Search in sources :

Example 6 with OAuth2AccessTokenImpl

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.

the class AuthenticationProviderManagerTest method createMockToken.

private OAuth2AccessToken createMockToken() {
    OAuth2AccessTokenImpl token = new OAuth2AccessTokenImpl("access_token_x");
    token.setRefreshToken(new DefaultOAuth2RefreshToken("refresh_token_x"));
    return token;
}
Also used : DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) OAuth2AccessTokenImpl(org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl)

Example 7 with OAuth2AccessTokenImpl

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.

the class ApiOAuth2TokenManagerTest method createMockAccessToken.

private OAuth2AccessToken createMockAccessToken() {
    OAuth2AccessTokenImpl token = new OAuth2AccessTokenImpl("token");
    token.setValue("token");
    token.setClientId("client_id");
    token.setExpiration(new Date());
    token.setGrantType("password");
    token.setLocalUser("username");
    token.setRefreshToken(new DefaultOAuth2RefreshToken("refresh"));
    token.setTokenType("bearer");
    return token;
}
Also used : DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) OAuth2AccessTokenImpl(org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl) Date(java.util.Date)

Example 8 with OAuth2AccessTokenImpl

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.

the class ApiOAuth2TokenManagerTest method readAccessToken.

@Test
public void readAccessToken() throws Exception {
    when(tokenDAO.readAccessToken(Mockito.anyString())).thenReturn(new OAuth2AccessTokenImpl("token"));
    OAuth2AccessToken token = tokenManager.readAccessToken("token");
    Assert.assertNotNull(token);
    Assert.assertTrue(token instanceof OAuth2AccessTokenImpl);
    Assert.assertEquals("token", token.getValue());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2AccessTokenImpl(org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl) Test(org.junit.Test)

Example 9 with OAuth2AccessTokenImpl

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.

the class ApiRestServer method extractOAuthParameters.

protected void extractOAuthParameters(HttpServletRequest request, ApiMethod apiMethod, Properties properties) throws ApiException {
    IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
    IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, request);
    try {
        properties.put(SystemConstants.API_REQUEST_PARAMETER, request);
        UserDetails user = null;
        String permission = apiMethod.getRequiredPermission();
        _logger.debug("Permission required: {}", permission);
        String accessToken = new EntandoBearerTokenExtractor().extractToken(request);
        IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(SystemConstants.OAUTH_TOKEN_MANAGER, request);
        final OAuth2AccessTokenImpl token = (OAuth2AccessTokenImpl) tokenManager.readAccessToken(accessToken);
        if (token != null) {
            // Validate the access token
            if (!token.getValue().equals(accessToken)) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token does not match", Response.Status.UNAUTHORIZED);
            } else // check if access token is expired
            if (token.isExpired()) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token expired", Response.Status.UNAUTHORIZED);
            }
            String username = token.getLocalUser();
            user = userManager.getUser(username);
            if (user != null) {
                user.addAuthorizations(authManager.getUserAuthorizations(username));
                properties.put(SystemConstants.API_USER_PARAMETER, user);
                _logger.info("User {} requesting resource that requires {} permission ", username, permission);
                UserDetails userOnSession = (UserDetails) request.getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
                if (null == userOnSession || userOnSession.getUsername().equals(SystemConstants.GUEST_USER_NAME)) {
                    user.setAccessToken(accessToken);
                    request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
                }
            }
        } else if (accessToken != null) {
            _logger.warn("Token not found from access token");
        }
        if (null != user) {
            String username = user.getUsername();
            if (permission != null) {
                if (!authManager.isAuthOnPermission(user, permission)) {
                    List<Role> roles = authManager.getUserRoles(user);
                    for (Role role : roles) {
                        _logger.debug("User {} requesting resource has {} permission ", username, (null != role.getPermissions()) ? role.getPermissions().toString() : "");
                    }
                    throw new ApiException(IApiErrorCodes.API_AUTHORIZATION_REQUIRED, "Authorization Required", Response.Status.UNAUTHORIZED);
                }
            }
        } else if (apiMethod.getRequiredAuth()) {
            throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
        }
    } catch (ApsSystemException ex) {
        _logger.error("System exception {}", ex);
        throw new ApiException(IApiErrorCodes.SERVER_ERROR, ex.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
    }
}
Also used : IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager) Role(com.agiletec.aps.system.services.role.Role) UserDetails(com.agiletec.aps.system.services.user.UserDetails) IUserManager(com.agiletec.aps.system.services.user.IUserManager) ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException) OAuth2AccessTokenImpl(org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl) EntandoBearerTokenExtractor(org.entando.entando.web.common.interceptor.EntandoBearerTokenExtractor) IApiOAuth2TokenManager(org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)

Example 10 with OAuth2AccessTokenImpl

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.

the class ApiOAuth2TokenManager method getAccessToken.

protected OAuth2AccessToken getAccessToken(String principal, String clientId, String grantType) {
    String tokenPrefix = principal + System.nanoTime();
    final String accessToken = DigestUtils.md5Hex(tokenPrefix + "_accessToken");
    final String refreshToken = DigestUtils.md5Hex(tokenPrefix + "_refreshToken");
    final OAuth2AccessTokenImpl oAuth2Token = new OAuth2AccessTokenImpl(accessToken);
    oAuth2Token.setRefreshToken(new DefaultOAuth2RefreshToken(refreshToken));
    oAuth2Token.setClientId(clientId);
    oAuth2Token.setGrantType(grantType);
    oAuth2Token.setLocalUser(principal);
    // gets a calendar using the default time zone and locale.
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.SECOND, this.getAccessTokenValiditySeconds());
    oAuth2Token.setExpiration(calendar.getTime());
    return oAuth2Token;
}
Also used : DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) Calendar(java.util.Calendar) OAuth2AccessTokenImpl(org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl)

Aggregations

OAuth2AccessTokenImpl (org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl)11 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)6 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)4 Test (org.junit.Test)3 ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)2 UserDetails (com.agiletec.aps.system.services.user.UserDetails)2 Calendar (java.util.Calendar)2 Date (java.util.Date)2 IAuthorizationManager (com.agiletec.aps.system.services.authorization.IAuthorizationManager)1 Role (com.agiletec.aps.system.services.role.Role)1 IUserManager (com.agiletec.aps.system.services.user.IUserManager)1 IApiOAuth2TokenManager (org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)1 EntandoTokenException (org.entando.entando.web.common.exceptions.EntandoTokenException)1 EntandoBearerTokenExtractor (org.entando.entando.web.common.interceptor.EntandoBearerTokenExtractor)1 Authentication (org.springframework.security.core.Authentication)1