예제 #1
0
 private String appendStateParameter(AuthorizationRequest authReq) {
   String state = authReq.getState();
   try {
     return StringUtils.isBlank(state) ? "" : "&state=".concat(URLEncoder.encode(state, "UTF-8"));
   } catch (UnsupportedEncodingException e) {
     throw new RuntimeException(e);
   }
 }
예제 #2
0
 private AuthorizationRequest clientCredentialToken(AccessTokenRequest accessTokenRequest) {
   AuthorizationRequest request = new AuthorizationRequest();
   request.setClient(accessTokenRequest.getClient());
   // We have to construct a AuthenticatedPrincipal on-the-fly as there is only key-secret
   // authentication
   request.setPrincipal(new AuthenticatedPrincipal(request.getClient().getClientId()));
   // Get scopes (either from request or the client's default set)
   request.setGrantedScopes(accessTokenRequest.getScopeList());
   return request;
 }
예제 #3
0
 private Response sendAuthorizationCodeResponse(AuthorizationRequest authReq) {
   String uri = authReq.getRedirectUri();
   String authorizationCode = getAuthorizationCodeValue();
   authReq.setAuthorizationCode(authorizationCode);
   authorizationRequestRepository.save(authReq);
   uri = uri + appendQueryMark(uri) + "code=" + authorizationCode + appendStateParameter(authReq);
   return Response.seeOther(UriBuilder.fromUri(uri).build())
       .cacheControl(cacheControlNoStore())
       .header("Pragma", "no-cache")
       .build();
 }
예제 #4
0
 private AuthorizationRequest authorizationCodeToken(AccessTokenRequest accessTokenRequest) {
   AuthorizationRequest authReq =
       authorizationRequestRepository.findByAuthorizationCode(accessTokenRequest.getCode());
   if (authReq == null) {
     throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_AUTHORIZATION_CODE);
   }
   String uri = accessTokenRequest.getRedirectUri();
   if (!authReq.getRedirectUri().equalsIgnoreCase(uri)) {
     throw new ValidationResponseException(ValidationResponse.REDIRECT_URI_DIFFERENT);
   }
   authorizationRequestRepository.delete(authReq);
   return authReq;
 }
예제 #5
0
 private Response doProcess(HttpServletRequest request) {
   AuthorizationRequest authReq = findAuthorizationRequest(request);
   if (authReq == null) {
     return serverError("Not a valid AbstractAuthenticator.AUTH_STATE on the Request");
   }
   processScopes(authReq, request);
   if (authReq.getResponseType().equals(OAuth2Validator.IMPLICIT_GRANT_RESPONSE_TYPE)) {
     AccessToken token = createAccessToken(authReq, true);
     return sendImplicitGrantResponse(authReq, token);
   } else {
     return sendAuthorizationCodeResponse(authReq);
   }
 }
예제 #6
0
 /*
  * In the user consent filter the scopes are (possible) set on the Request
  */
 private void processScopes(AuthorizationRequest authReq, HttpServletRequest request) {
   if (authReq.getClient().isSkipConsent()) {
     // return the scopes in the authentication request since the requested scopes are stored in
     // the
     // authorizationRequest.
     authReq.setGrantedScopes(authReq.getRequestedScopes());
   } else {
     String[] scopes = (String[]) request.getAttribute(AbstractUserConsentHandler.GRANTED_SCOPES);
     if (!ArrayUtils.isEmpty(scopes)) {
       authReq.setGrantedScopes(Arrays.asList(scopes));
     } else {
       authReq.setGrantedScopes(null);
     }
   }
 }
예제 #7
0
 private AuthorizationRequest refreshTokenToken(AccessTokenRequest accessTokenRequest) {
   AccessToken accessToken =
       accessTokenRepository.findByRefreshToken(accessTokenRequest.getRefreshToken());
   if (accessToken == null) {
     throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_REFRESH_TOKEN);
   }
   AuthorizationRequest request = new AuthorizationRequest();
   request.setClient(accessToken.getClient());
   request.setPrincipal(accessToken.getPrincipal());
   request.setGrantedScopes(accessToken.getScopes());
   accessTokenRepository.delete(accessToken);
   return request;
 }
예제 #8
0
  private AuthorizationRequest passwordToken(AccessTokenRequest accessTokenRequest) {
    // Authenticate the resource owner
    AuthenticatedPrincipal principal =
        resourceOwnerAuthenticator.authenticate(
            accessTokenRequest.getUsername(), accessTokenRequest.getPassword());
    if (principal == null) {
      throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_PASSWORD);
    }

    AuthorizationRequest request = new AuthorizationRequest();
    request.setClient(accessTokenRequest.getClient());
    request.setPrincipal(principal);
    request.setGrantedScopes(accessTokenRequest.getScopeList());
    return request;
  }
예제 #9
0
 private Response sendImplicitGrantResponse(
     AuthorizationRequest authReq, AccessToken accessToken) {
   String uri = authReq.getRedirectUri();
   String fragment =
       String.format(
               "access_token=%s&token_type=bearer&expires_in=%s&scope=%s",
               accessToken.getToken(),
               accessToken.getExpiresIn(),
               StringUtils.join(authReq.getGrantedScopes(), ','))
           + appendStateParameter(authReq);
   if (authReq.getClient().isIncludePrincipal()) {
     fragment += String.format("&principal=%s", authReq.getPrincipal().getDisplayName());
   }
   return Response.seeOther(UriBuilder.fromUri(uri).fragment(fragment).build())
       .cacheControl(cacheControlNoStore())
       .header("Pragma", "no-cache")
       .build();
 }
예제 #10
0
 private AccessToken createAccessToken(AuthorizationRequest request, boolean isImplicitGrant) {
   Client client = request.getClient();
   long expireDuration = client.getExpireDuration();
   long expires =
       (expireDuration == 0L ? 0L : (System.currentTimeMillis() + (1000 * expireDuration)));
   String refreshToken =
       (client.isUseRefreshTokens() && !isImplicitGrant) ? getTokenValue(true) : null;
   AuthenticatedPrincipal principal = request.getPrincipal();
   AccessToken token =
       new AccessToken(
           getTokenValue(false),
           principal,
           client,
           expires,
           request.getGrantedScopes(),
           refreshToken);
   return accessTokenRepository.save(token);
 }