/** * Creates a new {@link OAuth2Token} from the given {@code accessToken}. */ public static OAuth2Token of(String accessToken) { return new OAuth2Token(accessToken); }
@Nullable @Override public OAuth2Token apply(HttpHeaders headers) { final String authorization = headers.get(header); if (Strings.isNullOrEmpty(authorization)) { return null; } final Matcher matcher = AUTHORIZATION_HEADER_PATTERN.matcher(authorization); if (!matcher.matches()) { logger.warn("Invalid authorization header: " + authorization); return null; } return OAuth2Token.of(matcher.group("accessToken")); } }
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) { final OAuth2Token token = AuthTokenExtractors.OAUTH2.apply(data.headers()); if (token != null && CsrfToken.ANONYMOUS.equals(token.accessToken())) { AuthUtil.setCurrentUser(ctx, User.ADMIN); return CompletableFuture.completedFuture(true); } else { return CompletableFuture.completedFuture(false); } } }
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) { final OAuth2Token token = AuthTokenExtractors.OAUTH2.apply(data.headers()); if (token != null && CsrfToken.ANONYMOUS.equals(token.accessToken())) { AuthUtil.setCurrentUser(ctx, User.ADMIN); return CompletableFuture.completedFuture(true); } else { return CompletableFuture.completedFuture(false); } } }
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) { final OAuth2Token token = AuthTokenExtractors.OAUTH2.apply(data.headers()); if (token != null && CsrfToken.ANONYMOUS.equals(token.accessToken())) { AuthenticationUtil.setCurrentUser(ctx, User.ADMIN); return CompletableFuture.completedFuture(true); } else { return CompletableFuture.completedFuture(false); } } }
@Override public HttpResponse serve(ServiceRequestContext ctx, HttpRequest req) throws Exception { return HttpResponse.from(CompletableFuture.supplyAsync(() -> { final AggregatedHttpMessage msg = req.aggregate().join(); final String sessionId = AuthTokenExtractors.OAUTH2.apply(msg.headers()).accessToken(); if (!WRONG_SESSION_ID.equals(sessionId)) { logoutSessionPropagator.apply(sessionId).join(); } return HttpResponse.of(HttpStatus.OK); }, ctx.blockingTaskExecutor())); } }
@Override protected HttpResponse doPost(ServiceRequestContext ctx, HttpRequest req) throws Exception { return HttpResponse.from( req.aggregate() .thenApply(msg -> AuthTokenExtractors.OAUTH2.apply(msg.headers())) .thenCompose(token -> { final String sessionId = token.accessToken(); return executor.execute(Command.removeSession(sessionId)); }) .thenApply(unused -> HttpResponse.of(HttpStatus.OK)) .exceptionally(cause -> HttpApiUtil.newResponse(ctx, HttpStatus.INTERNAL_SERVER_ERROR, cause))); } }
@Override protected HttpResponse doPost(ServiceRequestContext ctx, HttpRequest req) throws Exception { return HttpResponse.from( req.aggregate() .thenApply(msg -> AuthTokenExtractors.OAUTH2.apply(msg.headers())) .thenCompose(token -> { final String sessionId = token.accessToken(); return executor.execute(Command.removeSession(sessionId)); }) .thenApply(unused -> HttpResponse.of(HttpStatus.OK)) .exceptionally(cause -> HttpApiUtil.newResponse(ctx, HttpStatus.INTERNAL_SERVER_ERROR, cause))); } }
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) { final OAuth2Token token = AuthTokenExtractors.OAUTH2.apply(data.headers()); if (token == null || !Tokens.isValidSecret(token.accessToken())) { return completedFuture(false); tokenLookupFunc.apply(token.accessToken()) .thenAccept(appToken -> { if (appToken != null && appToken.isActive()) { if (!(cause instanceof IllegalArgumentException)) { logger.warn("Application token authorization failed: {}", token.accessToken(), cause);
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) { final OAuth2Token token = AuthTokenExtractors.OAUTH2.apply(data.headers()); if (token == null) { return completedFuture(false); } return sessionManager.get(token.accessToken()) .thenApply(session -> { if (session == null) { return false; } final String username = session.username(); final List<String> roles = administrators.contains(username) ? LEVEL_ADMIN : LEVEL_USER; final User user = new User(username, roles); AuthUtil.setCurrentUser(ctx, user); return true; }); } }
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) { final OAuth2Token token = AuthTokenExtractors.OAUTH2.apply(data.headers()); if (token == null || !Tokens.isValidSecret(token.accessToken())) { return completedFuture(false); tokenLookupFunc.apply(token.accessToken()) .thenAccept(appToken -> { if (appToken != null && appToken.isActive()) { if (!(cause instanceof IllegalArgumentException)) { logger.warn("Application token authorization failed: {}", token.accessToken(), cause);
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) { final OAuth2Token token = AuthTokenExtractors.OAUTH2.apply(data.headers()); if (token == null) { return completedFuture(false); } return sessionManager.get(token.accessToken()) .thenApply(session -> { if (session == null) { return false; } final String username = session.username(); final List<String> roles = administrators.contains(username) ? LEVEL_ADMIN : LEVEL_USER; final User user = new User(username, roles); AuthUtil.setCurrentUser(ctx, user); return true; }); } }
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, HttpRequest data) { final OAuth2Token token = AuthTokenExtractors.OAUTH2.apply(data.headers()); if (token == null || !Tokens.isValidSecret(token.accessToken())) { return completedFuture(false); tokenLookupFunc.apply(token.accessToken()) .thenAccept(appToken -> { if (appToken != null && appToken.isActive()) { if (!(cause instanceof IllegalArgumentException)) { logger.warn("Application token authorization failed: {}", token.accessToken(), cause);
final String sessionId = token.accessToken(); boolean isAuthenticated = false; try {
final String sessionId = token.accessToken();
final String sessionId = token.accessToken();