Examples with ConsumerRecordVO org.entando.entando.aps.system.services.oauth2.model.ConsumerRecordVO used on opensource projects

Example 1 with ConsumerRecordVO

use of org.entando.entando.aps.system.services.oauth2.model.ConsumerRecordVO in project entando-core by entando.

the class AuthEndpointServlet method validateClient.

private boolean validateClient(final OAuthAuthzRequest oauthRequest, HttpServletRequest request, HttpServletResponse response) throws OAuthProblemException {
    final IOAuthConsumerManager consumerManager = (IOAuthConsumerManager) ApsWebApplicationUtils.getBean(SystemConstants.OAUTH_CONSUMER_MANAGER, request);
    final String clientId = oauthRequest.getClientId();
    try {
        final ConsumerRecordVO clientDetail = consumerManager.getConsumerRecord(clientId);
        if (clientDetail != null) {
            if (!clientDetail.getKey().equals(oauthRequest.getClientId())) {
                throw OAuthUtils.handleOAuthProblemException("Invalid clientId");
            } else if (clientDetail.getExpirationDate().getTime() < System.currentTimeMillis()) {
                throw OAuthUtils.handleOAuthProblemException("ClientId is expired");
            } else if (!clientDetail.getCallbackUrl().equals(oauthRequest.getRedirectURI())) {
                throw OAuthUtils.handleOAuthProblemException("Invalid redirectUri");
            }
            return true;
        }
    } catch (ApsSystemException e) {
        logger.error("ApsSystemException {}", e.getMessage());
        try {
            response.sendError(500);
        } catch (IOException e1) {
            logger.error("IOException {}", e1);
        }
        return false;
    }
    return false;
}

Example 2 with ConsumerRecordVO

use of org.entando.entando.aps.system.services.oauth2.model.ConsumerRecordVO in project entando-core by entando.

the class ApiOAuthorizationCodeManager method verifyAccess.

@Override
public boolean verifyAccess(String clientId, String clientSecret, IOAuthConsumerManager consumerManager) throws Throwable {
    final ConsumerRecordVO record = consumerManager.getConsumerRecord(clientId);
    final Date now = new Date();
    if (null != record) {
        if (!record.getKey().equals(clientId)) {
            _logger.info("client id does not match");
            return false;
        } else if (!record.getSecret().equals(clientSecret)) {
            _logger.info("client secret does not match");
            return false;
        } else if (record.getExpirationDate().getTime() < now.getTime()) {
            _logger.info("client secret expired");
            return false;
        }
        // finally
        return true;
    } else {
        _logger.info("client ID not found");
    }
    return false;
}

Example 3 with ConsumerRecordVO

use of org.entando.entando.aps.system.services.oauth2.model.ConsumerRecordVO in project entando-core by entando.

the class ConsumerAction method checkForDelete.

protected String checkForDelete() throws ApsSystemException {
    ConsumerRecordVO consumer = this.getOauthConsumerManager().getConsumerRecord(this.getConsumerKey());
    if (null == consumer) {
        String[] args = { this.getConsumerKey() };
        this.addActionError(this.getText("error.consumer.notExist", args));
        return "list";
    }
    return null;
}

Example 4 with ConsumerRecordVO

use of org.entando.entando.aps.system.services.oauth2.model.ConsumerRecordVO in project entando-core by entando.

the class ConsumerAction method edit.

public String edit() {
    try {
        this.setStrutsAction(ApsAdminSystemConstants.EDIT);
        ConsumerRecordVO consumer = this.getOauthConsumerManager().getConsumerRecord(this.getConsumerKey());
        if (null == consumer) {
            String[] args = { this.getConsumerKey() };
            this.addActionError(this.getText("error.consumer.notExist", args));
            return "list";
        }
        this.setCallbackUrl(consumer.getCallbackUrl());
        this.setDescription(consumer.getDescription());
        this.setName(consumer.getName());
        this.setScope(consumer.getScope());
        this.setExpirationDate(consumer.getExpirationDate());
        this.setSecret(consumer.getSecret());
    } catch (Throwable t) {
        _logger.error("error in edit", t);
        return FAILURE;
    }
    return SUCCESS;
}

Example 5 with ConsumerRecordVO

use of org.entando.entando.aps.system.services.oauth2.model.ConsumerRecordVO in project entando-core by entando.

the class OAuthConsumerDAO method getConsumer.

public ConsumerRecordVO getConsumer(String clientId) {
    Connection conn = null;
    ConsumerRecordVO consumer = null;
    PreparedStatement stat = null;
    ResultSet res = null;
    try {
        conn = this.getConnection();
        String query = SELECT_CONSUMER;
        stat = conn.prepareStatement(query);
        stat.setString(1, clientId);
        res = stat.executeQuery();
        if (res.next()) {
            consumer = new ConsumerRecordVO();
            consumer.setKey(res.getString("consumerkey"));
            consumer.setSecret(res.getString("consumersecret"));
            consumer.setCallbackUrl(res.getString("callbackurl"));
            consumer.setName(res.getString("name"));
            consumer.setDescription(res.getString("description"));
            consumer.setAuthorizedGrantTypes(res.getString("authorizedgranttypes"));
            consumer.setScope(res.getString("scope"));
            consumer.setExpirationDate(res.getDate("expirationdate"));
            consumer.setIssuedDate(res.getDate("issueddate"));
        }
    } catch (SQLException | ApsSystemException t) {
        _logger.error("Error while loading consumer by clientid {}", clientId, t);
        throw new RuntimeException("Error while loading consumer by key " + clientId, t);
    } finally {
        closeDaoResources(res, stat, conn);
    }
    return consumer;
}