aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java112
1 files changed, 112 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
new file mode 100644
index 000000000..68f508103
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -0,0 +1,112 @@
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+
+class OAuth20AuthAction implements IAction {
+
+ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ AuthenticationSession moasession) throws MOAIDException {
+
+ OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
+
+ // OAAuthParameter oaParam =
+ // AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
+ // AuthenticationData authData =
+ // AuthenticationServer.buildAuthenticationData(moasession, oaParam,
+ // oAuthRequest.getTarget());
+
+ String responseType = oAuthRequest.getResponseType();
+ AuthenticationSession session = null;
+
+ try {
+ session = AuthenticationSessionStoreage.createSession();
+
+ String code = session.getSessionID();// AuthenticationSessionStoreage.changeSessionID(moasession);
+ Logger.debug("Stored session with id: " + code);
+ OAuth20SessionObject o = new OAuth20SessionObject();
+ if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
+ o.setScope(oAuthRequest.getScope());
+ o.setCode(code);
+ o.setAuthDataSession(moasession);
+
+ } else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
+ throw new OAuth20ResponseTypeException();
+ }
+
+ // store data in oath session
+ session.setoAuth20SessionObject(o);
+ AuthenticationSessionStoreage.storeSession(session);
+ Logger.debug("Saved OAuth20SessionObject in session with id: " + session.getSessionID());
+
+ // add code and state to redirect url
+ httpResp.setStatus(HttpServletResponse.SC_FOUND);
+ String redirectURI = oAuthRequest.getRedirectUri();
+ String state = oAuthRequest.getState();
+
+ redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.RESPONSE_CODE, code);
+ redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, state);
+
+ String finalUrl = redirectURI;
+ httpResp.addHeader("Location", finalUrl);
+ Logger.debug("REDIRECT TO: " + finalUrl.toString());
+ }
+ catch (Exception e) {
+ try {
+ if (session != null) {
+ Logger.debug("Going to destroy session: " + session.getSessionID());
+ AuthenticationSessionStoreage.destroySession(session.getSessionID());
+ }
+ }
+ catch (MOADatabaseException e1) {
+ }
+ if (e instanceof OAuth20Exception) {
+ throw (OAuth20Exception) e;
+ }
+ throw new OAuth20ServerErrorException();
+ }
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls
+ * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return true;
+ }
+
+ private String addURLParameter(String url, String name, String value) {
+ String param = name + "=" + value;
+ if (url.indexOf("?") < 0) {
+ return url + "?" + param;
+ } else {
+ return url + "&" + param;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ public String getDefaultActionName() {
+ return OAuth20Protocol.AUTH_ACTION;
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-07 20:02:29 +0000