Search in sources :

Example 1 with IApiOAuth2TokenManager

use of org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager in project entando-core by entando.

the class TokenEndpointServlet method registerToken.

private OAuthResponse registerToken(HttpServletRequest request, final String clientId, final String oauthType, final String localUser) throws OAuthSystemException, ApsSystemException {
    int expires = 3600;
    IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
    OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
    final String accessToken = oauthIssuerImpl.accessToken();
    final String refreshToken = oauthIssuerImpl.refreshToken();
    OAuth2Token oAuth2Token = new OAuth2Token();
    oAuth2Token.setAccessToken(accessToken);
    oAuth2Token.setRefreshToken(refreshToken);
    oAuth2Token.setClientId(clientId);
    // gets a calendar using the default time zone and locale.
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.SECOND, expires);
    oAuth2Token.setExpiresIn(calendar.getTime());
    oAuth2Token.setGrantType(oauthType);
    if (localUser == null) {
        tokenManager.addApiOAuth2Token(oAuth2Token, false);
    } else {
        oAuth2Token.setLocalUser(localUser);
        tokenManager.addApiOAuth2Token(oAuth2Token, true);
    }
    return OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK).setAccessToken(accessToken).setExpiresIn(Long.toString(expires)).setRefreshToken(refreshToken).buildJSONMessage();
}
Also used : OAuthIssuerImpl(org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl) Calendar(java.util.Calendar) OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token) MD5Generator(org.apache.oltu.oauth2.as.issuer.MD5Generator) OAuthIssuer(org.apache.oltu.oauth2.as.issuer.OAuthIssuer) IApiOAuth2TokenManager(org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)

Example 2 with IApiOAuth2TokenManager

use of org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager in project entando-core by entando.

the class ApiRestServer method extractOAuthParameters.

protected void extractOAuthParameters(HttpServletRequest request, String permission) throws ApiException {
    try {
        _logger.info("Permission required: {}", permission);
        OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
        // Get the access token
        String accessToken = requestMessage.getAccessToken();
        IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
        final OAuth2Token token = tokenManager.getApiOAuth2Token(accessToken);
        if (token != null) {
            // Validate the access token
            if (!token.getAccessToken().equals(accessToken)) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token does not match", Response.Status.UNAUTHORIZED);
            } else // check if access token is expired
            if (token.getExpiresIn().getTime() < System.currentTimeMillis()) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token expired", Response.Status.UNAUTHORIZED);
            }
            String username = token.getClientId();
            IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
            UserDetails user = userManager.getUser(username);
            if (user != null) {
                _logger.info("User {} requesting resource that requires {} permission ", username, permission);
                request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
                if (permission != null) {
                    IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, request);
                    user.addAuthorizations(authManager.getUserAuthorizations(username));
                    if (!authManager.isAuthOnPermission(user, permission)) {
                        List<Role> roles = authManager.getUserRoles(user);
                        for (Role role : roles) {
                            _logger.info("User {} requesting resource has {} permission ", username, role.getPermissions().toArray()[0]);
                        }
                        _logger.info("User {} requesting resource has {} permission ", username, "none");
                        throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
                    }
                }
            }
        } else {
            if (accessToken != null) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token not found, request new one", Response.Status.UNAUTHORIZED);
            }
            throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
        }
    } catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
        _logger.error("System exception {}", ex);
        throw new ApiException(IApiErrorCodes.SERVER_ERROR, ex.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
    }
}
Also used : OAuthAccessResourceRequest(org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest) IUserManager(com.agiletec.aps.system.services.user.IUserManager) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token) ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException) IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager) Role(com.agiletec.aps.system.services.role.Role) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) UserDetails(com.agiletec.aps.system.services.user.UserDetails) IApiOAuth2TokenManager(org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)

Aggregations

IApiOAuth2TokenManager (org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)2 OAuth2Token (org.entando.entando.aps.system.services.oauth2.model.OAuth2Token)2 ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)1 IAuthorizationManager (com.agiletec.aps.system.services.authorization.IAuthorizationManager)1 Role (com.agiletec.aps.system.services.role.Role)1 IUserManager (com.agiletec.aps.system.services.user.IUserManager)1 UserDetails (com.agiletec.aps.system.services.user.UserDetails)1 Calendar (java.util.Calendar)1 MD5Generator (org.apache.oltu.oauth2.as.issuer.MD5Generator)1 OAuthIssuer (org.apache.oltu.oauth2.as.issuer.OAuthIssuer)1 OAuthIssuerImpl (org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl)1 OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)1 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)1 OAuthAccessResourceRequest (org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)1