protected void saveAccessToken(ServerAccessToken serverToken) { getEntityManager().getTransaction().begin(); List<OAuthPermission> perms = new LinkedList<OAuthPermission>(); for (OAuthPermission perm : serverToken.getScopes()) { OAuthPermission permSaved = getEntityManager().find(OAuthPermission.class, perm.getPermission()); if (permSaved != null) { perms.add(permSaved); } else { getEntityManager().persist(perm); perms.add(perm); } } serverToken.setScopes(perms); UserSubject sub = getEntityManager().find(UserSubject.class, serverToken.getSubject().getLogin()); if (sub == null) { getEntityManager().persist(serverToken.getSubject()); } else { sub = getEntityManager().merge(serverToken.getSubject()); serverToken.setSubject(sub); } getEntityManager().persist(serverToken); getEntityManager().getTransaction().commit(); }
@POST public void updateCalendar( @FormParam("hour") int hour, @FormParam("description") String description) { // This permission check can be done in a custom filter; it can be simpler to do // in the actual service code if the context data (such as an hour in this case) // are not available in the request URI but in the message payload OAuthContext oauth = getOAuthContext(); List<OAuthPermission> perms = oauth.getPermissions(); boolean checkPassed = false; for (OAuthPermission perm : perms) { if (perm.getPermission().startsWith(OAuthConstants.UPDATE_CALENDAR_SCOPE)) { int authorizedHour = Integer.valueOf( perm.getPermission().substring(OAuthConstants.UPDATE_CALENDAR_SCOPE.length())); if (authorizedHour == 24 || authorizedHour == hour) { checkPassed = true; } } } if (!checkPassed) { throw new WebApplicationException(403); } // end of the check Calendar calendar = getUserCalendar(); calendar.getEntry(hour).setEventDescription(description); }
private static String tokenizeServerToken(ServerAccessToken token) { StringBuilder state = new StringBuilder(); // 0: key state.append(tokenizeString(token.getTokenKey())); // 1: type state.append(SEP); state.append(tokenizeString(token.getTokenType())); // 2: expiresIn state.append(SEP); state.append(token.getExpiresIn()); // 3: issuedAt state.append(SEP); state.append(token.getIssuedAt()); // 4: client id state.append(SEP); state.append(tokenizeString(token.getClient().getClientId())); // 5: refresh token state.append(SEP); state.append(tokenizeString(token.getRefreshToken())); // 6: grant type state.append(SEP); state.append(tokenizeString(token.getGrantType())); // 7: audience state.append(SEP); state.append(tokenizeString(token.getAudience())); // 8: other parameters state.append(SEP); // {key=value, key=value} state.append(token.getParameters().toString()); // 9: permissions state.append(SEP); if (token.getScopes().isEmpty()) { state.append(" "); } else { for (OAuthPermission p : token.getScopes()) { // 9.1 state.append(tokenizeString(p.getPermission())); state.append("."); // 9.2 state.append(tokenizeString(p.getDescription())); state.append("."); // 9.3 state.append(p.isDefault()); state.append("."); // 9.4 state.append(p.getHttpVerbs().toString()); state.append("."); // 9.5 state.append(p.getUris().toString()); } } state.append(SEP); // 10: user subject tokenizeUserSubject(state, token.getSubject()); return state.toString(); }
private static ServerAccessToken recreateAccessToken( OAuthDataProvider provider, String newTokenKey, String[] parts) { @SuppressWarnings("serial") final ServerAccessToken newToken = new ServerAccessToken( provider.getClient(parts[4]), parts[1], newTokenKey == null ? parts[0] : newTokenKey, Long.valueOf(parts[2]), Long.valueOf(parts[3])) { // }; newToken.setRefreshToken(getStringPart(parts[5])); newToken.setGrantType(getStringPart(parts[6])); newToken.setAudience(getStringPart(parts[7])); newToken.setParameters(parseSimpleMap(parts[8])); // Permissions if (!parts[9].trim().isEmpty()) { List<OAuthPermission> perms = new LinkedList<OAuthPermission>(); String[] allPermParts = parts[9].split("&"); for (int i = 0; i + 4 < allPermParts.length; i = i + 5) { OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i + 1]); perm.setDefault(Boolean.valueOf(allPermParts[i + 2])); perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3])); perm.setUris(parseSimpleList(allPermParts[i + 4])); perms.add(perm); } newToken.setScopes(perms); } // UserSubject: newToken.setSubject(recreateUserSubject(parts[10])); return newToken; }