Package org.fluxtream.core.domain.oauth2

Examples of org.fluxtream.core.domain.oauth2.AuthorizationCode


            );
            return;
        }

        // Get the response if it already exists.
        AuthorizationCodeResponse codeResponse = oAuth2MgmtService.getResponse(code);

        // If the response does not exist, attempt to create a new one and
        // save it.
        if (codeResponse == null) {
            // Create the new code.
            codeResponse = new AuthorizationCodeResponse(authCode, guest.getId(), granted);

            // Store it.
            oAuth2MgmtService.storeVerification(codeResponse);
        }
View Full Code Here


                return oauthResponse.getBody();
            }

            // Use the code to lookup the response information and error out if
            // a user has not yet verified it.
            AuthorizationCodeResponse codeResponse = oAuth2MgmtService.getResponse(code.code);
            if (codeResponse == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("A user has not yet verified the code: " + codeString)
View Full Code Here

        final HttpServletResponse response = (HttpServletResponse) res;

        try {
            String tokenValue = parseToken(request);
            if (tokenValue!=null) {
                AuthorizationToken authToken = oAuth2MgmtService.getTokenFromAccessToken(tokenValue);
                if (authToken!=null&&authToken.getExpirationIn()>0) {
                    final Guest guest = guestService.getGuestById(authToken.guestId);
                    final FlxUserDetails userDetails = new FlxUserDetails(guest);
                    PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(userDetails, authToken,
                            getAuthorities(guest));
                    authentication.setDetails(userDetails);
View Full Code Here

                final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                if (authentication instanceof PreAuthenticatedAuthenticationToken) {
                    PreAuthenticatedAuthenticationToken authToken = (PreAuthenticatedAuthenticationToken) authentication;
                    final Object credentials = authToken.getCredentials();
                    if (credentials instanceof AuthorizationToken) {
                        AuthorizationToken token = (AuthorizationToken) credentials;
                        final Application applicationForToken = oAuth2MgmtService.getApplicationForToken(token);
                        String addConnectorCallbackURL = applicationForToken.addConnectorCallbackURL;
                        if (addConnectorCallbackURL !=null) {
                            String connectorName = location.substring(location.lastIndexOf("/")+1);
                            addConnectorCallbackURL += addConnectorCallbackURL.indexOf("?")==-1
View Full Code Here

    public AuthorizationToken issueAuthorizationToken(long guestId, long applicationId)
    {
        AuthorizationCode code = new AuthorizationCode(guestId, null, null);
        code.applicationId = applicationId;
        em.persist(code);
        AuthorizationToken token = new AuthorizationToken(guestId);
        token.authorizationCodeId = code.getId();
        em.persist(token);
        return token;
    }
View Full Code Here

                "SELECT authorizationToken FROM AuthorizationToken authorizationToken " +
                        "WHERE authorizationToken.accessToken=?", AuthorizationToken.class);
        query.setParameter(1, accessToken);
        final List<AuthorizationToken> resultList = query.getResultList();
        if (resultList.size()>0) {
            final AuthorizationToken authorizationToken = resultList.get(0);
            return authorizationToken;
        }
        return null;
    }
View Full Code Here

    }

    @Override
    @Transactional(readOnly=false)
    public void revokeAccessToken(final long guestId, final String accessToken) {
        final AuthorizationToken authorizationToken = getTokenFromAccessToken(accessToken);
        if (authorizationToken.guestId!=guestId)
            throw new RuntimeException("Attempt to revoke an authorizationToken by another user");

        // erase the token's associated authorization code response, if there is one
        Query query = em.createQuery("SELECT response FROM AuthorizationCodeResponse response WHERE authorizationCodeId=?");
View Full Code Here

            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Handle the different types of token requests.
        AuthorizationToken token;
        if (GrantType.AUTHORIZATION_CODE.equals(grantType)) {
            // Attempt to get the code.
            String codeString = oauthRequest.getCode();
            if (codeString == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("An authorization code must be given to be exchanged  for an authorization token.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Attempt to lookup the actual AuthorizationCode object.
            AuthorizationCode code = oAuth2MgmtService.getCode(codeString);
            // If the code doesn't exist, reject the request.
            if (code == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The given authorization code is unknown: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Verify that the client asking for a token is the same as the one
            // that requested the code.
            if (code.applicationId != application.getId()) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("This client is not allowed to reference this code: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // If the code has expired, reject the request.
            if (System.currentTimeMillis() > code.expirationTime) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The given authorization code has expired: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Use the code to lookup the response information and error out if
            // a user has not yet verified it.
            AuthorizationCodeResponse codeResponse = oAuth2MgmtService.getResponse(code.code);
            if (codeResponse == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("A user has not yet verified the code: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Determine if the user granted access and, if not, error out.
            if (!codeResponse.granted) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The user denied the authorization: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Create a new token.
            token = new AuthorizationToken(codeResponse);
        }
        // Handle a third-party refreshing an existing token.
        else if (GrantType.REFRESH_TOKEN.equals(grantType)) {
            // Get the refresh token from the request.
            String refreshToken = oauthRequest.getRefreshToken();
            if (refreshToken == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("A refresh token must be given to be exchanged for a new authorization token.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }
            // Use the refresh token to lookup the actual refresh token.
            AuthorizationToken currentToken = oAuth2MgmtService.getTokenFromRefreshToken(refreshToken);
            if (currentToken == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The refresh token is unknown.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Verify that the client asking for a token is the same as the one
            // that was issued the refresh token.
            // This is probably a very serious offense and should probably
            // raise some serious red flags!
            if (!oAuth2MgmtService.getApplicationForToken(currentToken).getId().equals(application.getId())) {

                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("This token does not belong to this client.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Create a new authorization token from the current one.
            token = new AuthorizationToken(currentToken);
        }
        // If the grant-type is unknown, then we do not yet understand how
        // the request is built and, therefore, can do nothing more than
        // reject it via an OmhException.
        else {
View Full Code Here

            return Responses.notFound().build();
        if (!application.registrationAllowed)
            return Response.status(Response.Status.FORBIDDEN).build();
        try {
            final Guest guest = guestService.createGuest(username, firstname, lastname, null, email, Guest.RegistrationMethod.REGISTRATION_METHOD_API, application.uid);
            final AuthorizationToken authorizationToken = oAuth2MgmtService.issueAuthorizationToken(guest.getId(), application.getId());
            TechnicalAuthorizationTokenModel authorizationTokenModel = new TechnicalAuthorizationTokenModel(authorizationToken, guest);
            final String json = (new ObjectMapper()).writeValueAsString(authorizationTokenModel);
            return Response.ok(json).build();
        } catch (UsernameAlreadyTakenException e) {
            return Response.status(Response.Status.BAD_REQUEST).entity("This username is already taken").build();
View Full Code Here

TOP

Related Classes of org.fluxtream.core.domain.oauth2.AuthorizationCode

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.