Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kustvakt / a048627928d542cb743362273991a1bbb2945c5a / . / full / src / main / java / de / ids_mannheim / korap / service / OAuth2Service.java
blob: b69b2483dd9ecd9b2501851d9f4dad2469c5acf8 [file] [log] [blame]
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]1package de.ids_mannheim.korap.service;
2
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]3import javax.servlet.http.HttpServletRequest;
4import javax.servlet.http.HttpServletResponse;
5
6import org.apache.oltu.oauth2.as.issuer.MD5Generator;
7import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
8import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
9import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
10import org.apache.oltu.oauth2.as.response.OAuthASResponse;
11import org.apache.oltu.oauth2.common.error.OAuthError;
12import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
13import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
14import org.apache.oltu.oauth2.common.message.OAuthResponse;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]15import org.apache.oltu.oauth2.common.message.types.GrantType;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]16import org.apache.oltu.oauth2.common.message.types.TokenType;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]17import org.springframework.beans.factory.annotation.Autowired;
18import org.springframework.stereotype.Service;
19
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]20import de.ids_mannheim.korap.config.FullConfiguration;
21import de.ids_mannheim.korap.constant.OAuth2ClientType;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]22import de.ids_mannheim.korap.entity.OAuth2Client;
23import de.ids_mannheim.korap.exceptions.KustvaktException;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]24
25@Service
26public class OAuth2Service {
27
28 @Autowired
29 private OAuth2ClientService clientService;
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]30 @Autowired
31 private FullConfiguration config;
32
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]33
34 /**
35 * RFC 6749:
36 *
37 * If the client type is confidential or the client was issued client
38 * credentials, the client MUST authenticate with the authorization server.
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]39 * @param request
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]40 *
41 * @param authorization
42 * @param grantType
43 * @param scope
44 * @param password
45 * @param username
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]46 * @param clientId required for authorization_code grant, otherwise optional
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]47 * @param redirectURI
48 * @param authorizationCode
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]49 * @return
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]50 * @throws KustvaktException
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]51 * @throws OAuthProblemException
52 * @throws OAuthSystemException
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]53 */
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]54 public OAuthResponse requestAccessToken (HttpServletRequest request,
55 String authorization, GrantType grantType, String authorizationCode,
56 String redirectURI, String clientId, String username,
57 String password, String scope)
58 throws KustvaktException, OAuthProblemException {
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]59
60 if (grantType.equals(GrantType.AUTHORIZATION_CODE)) {
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]61 return requestAccessTokenWithAuthorizationCode(authorization,
62 authorizationCode, redirectURI, clientId);
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]63 }
64 else if (grantType.equals(GrantType.PASSWORD)) {
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]65 return requestAccessTokenWithPassword(authorization, username,
66 password, scope);
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]67 }
68 else if (grantType.equals(GrantType.CLIENT_CREDENTIALS)) {
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]69 return requestAccessTokenWithClientCredentials(authorization,
70 scope);
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]71 }
72 else {
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]73 throw OAuthProblemException
74 .error(OAuthError.TokenResponse.UNSUPPORTED_GRANT_TYPE)
75 .description(grantType.name() + "is not supported.")
76 .responseStatus(HttpServletResponse.SC_BAD_REQUEST);
77
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]78 }
79
80 }
margarethaa0486272018-04-12 19:59:31 +0200[diff] [blame^]81
82 /** Confidential clients must authenticate
83 *
84 * @param authorization
85 * @param authorizationCode
86 * @param redirectURI
87 * @param clientId required if there is no authorization header
88 * @return
89 * @throws OAuthSystemException
90 * @throws KustvaktException
91 * @throws OAuthProblemException
92 */
93 private OAuthResponse requestAccessTokenWithAuthorizationCode (
94 String authorization, String authorizationCode, String redirectURI,
95 String clientId) throws KustvaktException, OAuthProblemException {
96 OAuth2Client client;
97 if (authorization == null || authorization.isEmpty()) {
98 client = clientService.authenticateClientById(clientId);
99 if (client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
100 throw OAuthProblemException
101 .error(OAuthError.TokenResponse.INVALID_CLIENT)
102 .description("Client authentication using "
103 + "authorization header is required.")
104 .responseStatus(HttpServletResponse.SC_UNAUTHORIZED);
105 }
106 }
107 else {
108 client = clientService.authenticateClientByBasicAuthorization(
109 authorization, clientId);
110 }
111
112 // TODO
113 return null;
114 }
115
116 /** Confidential clients must authenticate
117 *
118 * @param authorization
119 * @param username
120 * @param password
121 * @param scope
122 * @return
123 */
124 private OAuthResponse requestAccessTokenWithPassword (String authorization,
125 String username, String password, String scope) {
126
127
128
129 return null;
130 }
131
132 /** Clients must authenticate
133 *
134 * @param authorization
135 * @param scope
136 * @return
137 * @throws OAuthProblemException
138 * @throws KustvaktException
139 */
140 private OAuthResponse requestAccessTokenWithClientCredentials (
141 String authorization, String scope)
142 throws OAuthProblemException, KustvaktException {
143
144 if (authorization == null || authorization.isEmpty()) {
145 throw OAuthProblemException
146 .error(OAuthError.TokenResponse.INVALID_CLIENT)
147 .description("Client authentication using "
148 + "authorization header is required.")
149 .responseStatus(HttpServletResponse.SC_UNAUTHORIZED);
150 }
151 else {
152 OAuth2Client client =
153 clientService.authenticateClientByBasicAuthorization(
154 authorization, null);
155 //TODO
156 }
157 return null;
158 }
159
160
161 /**
162 * @param request
163 * @return
164 * @throws OAuthSystemException
165 *
166 */
167 private OAuthResponse createsAccessTokenResponse (
168 HttpServletRequest request) throws OAuthSystemException {
169 OAuthTokenRequest oauthRequest = null;
170 OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
171 OAuthResponse r = null;
172 try {
173 oauthRequest = new OAuthTokenRequest(request);
174 String authorizationCode = oauthRequest.getCode();
175
176 String accessToken = oauthIssuerImpl.accessToken();
177 String refreshToken = oauthIssuerImpl.refreshToken();
178
179 r = OAuthASResponse.tokenResponse(HttpServletResponse.SC_OK)
180 .setAccessToken(accessToken)
181 .setTokenType(TokenType.BEARER.name())
182 .setExpiresIn(String.valueOf(config.getLongTokenTTL()))
183 .setRefreshToken(refreshToken).buildJSONMessage();
184 // scope
185
186 }
187 catch (OAuthProblemException e) {
188 r = OAuthResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
189 .error(e).buildJSONMessage();
190 }
191
192 return r;
193 }
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]194}