@Override public void preProcess(Api api) { if(rsc.isEnabled()) { OAuthConfigImpl ac = new OAuthConfigImpl(); ac.setEnabled(true); ac.setTokenUrl(rsc.getTokenUrl()); ac.setAuthorizationUrl(rsc.getAuthorizeUrl()); ac.setFlow(SwaggerConstants.IMPLICIT); api.getConfigurator().setOAuthConfig(ac); } }
protected boolean isInternalOnly() { if(null == internalOnly) { internalOnly = null == config ? false : config.getClientId().equals(OAuth2Client.INTERNAL_CLIENT_ID); } return internalOnly; } }
@Override public State preResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { if(config.isEnabled() && config.isLogout()) { if(isLogoutFromServer(request)) { am.logoutImmediately(request, response); if(!Strings.isEmpty(config.getLogoutView())) { View view = request.getView(config.getLogoutView()); //todo: handle null view if(null != view) { view.render(request, response); return State.INTERCEPTED; } } } } return State.CONTINUE; }
@Override public State preResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { if(config.isEnabled() && config.isLogin()) { if(isRedirectBackFromServer(request)) { return handler.handleServerRedirectRequest(request, response, context); } } return State.CONTINUE; }
@Override public State preLogout(Request request, Response response, LogoutContext context) throws Throwable { if(config.isEnabled() && config.isLogout()) { if(!isLogoutFromServer(request)) { response.sendRedirect(buildRemoteLogoutUrl(request)); return State.INTERCEPTED; } } return State.CONTINUE; }
@Override public TokenInfo lookupByAccessToken(String at) { if(null == config.getTokenInfoUrl()) { throw new IllegalStateException("The tokenInfoUrl must be configured"); HttpRequest request = httpClient.request(config.getTokenInfoUrl()) .addQueryParam("access_token", at) .setMethod(HTTP.Method.GET); if(null != config.getClientId()){ request.addHeader(Headers.AUTHORIZATION, "Basic " + Base64.encode(config.getClientId()+":"+config.getClientSecret())); String desc = Objects.toString(map.get("error_description")); if(Strings.isEmpty(desc)) { log.error("Err get token info from '{}' : {} - {}", config.getTokenUrl(), response.getStatus(), content); }else { log.error("Err get token info from '{}' : {} - {}", config.getTokenUrl(), response.getStatus(), desc);
protected String buildLoginUrl(Request request) { QueryStringBuilder qs = new QueryStringBuilder(); String responseType = config.isLoginWithAccessToken() ? "code id_token" : "id_token"; qs.add(OAuth2Params.RESPONSE_TYPE, responseType); qs.add(OAuth2Params.CLIENT_ID, config.getClientId()); qs.add(OAuth2Params.REDIRECT_URI, buildClientRedirectUri(request)); qs.add(OAuth2Params.LOGOUT_URI, buildClientLogoutUri(request)); return "redirect:" + Urls.appendQueryString(config.getAuthorizeUrl(), qs.build()); }
@Override public AccessToken fetchTokenByClientCredentials(String clientId, String clientSecret) { if(null == config.getTokenUrl()) { throw new IllegalStateException("The tokenUrl must be configured"); } HttpRequest request = client.request(config.getTokenUrl()) .addFormParam("grant_type", "client_credentials"); return fetchAccessToken(request); }
protected UserPrincipal requestUserInfo(Map<String,String> params) { if(Strings.isEmpty(config.getUserInfoUrl())) { throw new IllegalStateException("The userInfoEndpointUrl must be configured when use remote authz server"); HttpRequest request = httpClient.request(config.getUserInfoUrl()); if(null != params) { params.forEach(request::addQueryParam); if(null != config.getClientId()){ request.addHeader(Headers.AUTHORIZATION, "Basic " + Base64.encode(config.getClientId()+":"+config.getClientSecret()));
@Override public State preResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { if (!config.isEnabled()) { return State.CONTINUE; for(RequestIgnore ignore : config.getIgnores()){ if(ignore.matches(request)){ return State.CONTINUE;
protected String buildRemoteLogoutUrl(Request request) { QueryStringBuilder qs = new QueryStringBuilder(); qs.add(OAuth2Params.CLIENT_ID, config.getClientId()); qs.add(OAuth2Params.POST_LOGOUT_REDIRECT_URI, buildLogoutRedirectUri(request)); return Urls.appendQueryString(config.getLogoutUrl(), qs.build()); }
protected AccessToken fetchAccessToken(HttpRequest request) { if(null != config.getClientId()){ request.addHeader(Headers.AUTHORIZATION, "Basic " + Base64.encode(config.getClientId()+":"+config.getClientSecret())); } HttpResponse response = request.send(); if(ContentTypes.APPLICATION_JSON_TYPE.isCompatible(response.getContentType())){ String content = response.getString(); log.debug("Received response : {}", content); JsonValue json = JSON.parse(content); if(!json.isMap()) { throw new OAuth2InternalServerException("Invalid response from auth server : not a json map"); }else{ Map<String, Object> map = json.asMap(); String error = (String)map.get("error"); if(Strings.isEmpty(error)) { return createAccessToken(map); }else{ throw new OAuth2InternalServerException("Auth server response error '" + error + "' : " + map.get("error_description")); } } }else{ throw new OAuth2InternalServerException("Invalid response from auth server"); } }
security.setEnabled(oauth2.config().isEnabled());
protected State handleOAuth2ServerError(Request request, Response response, OAuth2Params params) throws Throwable { if(Strings.isEmpty(config.getErrorView())) { View view = request.getView(config.getErrorView()); //todo : handle null view if(null != view) { view.render(request, response); } return State.INTERCEPTED; } return error(request, response, params.getError(), params.getErrorDescription()); }
@Override public IdToken verifyIdToken(OAuth2Params params, String token) throws TokenVerifyException { MacSigner signer = new MacSigner(config.getClientSecret()); Map<String, Object> claims = signer.verify(token); SimpleIdToken idToken = new SimpleIdToken(token); idToken.setClientId((String)claims.get(JWT.CLAIM_AUDIENCE)); idToken.setUserId((String)claims.get(JWT.CLAIM_SUBJECT)); SimpleUserPrincipal user = new SimpleUserPrincipal(); user.setId(idToken.getUserId()); user.setName((String)claims.remove("name")); user.setLoginName((String)claims.remove("login_name")); user.setProperties(claims); idToken.setUserInfo(user); idToken.setClaims(claims); return idToken; }
@Override public AccessToken verifyCode(String code) { if(null == config.getTokenUrl()) { throw new IllegalStateException("The tokenUrl must be configured"); } HttpRequest request = httpClient.request(config.getTokenUrl()) .addFormParam("grant_type", "authorization_code") .addFormParam("code", code) .setMethod(HTTP.Method.POST); return fetchAccessToken(request); }
@Override public AccessToken fetchTokenByPassword(String clientId, String clientSecret, String username, String password) { if(null == config.getTokenUrl()) { throw new IllegalStateException("The tokenUrl must be configured"); } HttpRequest request = client.request(config.getTokenUrl()) .addFormParam("grant_type", "password") .addFormParam("username",username) .addFormParam("password",password); return fetchAccessToken(request); } }
@Override public AccessToken refreshAccessToken(AccessToken old) { if(null == config.getTokenUrl()) { throw new IllegalStateException("The tokenUrl must be configured"); } HttpRequest request = httpClient.request(config.getTokenUrl()) .addFormParam("grant_type", "refresh_token") .addFormParam("refresh_token", old.getRefreshToken()) .setMethod(HTTP.Method.POST); return fetchAccessToken(request); }
public MappedAccessToken newAccessToken(String token) { if (null == config.getTokenUrl()) { throw new IllegalStateException("The tokenUrl must be configured"); } HttpRequest request = httpClient.request(config.getTokenUrl()) .addFormParam("grant_type", "token_client_credentials").addFormParam("access_token", token) .setMethod(HTTP.Method.POST); AccessToken accessToken= fetchAccessToken(request); return new MappedAccessToken(token, accessToken); }