Example 1 with OAuth20IntrospectionAccessTokenResponse
use of org.apereo.cas.support.oauth.web.response.introspection.OAuth20IntrospectionAccessTokenResponse in project cas by apereo.
the class OAuth20IntrospectionEndpointController method createIntrospectionValidResponse.
/**
* Create introspection response OAuth introspection access token response.
*
* @param ticket the ticket
* @return the OAuth introspection access token response
*/
protected OAuth20IntrospectionAccessTokenResponse createIntrospectionValidResponse(final OAuth20AccessToken ticket) {
val introspect = new OAuth20IntrospectionAccessTokenResponse();
introspect.setScope("CAS");
if (ticket != null) {
introspect.setClientId(ticket.getClientId());
introspect.setAud(ticket.getService().getId());
introspect.setActive(true);
val authentication = ticket.getAuthentication();
val subject = authentication.getPrincipal().getId();
introspect.setSub(subject);
introspect.setUniqueSecurityName(subject);
introspect.setIat(ticket.getCreationTime().toInstant().getEpochSecond());
introspect.setExp(introspect.getIat() + ticket.getExpirationPolicy().getTimeToLive());
val methods = authentication.getAttributes().get(AuthenticationManager.AUTHENTICATION_METHOD_ATTRIBUTE);
val realmNames = CollectionUtils.toCollection(methods).stream().map(Object::toString).collect(Collectors.joining(","));
introspect.setRealmName(realmNames);
introspect.setTokenType(OAuth20Constants.TOKEN_TYPE_BEARER);
val grant = authentication.getAttributes().getOrDefault(OAuth20Constants.GRANT_TYPE, new ArrayList<>(0));
if (!grant.isEmpty()) {
introspect.setGrantType(grant.get(0).toString().toLowerCase());
}
} else {
introspect.setActive(false);
}
return introspect;
}
Also used :
lombok.val(lombok.val)
OAuth20IntrospectionAccessTokenResponse(org.apereo.cas.support.oauth.web.response.introspection.OAuth20IntrospectionAccessTokenResponse)
Example 2 with OAuth20IntrospectionAccessTokenResponse
use of org.apereo.cas.support.oauth.web.response.introspection.OAuth20IntrospectionAccessTokenResponse in project cas by apereo.
the class OAuth20IntrospectionEndpointController method handlePostRequest.
/**
* Handle post request.
*
* @param request the request
* @param response the response
* @return the response entity
*/
@PostMapping(consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE, produces = MediaType.APPLICATION_JSON_VALUE, value = '/' + OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.INTROSPECTION_URL)
public ResponseEntity<OAuth20IntrospectionAccessTokenResponse> handlePostRequest(final HttpServletRequest request, final HttpServletResponse response) {
ResponseEntity<OAuth20IntrospectionAccessTokenResponse> result;
try {
val authExtractor = new BasicAuthExtractor();
val context = new JEEContext(request, response);
val credentialsResult = authExtractor.extract(context, getConfigurationContext().getSessionStore());
if (credentialsResult.isEmpty()) {
LOGGER.warn("Unable to locate and extract credentials from the request");
return buildUnauthorizedResponseEntity(OAuth20Constants.INVALID_CLIENT, true);
}
val credentials = (UsernamePasswordCredentials) credentialsResult.get();
val service = OAuth20Utils.getRegisteredOAuthServiceByClientId(getConfigurationContext().getServicesManager(), credentials.getUsername());
if (service == null) {
LOGGER.warn("Unable to locate service definition by client id [{}]", credentials.getUsername());
return buildUnauthorizedResponseEntity(OAuth20Constants.INVALID_CLIENT, true);
}
val validationError = validateIntrospectionRequest(service, credentials, request);
if (validationError.isPresent()) {
result = validationError.get();
} else {
val accessToken = StringUtils.defaultIfBlank(request.getParameter(OAuth20Constants.TOKEN), request.getParameter(OAuth20Constants.ACCESS_TOKEN));
LOGGER.debug("Located access token [{}] in the request", accessToken);
var ticket = (OAuth20AccessToken) null;
try {
val token = extractAccessTokenFrom(accessToken);
ticket = getConfigurationContext().getCentralAuthenticationService().getTicket(token, OAuth20AccessToken.class);
} catch (final InvalidTicketException e) {
LOGGER.trace(e.getMessage(), e);
LOGGER.info("Unable to fetch access token [{}]: [{}]", accessToken, e.getMessage());
}
val introspect = createIntrospectionValidResponse(ticket);
result = new ResponseEntity<>(introspect, HttpStatus.OK);
}
} catch (final Exception e) {
LoggingUtils.error(LOGGER, e);
result = new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
}
return result;
}
Also used :
lombok.val(lombok.val)
OAuth20AccessToken(org.apereo.cas.ticket.accesstoken.OAuth20AccessToken)
BasicAuthExtractor(org.pac4j.core.credentials.extractor.BasicAuthExtractor)
ResponseEntity(org.springframework.http.ResponseEntity)
OAuth20IntrospectionAccessTokenResponse(org.apereo.cas.support.oauth.web.response.introspection.OAuth20IntrospectionAccessTokenResponse)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
JEEContext(org.pac4j.core.context.JEEContext)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
Example 3 with OAuth20IntrospectionAccessTokenResponse
use of org.apereo.cas.support.oauth.web.response.introspection.OAuth20IntrospectionAccessTokenResponse in project cas by apereo.
the class OidcIntrospectionEndpointController method createIntrospectionValidResponse.
@Override
protected OAuth20IntrospectionAccessTokenResponse createIntrospectionValidResponse(final OAuth20AccessToken ticket) {
val r = super.createIntrospectionValidResponse(ticket);
r.setIss(getConfigurationContext().getIssuerService().determineIssuer(Optional.empty()));
FunctionUtils.doIf(r.isActive(), o -> r.setScope(String.join(" ", ticket.getScopes()))).accept(r);
return r;
}
Also used :
lombok.val(lombok.val)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
OidcConstants(org.apereo.cas.oidc.OidcConstants)
MediaType(org.springframework.http.MediaType)
lombok.val(lombok.val)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
OAuth20AccessToken(org.apereo.cas.ticket.accesstoken.OAuth20AccessToken)
OidcConfigurationContext(org.apereo.cas.oidc.OidcConfigurationContext)
HttpStatus(org.springframework.http.HttpStatus)
OAuth20IntrospectionEndpointController(org.apereo.cas.support.oauth.web.endpoints.OAuth20IntrospectionEndpointController)
FunctionUtils(org.apereo.cas.util.function.FunctionUtils)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
OAuth20IntrospectionAccessTokenResponse(org.apereo.cas.support.oauth.web.response.introspection.OAuth20IntrospectionAccessTokenResponse)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Optional(java.util.Optional)
ResponseEntity(org.springframework.http.ResponseEntity)
JEEContext(org.pac4j.core.context.JEEContext)
Aggregations
lombok.val (lombok.val)3
OAuth20IntrospectionAccessTokenResponse (org.apereo.cas.support.oauth.web.response.introspection.OAuth20IntrospectionAccessTokenResponse)3
OAuth20AccessToken (org.apereo.cas.ticket.accesstoken.OAuth20AccessToken)2
JEEContext (org.pac4j.core.context.JEEContext)2
ResponseEntity (org.springframework.http.ResponseEntity)2
PostMapping (org.springframework.web.bind.annotation.PostMapping)2
Optional (java.util.Optional)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
OidcConfigurationContext (org.apereo.cas.oidc.OidcConfigurationContext)1
OidcConstants (org.apereo.cas.oidc.OidcConstants)1
OAuth20IntrospectionEndpointController (org.apereo.cas.support.oauth.web.endpoints.OAuth20IntrospectionEndpointController)1
InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)1
FunctionUtils (org.apereo.cas.util.function.FunctionUtils)1
UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)1
BasicAuthExtractor (org.pac4j.core.credentials.extractor.BasicAuthExtractor)1
HttpStatus (org.springframework.http.HttpStatus)1
MediaType (org.springframework.http.MediaType)1
GetMapping (org.springframework.web.bind.annotation.GetMapping)1
