@Override
protected void refreshToken(final DefaultHttpClient client) throws OAuth2Exception {
final String refreshToken = accessToken.getRefreshToken();
if (refreshToken == null) {
throw new OAuth2Exception("No OAuth2 refresh token");
}
// refresh the token
try {
accessToken =
OAuthClientUtils.getAccessToken(
getAccessTokenService(), OAUTH2_CONSUMER, new RefreshTokenGrant(refreshToken));
} catch (OAuthServiceException e) {
throw new OAuth2Exception(e);
}
}
@Override
protected void init() throws OAuth2Exception {
final URI authURI =
OAuthClientUtils.getAuthorizationURI(
oauth2GrantServiceURI.toASCIIString(),
OAuth2Provider.CLIENT_ID,
OAuth2Provider.REDIRECT_URI,
null,
null);
// Disable automatic redirects handling
final HttpParams params = new BasicHttpParams();
params.setParameter(ClientPNames.HANDLE_REDIRECTS, false);
final DefaultHttpClient httpClient = new DefaultHttpClient(params);
JsonNode oAuthAuthorizationData = null;
String authenticityCookie = null;
try {
// 1. Need to (basic) authenticate against the OAuth2 service
final HttpGet method = new HttpGet(authURI);
method.addHeader(
"Authorization",
"Basic " + Base64.encodeBase64String("odatajclient:odatajclient".getBytes()));
final HttpResponse response = httpClient.execute(method);
// 2. Pull out OAuth2 authorization data and "authenticity" cookie (CXF specific)
oAuthAuthorizationData = new XmlMapper().readTree(EntityUtils.toString(response.getEntity()));
final Header setCookieHeader = response.getFirstHeader("Set-Cookie");
if (setCookieHeader == null) {
throw new IllegalStateException("OAuth flow is broken");
}
authenticityCookie = setCookieHeader.getValue();
} catch (Exception e) {
throw new OAuth2Exception(e);
}
String code = null;
try {
// 3. Submit the HTTP form for allowing access to the application
final URI location =
new URIBuilder(oAuthAuthorizationData.get("replyTo").asText())
.addParameter(
"session_authenticity_token",
oAuthAuthorizationData.get("authenticityToken").asText())
.addParameter("client_id", oAuthAuthorizationData.get("clientId").asText())
.addParameter("redirect_uri", oAuthAuthorizationData.get("redirectUri").asText())
.addParameter("oauthDecision", "allow")
.build();
final HttpGet method = new HttpGet(location);
method.addHeader(
"Authorization",
"Basic " + Base64.encodeBase64String("odatajclient:odatajclient".getBytes()));
method.addHeader("Cookie", authenticityCookie);
final HttpResponse response = httpClient.execute(method);
final Header locationHeader = response.getFirstHeader("Location");
if (response.getStatusLine().getStatusCode() != 303 || locationHeader == null) {
throw new IllegalStateException("OAuth flow is broken");
}
// 4. Get the authorization code value out of this last redirect
code = StringUtils.substringAfterLast(locationHeader.getValue(), "=");
EntityUtils.consumeQuietly(response.getEntity());
} catch (Exception e) {
throw new OAuth2Exception(e);
}
// 5. Obtain the access token
try {
accessToken =
OAuthClientUtils.getAccessToken(
getAccessTokenService(), OAUTH2_CONSUMER, new AuthorizationCodeGrant(code));
} catch (OAuthServiceException e) {
throw new OAuth2Exception(e);
}
if (accessToken == null) {
throw new OAuth2Exception("No OAuth2 access token");
}
}