Search in sources :

Example 21 with OAuthResponse

use of org.apache.oltu.oauth2.common.message.OAuthResponse in project entando-core by entando.

the class AuthEndpointServlet method doGet.

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    OAuthAuthzRequest oauthRequest = null;
    OAuthIssuerImpl oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
    IApiOAuthorizationCodeManager codeManager = (IApiOAuthorizationCodeManager) ApsWebApplicationUtils.getBean(SystemConstants.OAUTH2_AUTHORIZATION_CODE_MANAGER, request);
    try {
        oauthRequest = new OAuthAuthzRequest(request);
        if (validateClient(oauthRequest, request, response)) {
            // build response according to response_type
            String responseType = oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE) == null ? OAuth.OAUTH_RESPONSE_TYPE : oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE);
            OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND);
            final String authorizationCode = oauthIssuerImpl.authorizationCode();
            final int expires = 3;
            AuthorizationCode authCode = new AuthorizationCode();
            authCode.setAuthorizationCode(authorizationCode);
            // gets a calendar using the default time zone and locale.
            Calendar calendar = Calendar.getInstance();
            calendar.add(Calendar.SECOND, expires);
            authCode.setExpires(calendar.getTimeInMillis());
            authCode.setClientId(oauthRequest.getClientId());
            authCode.setSource(request.getRemoteAddr());
            codeManager.addAuthorizationCode(authCode);
            if (responseType.equals(ResponseType.CODE.toString())) {
                builder.setCode(authorizationCode);
            }
            if (responseType.equals(ResponseType.TOKEN.toString())) {
                builder.setAccessToken(authorizationCode);
                builder.setExpiresIn((long) expires);
            }
            String redirectURI = oauthRequest.getParam(OAuth.OAUTH_REDIRECT_URI);
            final OAuthResponse resp = builder.location(redirectURI).buildQueryMessage();
            final int status = resp.getResponseStatus();
            response.setStatus(status);
            response.sendRedirect(resp.getLocationUri());
        } else {
            logger.warn("OAuth2 authentication failed");
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        }
    } catch (OAuthSystemException ex) {
        logger.error("System exception {} ", ex.getMessage());
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    } catch (OAuthProblemException ex) {
        logger.error("OAuth2 error {} ", ex.getMessage());
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
    } catch (IOException e) {
        logger.error("IOException {} ", e);
    }
}
Also used : AuthorizationCode(org.entando.entando.aps.system.services.oauth2.model.AuthorizationCode) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) Calendar(java.util.Calendar) IOException(java.io.IOException) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) OAuthIssuerImpl(org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl) OAuthAuthzRequest(org.apache.oltu.oauth2.as.request.OAuthAuthzRequest) IApiOAuthorizationCodeManager(org.entando.entando.aps.system.services.oauth2.IApiOAuthorizationCodeManager) MD5Generator(org.apache.oltu.oauth2.as.issuer.MD5Generator) OAuthASResponse(org.apache.oltu.oauth2.as.response.OAuthASResponse)

Example 22 with OAuthResponse

use of org.apache.oltu.oauth2.common.message.OAuthResponse in project entando-core by entando.

the class TokenEndpointServlet method doPost.

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    try {
        final OAuthResponse oAuthResponse = this.validateClientWithAuthorizationCode(request);
        if (oAuthResponse != null) {
            response.setStatus(oAuthResponse.getResponseStatus());
            PrintWriter pw = response.getWriter();
            pw.print(oAuthResponse.getBody());
            pw.flush();
            pw.close();
        } else {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, ERROR_AUTHENTICATION_FAILED);
        }
    } catch (Throwable e) {
        _logger.error("OAuthSystemException exception {} ", e.getMessage());
        try {
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        } catch (IOException e1) {
            _logger.error("IOException - IOException exception {} ", e1);
        }
    }
}
Also used : IOException(java.io.IOException) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) PrintWriter(java.io.PrintWriter)

Example 23 with OAuthResponse

use of org.apache.oltu.oauth2.common.message.OAuthResponse in project dq-easy-cloud by dq-open-cloud.

the class EcAuthorizeController method authorize.

@RequestMapping("/toAuthorize")
public Object authorize(Model model, HttpServletRequest request) throws URISyntaxException, OAuthSystemException {
    // http://localhost:8100/authorize/toAuthorize?redirect_uri=https://www.baidu.com/&response_type=code&client_id=1&state=bb38108d1aaf567c72da0f1167e87142d0e20cb2bb24ec5a
    try {
        // 构建OAuth 授权请求
        OAuthAuthzRequest oauthRequest = new OAuthAuthzRequest(request);
        boolean checkClient = false;
        // 检查传入的客户端id是否正确
        if (checkClient) {
            OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).setError(OAuthError.TokenResponse.INVALID_CLIENT).setErrorDescription("非法用户").buildJSONMessage();
            return new ResponseEntity(response.getBody(), HttpStatus.valueOf(response.getResponseStatus()));
        }
        Subject subject = SecurityUtils.getSubject();
        // 如果用户没有登录,跳转到登陆页面
        if (!subject.isAuthenticated()) {
            if (!login(subject, request)) {
                // model.addAttribute("client", clientService.findByClientId(oauthRequest.getClientId()));
                return "oauth2login";
            }
        }
        String username = (String) subject.getPrincipal();
        // 生成授权码
        String authorizationCode = null;
        // responseType目前仅支持CODE,另外还有TOKEN
        String responseType = oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE);
        if (responseType.equals(ResponseType.CODE.toString())) {
            OAuthIssuerImpl oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
            authorizationCode = oauthIssuerImpl.authorizationCode();
            codeCache.put(authorizationCode, "zhangsan");
        // oAuthService.addAuthCode(authorizationCode, username);
        }
        // 进行OAuth响应构建
        OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND);
        // 设置授权码
        builder.setCode(authorizationCode);
        // 得到到客户端重定向地址
        String redirectURI = oauthRequest.getParam(OAuth.OAUTH_REDIRECT_URI);
        // 构建响应
        final OAuthResponse response = builder.location(redirectURI).buildQueryMessage();
        // 根据OAuthResponse返回ResponseEntity响应
        HttpHeaders headers = new HttpHeaders();
        headers.setLocation(new URI(response.getLocationUri()));
        return new ResponseEntity(headers, HttpStatus.valueOf(response.getResponseStatus()));
    } catch (OAuthProblemException e) {
        logger.error(e.getMessage(), e);
        // 出错处理
        String redirectUri = e.getRedirectUri();
        if (OAuthUtils.isEmpty(redirectUri)) {
            // 告诉客户端没有传入redirectUri直接报错
            return new ResponseEntity("OAuth callback url needs to be provided by client!!!", HttpStatus.NOT_FOUND);
        }
        // 返回错误消息(如?error=)
        final OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).error(e).location(redirectUri).buildQueryMessage();
        HttpHeaders headers = new HttpHeaders();
        headers.setLocation(new URI(response.getLocationUri()));
        return new ResponseEntity(headers, HttpStatus.valueOf(response.getResponseStatus()));
    }
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) URI(java.net.URI) Subject(org.apache.shiro.subject.Subject) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) OAuthIssuerImpl(org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl) ResponseEntity(org.springframework.http.ResponseEntity) OAuthAuthzRequest(org.apache.oltu.oauth2.as.request.OAuthAuthzRequest) MD5Generator(org.apache.oltu.oauth2.as.issuer.MD5Generator) OAuthASResponse(org.apache.oltu.oauth2.as.response.OAuthASResponse) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 24 with OAuthResponse

use of org.apache.oltu.oauth2.common.message.OAuthResponse in project dq-easy-cloud by dq-open-cloud.

the class EcAuthorizeController method userInfo.

@RequestMapping("/userInfo")
public HttpEntity userInfo(HttpServletRequest request) throws OAuthSystemException {
    try {
        // 构建OAuth资源请求
        OAuthAccessResourceRequest oauthRequest = new OAuthAccessResourceRequest(request, ParameterStyle.QUERY);
        // 获取Access Token
        String accessToken = oauthRequest.getAccessToken();
        // 验证Access Token
        boolean accessTokenFlag = false;
        // if (!oAuthService.checkAccessToken(accessToken)) {
        if (accessTokenFlag) {
            // 如果不存在/过期了,返回未验证错误,需重新验证
            OAuthResponse oauthResponse = OAuthRSResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED).setRealm("过期了").setError(OAuthError.ResourceResponse.INVALID_TOKEN).buildHeaderMessage();
            HttpHeaders headers = new HttpHeaders();
            headers.add(OAuth.HeaderType.WWW_AUTHENTICATE, oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));
            return new ResponseEntity(headers, HttpStatus.UNAUTHORIZED);
        }
        // 返回用户名
        // String username = oAuthService.getUsernameByAccessToken(accessToken);
        Object username = tokenCache.get(accessToken);
        return new ResponseEntity(username, HttpStatus.OK);
    } catch (OAuthProblemException e) {
        // 检查是否设置了错误码
        String errorCode = e.getError();
        if (OAuthUtils.isEmpty(errorCode)) {
            OAuthResponse oauthResponse = OAuthRSResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED).setRealm("server").buildHeaderMessage();
            HttpHeaders headers = new HttpHeaders();
            headers.add(OAuth.HeaderType.WWW_AUTHENTICATE, oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));
            return new ResponseEntity(headers, HttpStatus.UNAUTHORIZED);
        }
        OAuthResponse oauthResponse = OAuthRSResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED).setRealm("server").setError(e.getError()).setErrorDescription(e.getDescription()).setErrorUri(e.getUri()).buildHeaderMessage();
        HttpHeaders headers = new HttpHeaders();
        headers.add(OAuth.HeaderType.WWW_AUTHENTICATE, oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));
        return new ResponseEntity(HttpStatus.BAD_REQUEST);
    }
}
Also used : OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) HttpHeaders(org.springframework.http.HttpHeaders) ResponseEntity(org.springframework.http.ResponseEntity) OAuthAccessResourceRequest(org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 25 with OAuthResponse

use of org.apache.oltu.oauth2.common.message.OAuthResponse in project BIMserver by opensourceBIM.

the class OAuthAuthorizationServlet method makeUrl.

private URI makeUrl(String redirectURI, OAuthAuthorizationCode oauthCode, OAuthAuthorizationResponseBuilder builder) throws OAuthSystemException, URISyntaxException {
    String siteAddress = getBimServer().getServerSettingsCache().getServerSettings().getSiteAddress();
    OAuthAuthorizationResponseBuilder build = builder.location(redirectURI).setParam("address", siteAddress + "/json");
    build.setParam("serviceaddress", siteAddress + "/services");
    build.setParam("websocketUrl", siteAddress.replace("http://", "ws://").replace("https://", "wss://") + "/stream");
    if (oauthCode.getAuthorization() instanceof SingleProjectAuthorization) {
        SingleProjectAuthorization singleProjectAuthorization = (SingleProjectAuthorization) oauthCode.getAuthorization();
        build.setParam("poid", "" + singleProjectAuthorization.getProject().getOid());
    } else if (oauthCode.getAuthorization() instanceof RunServiceAuthorization) {
        RunServiceAuthorization auth = (RunServiceAuthorization) oauthCode.getAuthorization();
        build.setParam("soid", "" + auth.getService().getOid());
    }
    final OAuthResponse response = build.buildQueryMessage();
    String locationUri = response.getLocationUri();
    URI url = new URI(locationUri);
    return url;
}
Also used : OAuthAuthorizationResponseBuilder(org.apache.oltu.oauth2.as.response.OAuthASResponse.OAuthAuthorizationResponseBuilder) SingleProjectAuthorization(org.bimserver.models.store.SingleProjectAuthorization) RunServiceAuthorization(org.bimserver.models.store.RunServiceAuthorization) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse) URI(java.net.URI)

Aggregations

OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)22 OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)10 MD5Generator (org.apache.oltu.oauth2.as.issuer.MD5Generator)6 OAuthIssuerImpl (org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl)5 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)5 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)5 AccessToken (io.github.tesla.authz.domain.AccessToken)4 IOException (java.io.IOException)4 OAuthASResponse (org.apache.oltu.oauth2.as.response.OAuthASResponse)4 ClientDetails (io.github.tesla.authz.domain.ClientDetails)3 URI (java.net.URI)3 ServletException (javax.servlet.ServletException)3 OAuthIssuer (org.apache.oltu.oauth2.as.issuer.OAuthIssuer)3 OAuthAuthzRequest (org.apache.oltu.oauth2.as.request.OAuthAuthzRequest)3 OAuthTokenRequest (org.apache.oltu.oauth2.as.request.OAuthTokenRequest)3 BimserverDatabaseException (org.bimserver.BimserverDatabaseException)3 DatabaseSession (org.bimserver.database.DatabaseSession)3 RunServiceAuthorization (org.bimserver.models.store.RunServiceAuthorization)3 AbstractClientDetailsValidator (io.github.tesla.authz.controller.oauth2.validator.AbstractClientDetailsValidator)2 PrintWriter (java.io.PrintWriter)2