Example 1 with DISCOVERY_URL
use of org.codice.ddf.security.token.storage.api.TokenStorage.DISCOVERY_URL in project ddf by codice.
the class OAuthPlugin method findExistingTokens.
/**
* Looks through the user's tokens to see if there are tokens from a different source connected to
* the same OAuth provider. The discovery URLs need to match. If a match is found an authorize
* source exception will be thrown so the user can authorize to query the new source instead of
* logging in.
*/
private void findExistingTokens(OAuthFederatedSource oauthSource, String sessionId, OIDCProviderMetadata metadata) throws StopProcessingException {
TokenInformation tokenInformation = tokenStorage.read(sessionId);
if (tokenInformation == null || !tokenInformation.getDiscoveryUrls().contains(oauthSource.getOauthDiscoveryUrl())) {
return;
}
// Verify that an unexpired token exists
List<TokenInformation.TokenEntry> matchingTokenEntries = tokenInformation.getTokenEntries().entrySet().stream().filter(entry -> !entry.getKey().equals(oauthSource.getId())).filter(entry -> entry.getValue().getDiscoveryUrl().equals(oauthSource.getOauthDiscoveryUrl())).map(Map.Entry::getValue).collect(Collectors.toList());
TokenInformation.TokenEntry tokenEntry = matchingTokenEntries.stream().filter(entry -> entry.getAccessToken() != null).filter(entry -> !isExpired(entry.getAccessToken())).findAny().orElse(null);
if (tokenEntry == null) {
// does one with a valid refresh token exist
tokenEntry = matchingTokenEntries.stream().filter(entry -> entry.getRefreshToken() != null).filter(entry -> !isExpired(entry.getRefreshToken())).findAny().orElse(null);
if (tokenEntry == null) {
return;
}
refreshTokens(tokenEntry.getRefreshToken(), oauthSource, sessionId, metadata);
}
LOGGER.debug("Unable to process query. The user needs to authorize to query the {} source.", oauthSource.getId());
Map<String, String> parameters = new HashMap<>();
parameters.put(SOURCE_ID, oauthSource.getId());
parameters.put(DISCOVERY_URL, oauthSource.getOauthDiscoveryUrl());
throw new OAuthPluginException(oauthSource.getId(), buildUrl(AUTHORIZE_SOURCE_ENDPOINT, parameters), AUTHORIZE_SOURCE_ENDPOINT, parameters, AUTH_SOURCE);
}
Also used :
STATE(org.codice.ddf.security.token.storage.api.TokenStorage.STATE)
Arrays(java.util.Arrays)
URL(java.net.URL)
URISyntaxException(java.net.URISyntaxException)
RefreshTokenGrant(org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant)
LoggerFactory(org.slf4j.LoggerFactory)
DefaultResourceRetriever(com.nimbusds.jose.util.DefaultResourceRetriever)
Session(org.apache.shiro.session.Session)
ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)
GsonBuilder(com.google.gson.GsonBuilder)
NO_AUTH(ddf.catalog.plugin.OAuthPluginException.ErrorType.NO_AUTH)
OAuthClientUtils(org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils)
OAuthFederatedSource(ddf.catalog.source.OAuthFederatedSource)
EXPIRES_AT(org.codice.ddf.security.token.storage.api.TokenStorage.EXPIRES_AT)
Gson(com.google.gson.Gson)
OidcTokenValidator(org.codice.ddf.security.oidc.validator.OidcTokenValidator)
Map(java.util.Map)
Bundle(org.osgi.framework.Bundle)
TokenInformation(org.codice.ddf.security.token.storage.api.TokenInformation)
ServiceReference(org.osgi.framework.ServiceReference)
Consumer(org.apache.cxf.rs.security.oauth2.client.Consumer)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
OAuthPluginException(ddf.catalog.plugin.OAuthPluginException)
InvalidSyntaxException(org.osgi.framework.InvalidSyntaxException)
URIBuilder(org.apache.http.client.utils.URIBuilder)
Collection(java.util.Collection)
UUID(java.util.UUID)
Instant(java.time.Instant)
Collectors(java.util.stream.Collectors)
BundleContext(org.osgi.framework.BundleContext)
Base64(java.util.Base64)
List(java.util.List)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
HashMap(java.util.HashMap)
TokenEntry(org.codice.ddf.security.token.storage.api.TokenInformation.TokenEntry)
SECRET(org.codice.ddf.security.token.storage.api.TokenStorage.SECRET)
SOURCE_ID(org.codice.ddf.security.token.storage.api.TokenStorage.SOURCE_ID)
Source(ddf.catalog.source.Source)
DISCOVERY_URL(org.codice.ddf.security.token.storage.api.TokenStorage.DISCOVERY_URL)
QueryRequest(ddf.catalog.operation.QueryRequest)
AUTH_SOURCE(ddf.catalog.plugin.OAuthPluginException.ErrorType.AUTH_SOURCE)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
CLIENT_ID(org.codice.ddf.security.token.storage.api.TokenStorage.CLIENT_ID)
GsonTypeAdapters(org.codice.gsonsupport.GsonTypeAdapters)
PreFederatedQueryPlugin(ddf.catalog.plugin.PreFederatedQueryPlugin)
Logger(org.slf4j.Logger)
SystemBaseUrl(org.codice.ddf.configuration.SystemBaseUrl)
OIDCProviderMetadata(com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata)
MalformedURLException(java.net.MalformedURLException)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
Scope(com.nimbusds.oauth2.sdk.Scope)
StopProcessingException(ddf.catalog.plugin.StopProcessingException)
Subject(ddf.security.Subject)
IOException(java.io.IOException)
SECURITY_SUBJECT(ddf.security.SecurityConstants.SECURITY_SUBJECT)
OidcValidationException(org.codice.ddf.security.oidc.validator.OidcValidationException)
MAP_STRING_TO_OBJECT_TYPE(org.codice.gsonsupport.GsonTypeAdapters.MAP_STRING_TO_OBJECT_TYPE)
ResourceRetriever(com.nimbusds.jose.util.ResourceRetriever)
SC_OK(org.apache.http.HttpStatus.SC_OK)
ChronoUnit(java.time.temporal.ChronoUnit)
TokenStorage(org.codice.ddf.security.token.storage.api.TokenStorage)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
AccessTokenGrant(org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant)
TypelessAccessToken(com.nimbusds.oauth2.sdk.token.TypelessAccessToken)
FrameworkUtil(org.osgi.framework.FrameworkUtil)
TokenEntry(org.codice.ddf.security.token.storage.api.TokenInformation.TokenEntry)
OAuthPluginException(ddf.catalog.plugin.OAuthPluginException)
TokenEntry(org.codice.ddf.security.token.storage.api.TokenInformation.TokenEntry)
HashMap(java.util.HashMap)
TokenInformation(org.codice.ddf.security.token.storage.api.TokenInformation)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
Gson (com.google.gson.Gson)1
GsonBuilder (com.google.gson.GsonBuilder)1
DefaultResourceRetriever (com.nimbusds.jose.util.DefaultResourceRetriever)1
ResourceRetriever (com.nimbusds.jose.util.ResourceRetriever)1
ParseException (com.nimbusds.oauth2.sdk.ParseException)1
Scope (com.nimbusds.oauth2.sdk.Scope)1
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)1
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)1
TypelessAccessToken (com.nimbusds.oauth2.sdk.token.TypelessAccessToken)1
OIDCProviderMetadata (com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata)1
QueryRequest (ddf.catalog.operation.QueryRequest)1
OAuthPluginException (ddf.catalog.plugin.OAuthPluginException)1
AUTH_SOURCE (ddf.catalog.plugin.OAuthPluginException.ErrorType.AUTH_SOURCE)1
NO_AUTH (ddf.catalog.plugin.OAuthPluginException.ErrorType.NO_AUTH)1
PreFederatedQueryPlugin (ddf.catalog.plugin.PreFederatedQueryPlugin)1
StopProcessingException (ddf.catalog.plugin.StopProcessingException)1
OAuthFederatedSource (ddf.catalog.source.OAuthFederatedSource)1
Source (ddf.catalog.source.Source)1
SECURITY_SUBJECT (ddf.security.SecurityConstants.SECURITY_SUBJECT)1
