예제 #1
0
 private AuthorizationRequest clientCredentialToken(AccessTokenRequest accessTokenRequest) {
   AuthorizationRequest request = new AuthorizationRequest();
   request.setClient(accessTokenRequest.getClient());
   // We have to construct a AuthenticatedPrincipal on-the-fly as there is only key-secret
   // authentication
   request.setPrincipal(new AuthenticatedPrincipal(request.getClient().getClientId()));
   // Get scopes (either from request or the client's default set)
   request.setGrantedScopes(accessTokenRequest.getScopeList());
   return request;
 }
예제 #2
0
 private AuthorizationRequest authorizationCodeToken(AccessTokenRequest accessTokenRequest) {
   AuthorizationRequest authReq =
       authorizationRequestRepository.findByAuthorizationCode(accessTokenRequest.getCode());
   if (authReq == null) {
     throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_AUTHORIZATION_CODE);
   }
   String uri = accessTokenRequest.getRedirectUri();
   if (!authReq.getRedirectUri().equalsIgnoreCase(uri)) {
     throw new ValidationResponseException(ValidationResponse.REDIRECT_URI_DIFFERENT);
   }
   authorizationRequestRepository.delete(authReq);
   return authReq;
 }
예제 #3
0
 private AuthorizationRequest refreshTokenToken(AccessTokenRequest accessTokenRequest) {
   AccessToken accessToken =
       accessTokenRepository.findByRefreshToken(accessTokenRequest.getRefreshToken());
   if (accessToken == null) {
     throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_REFRESH_TOKEN);
   }
   AuthorizationRequest request = new AuthorizationRequest();
   request.setClient(accessToken.getClient());
   request.setPrincipal(accessToken.getPrincipal());
   request.setGrantedScopes(accessToken.getScopes());
   accessTokenRepository.delete(accessToken);
   return request;
 }
예제 #4
0
  private AuthorizationRequest passwordToken(AccessTokenRequest accessTokenRequest) {
    // Authenticate the resource owner
    AuthenticatedPrincipal principal =
        resourceOwnerAuthenticator.authenticate(
            accessTokenRequest.getUsername(), accessTokenRequest.getPassword());
    if (principal == null) {
      throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_PASSWORD);
    }

    AuthorizationRequest request = new AuthorizationRequest();
    request.setClient(accessTokenRequest.getClient());
    request.setPrincipal(principal);
    request.setGrantedScopes(accessTokenRequest.getScopeList());
    return request;
  }
예제 #5
0
  /**
   * The "token endpoint" as described in <a
   * href="http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-3.2">Section 3.2</a> of the
   * OAuth spec.
   *
   * @param authorization the HTTP Basic auth header.
   * @param formParameters the request parameters
   * @return the response
   */
  @POST
  @Path("/token")
  @Produces(MediaType.APPLICATION_JSON)
  @Consumes("application/x-www-form-urlencoded")
  public Response token(
      @HeaderParam("Authorization") String authorization,
      final MultivaluedMap<String, String> formParameters) {
    // Convert incoming parameters into internal form and validate them
    AccessTokenRequest accessTokenRequest =
        AccessTokenRequest.fromMultiValuedFormParameters(formParameters);
    BasicAuthCredentials credentials =
        BasicAuthCredentials.createCredentialsFromHeader(authorization);

    ValidationResponse vr = oAuth2Validator.validate(accessTokenRequest, credentials);
    if (!vr.valid()) {
      return sendErrorResponse(vr);
    }

    // The request looks valid, attempt to process
    String grantType = accessTokenRequest.getGrantType();
    AuthorizationRequest request;
    try {
      if (GRANT_TYPE_AUTHORIZATION_CODE.equals(grantType)) {
        request = authorizationCodeToken(accessTokenRequest);
      } else if (GRANT_TYPE_REFRESH_TOKEN.equals(grantType)) {
        request = refreshTokenToken(accessTokenRequest);
      } else if (GRANT_TYPE_CLIENT_CREDENTIALS.equals(grantType)) {
        request = clientCredentialToken(accessTokenRequest);
      } else if (GRANT_TYPE_PASSWORD.equals(grantType)) {
        request = passwordToken(accessTokenRequest);
      } else {
        return sendErrorResponse(ValidationResponse.UNSUPPORTED_GRANT_TYPE);
      }
    } catch (ValidationResponseException e) {
      return sendErrorResponse(e.v);
    }
    AccessToken token = createAccessToken(request, false);

    AccessTokenResponse response =
        new AccessTokenResponse(
            token.getToken(),
            BEARER,
            token.getExpiresIn(),
            token.getRefreshToken(),
            StringUtils.join(token.getScopes(), ' '));

    return Response.ok()
        .entity(response)
        .cacheControl(cacheControlNoStore())
        .header("Pragma", "no-cache")
        .build();
  }