Search in sources :

Example 1 with OAuth2Token

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.

the class EntandoOauth2Interceptor method extractOAuthParameters.

protected void extractOAuthParameters(HttpServletRequest request, String permission) {
    try {
        logger.info("Permission required: {}", permission);
        OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
        String accessToken = requestMessage.getAccessToken();
        if (StringUtils.isBlank(accessToken)) {
            throw new EntandoTokenException("no access token found", request, null);
        }
        final OAuth2Token token = oAuth2TokenManager.getApiOAuth2Token(accessToken);
        this.validateToken(request, accessToken, token);
        String username = token.getClientId();
        this.checkAuthorization(username, permission, request);
    } catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
        logger.error("System exception {}", ex.getMessage());
        throw new EntandoTokenException("error parsing OAuth parameters", request, "guest");
    }
}
Also used : OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) EntandoTokenException(org.entando.entando.web.common.exceptions.EntandoTokenException) OAuthAccessResourceRequest(org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token) ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException)

Example 2 with OAuth2Token

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.

the class TokenEndpointServlet method registerToken.

private OAuthResponse registerToken(HttpServletRequest request, final String clientId, final String oauthType, final String localUser) throws OAuthSystemException, ApsSystemException {
    int expires = 3600;
    IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
    OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
    final String accessToken = oauthIssuerImpl.accessToken();
    final String refreshToken = oauthIssuerImpl.refreshToken();
    OAuth2Token oAuth2Token = new OAuth2Token();
    oAuth2Token.setAccessToken(accessToken);
    oAuth2Token.setRefreshToken(refreshToken);
    oAuth2Token.setClientId(clientId);
    // gets a calendar using the default time zone and locale.
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.SECOND, expires);
    oAuth2Token.setExpiresIn(calendar.getTime());
    oAuth2Token.setGrantType(oauthType);
    if (localUser == null) {
        tokenManager.addApiOAuth2Token(oAuth2Token, false);
    } else {
        oAuth2Token.setLocalUser(localUser);
        tokenManager.addApiOAuth2Token(oAuth2Token, true);
    }
    return OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK).setAccessToken(accessToken).setExpiresIn(Long.toString(expires)).setRefreshToken(refreshToken).buildJSONMessage();
}
Also used : OAuthIssuerImpl(org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl) Calendar(java.util.Calendar) OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token) MD5Generator(org.apache.oltu.oauth2.as.issuer.MD5Generator) OAuthIssuer(org.apache.oltu.oauth2.as.issuer.OAuthIssuer) IApiOAuth2TokenManager(org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)

Example 3 with OAuth2Token

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.

the class AuthenticationProviderManager method registerToken.

private void registerToken(final UserDetails user) {
    OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
    try {
        final String accessToken = oauthIssuerImpl.accessToken();
        final String refreshToken = oauthIssuerImpl.refreshToken();
        user.setAccessToken(accessToken);
        user.setRefreshToken(refreshToken);
        final OAuth2Token oAuth2Token = new OAuth2Token();
        oAuth2Token.setAccessToken(accessToken);
        oAuth2Token.setRefreshToken(refreshToken);
        oAuth2Token.setClientId("LOCAL_USER");
        oAuth2Token.setLocalUser(user.getUsername());
        // gets a calendar using the default time zone and locale.
        Calendar calendar = Calendar.getInstance();
        calendar.add(Calendar.SECOND, 3600);
        oAuth2Token.setExpiresIn(calendar.getTime());
        oAuth2Token.setGrantType(GrantType.IMPLICIT.toString());
        tokenManager.addApiOAuth2Token(oAuth2Token, true);
    } catch (OAuthSystemException e) {
        _logger.error("OAuthSystemException {} ", e.getMessage());
        _logger.debug("OAuthSystemException {} ", e);
    } catch (ApsSystemException e) {
        _logger.error("ApsSystemException {} ", e.getMessage());
        _logger.debug("ApsSystemException {} ", e);
    }
}
Also used : OAuthIssuerImpl(org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) Calendar(java.util.Calendar) OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token) MD5Generator(org.apache.oltu.oauth2.as.issuer.MD5Generator) ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException) OAuthIssuer(org.apache.oltu.oauth2.as.issuer.OAuthIssuer)

Example 4 with OAuth2Token

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.

the class OAuth2TestUtils method getOAuth2Token.

public static OAuth2AccessToken getOAuth2Token(String username, String accessToken) {
    OAuth2AccessTokenImpl oAuth2Token = new OAuth2AccessTokenImpl(accessToken);
    oAuth2Token.setRefreshToken(new DefaultOAuth2RefreshToken("refresh_token"));
    oAuth2Token.setLocalUser(username);
    // gets a calendar using the default time zone and locale.
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.SECOND, 3600);
    oAuth2Token.setExpiration(calendar.getTime());
    oAuth2Token.setGrantType("password");
    return oAuth2Token;
}
Also used : DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken) Calendar(java.util.Calendar) OAuth2AccessTokenImpl(org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl)

Example 5 with OAuth2Token

use of org.entando.entando.aps.system.services.oauth2.model.OAuth2Token in project entando-core by entando.

the class ApiRestServer method extractOAuthParameters.

protected void extractOAuthParameters(HttpServletRequest request, String permission) throws ApiException {
    try {
        _logger.info("Permission required: {}", permission);
        OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
        // Get the access token
        String accessToken = requestMessage.getAccessToken();
        IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
        final OAuth2Token token = tokenManager.getApiOAuth2Token(accessToken);
        if (token != null) {
            // Validate the access token
            if (!token.getAccessToken().equals(accessToken)) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token does not match", Response.Status.UNAUTHORIZED);
            } else // check if access token is expired
            if (token.getExpiresIn().getTime() < System.currentTimeMillis()) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token expired", Response.Status.UNAUTHORIZED);
            }
            String username = token.getClientId();
            IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
            UserDetails user = userManager.getUser(username);
            if (user != null) {
                _logger.info("User {} requesting resource that requires {} permission ", username, permission);
                request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
                if (permission != null) {
                    IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, request);
                    user.addAuthorizations(authManager.getUserAuthorizations(username));
                    if (!authManager.isAuthOnPermission(user, permission)) {
                        List<Role> roles = authManager.getUserRoles(user);
                        for (Role role : roles) {
                            _logger.info("User {} requesting resource has {} permission ", username, role.getPermissions().toArray()[0]);
                        }
                        _logger.info("User {} requesting resource has {} permission ", username, "none");
                        throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
                    }
                }
            }
        } else {
            if (accessToken != null) {
                throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token not found, request new one", Response.Status.UNAUTHORIZED);
            }
            throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
        }
    } catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
        _logger.error("System exception {}", ex);
        throw new ApiException(IApiErrorCodes.SERVER_ERROR, ex.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
    }
}
Also used : OAuthAccessResourceRequest(org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest) IUserManager(com.agiletec.aps.system.services.user.IUserManager) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token) ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException) IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager) Role(com.agiletec.aps.system.services.role.Role) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) UserDetails(com.agiletec.aps.system.services.user.UserDetails) IApiOAuth2TokenManager(org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)

Aggregations

OAuth2Token (org.entando.entando.aps.system.services.oauth2.model.OAuth2Token)5 ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)4 Calendar (java.util.Calendar)4 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)3 MD5Generator (org.apache.oltu.oauth2.as.issuer.MD5Generator)2 OAuthIssuer (org.apache.oltu.oauth2.as.issuer.OAuthIssuer)2 OAuthIssuerImpl (org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl)2 OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)2 OAuthAccessResourceRequest (org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)2 IApiOAuth2TokenManager (org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)2 OAuth2AccessTokenImpl (org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl)2 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)2 IAuthorizationManager (com.agiletec.aps.system.services.authorization.IAuthorizationManager)1 Role (com.agiletec.aps.system.services.role.Role)1 IUserManager (com.agiletec.aps.system.services.user.IUserManager)1 UserDetails (com.agiletec.aps.system.services.user.UserDetails)1 EntandoTokenException (org.entando.entando.web.common.exceptions.EntandoTokenException)1