move authentication protocol implementation to separate modules.

authentication protocol modules are loaded by SPI now.

1 files changed, 124 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
new file mode 100644
index 000000000..2238a25e1
--- /dev/null
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -0,0 +1,124 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.google.gson.JsonObject;
+
+class OAuth20TokenAction implements IAction {
+	
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+			IAuthData authData) throws MOAIDException {
+		
+		
+		OAuth20SessionObject auth20SessionObject = null;
+		try {
+			OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
+		
+			MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST);
+			
+			try {
+				Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());
+				
+				auth20SessionObject = 
+						AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class);
+			
+			} catch (MOADatabaseException e) {
+				throw new OAuth20UnauthorizedClientException();
+				
+			}
+
+			// do checking for different grant types and code
+			if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) {
+				throw new OAuth20UnauthorizedClientException();
+			} else {
+				Logger.debug("Loaded of OAuth20SessionObject was successful");
+			}
+			
+			// create response
+			JsonObject jsonObject = new JsonObject();
+			OAuth20Util.addProperytiesToJsonObject(jsonObject, auth20SessionObject.getAuthDataSession());
+			String jsonResponse = jsonObject.toString();
+			Logger.debug("JSON Response: " + jsonResponse);
+			
+			// write respone to http response
+			httpResp.setContentType("application/json");
+			httpResp.setStatus(HttpServletResponse.SC_OK);
+			httpResp.getOutputStream().print(jsonResponse);
+			httpResp.getOutputStream().close();
+			
+			return null;
+		}
+		catch (Exception e) {
+			Logger.error(e.getMessage(), e);
+			throw new OAuth20ServerErrorException();
+		}
+		
+		finally {
+			if (auth20SessionObject != null) {
+				// destroy session for clean up
+
+				Logger.debug("Going to destroy session: " + auth20SessionObject.getCode());
+				AssertionStorage.getInstance().remove(auth20SessionObject.getCode());
+
+			}
+		}
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see
+	 * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls
+	 * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+		return false;
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+	 */
+	public String getDefaultActionName() {
+		return OAuth20Protocol.TOKEN_ACTION;
+	}
+		
+}