private void validateSession() throws JasDBStorageException { if(session == null || !sessionManager.sessionValid(session.getSessionId())) { throw new JasDBSecurityException("Unable to change security principals, not logged in or session expired"); } } }
@RequestMapping(method = RequestMethod.POST, value = "/token", produces = "application/json", consumes = "application/json") public @ResponseBody ResponseEntity<String> getToken(HttpServletRequest request) { if(request.isSecure()) { try { String clientId = request.getParameter("client_id"); String clientSecret = request.getParameter("client_secret"); LOG.debug("Client: {} host: {}", clientId, request.getRemoteHost()); UserSession session = sessionManager.startSession(new BasicCredentials(clientId, request.getRemoteHost(), clientSecret)); LOG.debug("Loaded session: {}", session); String responseMessage = String.format(GRANT_VALID, session.getAccessToken(), session.getSessionId(), "jasdb", 3600); return new ResponseEntity<>(responseMessage, HttpStatus.OK); } catch(JasDBSecurityException e) { return getErrorResponse("Invalid credentials"); } catch(JasDBStorageException e) { return getErrorResponse("Unknown error"); } } else { return getErrorResponse("Insecure connection"); } }
if(context.getUserSession() != null) { urlConnection.setRequestProperty("oauth_token", context.getUserSession().getAccessToken()); urlConnection.setRequestProperty("sessionid", context.getUserSession().getSessionId());
public SecureUserSession(UserSession userSession) { this.sessionId = userSession.getSessionId(); this.user = userSession.getUser(); this.encryptedContentKey = userSession.getEncryptedContentKey(); try { CryptoEngine cryptoEngine = CryptoFactory.getEngine(); accessTokenHash = cryptoEngine.hash(sessionId, userSession.getAccessToken()); } catch(JasDBSecurityException e) { throw new RuntimeJasDBException("Unable to hash token", e); } }
@Override protected void authenticate(Credentials credentials) throws JasDBStorageException { if(credentials != null) { TokenConnector tokenConnector = RemoteConnectorFactory.createConnector(getNodeInformation(), TokenConnector.class); UserSession session = tokenConnector.loadSession(credentials.getUsername(), credentials.getPassword()); if(StringUtils.stringNotEmpty(session.getAccessToken()) && StringUtils.stringNotEmpty(session.getSessionId())) { context = new RemotingContext(true); context.setUserSession(session); LOG.debug("Token: {} session: {}", session.getAccessToken(), session.getSessionId()); } else { throw new JasDBSecurityException("Unable to obtain access token to service"); } } else { context = new RemotingContext(true); } }