Example 1 with EntandoTokenException
use of org.entando.entando.web.common.exceptions.EntandoTokenException in project entando-core by entando.
the class EntandoOauth2Interceptor method extractOAuthParameters.
protected void extractOAuthParameters(HttpServletRequest request, String permission) {
try {
logger.info("Permission required: {}", permission);
OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
String accessToken = requestMessage.getAccessToken();
if (StringUtils.isBlank(accessToken)) {
throw new EntandoTokenException("no access token found", request, null);
}
final OAuth2Token token = oAuth2TokenManager.getApiOAuth2Token(accessToken);
this.validateToken(request, accessToken, token);
String username = token.getClientId();
this.checkAuthorization(username, permission, request);
} catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
logger.error("System exception {}", ex.getMessage());
throw new EntandoTokenException("error parsing OAuth parameters", request, "guest");
}
}
Also used :
OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException)
EntandoTokenException(org.entando.entando.web.common.exceptions.EntandoTokenException)
OAuthAccessResourceRequest(org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token)
ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException)
Example 2 with EntandoTokenException
use of org.entando.entando.web.common.exceptions.EntandoTokenException in project entando-core by entando.
the class EntandoOauth2Interceptor method extractOAuthParameters.
protected UserDetails extractOAuthParameters(HttpServletRequest request) {
try {
// Clear previous session
request.getSession().setAttribute("user", null);
String accessToken = new EntandoBearerTokenExtractor().extractToken(request);
if (StringUtils.isBlank(accessToken)) {
return null;
}
final OAuth2AccessToken token = this.getoAuth2TokenManager().readAccessToken(accessToken);
this.validateToken(request, accessToken, token);
String username;
if (token instanceof OAuth2AccessTokenImpl) {
username = ((OAuth2AccessTokenImpl) token).getLocalUser();
} else {
Authentication auth = new EntandoBearerTokenExtractor().extract(request);
username = auth.getPrincipal().toString();
}
UserDetails user = this.getAuthenticationProviderManager().getUser(username);
if (user == null) {
logger.warn("User {} not found ", username);
return null;
}
request.getSession().setAttribute("user", user);
request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
return user;
} catch (ApsSystemException ex) {
logger.error("System exception {}", ex.getMessage());
throw new EntandoTokenException("error parsing OAuth parameters", request, "guest");
}
}
Also used :
EntandoTokenException(org.entando.entando.web.common.exceptions.EntandoTokenException)
UserDetails(com.agiletec.aps.system.services.user.UserDetails)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
Authentication(org.springframework.security.core.Authentication)
ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException)
OAuth2AccessTokenImpl(org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl)
Example 3 with EntandoTokenException
use of org.entando.entando.web.common.exceptions.EntandoTokenException in project entando-core by entando.
the class ActivityStreamInterceptor method logMethod.
protected void logMethod(String mapping, HttpServletRequest request) {
ActionLogRecord record = new ActionLogRecord();
try {
String username = this.getCurrentUsername(request);
String namespace = request.getRequestURI();
String actionName = request.getMethod();
String parameters = this.createParamsFromUri(namespace, mapping);
parameters = this.addParamsFromQueryString(parameters, request.getQueryString());
parameters = this.addParamsFromRequestBody(parameters, request.getInputStream());
record.setUsername(username);
record.setNamespace(namespace);
record.setActionName(actionName);
record.setParameters(parameters);
this.actionLogManager.addActionRecord(record);
} catch (Exception ex) {
logger.error("System exception {}", ex.getMessage(), ex);
throw new EntandoTokenException("error parsing request", request, "guest");
}
}
Also used :
ActionLogRecord(org.entando.entando.aps.system.services.actionlog.model.ActionLogRecord)
EntandoTokenException(org.entando.entando.web.common.exceptions.EntandoTokenException)
EntandoTokenException(org.entando.entando.web.common.exceptions.EntandoTokenException)
Aggregations
EntandoTokenException (org.entando.entando.web.common.exceptions.EntandoTokenException)3
ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)2
UserDetails (com.agiletec.aps.system.services.user.UserDetails)1
OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)1
OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)1
OAuthAccessResourceRequest (org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)1
ActionLogRecord (org.entando.entando.aps.system.services.actionlog.model.ActionLogRecord)1
OAuth2AccessTokenImpl (org.entando.entando.aps.system.services.oauth2.model.OAuth2AccessTokenImpl)1
OAuth2Token (org.entando.entando.aps.system.services.oauth2.model.OAuth2Token)1
Authentication (org.springframework.security.core.Authentication)1
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)1
