aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/requests/OAuth20BaseRequest.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/requests/OAuth20BaseRequest.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/requests/OAuth20BaseRequest.java118
1 files changed, 118 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/requests/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/requests/OAuth20BaseRequest.java
new file mode 100644
index 000000000..05362c977
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/requests/OAuth20BaseRequest.java
@@ -0,0 +1,118 @@
+package at.gv.egovernment.moa.id.protocols.oauth20.requests;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Protocol;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public abstract class OAuth20BaseRequest extends RequestImpl {
+
+ private static final long serialVersionUID = 1L;
+
+ protected Set<String> allowedParameters = new HashSet<String>();
+
+ protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
+ String param = request.getParameter(name);
+ Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
+
+ if (isNeeded && StringUtils.isEmpty(param)) {
+ throw new OAuth20WrongParameterException(name);
+ }
+
+ this.allowedParameters.add(name);
+
+ return param;
+ }
+
+ protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception {
+
+ // moa id - load oa with client id!
+ try {
+ String oaURL = StringEscapeUtils.escapeHtml(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
+ if (!ParamValidatorUtils.isValidOA(oaURL)) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+ this.setOAURL(oaURL);
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+ this.setTarget(oaParam.getTarget());
+
+ OAOAUTH20 config = oaParam.getoAuth20Config();
+ if (config == null) {
+ throw new OAuth20InvalidRequestException();
+ }
+ if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId())
+ || StringUtils.isEmpty(config.getOAuthRedirectUri())) {
+ throw new OAuth20ServerErrorException();
+ }
+ }
+ catch (ConfigurationException e) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+
+ // oAuth
+ this.populateSpecialParameters(request);
+
+ // cleanup parameters
+ this.checkAllowedParameters(request);
+ }
+
+ private void checkAllowedParameters(final HttpServletRequest request) {
+ Logger.debug("Going to check for allowed parameters");
+ this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION);
+ this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD);
+
+ @SuppressWarnings("rawtypes")
+ Iterator iter = request.getParameterMap().keySet().iterator();
+ while (iter.hasNext()) {
+ String name = (String) iter.next();
+ if (!this.allowedParameters.contains(name)) {
+
+ Logger.debug("Found wrong parameter: " + name);
+ throw new OAuth20WrongParameterException(name);
+ }
+ }
+
+ }
+
+ protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;
+
+ public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request) throws OAuth20Exception {
+ OAuth20BaseRequest res;
+
+ if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
+ res = new OAuth20AuthRequest();
+ } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) {
+ res = new OAuth20TokenRequest();
+ } else {
+ throw new OAuth20InvalidRequestException();
+ }
+
+ res.setAction(action);
+ res.setModule(OAuth20Protocol.NAME);
+
+ res.populateParameters(request);
+ return res;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 05:16:11 +0000