Package com.ibm.sbt.security.authentication.oauth.consumer.servlet

Source Code of com.ibm.sbt.security.authentication.oauth.consumer.servlet.OA2Callback

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/*
* © Copyright IBM Corp. 2012
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.ibm.sbt.security.authentication.oauth.consumer.servlet;

import java.io.IOException;
import java.text.MessageFormat;
import java.util.logging.Logger;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.ibm.commons.runtime.Context;
import com.ibm.commons.util.profiler.Profiler;
import com.ibm.commons.util.profiler.ProfilerAggregator;
import com.ibm.commons.util.profiler.ProfilerType;
import com.ibm.sbt.core.configuration.Configuration;
import com.ibm.sbt.security.authentication.oauth.consumer.AccessToken;
import com.ibm.sbt.security.authentication.oauth.consumer.OAuth2Handler;
import com.ibm.sbt.security.credential.store.CredentialStore;
import com.ibm.sbt.security.credential.store.CredentialStoreFactory;
import com.ibm.sbt.service.core.handlers.AbstractServiceHandler;
import com.ibm.sbt.services.util.AnonymousCredentialStore;

/**
* Callback servlet for OAuth2.0 Dance
*
* @author mkataria
*/
public class OA2Callback extends AbstractServiceHandler {

  public static final String URL_PATH = "oauth20_cb";
  private static final ProfilerType profilerAcquireToken = new ProfilerType("OAuth2.0: Acquire a token from the service"); //$NON-NLS-1$
  OAuth2Handler oAuthHandler;
 
  private static final String sourceClass = OA2Callback.class.getName();
  private static final Logger logger = Logger.getLogger(sourceClass);

  @Override
  public void doGet(HttpServletRequest request, HttpServletResponse resp) throws ServletException, IOException {
     Context context = Context.get();
    OAuth2Handler oAuthHandler = (OAuth2Handler)context.getSessionMap().get(Configuration.OAUTH2_HANDLER);
    if (oAuthHandler == null) {
        // this can happen if you access the application using a different hostname
        // to the one registered as the OAuth2.0 redirect URI
        StringBuffer requestUrl = request.getRequestURL();
        String msg = "Unable to retrieve OAuth2.0 handler for redirect request to {0}. Please check you are accessing the application using the same hostname used in the OAuth 2.0 redirect URI.";
        logger.info(MessageFormat.format(msg, requestUrl));
        return;
    }
   
    String authcode = extractAuthorizationToken(request);
    oAuthHandler.setAuthorization_code(authcode);
    try {
      oAuthHandler.getAccessTokenForAuthorizedUser(); // This retrieves and sets all authentication information in OAuth2Handler
      AccessToken token = oAuthHandler.createToken(oAuthHandler.getAppId(),oAuthHandler.getServiceName());
            // Store the new key
      oAuthHandler.setAccessTokenObject(token);
          if(!context.isCurrentUserAnonymous()) {
            CredentialStore credStore = CredentialStoreFactory.getCredentialStore(oAuthHandler.getCredentialStore());
            if(credStore!=null) {
              credStore.store(oAuthHandler.getServiceName(), OAuth2Handler.ACCESS_TOKEN_STORE_TYPE, context.getCurrentUserId(), token);
              }
            } else {
              // Store the token for anonymous user
              AnonymousCredentialStore.storeCredentials(context, token, oAuthHandler.getAppId(), oAuthHandler.getServiceName());
            }
      Context.get().sendRedirect(oAuthHandler.getApplicationPage());
    } catch (Exception e) {
      e.printStackTrace();
    }
    }
  
   private String extractAuthorizationToken(HttpServletRequest request){
     if (Profiler.isEnabled()) {
              ProfilerAggregator agg = Profiler.startProfileBlock(profilerAcquireToken, "");
              long ts = Profiler.getCurrentTime();
              try {
                  return _extractAuthorizationToken(request);
              } finally {
                  Profiler.endProfileBlock(agg, ts);
              }
          } else {
              return _extractAuthorizationToken(request);
          }
   }
  
   private String _extractAuthorizationToken(HttpServletRequest request){
     return request.getParameter("code");
   }
  

}
TOP

Related Classes of com.ibm.sbt.security.authentication.oauth.consumer.servlet.OA2Callback

  • com.ibm.commons.runtime.Context
  • com.ibm.commons.util.profiler.ProfilerAggregator
  • com.ibm.sbt.security.authentication.oauth.consumer.AccessToken
  • com.ibm.sbt.security.authentication.oauth.consumer.OAuth2Handler
  • com.ibm.sbt.security.credential.store.CredentialStore
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.