Examples with IOAuthConsumerManager org.entando.entando.aps.system.services.oauth2.IOAuthConsumerManager used on opensource projects

Example 1 with IOAuthConsumerManager

use of org.entando.entando.aps.system.services.oauth2.IOAuthConsumerManager in project entando-core by entando.

the class AuthEndpointServlet method validateClient.

private boolean validateClient(final OAuthAuthzRequest oauthRequest, HttpServletRequest request, HttpServletResponse response) throws OAuthProblemException {
    final IOAuthConsumerManager consumerManager = (IOAuthConsumerManager) ApsWebApplicationUtils.getBean(SystemConstants.OAUTH_CONSUMER_MANAGER, request);
    final String clientId = oauthRequest.getClientId();
    try {
        final ConsumerRecordVO clientDetail = consumerManager.getConsumerRecord(clientId);
        if (clientDetail != null) {
            if (!clientDetail.getKey().equals(oauthRequest.getClientId())) {
                throw OAuthUtils.handleOAuthProblemException("Invalid clientId");
            } else if (clientDetail.getExpirationDate().getTime() < System.currentTimeMillis()) {
                throw OAuthUtils.handleOAuthProblemException("ClientId is expired");
            } else if (!clientDetail.getCallbackUrl().equals(oauthRequest.getRedirectURI())) {
                throw OAuthUtils.handleOAuthProblemException("Invalid redirectUri");
            }
            return true;
        }
    } catch (ApsSystemException e) {
        logger.error("ApsSystemException {}", e.getMessage());
        try {
            response.sendError(500);
        } catch (IOException e1) {
            logger.error("IOException {}", e1);
        }
        return false;
    }
    return false;
}

Example 2 with IOAuthConsumerManager

use of org.entando.entando.aps.system.services.oauth2.IOAuthConsumerManager in project entando-core by entando.

the class TokenEndpointServlet method validateClientWithAuthorizationCode.

private OAuthResponse validateClientWithAuthorizationCode(HttpServletRequest request) throws Throwable {
    try {
        final OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);
        IOAuthConsumerManager consumerManager = (IOAuthConsumerManager) ApsWebApplicationUtils.getBean(SystemConstants.OAUTH_CONSUMER_MANAGER, request);
        IApiOAuthorizationCodeManager codeManager = (IApiOAuthorizationCodeManager) ApsWebApplicationUtils.getBean(SystemConstants.OAUTH2_AUTHORIZATION_CODE_MANAGER, request);
        if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.AUTHORIZATION_CODE.toString()) || oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.REFRESH_TOKEN.toString())) {
            final String clientId = oauthRequest.getClientId();
            final String oauthType = GrantType.AUTHORIZATION_CODE.toString();
            final String authCode = oauthRequest.getParam(OAuth.OAUTH_CODE);
            final String clientSecret = oauthRequest.getClientSecret();
            boolean checkVerifyAccess = codeManager.verifyAccess(clientId, clientSecret, consumerManager);
            if (!checkVerifyAccess) {
                _logger.error(ERROR_AUTHENTICATION_FAILED);
                return null;
            } else if (!codeManager.verifyCode(authCode, request.getRemoteAddr())) {
                _logger.error("OAuth2 authcode does not match or the source of client is different");
                return null;
            }
            return this.registerToken(request, clientId, oauthType, null);
        } else if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.PASSWORD.toString())) {
            final String username = oauthRequest.getUsername();
            final String password = oauthRequest.getPassword();
            final String oauthType = GrantType.PASSWORD.toString();
            IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
            UserDetails user = userManager.getUser(username, password);
            if (user == null) {
                _logger.error(ERROR_AUTHENTICATION_FAILED);
                return null;
            }
            return this.registerToken(request, username, oauthType, null);
        } else {
            return null;
        }
    } catch (OAuthSystemException e) {
        _logger.error("OAuthSystemException - {} ", e);
        return null;
    } catch (OAuthProblemException e) {
        _logger.error("OAuthProblemException - {} ", e.getError().concat(" ").concat(e.getDescription()));
        _logger.debug("OAuthProblemException - {} ", e);
        return null;
    }
}

Example 3 with IOAuthConsumerManager

use of org.entando.entando.aps.system.services.oauth2.IOAuthConsumerManager in project entando-core by entando.

the class ApiOAuthorizationCodeManager method verifyAccess.

@Override
public boolean verifyAccess(String clientId, String clientSecret, IOAuthConsumerManager consumerManager) throws Throwable {
    final ConsumerRecordVO record = consumerManager.getConsumerRecord(clientId);
    final Date now = new Date();
    if (null != record) {
        if (!record.getKey().equals(clientId)) {
            _logger.info("client id does not match");
            return false;
        } else if (!record.getSecret().equals(clientSecret)) {
            _logger.info("client secret does not match");
            return false;
        } else if (record.getExpirationDate().getTime() < now.getTime()) {
            _logger.info("client secret expired");
            return false;
        }
        // finally
        return true;
    } else {
        _logger.info("client ID not found");
    }
    return false;
}