aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-09-11 18:23:33 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-09-11 18:23:33 +0200
commit3536b99c17250772f253ea5925da72a29e327c58 (patch)
tree672cd61bd324e845e322c518223a14e0b1d82fbd /id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
parentaa1dda4e14e7aebd3ec0df5e50493d273a65d999 (diff)
downloadmoa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.tar.gz
moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.tar.bz2
moa-id-spss-3536b99c17250772f253ea5925da72a29e327c58.zip
move authentication protocol implementation to separate modules.
authentication protocol modules are loaded by SPI now.
Diffstat (limited to 'id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java')
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java215
1 files changed, 215 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
new file mode 100644
index 000000000..56d86df72
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -0,0 +1,215 @@
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import java.net.URLEncoder;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+import com.google.gson.JsonObject;
+
+import java.util.Arrays;
+
+public class OAuth20Protocol implements IModulInfo {
+
+ public static final String NAME = OAuth20Protocol.class.getName();
+ public static final String PATH = "id_oauth20";
+
+ public static final String AUTH_ACTION = "AUTH";
+ public static final String TOKEN_ACTION = "TOKEN";
+
+ public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+ new String[] {
+ PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ PVPConstants.BPK_NAME
+ });
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+ actions.put(AUTH_ACTION, new OAuth20AuthAction());
+ actions.put(TOKEN_ACTION, new OAuth20TokenAction());
+ }
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse, java.lang.String)
+ */
+ public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action,
+ String sessionId, String transactionId) throws MOAIDException {
+ // validation is done inside creation
+ OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request, sessionId, transactionId);
+ Logger.debug("Created: " + res);
+ return res;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IModulInfo#canHandleRequest(javax.servlet.http.HttpServletRequest
+ * , javax.servlet.http.HttpServletResponse)
+ */
+ public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
+ if (!StringUtils.isEmpty(request.getParameter("action"))) {
+ if (request.getParameter("action").equals(AUTH_ACTION)) {
+ return getAction(AUTH_ACTION);
+ } else if (request.getParameter("action").equals(TOKEN_ACTION)) {
+ return getAction(TOKEN_ACTION);
+ }
+ }
+
+ return null;// getAction(AUTH_ACTION);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable,
+ * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+ * at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest)
+ throws Throwable {
+
+ // get error code and description
+ String errorCode;
+ String errorDescription;
+ String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()
+ +"/" + OAuth20Constants.ERRORPAGE;
+ String moaError = null;
+
+ ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
+
+ if (e instanceof OAuth20Exception) {
+ errorCode = ((OAuth20Exception) e).getErrorCode();
+ errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
+ moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
+
+ } else {
+ errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
+ errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
+ moaError = errorUtils.getResponseErrorCode(e);
+ }
+
+ String paramRedirect = null;
+ String state = null;
+ boolean isAuthRequest = false;
+ if (protocolRequest != null) {
+ if (protocolRequest instanceof OAuth20AuthRequest) {
+ isAuthRequest = true;
+
+ paramRedirect = ((OAuth20AuthRequest) protocolRequest).getRedirectUri();
+ state = ((OAuth20AuthRequest) protocolRequest).getState();
+ } else {
+ isAuthRequest = false;
+ }
+ } else {
+ String action = request.getParameter("action");
+ if (MiscUtil.isNotEmpty(action)) {
+ if (action.equals(AUTH_ACTION)) {
+
+ paramRedirect = request.getParameter(OAuth20Constants.PARAM_REDIRECT_URI);
+ state = request.getParameter(OAuth20Constants.PARAM_STATE);
+ isAuthRequest = true;
+ }
+ } else {
+ throw new MOAIDException("oauth20.01", new Object[] {});
+ }
+ }
+
+ // if (action.equals(AUTH_ACTION)) {
+ if (isAuthRequest) {
+ Logger.debug("Going to throw O OAuth20Exception for auth request");
+
+ StringBuilder url = new StringBuilder();
+
+ // check if given redirect url is ok
+ if (StringUtils.isNotEmpty(paramRedirect) && OAuth20Util.isUrl(paramRedirect)) {
+ url.append(paramRedirect);
+
+ // otherwise throw an
+ } else {
+ throw new MOAIDException("oauth20.01", new Object[] {});
+ }
+
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
+ if (MiscUtil.isNotEmpty(moaError))
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
+
+ response.setContentType("text/html");
+ response.setStatus(HttpServletResponse.SC_FOUND);
+ response.addHeader("Location", url.toString());
+ Logger.debug("REDIRECT TO: " + url.toString());
+ return true;
+
+ } else {
+ Logger.debug("Going to throw O OAuth20Exception for token request");
+
+ Map<String, Object> params = new HashMap<String, Object>();
+ params.put(OAuth20Constants.PARAM_ERROR, errorCode);
+ params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription);
+ params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError);
+
+ // create response
+ JsonObject jsonObject = new JsonObject();
+ OAuth20Util.addProperytiesToJsonObject(jsonObject, params);
+ String jsonResponse = jsonObject.toString();
+ Logger.debug("JSON Response: " + jsonResponse);
+
+ // write respone to http response
+ response.setContentType("application/json");
+ response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ response.getOutputStream().print(jsonResponse);
+ response.getOutputStream().close();
+
+ return true;
+ }
+
+ // return false;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+ // we validate in the preProcess
+ return true;
+ }
+
+}