protected void saveAccessToken(ServerAccessToken serverToken) {
getEntityManager().getTransaction().begin();
List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
for (OAuthPermission perm : serverToken.getScopes()) {
OAuthPermission permSaved =
getEntityManager().find(OAuthPermission.class, perm.getPermission());
if (permSaved != null) {
perms.add(permSaved);
} else {
getEntityManager().persist(perm);
perms.add(perm);
}
}
serverToken.setScopes(perms);
UserSubject sub =
getEntityManager().find(UserSubject.class, serverToken.getSubject().getLogin());
if (sub == null) {
getEntityManager().persist(serverToken.getSubject());
} else {
sub = getEntityManager().merge(serverToken.getSubject());
serverToken.setSubject(sub);
}
getEntityManager().persist(serverToken);
getEntityManager().getTransaction().commit();
}
@POST
public void updateCalendar(
@FormParam("hour") int hour, @FormParam("description") String description) {
// This permission check can be done in a custom filter; it can be simpler to do
// in the actual service code if the context data (such as an hour in this case)
// are not available in the request URI but in the message payload
OAuthContext oauth = getOAuthContext();
List<OAuthPermission> perms = oauth.getPermissions();
boolean checkPassed = false;
for (OAuthPermission perm : perms) {
if (perm.getPermission().startsWith(OAuthConstants.UPDATE_CALENDAR_SCOPE)) {
int authorizedHour =
Integer.valueOf(
perm.getPermission().substring(OAuthConstants.UPDATE_CALENDAR_SCOPE.length()));
if (authorizedHour == 24 || authorizedHour == hour) {
checkPassed = true;
}
}
}
if (!checkPassed) {
throw new WebApplicationException(403);
}
// end of the check
Calendar calendar = getUserCalendar();
calendar.getEntry(hour).setEventDescription(description);
}
private static String tokenizeServerToken(ServerAccessToken token) {
StringBuilder state = new StringBuilder();
// 0: key
state.append(tokenizeString(token.getTokenKey()));
// 1: type
state.append(SEP);
state.append(tokenizeString(token.getTokenType()));
// 2: expiresIn
state.append(SEP);
state.append(token.getExpiresIn());
// 3: issuedAt
state.append(SEP);
state.append(token.getIssuedAt());
// 4: client id
state.append(SEP);
state.append(tokenizeString(token.getClient().getClientId()));
// 5: refresh token
state.append(SEP);
state.append(tokenizeString(token.getRefreshToken()));
// 6: grant type
state.append(SEP);
state.append(tokenizeString(token.getGrantType()));
// 7: audience
state.append(SEP);
state.append(tokenizeString(token.getAudience()));
// 8: other parameters
state.append(SEP);
// {key=value, key=value}
state.append(token.getParameters().toString());
// 9: permissions
state.append(SEP);
if (token.getScopes().isEmpty()) {
state.append(" ");
} else {
for (OAuthPermission p : token.getScopes()) {
// 9.1
state.append(tokenizeString(p.getPermission()));
state.append(".");
// 9.2
state.append(tokenizeString(p.getDescription()));
state.append(".");
// 9.3
state.append(p.isDefault());
state.append(".");
// 9.4
state.append(p.getHttpVerbs().toString());
state.append(".");
// 9.5
state.append(p.getUris().toString());
}
}
state.append(SEP);
// 10: user subject
tokenizeUserSubject(state, token.getSubject());
return state.toString();
}
private static ServerAccessToken recreateAccessToken(
OAuthDataProvider provider, String newTokenKey, String[] parts) {
@SuppressWarnings("serial")
final ServerAccessToken newToken =
new ServerAccessToken(
provider.getClient(parts[4]),
parts[1],
newTokenKey == null ? parts[0] : newTokenKey,
Long.valueOf(parts[2]),
Long.valueOf(parts[3])) {
//
};
newToken.setRefreshToken(getStringPart(parts[5]));
newToken.setGrantType(getStringPart(parts[6]));
newToken.setAudience(getStringPart(parts[7]));
newToken.setParameters(parseSimpleMap(parts[8]));
// Permissions
if (!parts[9].trim().isEmpty()) {
List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
String[] allPermParts = parts[9].split("&");
for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i + 1]);
perm.setDefault(Boolean.valueOf(allPermParts[i + 2]));
perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
perm.setUris(parseSimpleList(allPermParts[i + 4]));
perms.add(perm);
}
newToken.setScopes(perms);
}
// UserSubject:
newToken.setSubject(recreateUserSubject(parts[10]));
return newToken;
}
