Ejemplo n.º 1
0
  @Override
  public ServerAccessToken createAccessToken(final AccessTokenRegistration atr)
      throws OAuthServiceException {
    token = new BearerAccessToken(atr.getClient(), 3600L);

    final List<String> scope =
        atr.getApprovedScope().isEmpty() ? atr.getRequestedScope() : atr.getApprovedScope();
    token.setScopes(convertScopeToPermissions(atr.getClient(), scope));
    token.setSubject(atr.getSubject());
    token.setGrantType(atr.getGrantType());

    return token;
  }
Ejemplo n.º 2
0
 private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
   if (idToken.getAccessTokenHash() == null) {
     Properties props = JwsUtils.loadSignatureOutProperties(false);
     SignatureAlgorithm sigAlgo = null;
     if (super.isSignWithClientSecret()) {
       sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
     } else {
       sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
     }
     if (sigAlgo != SignatureAlgorithm.NONE) {
       String atHash = OidcUtils.calculateAccessTokenHash(st.getTokenKey(), sigAlgo);
       idToken.setAccessTokenHash(atHash);
     }
   }
   Message m = JAXRSUtils.getCurrentMessage();
   if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) {
     idToken.setNonce((String) m.getExchange().get(OAuthConstants.NONCE));
   } else if (st.getNonce() != null) {
     idToken.setNonce(st.getNonce());
   }
 }
Ejemplo n.º 3
0
  protected void saveAccessToken(ServerAccessToken serverToken) {
    getEntityManager().getTransaction().begin();
    List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
    for (OAuthPermission perm : serverToken.getScopes()) {
      OAuthPermission permSaved =
          getEntityManager().find(OAuthPermission.class, perm.getPermission());
      if (permSaved != null) {
        perms.add(permSaved);
      } else {
        getEntityManager().persist(perm);
        perms.add(perm);
      }
    }
    serverToken.setScopes(perms);

    UserSubject sub =
        getEntityManager().find(UserSubject.class, serverToken.getSubject().getLogin());
    if (sub == null) {
      getEntityManager().persist(serverToken.getSubject());
    } else {
      sub = getEntityManager().merge(serverToken.getSubject());
      serverToken.setSubject(sub);
    }

    getEntityManager().persist(serverToken);
    getEntityManager().getTransaction().commit();
  }
Ejemplo n.º 4
0
  /**
   * Processes an access token request
   *
   * @param params the form parameters representing the access token grant
   * @return Access Token or the error
   */
  @POST
  @Consumes("application/x-www-form-urlencoded")
  @Produces("application/json")
  public Response handleTokenRequest(MultivaluedMap<String, String> params) {

    // Make sure the client is authenticated
    Client client = authenticateClientIfNeeded(params);

    if (!OAuthUtils.isGrantSupportedForClient(
        client, isCanSupportPublicClients(), params.getFirst(OAuthConstants.GRANT_TYPE))) {
      return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);
    }

    try {
      checkAudience(params);
    } catch (OAuthServiceException ex) {
      return super.createErrorResponseFromBean(ex.getError());
    }

    // Find the grant handler
    AccessTokenGrantHandler handler = findGrantHandler(params);
    if (handler == null) {
      return createErrorResponse(params, OAuthConstants.UNSUPPORTED_GRANT_TYPE);
    }

    // Create the access token
    ServerAccessToken serverToken = null;
    try {
      serverToken = handler.createAccessToken(client, params);
    } catch (OAuthServiceException ex) {
      return handleException(ex, OAuthConstants.INVALID_GRANT);
    }
    if (serverToken == null) {
      return createErrorResponse(params, OAuthConstants.INVALID_GRANT);
    }

    // Extract the information to be of use for the client
    ClientAccessToken clientToken =
        new ClientAccessToken(serverToken.getTokenType(), serverToken.getTokenKey());
    clientToken.setRefreshToken(serverToken.getRefreshToken());
    if (isWriteOptionalParameters()) {
      clientToken.setExpiresIn(serverToken.getExpiresIn());
      List<OAuthPermission> perms = serverToken.getScopes();
      if (!perms.isEmpty()) {
        clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
      }
      clientToken.setParameters(serverToken.getParameters());
    }

    // Return it to the client
    return Response.ok(clientToken)
        .header(HttpHeaders.CACHE_CONTROL, "no-store")
        .header("Pragma", "no-cache")
        .build();
  }
Ejemplo n.º 5
0
  private static ServerAccessToken recreateAccessToken(
      OAuthDataProvider provider, String newTokenKey, String[] parts) {

    @SuppressWarnings("serial")
    final ServerAccessToken newToken =
        new ServerAccessToken(
            provider.getClient(parts[4]),
            parts[1],
            newTokenKey == null ? parts[0] : newTokenKey,
            Long.valueOf(parts[2]),
            Long.valueOf(parts[3])) {
          //
        };

    newToken.setRefreshToken(getStringPart(parts[5]));
    newToken.setGrantType(getStringPart(parts[6]));
    newToken.setAudience(getStringPart(parts[7]));
    newToken.setParameters(parseSimpleMap(parts[8]));

    // Permissions
    if (!parts[9].trim().isEmpty()) {
      List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
      String[] allPermParts = parts[9].split("&");
      for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
        OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i + 1]);
        perm.setDefault(Boolean.valueOf(allPermParts[i + 2]));
        perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
        perm.setUris(parseSimpleList(allPermParts[i + 4]));
        perms.add(perm);
      }
      newToken.setScopes(perms);
    }
    // UserSubject:
    newToken.setSubject(recreateUserSubject(parts[10]));

    return newToken;
  }
Ejemplo n.º 6
0
 @Override
 public void removeAccessToken(final ServerAccessToken sat) throws OAuthServiceException {
   if (token != null && token.getTokenKey().equals(sat.getTokenKey())) {
     token = null;
   }
 }
Ejemplo n.º 7
0
 @Override
 public ServerAccessToken getAccessToken(final String tokenId) throws OAuthServiceException {
   return token == null || token.getTokenKey().equals(tokenId) ? token : null;
 }
Ejemplo n.º 8
0
  private static String tokenizeServerToken(ServerAccessToken token) {
    StringBuilder state = new StringBuilder();
    // 0: key
    state.append(tokenizeString(token.getTokenKey()));
    // 1: type
    state.append(SEP);
    state.append(tokenizeString(token.getTokenType()));
    // 2: expiresIn
    state.append(SEP);
    state.append(token.getExpiresIn());
    // 3: issuedAt
    state.append(SEP);
    state.append(token.getIssuedAt());
    // 4: client id
    state.append(SEP);
    state.append(tokenizeString(token.getClient().getClientId()));
    // 5: refresh token
    state.append(SEP);
    state.append(tokenizeString(token.getRefreshToken()));
    // 6: grant type
    state.append(SEP);
    state.append(tokenizeString(token.getGrantType()));
    // 7: audience
    state.append(SEP);
    state.append(tokenizeString(token.getAudience()));
    // 8: other parameters
    state.append(SEP);
    // {key=value, key=value}
    state.append(token.getParameters().toString());
    // 9: permissions
    state.append(SEP);
    if (token.getScopes().isEmpty()) {
      state.append(" ");
    } else {
      for (OAuthPermission p : token.getScopes()) {
        // 9.1
        state.append(tokenizeString(p.getPermission()));
        state.append(".");
        // 9.2
        state.append(tokenizeString(p.getDescription()));
        state.append(".");
        // 9.3
        state.append(p.isDefault());
        state.append(".");
        // 9.4
        state.append(p.getHttpVerbs().toString());
        state.append(".");
        // 9.5
        state.append(p.getUris().toString());
      }
    }
    state.append(SEP);
    // 10: user subject
    tokenizeUserSubject(state, token.getSubject());

    return state.toString();
  }
Ejemplo n.º 9
0
 private String getProcessedIdToken(ServerAccessToken st) {
   if (userInfoProvider != null) {
     IdToken idToken =
         userInfoProvider.getIdToken(
             st.getClient().getClientId(), st.getSubject(), st.getScopes());
     setAtHashAndNonce(idToken, st);
     return super.processJwt(new JwtToken(idToken), st.getClient());
   } else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) {
     return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN);
   } else if (st.getSubject() instanceof OidcUserSubject) {
     OidcUserSubject sub = (OidcUserSubject) st.getSubject();
     IdToken idToken = new IdToken(sub.getIdToken());
     idToken.setAudience(st.getClient().getClientId());
     idToken.setAuthorizedParty(st.getClient().getClientId());
     // if this token was refreshed then the cloned IDToken might need to have its
     // issuedAt and expiry time properties adjusted if it proves to be necessary
     setAtHashAndNonce(idToken, st);
     return super.processJwt(new JwtToken(idToken), st.getClient());
   } else {
     return null;
   }
 }