Exemple #1
0
  private static String tokenizeServerToken(ServerAccessToken token) {
    StringBuilder state = new StringBuilder();
    // 0: key
    state.append(tokenizeString(token.getTokenKey()));
    // 1: type
    state.append(SEP);
    state.append(tokenizeString(token.getTokenType()));
    // 2: expiresIn
    state.append(SEP);
    state.append(token.getExpiresIn());
    // 3: issuedAt
    state.append(SEP);
    state.append(token.getIssuedAt());
    // 4: client id
    state.append(SEP);
    state.append(tokenizeString(token.getClient().getClientId()));
    // 5: refresh token
    state.append(SEP);
    state.append(tokenizeString(token.getRefreshToken()));
    // 6: grant type
    state.append(SEP);
    state.append(tokenizeString(token.getGrantType()));
    // 7: audience
    state.append(SEP);
    state.append(tokenizeString(token.getAudience()));
    // 8: other parameters
    state.append(SEP);
    // {key=value, key=value}
    state.append(token.getParameters().toString());
    // 9: permissions
    state.append(SEP);
    if (token.getScopes().isEmpty()) {
      state.append(" ");
    } else {
      for (OAuthPermission p : token.getScopes()) {
        // 9.1
        state.append(tokenizeString(p.getPermission()));
        state.append(".");
        // 9.2
        state.append(tokenizeString(p.getDescription()));
        state.append(".");
        // 9.3
        state.append(p.isDefault());
        state.append(".");
        // 9.4
        state.append(p.getHttpVerbs().toString());
        state.append(".");
        // 9.5
        state.append(p.getUris().toString());
      }
    }
    state.append(SEP);
    // 10: user subject
    tokenizeUserSubject(state, token.getSubject());

    return state.toString();
  }
Exemple #2
0
  /**
   * Processes an access token request
   *
   * @param params the form parameters representing the access token grant
   * @return Access Token or the error
   */
  @POST
  @Consumes("application/x-www-form-urlencoded")
  @Produces("application/json")
  public Response handleTokenRequest(MultivaluedMap<String, String> params) {

    // Make sure the client is authenticated
    Client client = authenticateClientIfNeeded(params);

    if (!OAuthUtils.isGrantSupportedForClient(
        client, isCanSupportPublicClients(), params.getFirst(OAuthConstants.GRANT_TYPE))) {
      return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);
    }

    try {
      checkAudience(params);
    } catch (OAuthServiceException ex) {
      return super.createErrorResponseFromBean(ex.getError());
    }

    // Find the grant handler
    AccessTokenGrantHandler handler = findGrantHandler(params);
    if (handler == null) {
      return createErrorResponse(params, OAuthConstants.UNSUPPORTED_GRANT_TYPE);
    }

    // Create the access token
    ServerAccessToken serverToken = null;
    try {
      serverToken = handler.createAccessToken(client, params);
    } catch (OAuthServiceException ex) {
      return handleException(ex, OAuthConstants.INVALID_GRANT);
    }
    if (serverToken == null) {
      return createErrorResponse(params, OAuthConstants.INVALID_GRANT);
    }

    // Extract the information to be of use for the client
    ClientAccessToken clientToken =
        new ClientAccessToken(serverToken.getTokenType(), serverToken.getTokenKey());
    clientToken.setRefreshToken(serverToken.getRefreshToken());
    if (isWriteOptionalParameters()) {
      clientToken.setExpiresIn(serverToken.getExpiresIn());
      List<OAuthPermission> perms = serverToken.getScopes();
      if (!perms.isEmpty()) {
        clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
      }
      clientToken.setParameters(serverToken.getParameters());
    }

    // Return it to the client
    return Response.ok(clientToken)
        .header(HttpHeaders.CACHE_CONTROL, "no-store")
        .header("Pragma", "no-cache")
        .build();
  }
 private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
   if (idToken.getAccessTokenHash() == null) {
     Properties props = JwsUtils.loadSignatureOutProperties(false);
     SignatureAlgorithm sigAlgo = null;
     if (super.isSignWithClientSecret()) {
       sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
     } else {
       sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
     }
     if (sigAlgo != SignatureAlgorithm.NONE) {
       String atHash = OidcUtils.calculateAccessTokenHash(st.getTokenKey(), sigAlgo);
       idToken.setAccessTokenHash(atHash);
     }
   }
   Message m = JAXRSUtils.getCurrentMessage();
   if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) {
     idToken.setNonce((String) m.getExchange().get(OAuthConstants.NONCE));
   } else if (st.getNonce() != null) {
     idToken.setNonce(st.getNonce());
   }
 }
 @Override
 public void removeAccessToken(final ServerAccessToken sat) throws OAuthServiceException {
   if (token != null && token.getTokenKey().equals(sat.getTokenKey())) {
     token = null;
   }
 }
 @Override
 public ServerAccessToken getAccessToken(final String tokenId) throws OAuthServiceException {
   return token == null || token.getTokenKey().equals(tokenId) ? token : null;
 }