Examples of org.restlet.ext.oauth.internal.AuthSession

org.restlet.ext.oauth.internal.AuthSession
Helper class to establish an authentication session. The session is created in the AuthorizationResource on initial OAuth request. At the moment it is not being cleaned up on the server side. The cookie that is set will get removed when the browser closes the window. @author Kristoffer Gronowski

        String sessionId = (String) getRequest().getAttributes().get(
                ClientCookieID);
        if (sessionId == null)
            sessionId = getCookies().getFirstValue(ClientCookieID);
        ConcurrentMap<String, Object> attribs = getContext().getAttributes();
        AuthSession session = (AuthSession) attribs.get(sessionId);
        String state = session.getState();
        if (state != null && state.length() > 0) {
            location.append("&state=");
            location.append(state);
        }
        session.reset();
    }

View Full Code Here

    protected void setupSession(AuthSession in, Client client,
            ResponseType flow, String redirUri, Form params) {
        getLogger().info("Base ref = " + getReference().getParentRef());


        getLogger().info("OAuth2 session = " + in);
        AuthSession session = in;


        if (session == null) {
            session = new AuthSession(getContext().getAttributes(),
                    new ScheduledThreadPoolExecutor(5));
            CookieSetting cs = new CookieSetting(ClientCookieID,
                    session.getId());
            // TODO create a secure mode setting, update all cookies
            // cs.setAccessRestricted(true);
            // cs.setSecure(true);
            getCookieSettings().add(cs);
            getLogger().info(
                    "Setting cookie in SetupSession - " + session.getId());
        }


        session.setClient(client);
        session.setAuthFlow(flow);


        if (!redirUri.equals(client.getRedirectUri())) {
            session.setDynamicCallbackURI(redirUri);
            getLogger().info("OAuth2 set dynamic callback = " + redirUri);
        }


        // Save away the state
        String state = getCookies().getFirstValue(STATE);
        if (state != null && state.length() > 0)
            session.setState(state);


        // Get scope and scope owner
        String[] scopes = parseScope(params.getFirstValue(SCOPE));
        session.setRequestedScope(scopes);
    }

View Full Code Here

        Form params = getQuery();
        String sessionId = getCookies().getFirstValue(ClientCookieID);
        getLogger().info("sessionId = " + sessionId);


        ConcurrentMap<String, Object> attribs = getContext().getAttributes();
        AuthSession session = (sessionId == null) ? null
                : (AuthSession) attribs.get(sessionId);


        // check owner:
        String scopeOwner = null;
        if (getRequest().getClientInfo().getUser() != null)
            scopeOwner = getRequest().getClientInfo().getUser().getIdentifier();
        if (scopeOwner == null && session != null)
            scopeOwner = session.getScopeOwner();
        getLogger().info("OWNER - " + scopeOwner);
        if (scopeOwner == null) {
            sendError(sessionId, OAuthError.INVALID_REQUEST,
                    params.getFirstValue(STATE), "No Scope Owner", null);
            return getResponseEntity();
        }


        // check clientId:
        String clientId = params.getFirstValue(CLIENT_ID);
        if (clientId == null || clientId.length() < 1) {
            sendError(sessionId, OAuthError.INVALID_REQUEST,
                    params.getFirstValue(STATE),
                    "No client_id parameter found.", null);
            getLogger().info("Could not find client ID");
            return getResponseEntity();
        }
        Client client = clients.findById(clientId);
        getLogger().info("Client = " + client);
        if (client == null) {
            // client = clients.createClient(clientId, redirUri);
            sendError(sessionId, OAuthError.INVALID_CLIENT,
                    params.getFirstValue(STATE),
                    "Need to register the client : " + clientId, null);
            getLogger().info("Need to register the client : " + clientId);
            return getResponseEntity();
        }
        getLogger().info("CLIENT ID - " + clientId);


        // check redir:
        String redirUri = params.getFirstValue(REDIR_URI);
        if (redirUri == null || redirUri.length() == 0) {
            sendError(sessionId, OAuthError.INVALID_REQUEST,
                    params.getFirstValue(STATE),
                    "No redirect_uri parameter found.", null);
            getLogger().info("No mandatory redirect URI provided");
            return getResponseEntity();
        }
        if (!redirUri.startsWith(client.getRedirectUri())) {
            sendError(sessionId, OAuthError.REDIRECT_URI_MISMATCH,
                    params.getFirstValue(STATE),
                    "Callback URI does not match.", null);
            getLogger().info("Callback URI does not match.");
            return getResponseEntity();
        }
        getLogger().info("CLIENT ID - " + clientId);


        // check response type:
        String typeString = params.getFirstValue(RESPONSE_TYPE);
        ResponseType type = null;
        try {
            type = Enum.valueOf(ResponseType.class, typeString);
            getLogger().info("Found flow - " + type);
            if (!Method.GET.equals(getMethod()))
                setStatus(Status.CLIENT_ERROR_METHOD_NOT_ALLOWED);
        } catch (IllegalArgumentException iae) {
            sendError(sessionId, OAuthError.UNSUPPORTED_RESPONSE_TYPE,
                    params.getFirstValue(STATE), "Unsupported flow", null);
            getLogger().log(Level.WARNING, "Error in execution.", iae);
        } catch (NullPointerException npe) {
            sendError(sessionId, OAuthError.INVALID_REQUEST,
                    params.getFirstValue(STATE),
                    "No response_type parameter found.", null);
        }
        getLogger().info("RESPONSE TYPE - " + type);


        // setup session if needed:
        if (session != null)
            getLogger().info("client = " + session.getClient());
        else { // cleanup old cookie...and setup session
            getCookieSettings().removeAll(ClientCookieID);
        }
        if (session == null) {
            getLogger().info("Setting ClientCookieID");
            session = new AuthSession(getContext().getAttributes(),
                    new ScheduledThreadPoolExecutor(5));
            CookieSetting cs = new CookieSetting(ClientCookieID,
                    session.getId());
            // TODO create a secure mode setting, update all cookies
            // cs.setAccessRestricted(true);
            // cs.setSecure(true);
            getCookieSettings().add(cs);
            getLogger().info("Setting cookie - " + session.getId());
        }
        setupSession(session, client, type, redirUri, params);
        session.setScopeOwner(scopeOwner);


        return doPostAuthenticate(session, client);
    }

View Full Code Here

            sessionId = getCookies().getFirstValue(ClientCookieID);


        // getLogger().info("This is sessionId: "+sessionId);
        // getLogger().info("This is sessionId: "+getRequest().getAttributes().get(ClientCookieID));
        ConcurrentMap<String, Object> attribs = getContext().getAttributes();
        AuthSession session = (sessionId == null) ? null
                : (AuthSession) attribs.get(sessionId);


        if ("Reject".equals(action)) {
            setStatus(Status.CLIENT_ERROR_FORBIDDEN);
            sendError(session, OAuthError.ACCESS_DENIED, session.getState(),
                    "Rejected.", null);
            getLogger().info("Rejected.");
            return;
        }
        getLogger().info("Accepting scopes - in handleAction");
        Client client = session.getClient();
        String id = session.getScopeOwner();


        String redirUrl = session.getDynamicCallbackURI();
        getLogger().info("OAuth2 get dynamic callback = " + redirUrl);
        if (redirUrl == null || redirUrl.length() == 0)
            redirUrl = client.getRedirectUri();


        String location = null;
        ResponseType flow = session.getAuthFlow();
        if (flow.equals(ResponseType.token)) {
            location = generateAgentToken(id, client, redirUrl);
        } else if (flow.equals(ResponseType.code)) {
            location = generateCode(id, client, redirUrl);
        }


        // Following scopes were approved
        AuthenticatedUser user = client.findUser(session.getScopeOwner());
        if (user == null) {
            setStatus(Status.CLIENT_ERROR_NOT_FOUND, "Can't find User id : "
                    + session.getScopeOwner());
        }


        // clear scopes.... if user wants to downgrade
        user.revokeRoles();


        // TODO compare scopes and add an error if some were not approved.
        // Scope parameter should be appended only if different.


        for (String s : scopes) {
            getLogger().info("Adding scope = " + s + " to user = " + id);
            user.addRole(Scopes.toRole(s), "");
        }


        String state = session.getState();
        if (state != null && state.length() > 0) {
            // Setting state information back.
            Reference stateful = new Reference(location);
            stateful.addQueryParameter(OAuthServerResource.STATE, state);
            location = stateful.toString();
        }
        // Reset the state
        session.setState(null);
        // Save the user if using DB
        user.persist();


        redirectTemporary(location);
    }

View Full Code Here

TOP

Related Classes of org.restlet.ext.oauth.internal.AuthSession

org.restlet.ext.oauth.AuthorizationServerResource

org.restlet.ext.oauth.AuthPageServerResource

org.restlet.ext.oauth.OAuthServerResource

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.