Merged OAuth2 client deregistration controllers.
Change-Id: I02d12a8fb3651354f2ceb1eef6b7dafbcfd4faf6
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/ClientDeregistrationValidator.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/ClientDeregistrationValidator.java
deleted file mode 100644
index 72be70d..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/ClientDeregistrationValidator.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package de.ids_mannheim.korap.oauth2.oltu;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.utils.OAuthUtils;
-import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-
-public class ClientDeregistrationValidator extends AbstractValidator<HttpServletRequest>{
-
- public ClientDeregistrationValidator () {
- enforceClientAuthentication = true;
- }
-
- @Override
- public void validateMethod (HttpServletRequest request)
- throws OAuthProblemException {
- if (!request.getMethod().equals(OAuth.HttpMethod.DELETE)) {
- throw OAuthUtils.handleOAuthProblemException("Method not set to DELETE.");
- }
- }
-}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2DeregisterClientRequest.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2DeregisterClientRequest.java
deleted file mode 100644
index 3da0c02..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2DeregisterClientRequest.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package de.ids_mannheim.korap.oauth2.oltu;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.oltu.oauth2.as.request.OAuthRequest;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
-import org.apache.oltu.oauth2.common.utils.OAuthUtils;
-import org.apache.oltu.oauth2.common.validators.OAuthValidator;
-
-public class OAuth2DeregisterClientRequest extends OAuthRequest {
-
- public OAuth2DeregisterClientRequest (HttpServletRequest request)
- throws OAuthSystemException, OAuthProblemException {
- super(request);
- }
-
- @Override
- protected OAuthValidator<HttpServletRequest> initValidator ()
- throws OAuthProblemException, OAuthSystemException {
- validators.put("client_deregistration",
- ClientDeregistrationValidator.class);
- final Class<? extends OAuthValidator<HttpServletRequest>> clazz =
- validators.get("client_deregistration");
- return OAuthUtils.instantiateClass(clazz);
- }
-}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
index 3ae7c54..20c6f02 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
@@ -7,7 +7,6 @@
import java.sql.SQLException;
import org.apache.commons.validator.routines.UrlValidator;
-import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@@ -163,22 +162,16 @@
}
- public void deregisterPublicClient (String clientId, String username)
- throws KustvaktException {
+ public void deregisterClient (String clientId, String clientSecret,
+ String username) throws KustvaktException {
OAuth2Client client = clientDao.retrieveClientById(clientId);
- if (adminDao.isAdmin(username)) {
- clientDao.deregisterClient(client);
+ if (client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
+ authenticateClient(clientId, clientSecret);
}
- else if (client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
- throw new KustvaktException(
- StatusCodes.CLIENT_DEREGISTRATION_FAILED,
- "Service is limited to public clients. To deregister "
- + "confidential clients, use service at path: "
- + "oauth2/client/deregister/confidential.",
- OAuth2Error.INVALID_REQUEST);
- }
- else if (client.getRegisteredBy().equals(username)) {
+
+ if (adminDao.isAdmin(username)
+ || client.getRegisteredBy().equals(username)) {
clientDao.deregisterClient(client);
}
else {
@@ -187,14 +180,6 @@
}
}
-
- public void deregisterConfidentialClient (String clientId,
- String clientSecret) throws KustvaktException {
-
- OAuth2Client client = authenticateClient(clientId, clientSecret);
- clientDao.deregisterClient(client);
- }
-
public OAuth2Client authenticateClient (String clientId,
String clientSecret) throws KustvaktException {
@@ -206,28 +191,34 @@
}
OAuth2Client client = clientDao.retrieveClientById(clientId);
- if (clientSecret == null || clientSecret.isEmpty()) {
- if (client.getSecret() != null
- || client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
+ authenticateClient(client, clientSecret);
+ return client;
+ }
+
+ public void authenticateClient (OAuth2Client client, String clientSecret)
+ throws KustvaktException {
+ if (clientSecret == null) {
+ if (client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
throw new KustvaktException(
StatusCodes.CLIENT_AUTHENTICATION_FAILED,
"Missing parameters: client_secret",
OAuth2Error.INVALID_REQUEST);
}
- else
- return client;
}
- else {
- if (client.getSecret() != null) {
- if (encryption.checkHash(clientSecret, client.getSecret(),
- config.getPasscodeSaltField())) {
- return client;
- }
+ else if (clientSecret.isEmpty()) {
+ if (client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
+ throw new KustvaktException(
+ StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+ "Missing parameters: client_secret",
+ OAuth2Error.INVALID_REQUEST);
}
}
-
- throw new KustvaktException(StatusCodes.CLIENT_AUTHENTICATION_FAILED,
- "Invalid client credentials", OAuth2Error.INVALID_CLIENT);
+ else if (!encryption.checkHash(clientSecret, client.getSecret(),
+ config.getPasscodeSaltField())) {
+ throw new KustvaktException(
+ StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+ "Invalid client credentials", OAuth2Error.INVALID_CLIENT);
+ }
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
index e4f2e72..61295e7 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
@@ -1,21 +1,17 @@
package de.ids_mannheim.korap.web.controller;
-import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
-import org.apache.oltu.oauth2.as.request.OAuthRequest;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
@@ -23,14 +19,12 @@
import de.ids_mannheim.korap.dto.OAuth2ClientDto;
import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.oauth2.oltu.OAuth2DeregisterClientRequest;
import de.ids_mannheim.korap.oauth2.service.OAuth2ClientService;
import de.ids_mannheim.korap.security.context.TokenContext;
import de.ids_mannheim.korap.web.OAuth2ResponseHandler;
import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
import de.ids_mannheim.korap.web.filter.BlockingFilter;
import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
-import de.ids_mannheim.korap.web.utils.FormRequestWrapper;
/**
@@ -82,7 +76,6 @@
OAuth2ClientJson clientJson) {
TokenContext context =
(TokenContext) securityContext.getUserPrincipal();
-
try {
return clientService.registerClient(clientJson,
context.getUsername());
@@ -94,25 +87,29 @@
/**
- * Deregisters a public client via owner authentication.
+ * Deregisters a client requires client owner authentication. For
+ * confidential clients, client authentication is also required.
*
*
* @param securityContext
* @param clientId
* the client id
+ * @param clientSecret
+ * the client secret
* @return HTTP Response OK if successful.
*/
@DELETE
- @Path("deregister/public")
+ @Path("deregister/{client_id}")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@ResourceFilters({ AuthenticationFilter.class, BlockingFilter.class })
public Response deregisterPublicClient (
@Context SecurityContext securityContext,
- @FormParam("client_id") String clientId) {
+ @PathParam("client_id") String clientId,
+ @FormParam("client_secret") String clientSecret) {
TokenContext context =
(TokenContext) securityContext.getUserPrincipal();
try {
- clientService.deregisterPublicClient(clientId,
+ clientService.deregisterClient(clientId, clientSecret,
context.getUsername());
return Response.ok().build();
}
@@ -120,39 +117,4 @@
throw responseHandler.throwit(e);
}
}
-
-
- /**
- * Deregisters confidential clients. Clients must authenticate.
- *
- * @param securityContext
- * @param request
- * @param form
- * @return
- */
- @DELETE
- @Path("deregister/confidential")
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- public Response deregisterConfidentialClient (
- @Context SecurityContext securityContext,
- @Context HttpServletRequest request,
- MultivaluedMap<String, String> form) {
- try {
- OAuthRequest oAuthRequest = new OAuth2DeregisterClientRequest(
- new FormRequestWrapper(request, form));
-
- clientService.deregisterConfidentialClient(
- oAuthRequest.getClientId(), oAuthRequest.getClientSecret());
- return Response.ok().build();
- }
- catch (KustvaktException e) {
- throw responseHandler.throwit(e);
- }
- catch (OAuthSystemException e) {
- throw responseHandler.throwit(e);
- }
- catch (OAuthProblemException e) {
- throw responseHandler.throwit(e);
- }
- }
}