protected void saveAccessToken(ServerAccessToken serverToken) {
    getEntityManager().getTransaction().begin();
    List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
    for (OAuthPermission perm : serverToken.getScopes()) {
      OAuthPermission permSaved =
          getEntityManager().find(OAuthPermission.class, perm.getPermission());
      if (permSaved != null) {
        perms.add(permSaved);
      } else {
        getEntityManager().persist(perm);
        perms.add(perm);
      }
    }
    serverToken.setScopes(perms);

    UserSubject sub =
        getEntityManager().find(UserSubject.class, serverToken.getSubject().getLogin());
    if (sub == null) {
      getEntityManager().persist(serverToken.getSubject());
    } else {
      sub = getEntityManager().merge(serverToken.getSubject());
      serverToken.setSubject(sub);
    }

    getEntityManager().persist(serverToken);
    getEntityManager().getTransaction().commit();
  }
  @POST
  public void updateCalendar(
      @FormParam("hour") int hour, @FormParam("description") String description) {
    // This permission check can be done in a custom filter; it can be simpler to do
    // in the actual service code if the context data (such as an hour in this case)
    // are not available in the request URI but in the message payload
    OAuthContext oauth = getOAuthContext();
    List<OAuthPermission> perms = oauth.getPermissions();
    boolean checkPassed = false;
    for (OAuthPermission perm : perms) {
      if (perm.getPermission().startsWith(OAuthConstants.UPDATE_CALENDAR_SCOPE)) {
        int authorizedHour =
            Integer.valueOf(
                perm.getPermission().substring(OAuthConstants.UPDATE_CALENDAR_SCOPE.length()));
        if (authorizedHour == 24 || authorizedHour == hour) {
          checkPassed = true;
        }
      }
    }
    if (!checkPassed) {
      throw new WebApplicationException(403);
    }
    // end of the check

    Calendar calendar = getUserCalendar();
    calendar.getEntry(hour).setEventDescription(description);
  }
Beispiel #3
0
  private static String tokenizeServerToken(ServerAccessToken token) {
    StringBuilder state = new StringBuilder();
    // 0: key
    state.append(tokenizeString(token.getTokenKey()));
    // 1: type
    state.append(SEP);
    state.append(tokenizeString(token.getTokenType()));
    // 2: expiresIn
    state.append(SEP);
    state.append(token.getExpiresIn());
    // 3: issuedAt
    state.append(SEP);
    state.append(token.getIssuedAt());
    // 4: client id
    state.append(SEP);
    state.append(tokenizeString(token.getClient().getClientId()));
    // 5: refresh token
    state.append(SEP);
    state.append(tokenizeString(token.getRefreshToken()));
    // 6: grant type
    state.append(SEP);
    state.append(tokenizeString(token.getGrantType()));
    // 7: audience
    state.append(SEP);
    state.append(tokenizeString(token.getAudience()));
    // 8: other parameters
    state.append(SEP);
    // {key=value, key=value}
    state.append(token.getParameters().toString());
    // 9: permissions
    state.append(SEP);
    if (token.getScopes().isEmpty()) {
      state.append(" ");
    } else {
      for (OAuthPermission p : token.getScopes()) {
        // 9.1
        state.append(tokenizeString(p.getPermission()));
        state.append(".");
        // 9.2
        state.append(tokenizeString(p.getDescription()));
        state.append(".");
        // 9.3
        state.append(p.isDefault());
        state.append(".");
        // 9.4
        state.append(p.getHttpVerbs().toString());
        state.append(".");
        // 9.5
        state.append(p.getUris().toString());
      }
    }
    state.append(SEP);
    // 10: user subject
    tokenizeUserSubject(state, token.getSubject());

    return state.toString();
  }
Beispiel #4
0
  private static ServerAccessToken recreateAccessToken(
      OAuthDataProvider provider, String newTokenKey, String[] parts) {

    @SuppressWarnings("serial")
    final ServerAccessToken newToken =
        new ServerAccessToken(
            provider.getClient(parts[4]),
            parts[1],
            newTokenKey == null ? parts[0] : newTokenKey,
            Long.valueOf(parts[2]),
            Long.valueOf(parts[3])) {
          //
        };

    newToken.setRefreshToken(getStringPart(parts[5]));
    newToken.setGrantType(getStringPart(parts[6]));
    newToken.setAudience(getStringPart(parts[7]));
    newToken.setParameters(parseSimpleMap(parts[8]));

    // Permissions
    if (!parts[9].trim().isEmpty()) {
      List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
      String[] allPermParts = parts[9].split("&");
      for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
        OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i + 1]);
        perm.setDefault(Boolean.valueOf(allPermParts[i + 2]));
        perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
        perm.setUris(parseSimpleList(allPermParts[i + 4]));
        perms.add(perm);
      }
      newToken.setScopes(perms);
    }
    // UserSubject:
    newToken.setSubject(recreateUserSubject(parts[10]));

    return newToken;
  }