Package org.fluxtream.core.domain.oauth2

Examples of org.fluxtream.core.domain.oauth2.Application


    @Override
    public Application getApplicationForToken(final AuthorizationToken token) {
        final AuthorizationCode authorizationCode = em.find(AuthorizationCode.class, token.authorizationCodeId);
        if (authorizationCode!=null) {
            Application application = em.find(Application.class, authorizationCode.applicationId);
            return application;
        }
        return null;
    }
View Full Code Here


            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Attempt to get the third-party.
        Application application = oAuth2MgmtService.getApplicationForClientId(oauthRequest.getClientId());
        // If the third-party is unknown, reject the request.
        if (application == null) {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).setError
                    (OAuthError.CodeResponse.INVALID_REQUEST).setErrorDescription(
                        "The client ID is unknown: " + oauthRequest.getClientId()
            ).setState(oauthRequest.getState()).buildJSONMessage();

            // Set the status and return the error message.
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Create the temporary code to be granted or rejected by the user.
        AuthorizationCode code = oAuth2MgmtService.issueAuthorizationCode(application.getId(),
                                                                          oauthRequest.getScopes(),
                                                                          oauthRequest.getState());

        // Set the redirect.
        response.sendRedirect(OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND)
View Full Code Here

            // Return the error message.
            return oauthResponse.getBody();
        }

        // Attempt to get the client.
        Application application = oAuth2MgmtService.getApplicationForClientId(oauthRequest.getClientId());
        // If the client is unknown, respond as such.
        if (application == null) {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setError(OAuthError.TokenResponse.INVALID_CLIENT)
                    .setErrorDescription("The client is unknown: " + oauthRequest.getClientId())
                    .buildJSONMessage();

            // Set the status and return the error message.
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Get the given client secret.
        String applicationSecret = oauthRequest.getClientSecret();
        if (applicationSecret == null) {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setError(OAuthError.TokenResponse.INVALID_CLIENT)
                    .setErrorDescription("The client secret is required.")
                    .buildJSONMessage();

            // Set the status and return the error message.
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }
        // Make sure the client gave the right secret.
        else if (!applicationSecret.equals(application.sharedSecret)) {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setError(OAuthError.TokenResponse.INVALID_CLIENT)
                    .setErrorDescription("The client secret is incorrect.")
                    .buildJSONMessage();

            // Set the status and return the error message.
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Get the grant-type.
        GrantType grantType;
        String grantTypeString = oauthRequest.getGrantType();
        if (GrantType.AUTHORIZATION_CODE.toString().equals(grantTypeString)) {
            grantType = GrantType.AUTHORIZATION_CODE;
        }
        else if (GrantType.CLIENT_CREDENTIALS.toString().equals(grantTypeString)) {
            grantType = GrantType.CLIENT_CREDENTIALS;
        }
        else if (GrantType.PASSWORD.toString().equals(grantTypeString)) {
            grantType = GrantType.PASSWORD;
        }
        else if (GrantType.REFRESH_TOKEN.toString().equals(grantTypeString)) {
            grantType = GrantType.REFRESH_TOKEN;
        }
        else {
            // Create the OAuth response.
            OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                    .setError(OAuthError.TokenResponse.INVALID_GRANT)
                    .setErrorDescription("The grant type is unknown: " + grantTypeString)
                    .buildJSONMessage();
            // Set the status and return the error message.
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Handle the different types of token requests.
        AuthorizationToken token;
        if (GrantType.AUTHORIZATION_CODE.equals(grantType)) {
            // Attempt to get the code.
            String codeString = oauthRequest.getCode();
            if (codeString == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("An authorization code must be given to be exchanged  for an authorization token.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Attempt to lookup the actual AuthorizationCode object.
            AuthorizationCode code = oAuth2MgmtService.getCode(codeString);
            // If the code doesn't exist, reject the request.
            if (code == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The given authorization code is unknown: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Verify that the client asking for a token is the same as the one
            // that requested the code.
            if (code.applicationId != application.getId()) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("This client is not allowed to reference this code: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // If the code has expired, reject the request.
            if (System.currentTimeMillis() > code.expirationTime) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The given authorization code has expired: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Use the code to lookup the response information and error out if
            // a user has not yet verified it.
            AuthorizationCodeResponse codeResponse = oAuth2MgmtService.getResponse(code.code);
            if (codeResponse == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("A user has not yet verified the code: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Determine if the user granted access and, if not, error out.
            if (!codeResponse.granted) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The user denied the authorization: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Create a new token.
            token = new AuthorizationToken(codeResponse);
        }
        // Handle a third-party refreshing an existing token.
        else if (GrantType.REFRESH_TOKEN.equals(grantType)) {
            // Get the refresh token from the request.
            String refreshToken = oauthRequest.getRefreshToken();
            if (refreshToken == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("A refresh token must be given to be exchanged for a new authorization token.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }
            // Use the refresh token to lookup the actual refresh token.
            AuthorizationToken currentToken = oAuth2MgmtService.getTokenFromRefreshToken(refreshToken);
            if (currentToken == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The refresh token is unknown.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Verify that the client asking for a token is the same as the one
            // that was issued the refresh token.
            // This is probably a very serious offense and should probably
            // raise some serious red flags!
            if (!oAuth2MgmtService.getApplicationForToken(currentToken).getId().equals(application.getId())) {

                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("This token does not belong to this client.")
View Full Code Here

    @Path("/{uid}")
    @Produces({ MediaType.APPLICATION_JSON })
    public Response getApplication(@PathParam("uid") String uid) throws IOException {
        final long guestId = AuthHelper.getGuestId();
        try {
            final Application app = partnerAppsService.getApplication(guestId, uid);
            if (app!=null) {
                return Response.ok(mapper.writeValueAsString(new ApplicationModel(app))).build();
            } else {
                return Response.status(Response.Status.BAD_REQUEST).entity("No such application: " + uid).build();
            }
View Full Code Here

    public Response register(@PathParam("appSecret") final String appSecret,
                             @FormParam("email") final String email,
                             @FormParam("username") final String username,
                             @FormParam("firstname") final String firstname,
                             @FormParam("lastname") final String lastname) throws IOException {
        final Application application = partnerAppsService.getApplication(appSecret);
        if (application==null)
            return Responses.notFound().build();
        if (!application.registrationAllowed)
            return Response.status(Response.Status.FORBIDDEN).build();
        try {
            final Guest guest = guestService.createGuest(username, firstname, lastname, null, email, Guest.RegistrationMethod.REGISTRATION_METHOD_API, application.uid);
            final AuthorizationToken authorizationToken = oAuth2MgmtService.issueAuthorizationToken(guest.getId(), application.getId());
            TechnicalAuthorizationTokenModel authorizationTokenModel = new TechnicalAuthorizationTokenModel(authorizationToken, guest);
            final String json = (new ObjectMapper()).writeValueAsString(authorizationTokenModel);
            return Response.ok(json).build();
        } catch (UsernameAlreadyTakenException e) {
            return Response.status(Response.Status.BAD_REQUEST).entity("This username is already taken").build();
View Full Code Here

    }

    @Override
    @Transactional(readOnly=false)
    public AuthorizationCode issueAuthorizationCode(final Long id, final Set<String> scopes, final String state) {
        AuthorizationCode code = new AuthorizationCode(id, scopes, state);
        em.persist(code);
        return code;
    }
View Full Code Here

        return null;
    }

    @Override
    public AuthorizationCodeResponse getResponse(final String code) {
        AuthorizationCode authCode = getCode(code);
        if (authCode==null)
            return null;
        final TypedQuery<AuthorizationCodeResponse> query = em.createQuery(
                "SELECT authorizationCodeResponse FROM AuthorizationCodeResponse authorizationCodeResponse " +
                "WHERE authorizationCodeResponse.authorizationCodeId=?", AuthorizationCodeResponse.class);
        query.setParameter(1, authCode.getId());
        final List<AuthorizationCodeResponse> resultList = query.getResultList();
        if (resultList.size()>0)
            return resultList.get(0);
        return null;
    }
View Full Code Here

    @Override
    @Transactional(readOnly=false)
    public AuthorizationToken issueAuthorizationToken(long guestId, long applicationId)
    {
        AuthorizationCode code = new AuthorizationCode(guestId, null, null);
        code.applicationId = applicationId;
        em.persist(code);
        AuthorizationToken token = new AuthorizationToken(guestId);
        token.authorizationCodeId = code.getId();
        em.persist(token);
        return token;
    }
View Full Code Here

                        "WHERE authorizationToken.guestId=?", AuthorizationToken.class);
        query.setParameter(1, guestId);
        final List<AuthorizationToken> resultList = query.getResultList();
        final List<AuthorizationTokenModel> tokenModels = new ArrayList<AuthorizationTokenModel>();
        for (AuthorizationToken authorizationToken : resultList) {
            AuthorizationCode authCode = em.find(AuthorizationCode.class, authorizationToken.authorizationCodeId);
            Application application = em.find(Application.class, authCode.applicationId);
            AuthorizationTokenModel tokenModel = new AuthorizationTokenModel(authorizationToken.accessToken,
                    application.name, application.organization, application.website, authCode.creationTime);
            tokenModels.add(tokenModel);
        }
View Full Code Here

        query.executeUpdate();
    }

    @Override
    public Application getApplicationForToken(final AuthorizationToken token) {
        final AuthorizationCode authorizationCode = em.find(AuthorizationCode.class, token.authorizationCodeId);
        if (authorizationCode!=null) {
            Application application = em.find(Application.class, authorizationCode.applicationId);
            return application;
        }
        return null;
View Full Code Here

TOP

Related Classes of org.fluxtream.core.domain.oauth2.Application

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.