use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.
the class AuthenticationProviderManagerTest method createMockToken.
private OAuth2AccessToken createMockToken() {
OAuth2AccessTokenImpl token = new OAuth2AccessTokenImpl("access_token_x");
token.setRefreshToken(new DefaultOAuth2RefreshToken("refresh_token_x"));
return token;
}
use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.
the class ApiOAuth2TokenManagerTest method createMockAccessToken.
private OAuth2AccessToken createMockAccessToken() {
OAuth2AccessTokenImpl token = new OAuth2AccessTokenImpl("token");
token.setValue("token");
token.setClientId("client_id");
token.setExpiration(new Date());
token.setGrantType("password");
token.setLocalUser("username");
token.setRefreshToken(new DefaultOAuth2RefreshToken("refresh"));
token.setTokenType("bearer");
return token;
}
use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.
the class ApiOAuth2TokenManagerTest method readAccessToken.
@Test
public void readAccessToken() throws Exception {
when(tokenDAO.readAccessToken(Mockito.anyString())).thenReturn(new OAuth2AccessTokenImpl("token"));
OAuth2AccessToken token = tokenManager.readAccessToken("token");
Assert.assertNotNull(token);
Assert.assertTrue(token instanceof OAuth2AccessTokenImpl);
Assert.assertEquals("token", token.getValue());
}
use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.
the class ApiRestServer method extractOAuthParameters.
protected void extractOAuthParameters(HttpServletRequest request, ApiMethod apiMethod, Properties properties) throws ApiException {
IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, request);
try {
properties.put(SystemConstants.API_REQUEST_PARAMETER, request);
UserDetails user = null;
String permission = apiMethod.getRequiredPermission();
_logger.debug("Permission required: {}", permission);
String accessToken = new EntandoBearerTokenExtractor().extractToken(request);
IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(SystemConstants.OAUTH_TOKEN_MANAGER, request);
final OAuth2AccessTokenImpl token = (OAuth2AccessTokenImpl) tokenManager.readAccessToken(accessToken);
if (token != null) {
// Validate the access token
if (!token.getValue().equals(accessToken)) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token does not match", Response.Status.UNAUTHORIZED);
} else // check if access token is expired
if (token.isExpired()) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token expired", Response.Status.UNAUTHORIZED);
}
String username = token.getLocalUser();
user = userManager.getUser(username);
if (user != null) {
user.addAuthorizations(authManager.getUserAuthorizations(username));
properties.put(SystemConstants.API_USER_PARAMETER, user);
_logger.info("User {} requesting resource that requires {} permission ", username, permission);
UserDetails userOnSession = (UserDetails) request.getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER);
if (null == userOnSession || userOnSession.getUsername().equals(SystemConstants.GUEST_USER_NAME)) {
user.setAccessToken(accessToken);
request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
}
}
} else if (accessToken != null) {
_logger.warn("Token not found from access token");
}
if (null != user) {
String username = user.getUsername();
if (permission != null) {
if (!authManager.isAuthOnPermission(user, permission)) {
List<Role> roles = authManager.getUserRoles(user);
for (Role role : roles) {
_logger.debug("User {} requesting resource has {} permission ", username, (null != role.getPermissions()) ? role.getPermissions().toString() : "");
}
throw new ApiException(IApiErrorCodes.API_AUTHORIZATION_REQUIRED, "Authorization Required", Response.Status.UNAUTHORIZED);
}
}
} else if (apiMethod.getRequiredAuth()) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
} catch (ApsSystemException ex) {
_logger.error("System exception {}", ex);
throw new ApiException(IApiErrorCodes.SERVER_ERROR, ex.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
}
}
use of org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl in project entando-core by entando.
the class ApiOAuth2TokenManager method getAccessToken.
protected OAuth2AccessToken getAccessToken(String principal, String clientId, String grantType) {
String tokenPrefix = principal + System.nanoTime();
final String accessToken = DigestUtils.md5Hex(tokenPrefix + "_accessToken");
final String refreshToken = DigestUtils.md5Hex(tokenPrefix + "_refreshToken");
final OAuth2AccessTokenImpl oAuth2Token = new OAuth2AccessTokenImpl(accessToken);
oAuth2Token.setRefreshToken(new DefaultOAuth2RefreshToken(refreshToken));
oAuth2Token.setClientId(clientId);
oAuth2Token.setGrantType(grantType);
oAuth2Token.setLocalUser(principal);
// gets a calendar using the default time zone and locale.
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.SECOND, this.getAccessTokenValiditySeconds());
oAuth2Token.setExpiration(calendar.getTime());
return oAuth2Token;
}
Aggregations