move authentication protocol implementation to separate modules.

authentication protocol modules are loaded by SPI now.
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2015-09-11 18:23:33 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2015-09-11 18:23:33 +0200
commit: 3536b99c17250772f253ea5925da72a29e327c58 (patch)
tree: 672cd61bd324e845e322c518223a14e0b1d82fbd /id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
parent: aa1dda4e14e7aebd3ec0df5e50493d273a65d999 (diff)
download: moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.tar.gz
moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.tar.bz2
moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.zip
1 files changed, 144 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
new file mode 100644
index 000000000..bd3fdb3e8
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -0,0 +1,144 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+abstract class OAuth20BaseRequest extends RequestImpl {
+	
+	private static final long serialVersionUID = 1L;
+	
+	protected Set<String> allowedParameters = new HashSet<String>();
+	
+	protected OAuth20BaseRequest() {
+		
+	}
+	
+	protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
+		String param = request.getParameter(name);
+		Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
+		
+		if (isNeeded && StringUtils.isEmpty(param)) {
+			throw new OAuth20WrongParameterException(name);
+		}
+		
+		this.allowedParameters.add(name);
+		
+		return param;
+	}
+	
+	protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception {
+		
+		// moa id - load oa with client id!
+		try {
+			String oaURL = StringEscapeUtils.escapeHtml(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
+			if (!ParamValidatorUtils.isValidOA(oaURL)) {
+				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+			}
+			this.setOAURL(oaURL);
+			OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
+			
+			if (oaParam == null) {
+				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+			}
+			this.setTarget(oaParam.getTarget());
+			
+			if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
+					|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+					|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+				throw new OAuth20OANotSupportedException();
+			}
+		}
+		catch (ConfigurationException e) {
+			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+		}
+		
+		// oAuth
+		this.populateSpecialParameters(request);
+		
+		// cleanup parameters
+		this.checkAllowedParameters(request);
+	}
+	
+	private void checkAllowedParameters(final HttpServletRequest request) {
+		Logger.debug("Going to check for allowed parameters");
+		this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION);
+		this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD);
+		
+		@SuppressWarnings("rawtypes")
+		Iterator iter = request.getParameterMap().keySet().iterator();
+		while (iter.hasNext()) {
+			String name = (String) iter.next();
+			if (!this.allowedParameters.contains(name)) {
+				
+				Logger.debug("Found wrong parameter: " + name);
+				throw new OAuth20WrongParameterException(name);
+			}
+		}
+		
+	}
+	
+	protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;
+	
+	public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception {
+		OAuth20BaseRequest res;
+		
+		if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
+			res = new OAuth20AuthRequest();
+			
+		} else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) {
+			res = new OAuth20TokenRequest();
+			
+		} else {
+			throw new OAuth20InvalidRequestException();
+		}
+		
+		res.setAction(action);
+		res.setModule(OAuth20Protocol.NAME);
+		
+		res.populateParameters(request);
+		return res;
+	}
+}
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2015-09-11 18:23:33 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2015-09-11 18:23:33 +0200
commit	3536b99c17250772f253ea5925da72a29e327c58 (patch)
tree	672cd61bd324e845e322c518223a14e0b1d82fbd /id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
parent	aa1dda4e14e7aebd3ec0df5e50493d273a65d999 (diff)
download	moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.tar.gz moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.tar.bz2 moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.zip