Remove Oltu request and validator implementations (#650)
Change-Id: I290f5db8c1c0238b955c0a062340e208ba60ff05
diff --git a/full/Changes b/full/Changes
index b31f263..88bd821 100644
--- a/full/Changes
+++ b/full/Changes
@@ -19,6 +19,7 @@
- Removed OpenID
- Fixed clearing cache
- Updated token response using Nimbus (#650)
+- Remove Oltu request and validator implementations (#650)
# version 0.71
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2AuthorizationRequest.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2AuthorizationRequest.java
deleted file mode 100644
index 6f24d79..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2AuthorizationRequest.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package de.ids_mannheim.korap.oauth2.oltu;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
-import org.apache.oltu.oauth2.as.validator.CodeValidator;
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.error.OAuthError;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
-import org.apache.oltu.oauth2.common.message.types.ResponseType;
-import org.apache.oltu.oauth2.common.utils.OAuthUtils;
-import org.apache.oltu.oauth2.common.validators.OAuthValidator;
-
-/**
- * Customization of {@link OAuthAuthzRequest} from Apache Oltu.
- * <ul>
- * <li>Limit extraction of client id from request's parameters since
- * Kustvakt requires user authentication via Basic authentication for
- * authorization code requests. </li>
- *
- * <li>Exclude TokenValidator since it is not supported in
- * Kustvakt.</li>
- *
- * <li>Minimize {{@link #validate()} to include missing response type
- * response in client redirect URI when the client id and redirect URI
- * are valid. </li>
- *
- * </ul>
- *
- * @author margaretha
- *
- */
-public class OAuth2AuthorizationRequest extends OAuthAuthzRequest {
-
- public OAuth2AuthorizationRequest (HttpServletRequest request)
- throws OAuthSystemException, OAuthProblemException {
- super(request);
- }
-
- @Override
- public String getClientId () {
- return getParam(OAuth.OAUTH_CLIENT_ID);
- }
-
- @Override
- protected OAuthValidator<HttpServletRequest> initValidator ()
- throws OAuthProblemException, OAuthSystemException {
- validators.put(ResponseType.CODE.toString(), CodeValidator.class);
- // validators.put(ResponseType.TOKEN.toString(),
- // TokenValidator.class);
- final String requestTypeValue = getParam(OAuth.OAUTH_RESPONSE_TYPE);
- if (requestTypeValue!=null && !requestTypeValue.isEmpty()) {
- if (requestTypeValue.equals(ResponseType.CODE.toString())) {
-
- }
- else if (requestTypeValue.equals(ResponseType.TOKEN.toString())) {
- throw OAuthProblemException.error(
- OAuthError.CodeResponse.UNSUPPORTED_RESPONSE_TYPE)
- .description("response_type token is not supported");
- }
- else {
- throw OAuthUtils.handleOAuthProblemException(
- "Invalid response_type parameter value");
- }
- }
-
- return OAuthUtils.instantiateClass(validators.get("code"));
- }
-
- @Override
- protected void validate ()
- throws OAuthSystemException, OAuthProblemException {
- validator = initValidator();
- validator.validateMethod(request);
- validator.validateContentType(request);
- validator.validateRequiredParameters(request);
- validator.validateClientAuthenticationCredentials(request);
- }
-}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2RevokeAllTokenSuperRequest.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2RevokeAllTokenSuperRequest.java
deleted file mode 100644
index 30ccafb..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2RevokeAllTokenSuperRequest.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package de.ids_mannheim.korap.oauth2.oltu;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.oltu.oauth2.as.request.OAuthRequest;
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
-import org.apache.oltu.oauth2.common.utils.OAuthUtils;
-import org.apache.oltu.oauth2.common.validators.OAuthValidator;
-
-/**
- * A custom request based on {@link OAuthRequest}. It defines a
- * request to revoke all tokens of a client. The request must have
- * been sent from a super client.
- *
- * @author margaretha
- *
- */
-public class OAuth2RevokeAllTokenSuperRequest {
- protected HttpServletRequest request;
- protected OAuthValidator<HttpServletRequest> validator;
- protected Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> validators =
- new HashMap<String, Class<? extends OAuthValidator<HttpServletRequest>>>();
-
- public OAuth2RevokeAllTokenSuperRequest () {
- // TODO Auto-generated constructor stub
- }
-
- public OAuth2RevokeAllTokenSuperRequest (HttpServletRequest request)
- throws OAuthSystemException, OAuthProblemException {
- this.request = request;
- validate();
- }
-
- protected void validate ()
- throws OAuthSystemException, OAuthProblemException {
- validator = initValidator();
- validator.validateMethod(request);
- validator.validateContentType(request);
- validator.validateRequiredParameters(request);
- // for super client authentication
- validator.validateClientAuthenticationCredentials(request);
- }
-
- protected OAuthValidator<HttpServletRequest> initValidator ()
- throws OAuthProblemException, OAuthSystemException {
- return OAuthUtils.instantiateClass(RevokeAllTokenSuperValidator.class);
- }
-
- public String getParam (String name) {
- return request.getParameter(name);
- }
-
- public String getClientId () {
- return request.getParameter(OAuth.OAUTH_CLIENT_ID);
- }
-
- public String getSuperClientId () {
- return request.getParameter(RevokeTokenSuperValidator.SUPER_CLIENT_ID);
- }
-
- public String getSuperClientSecret () {
- return request
- .getParameter(RevokeTokenSuperValidator.SUPER_CLIENT_SECRET);
- }
-}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2RevokeTokenRequest.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2RevokeTokenRequest.java
deleted file mode 100644
index 78bf412..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2RevokeTokenRequest.java
+++ /dev/null
@@ -1,83 +0,0 @@
-package de.ids_mannheim.korap.oauth2.oltu;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.oltu.oauth2.as.request.OAuthRequest;
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
-import org.apache.oltu.oauth2.common.utils.OAuthUtils;
-import org.apache.oltu.oauth2.common.validators.OAuthValidator;
-
-/**
- * A custom request based on {@link OAuthRequest}.
- *
- * This class does not extend {@link OAuthRequest} because it contains some
- * parameters i.e. redirect_uri and scopes that are not parts of
- * revoke token request.
- *
- * @author margaretha
- *
- */
-public class OAuth2RevokeTokenRequest {
-
- protected HttpServletRequest request;
- protected OAuthValidator<HttpServletRequest> validator;
- protected Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> validators =
- new HashMap<String, Class<? extends OAuthValidator<HttpServletRequest>>>();
-
- public OAuth2RevokeTokenRequest () {}
-
- public OAuth2RevokeTokenRequest (HttpServletRequest request)
- throws OAuthSystemException, OAuthProblemException {
- this.request = request;
- validate();
- }
-
- protected void validate ()
- throws OAuthSystemException, OAuthProblemException {
- validator = initValidator();
- validator.validateMethod(request);
- validator.validateContentType(request);
- validator.validateRequiredParameters(request);
-// validator.validateClientAuthenticationCredentials(request);
- }
-
- protected OAuthValidator<HttpServletRequest> initValidator ()
- throws OAuthProblemException, OAuthSystemException {
- return OAuthUtils.instantiateClass(RevokeTokenValidator.class);
- }
-
- public String getParam (String name) {
- return request.getParameter(name);
- }
-
- public String getToken () {
- return getParam("token");
- }
-
- public String getTokenType () {
- return getParam(OAuth.OAUTH_TOKEN_TYPE);
- }
-
- public String getClientId () {
- String[] creds = OAuthUtils.decodeClientAuthenticationHeader(
- request.getHeader(OAuth.HeaderType.AUTHORIZATION));
- if (creds != null) {
- return creds[0];
- }
- return getParam(OAuth.OAUTH_CLIENT_ID);
- }
-
- public String getClientSecret () {
- String[] creds = OAuthUtils.decodeClientAuthenticationHeader(
- request.getHeader(OAuth.HeaderType.AUTHORIZATION));
- if (creds != null) {
- return creds[1];
- }
- return getParam(OAuth.OAUTH_CLIENT_SECRET);
- }
-}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2RevokeTokenSuperRequest.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2RevokeTokenSuperRequest.java
deleted file mode 100644
index f3c506d..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/OAuth2RevokeTokenSuperRequest.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package de.ids_mannheim.korap.oauth2.oltu;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.oltu.oauth2.as.request.OAuthRequest;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
-import org.apache.oltu.oauth2.common.utils.OAuthUtils;
-import org.apache.oltu.oauth2.common.validators.OAuthValidator;
-
-/**
- * A custom request based on {@link OAuthRequest}. It defines token
- * revocation request that should have been sent from a super client.
- *
- * @author margaretha
- *
- */
-public class OAuth2RevokeTokenSuperRequest{
- protected HttpServletRequest request;
- protected OAuthValidator<HttpServletRequest> validator;
- protected Map<String, Class<? extends OAuthValidator<HttpServletRequest>>> validators =
- new HashMap<String, Class<? extends OAuthValidator<HttpServletRequest>>>();
-
- public OAuth2RevokeTokenSuperRequest () {
- // TODO Auto-generated constructor stub
- }
-
- public OAuth2RevokeTokenSuperRequest (HttpServletRequest request)
- throws OAuthSystemException, OAuthProblemException {
- this.request = request;
- validate();
- }
-
- protected void validate ()
- throws OAuthSystemException, OAuthProblemException {
- validator = initValidator();
- validator.validateMethod(request);
- validator.validateContentType(request);
- validator.validateRequiredParameters(request);
- // for super client authentication
- validator.validateClientAuthenticationCredentials(request);
- }
- protected OAuthValidator<HttpServletRequest> initValidator ()
- throws OAuthProblemException, OAuthSystemException {
- return OAuthUtils.instantiateClass(RevokeTokenSuperValidator.class);
- }
-
- public String getParam (String name) {
- return request.getParameter(name);
- }
-
- public String getToken () {
- return getParam("token");
- }
-
- public String getSuperClientId () {
- return request.getParameter(RevokeTokenSuperValidator.SUPER_CLIENT_ID);
- }
-
- public String getSuperClientSecret () {
- return request
- .getParameter(RevokeTokenSuperValidator.SUPER_CLIENT_SECRET);
- }
-}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/RevokeAllTokenSuperValidator.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/RevokeAllTokenSuperValidator.java
deleted file mode 100644
index b8a4782..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/RevokeAllTokenSuperValidator.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package de.ids_mannheim.korap.oauth2.oltu;
-
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.utils.OAuthUtils;
-import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-
-import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
-
-/**
- * Defines required request parameters for
- * OAuth2RevokeAllTokenSuperRequest and validates the request method.
- *
- * @author margaretha
- *
- */
-public class RevokeAllTokenSuperValidator
- extends AbstractValidator<HttpServletRequest> {
-
- public static final String SUPER_CLIENT_ID = "super_client_id";
- public static final String SUPER_CLIENT_SECRET = "super_client_secret";
-
- public RevokeAllTokenSuperValidator () {
- requiredParams.add(OAuth.OAUTH_CLIENT_ID);
- requiredParams.add(SUPER_CLIENT_ID);
- requiredParams.add(SUPER_CLIENT_SECRET);
-
- enforceClientAuthentication = true;
- }
-
- @Override
- public void validateMethod (HttpServletRequest request)
- throws OAuthProblemException {
- String method = request.getMethod();
- if (!OAuth.HttpMethod.POST.equals(method)) {
- throw OAuthProblemException.error(OAuth2Error.INVALID_REQUEST)
- .description("Method not correct.");
- }
- }
-
- @Override
- public void validateClientAuthenticationCredentials (
- HttpServletRequest request) throws OAuthProblemException {
- if (enforceClientAuthentication) {
- Set<String> missingParameters = new HashSet<String>();
-
- if (OAuthUtils.isEmpty(request.getParameter(SUPER_CLIENT_ID))) {
- missingParameters.add(SUPER_CLIENT_ID);
- }
- if (OAuthUtils.isEmpty(request.getParameter(SUPER_CLIENT_SECRET))) {
- missingParameters.add(SUPER_CLIENT_SECRET);
- }
-
- if (!missingParameters.isEmpty()) {
- throw OAuthUtils.handleMissingParameters(missingParameters);
- }
- }
- }
-}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/RevokeTokenSuperValidator.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/RevokeTokenSuperValidator.java
deleted file mode 100644
index c4a205f..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/RevokeTokenSuperValidator.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package de.ids_mannheim.korap.oauth2.oltu;
-
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.utils.OAuthUtils;
-import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-
-import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
-
-/**
- * Defines required parameters for revoking a refresh token via a
- * super client
- *
- * @author margaretha
- *
- */
-public class RevokeTokenSuperValidator
- extends AbstractValidator<HttpServletRequest> {
-
- public static final String SUPER_CLIENT_ID = "super_client_id";
- public static final String SUPER_CLIENT_SECRET = "super_client_secret";
-
- public RevokeTokenSuperValidator () {
- requiredParams.add("token");
- requiredParams.add(SUPER_CLIENT_ID);
- requiredParams.add(SUPER_CLIENT_SECRET);
-
- enforceClientAuthentication = true;
- }
-
- @Override
- public void validateMethod (HttpServletRequest request)
- throws OAuthProblemException {
- String method = request.getMethod();
- if (!OAuth.HttpMethod.POST.equals(method)) {
- throw OAuthProblemException.error(OAuth2Error.INVALID_REQUEST)
- .description("Method not correct.");
- }
- }
-
- @Override
- public void validateClientAuthenticationCredentials (
- HttpServletRequest request) throws OAuthProblemException {
- if (enforceClientAuthentication) {
- Set<String> missingParameters = new HashSet<String>();
-
- if (OAuthUtils.isEmpty(request.getParameter(SUPER_CLIENT_ID))) {
- missingParameters.add(SUPER_CLIENT_ID);
- }
- if (OAuthUtils.isEmpty(request.getParameter(SUPER_CLIENT_SECRET))) {
- missingParameters.add(SUPER_CLIENT_SECRET);
- }
-
- if (!missingParameters.isEmpty()) {
- throw OAuthUtils.handleMissingParameters(missingParameters);
- }
- }
- }
-}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/RevokeTokenValidator.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/RevokeTokenValidator.java
deleted file mode 100644
index 60ff77f..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/RevokeTokenValidator.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package de.ids_mannheim.korap.oauth2.oltu;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-
-import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
-
-/**
- * A custom revoke token validator based on RFC 7009.
- *
- * Additional changes to the RFC:
- * <ul>
- * <li>client_id is made required for public client
- * authentication</li>
- * </ul>
- *
- * @author margaretha
- *
- */
-public class RevokeTokenValidator
- extends AbstractValidator<HttpServletRequest> {
-
- public RevokeTokenValidator () {
- requiredParams.add("token");
- requiredParams.add(OAuth.OAUTH_CLIENT_ID);
- }
-
- @Override
- public void validateMethod (HttpServletRequest request)
- throws OAuthProblemException {
- String method = request.getMethod();
- if (!OAuth.HttpMethod.POST.equals(method)) {
- throw OAuthProblemException.error(OAuth2Error.INVALID_REQUEST)
- .description("Method not correct.");
- }
- }
-
-}