Updated and moved updateClientPrivilege API to OAuth2AdminController
Change-Id: I43dbf4dd2fd867cbdc91544d87333ab484bb48f7
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AdminService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AdminService.java
index d5861d6..60edf29 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AdminService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AdminService.java
@@ -4,20 +4,47 @@
import org.springframework.stereotype.Service;
import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.oauth2.constant.OAuth2ClientType;
import de.ids_mannheim.korap.oauth2.dao.AccessTokenDao;
+import de.ids_mannheim.korap.oauth2.dao.OAuth2ClientDao;
import de.ids_mannheim.korap.oauth2.dao.RefreshTokenDao;
+import de.ids_mannheim.korap.oauth2.entity.OAuth2Client;
@Service
public class OAuth2AdminService {
@Autowired
+ private OAuth2ClientService clientService;
+
+ @Autowired
private AccessTokenDao tokenDao;
@Autowired
private RefreshTokenDao refreshDao;
+ @Autowired
+ private OAuth2ClientDao clientDao;
public void cleanTokens () {
tokenDao.deleteInvalidAccessTokens();
refreshDao.deleteInvalidRefreshTokens();
tokenDao.clearCache();
}
+
+ public void updatePrivilege (String clientId, boolean isSuper)
+ throws KustvaktException {
+
+ OAuth2Client client = clientDao.retrieveClientById(clientId);
+ if (isSuper) {
+ if (!client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
+ throw new KustvaktException(StatusCodes.NOT_ALLOWED,
+ "Only confidential clients are allowed to be super clients.");
+ }
+ }
+ else {
+ clientService.revokeAllAuthorizationsByClientId(clientId);
+ }
+
+ client.setSuper(isSuper);
+ clientDao.updateClient(client);
+ }
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
index 51f8022..505140c 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
@@ -210,7 +210,7 @@
}
}
- private void revokeAllAuthorizationsByClientId (String clientId)
+ public void revokeAllAuthorizationsByClientId (String clientId)
throws KustvaktException {
// revoke all related authorization codes
@@ -314,30 +314,6 @@
return clientDao.retrieveClientById(clientId);
}
- public void updatePrivilege (String username, String clientId,
- boolean isSuper) throws KustvaktException {
-
- if (adminDao.isAdmin(username)) {
- OAuth2Client client = clientDao.retrieveClientById(clientId);
- if (isSuper) {
- if (!client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
- throw new KustvaktException(StatusCodes.NOT_ALLOWED,
- "Only confidential clients are allowed to be super clients.");
- }
- }
- else {
- revokeAllAuthorizationsByClientId(clientId);
- }
-
- client.setSuper(isSuper);
- clientDao.updateClient(client);
- }
- else {
- throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
- "Unauthorized operation for user: " + username, username);
- }
- }
-
public OAuth2ClientInfoDto retrieveClientInfo (String username,
String clientId) throws KustvaktException {
OAuth2Client client = clientDao.retrieveClientById(clientId);
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java
index 1d1ce6a..7249312 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java
@@ -1,7 +1,11 @@
package de.ids_mannheim.korap.web.controller;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
@@ -48,4 +52,41 @@
}
return Response.ok().build();
}
+
+ /**
+ * Facilitates editing client privileges for admin purposes, e.g.
+ * setting a specific client to be a super client.
+ * Only confidential clients are allowed to be super clients.
+ *
+ * When upgrading clients to super clients, existing access tokens
+ * and authorization codes retain their scopes.
+ *
+ * When degrading super clients, all existing tokens and
+ * authorization codes are invalidated.
+ *
+ * @param securityContext
+ * @param clientId
+ * OAuth2 client id
+ * @param super
+ * true indicating super client, false otherwise
+ * @return Response status OK, if successful
+ */
+ @POST
+ @Path("client/privilege")
+ @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ public Response updateClientPrivilege (
+ @Context SecurityContext securityContext,
+ @FormParam("client_id") String clientId,
+ @FormParam("super") String isSuper) {
+ TokenContext context =
+ (TokenContext) securityContext.getUserPrincipal();
+ try {
+ scopeService.verifyScope(context, OAuth2Scope.ADMIN);
+ adminService.updatePrivilege(clientId, Boolean.valueOf(isSuper));
+ return Response.ok("SUCCESS").build();
+ }
+ catch (KustvaktException e) {
+ throw responseHandler.throwit(e);
+ }
+ }
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
index 16f8bbb..05208f3 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
@@ -164,43 +164,6 @@
}
}
- /**
- * Facilitates editing client privileges for admin purposes, e.g.
- * setting a specific client to be a super client.
- * Only confidential clients are allowed to be super clients.
- *
- * When upgrading clients to super clients, existing access tokens
- * and authorization codes retain their scopes.
- *
- * When degrading super clients, all existing tokens and
- * authorization codes are invalidated.
- *
- * @param securityContext
- * @param clientId
- * OAuth2 client id
- * @param super
- * true indicating super client, false otherwise
- * @return Response status OK, if successful
- */
- @POST
- @Path("privilege")
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- public Response updateClientPrivilege (
- @Context SecurityContext securityContext,
- @FormParam("client_id") String clientId,
- @FormParam("super") String isSuper) {
- TokenContext context =
- (TokenContext) securityContext.getUserPrincipal();
- try {
- scopeService.verifyScope(context, OAuth2Scope.ADMIN);
- clientService.updatePrivilege(context.getUsername(), clientId,
- Boolean.valueOf(isSuper));
- return Response.ok("SUCCESS").build();
- }
- catch (KustvaktException e) {
- throw responseHandler.throwit(e);
- }
- }
@GET
@Path("{client_id}")