use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.
the class EntandoOauth2Interceptor method extractOAuthParameters.
protected void extractOAuthParameters(HttpServletRequest request, String permission) {
try {
logger.info("Permission required: {}", permission);
OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
String accessToken = requestMessage.getAccessToken();
if (StringUtils.isBlank(accessToken)) {
throw new EntandoTokenException("no access token found", request, null);
}
final OAuth2Token token = oAuth2TokenManager.getApiOAuth2Token(accessToken);
this.validateToken(request, accessToken, token);
String username = token.getClientId();
this.checkAuthorization(username, permission, request);
} catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
logger.error("System exception {}", ex.getMessage());
throw new EntandoTokenException("error parsing OAuth parameters", request, "guest");
}
}
use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.
the class TokenEndpointServlet method registerToken.
private OAuthResponse registerToken(HttpServletRequest request, final String clientId, final String oauthType, final String localUser) throws OAuthSystemException, ApsSystemException {
int expires = 3600;
IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
final String accessToken = oauthIssuerImpl.accessToken();
final String refreshToken = oauthIssuerImpl.refreshToken();
OAuth2Token oAuth2Token = new OAuth2Token();
oAuth2Token.setAccessToken(accessToken);
oAuth2Token.setRefreshToken(refreshToken);
oAuth2Token.setClientId(clientId);
// gets a calendar using the default time zone and locale.
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.SECOND, expires);
oAuth2Token.setExpiresIn(calendar.getTime());
oAuth2Token.setGrantType(oauthType);
if (localUser == null) {
tokenManager.addApiOAuth2Token(oAuth2Token, false);
} else {
oAuth2Token.setLocalUser(localUser);
tokenManager.addApiOAuth2Token(oAuth2Token, true);
}
return OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK).setAccessToken(accessToken).setExpiresIn(Long.toString(expires)).setRefreshToken(refreshToken).buildJSONMessage();
}
use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.
the class AuthenticationProviderManager method registerToken.
private void registerToken(final UserDetails user) {
OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
try {
final String accessToken = oauthIssuerImpl.accessToken();
final String refreshToken = oauthIssuerImpl.refreshToken();
user.setAccessToken(accessToken);
user.setRefreshToken(refreshToken);
final OAuth2Token oAuth2Token = new OAuth2Token();
oAuth2Token.setAccessToken(accessToken);
oAuth2Token.setRefreshToken(refreshToken);
oAuth2Token.setClientId("LOCAL_USER");
oAuth2Token.setLocalUser(user.getUsername());
// gets a calendar using the default time zone and locale.
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.SECOND, 3600);
oAuth2Token.setExpiresIn(calendar.getTime());
oAuth2Token.setGrantType(GrantType.IMPLICIT.toString());
tokenManager.addApiOAuth2Token(oAuth2Token, true);
} catch (OAuthSystemException e) {
_logger.error("OAuthSystemException {} ", e.getMessage());
_logger.debug("OAuthSystemException {} ", e);
} catch (ApsSystemException e) {
_logger.error("ApsSystemException {} ", e.getMessage());
_logger.debug("ApsSystemException {} ", e);
}
}
use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.
the class OAuth2TestUtils method getOAuth2Token.
public static OAuth2AccessToken getOAuth2Token(String username, String accessToken) {
OAuth2AccessTokenImpl oAuth2Token = new OAuth2AccessTokenImpl(accessToken);
oAuth2Token.setRefreshToken(new DefaultOAuth2RefreshToken("refresh_token"));
oAuth2Token.setLocalUser(username);
// gets a calendar using the default time zone and locale.
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.SECOND, 3600);
oAuth2Token.setExpiration(calendar.getTime());
oAuth2Token.setGrantType("password");
return oAuth2Token;
}
use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.
the class ApiRestServer method extractOAuthParameters.
protected void extractOAuthParameters(HttpServletRequest request, String permission) throws ApiException {
try {
_logger.info("Permission required: {}", permission);
OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
// Get the access token
String accessToken = requestMessage.getAccessToken();
IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
final OAuth2Token token = tokenManager.getApiOAuth2Token(accessToken);
if (token != null) {
// Validate the access token
if (!token.getAccessToken().equals(accessToken)) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token does not match", Response.Status.UNAUTHORIZED);
} else // check if access token is expired
if (token.getExpiresIn().getTime() < System.currentTimeMillis()) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token expired", Response.Status.UNAUTHORIZED);
}
String username = token.getClientId();
IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
UserDetails user = userManager.getUser(username);
if (user != null) {
_logger.info("User {} requesting resource that requires {} permission ", username, permission);
request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
if (permission != null) {
IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, request);
user.addAuthorizations(authManager.getUserAuthorizations(username));
if (!authManager.isAuthOnPermission(user, permission)) {
List<Role> roles = authManager.getUserRoles(user);
for (Role role : roles) {
_logger.info("User {} requesting resource has {} permission ", username, role.getPermissions().toArray()[0]);
}
_logger.info("User {} requesting resource has {} permission ", username, "none");
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
}
}
} else {
if (accessToken != null) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token not found, request new one", Response.Status.UNAUTHORIZED);
}
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
} catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
_logger.error("System exception {}", ex);
throw new ApiException(IApiErrorCodes.SERVER_ERROR, ex.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
}
}
Aggregations