private void handleLogin(HttpServletRequest req, HttpServletResponse resp) throws IOException {
HttpSession session = req.getSession();
String sendMeTo = req.getParameter("sendMeTo");
if (sendMeTo != null) {
session.setAttribute("sendMeTo", sendMeTo);
}
String redir = Configuration.mooseheadLocation() + "/oauth2callback";
session.setAttribute("redir", redir);
String sessionid = session.getId();
// redirect to google for authorization
StringBuilder oauthUrl =
new StringBuilder()
.append("https://accounts.google.com/o/oauth2/auth")
.append("?client_id=")
.append(
Configuration.googleClientId()) // the client id from the api console registration
.append("&response_type=code")
.append("&scope=openid%20email") // scope is the api permissions we are requesting
.append("&redirect_uri=")
.append(redir) // the servlet that google redirects to after authorization
.append("&state=" + sessionid)
.append("&access_type=online")
.append(
"&approval_prompt=auto") // here we are asking to access to user's data while they
// are not signed in
;
resp.sendRedirect(oauthUrl.toString());
}
private void handleAuthorization(HttpServletRequest req, HttpServletResponse resp)
throws IOException {
PrintWriter writer = resp.getWriter();
if (req.getParameter("error") != null) {
writer.append(req.getParameter("error"));
return;
}
String code = req.getParameter("code");
String redir = (String) req.getSession().getAttribute("redir");
req.getSession().setAttribute("redir", null);
if (code == null || redir == null) {
resp.sendRedirect("/");
return;
}
StringBuilder postParameters = new StringBuilder();
postParameters.append(para("code", code)).append("&");
postParameters.append(para("client_id", Configuration.googleClientId())).append("&");
postParameters.append(para("client_secret", Configuration.googleClientSecret())).append("&");
postParameters.append(para("redirect_uri", redir)).append("&");
postParameters.append(para("grant_type", "authorization_code"));
URL url = new URL("https://accounts.google.com/o/oauth2/token");
URLConnection urlConnection = url.openConnection();
((HttpURLConnection) urlConnection).setRequestMethod("POST");
urlConnection.setDoInput(true);
urlConnection.setDoOutput(true);
urlConnection.setUseCaches(false);
urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
urlConnection.setRequestProperty("Content-Length", "" + postParameters.toString().length());
// Create I/O streams
DataOutputStream outStream = new DataOutputStream(urlConnection.getOutputStream());
// Send request
outStream.writeBytes(postParameters.toString());
outStream.flush();
outStream.close();
String googleJson = toString(urlConnection.getInputStream());
JsonObject jsonObject = (JsonObject) JsonParser.parse(googleJson);
String accessToken = jsonObject.requiredString("access_token");
// get some info about the user with the access token
String getStr =
"https://www.googleapis.com/oauth2/v1/userinfo?" + para("access_token", accessToken);
URLConnection inconn = new URL(getStr).openConnection();
String gsstr;
try (InputStream is = inconn.getInputStream()) {
gsstr = toString(is);
}
updateUserLogin(req, gsstr);
redirToLandingPage(req, resp);
}
