use of org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestDataHolder in project cas by apereo.
the class OAuth20AuthorizeEndpointController method buildAuthorizationForRequest.
/**
* Build callback url for request string.
*
* @param registeredService the registered service
* @param context the context
* @param clientId the client id
* @param service the service
* @param authentication the authentication
* @return the string
*/
protected View buildAuthorizationForRequest(final OAuthRegisteredService registeredService, final J2EContext context, final String clientId, final Service service, final Authentication authentication) {
final OAuth20AuthorizationResponseBuilder builder = this.oauthAuthorizationResponseBuilders.stream().filter(b -> b.supports(context)).findFirst().orElseThrow(() -> new IllegalArgumentException("Could not build the callback url. Response type likely not supported"));
final TicketGrantingTicket ticketGrantingTicket = CookieUtils.getTicketGrantingTicketFromRequest(ticketGrantingTicketCookieGenerator, this.ticketRegistry, context.getRequest());
final String grantType = StringUtils.defaultIfEmpty(context.getRequestParameter(OAuth20Constants.GRANT_TYPE), OAuth20GrantTypes.AUTHORIZATION_CODE.getType()).toUpperCase();
final Set<String> scopes = OAuth20Utils.parseRequestScopes(context);
final AccessTokenRequestDataHolder holder = new AccessTokenRequestDataHolder(service, authentication, registeredService, ticketGrantingTicket, OAuth20GrantTypes.valueOf(grantType), scopes);
LOGGER.debug("Building authorization response for grant type [{}] with scopes [{}] for client id [{}]", grantType, scopes, clientId);
return builder.build(context, clientId, holder);
}
use of org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestDataHolder in project cas by apereo.
the class AccessTokenGrantRequestAuditResourceResolver method resolveFrom.
@Override
public String[] resolveFrom(final JoinPoint auditableTarget, final Object retval) {
Objects.requireNonNull(retval, "AccessTokenRequestDataHolder must not be null");
final AccessTokenRequestDataHolder accessTokenRequest = AccessTokenRequestDataHolder.class.cast(retval);
final String tokenId = accessTokenRequest.getToken() == null ? "N/A" : accessTokenRequest.getToken().getId();
final String result = new ToStringBuilder(this, NO_CLASS_NAME_STYLE).append("oauth_token", tokenId).append("client_id", accessTokenRequest.getRegisteredService().getClientId()).append("client_service", accessTokenRequest.getService().getId()).append("grant_type", accessTokenRequest.getGrantType().getType()).append("scopes", accessTokenRequest.getScopes()).toString();
return new String[] { result };
}
use of org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestDataHolder in project cas by apereo.
the class OAuth20AccessTokenEndpointController method handleRequest.
/**
* Handle request internal model and view.
*
* @param request the request
* @param response the response
* @throws Exception the exception
*/
@PostMapping(path = { OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.ACCESS_TOKEN_URL, OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.TOKEN_URL })
@SneakyThrows
public void handleRequest(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
response.setContentType(MediaType.TEXT_PLAIN_VALUE);
try {
if (!verifyAccessTokenRequest(request, response)) {
throw new IllegalArgumentException("Access token validation failed");
}
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
OAuth20Utils.writeTextError(response, OAuth20Constants.INVALID_REQUEST);
return;
}
final AccessTokenRequestDataHolder requestHolder;
try {
requestHolder = examineAndExtractAccessTokenGrantRequest(request, response);
LOGGER.debug("Creating access token for [{}]", requestHolder);
} catch (final Exception e) {
LOGGER.error("Could not identify and extract access token request", e);
OAuth20Utils.writeTextError(response, OAuth20Constants.INVALID_GRANT);
return;
}
final J2EContext context = Pac4jUtils.getPac4jJ2EContext(request, response);
final Pair<AccessToken, RefreshToken> accessToken = accessTokenGenerator.generate(requestHolder);
LOGGER.debug("Access token generated is: [{}]. Refresh token generated is [{}]", accessToken.getKey(), accessToken.getValue());
generateAccessTokenResponse(request, response, requestHolder, context, accessToken.getKey(), accessToken.getValue());
response.setStatus(HttpServletResponse.SC_OK);
}
Aggregations