oltu.oauth2.client.URLConnectionClient) OAuthClient(org.apache.oltu.oauth2.client.OAuthClient) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuthClientRequest(org.apache.oltu.oauth2.client.request.OAuthClientRequest)

Example 15 with OAuthProblemException

use of org.apache.amber.oauth2.common.exception.OAuthProblemException in project entando-core by entando.

the class ApiRestServer method extractOAuthParameters.

protected void extractOAuthParameters(HttpServletRequest request, String permission) throws ApiException {
    try {
        _logger.info("Permission required: {}", permission);
        OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
        // Get the access token
        String accessToken = requestMessage.getAccessToken();
        IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
        final OAuth2Token token = tokenManager.getApiOAuth2Token(accessToken);
        if (token != null) {
            // Validate the access token
            if (!token.getAccessToken().equals(accessToken)) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token does not match", Response.Status.UNAUTHORIZED);
            } else // check if access token is expired
            if (token.getExpiresIn().getTime() < System.currentTimeMillis()) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token expired", Response.Status.UNAUTHORIZED);
            }
            String username = token.getClientId();
            IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
            UserDetails user = userManager.getUser(username);
            if (user != null) {
                _logger.info("User {} requesting resource that requires {} permission ", username, permission);
                request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
                if (permission != null) {
                    IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, request);
                    user.addAuthorizations(authManager.getUserAuthorizations(username));
                    if (!authManager.isAuthOnPermission(user, permission)) {
                        List<Role> roles = authManager.getUserRoles(user);
                        for (Role role : roles) {
                            _logger.info("User {} requesting resource has {} permission ", username, role.getPermissions().toArray()[0]);
                        }
                        _logger.info("User {} requesting resource has {} permission ", username, "none");
                        throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
                    }
                }
            }
        } else {
            if (accessToken != null) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token not found, request new one", Response.Status.UNAUTHORIZED);
            }
            throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
        }
    } catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
        _logger.error("System exception {}", ex);
        throw new ApiException(IApiErrorCodes.SERVER_ERROR, ex.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
    }
}
Also used : OAuthAccessResourceRequest(org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest) IUserManager(com.agiletec.aps.system.services.user.IUserManager) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token) ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException) IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager) Role(com.agiletec.aps.system.services.role.Role) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) UserDetails(com.agiletec.aps.system.services.user.UserDetails) IApiOAuth2TokenManager(org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)

Aggregations

OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)20 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)14 OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)9 IOException (java.io.IOException)5 MD5Generator (org.apache.oltu.oauth2.as.issuer.MD5Generator)5 OAuthAccessResourceRequest (org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)5 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)5 URI (java.net.URI)4 OAuthIssuerImpl (org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl)4 OAuthClientRequest (org.apache.oltu.oauth2.client.request.OAuthClientRequest)4 ServletException (javax.servlet.ServletException)3 OAuthTokenRequest (org.apache.oltu.oauth2.as.request.OAuthTokenRequest)3 BimserverDatabaseException (org.bimserver.BimserverDatabaseException)3 DatabaseSession (org.bimserver.database.DatabaseSession)3 ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)2 IUserManager (com.agiletec.aps.system.services.user.IUserManager)2 UserDetails (com.agiletec.aps.system.services.user.UserDetails)2 URISyntaxException (java.net.URISyntaxException)2 OAuthIssuer (org.apache.oltu.oauth2.as.issuer.OAuthIssuer)2 OAuthAuthzRequest (org.apache.oltu.oauth2.as.request.OAuthAuthzRequest)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial