List of usage examples for com.google.api.client.googleapis.auth.oauth2 GoogleIdToken getPayload
@Override
public Payload getPayload()
From source file:com.github.achatain.javawebappauthentication.service.impl.GoogleAuthenticationServiceImpl.java
License:Open Source License
@Override public AuthenticatedUser authenticate(final AuthenticationRequest authenticationRequest) throws AuthenticationException { final String token = authenticationRequest.getToken(); GoogleIdToken idToken; try {/* w w w .j a va 2 s . c om*/ LOG.info(format("Attempting to verify token [%s]", token)); idToken = verifier.verify(token); } catch (GeneralSecurityException | IOException e) { throw new RuntimeException(format("Could not verify the token [%s]", token), e); } if (isNull(idToken)) { throw new AuthenticationException(format("Invalid authentication token [%s]", token)); } final GoogleIdToken.Payload payload = idToken.getPayload(); AuthenticatedUser authenticatedUser = AuthenticatedUser.create() .withId(USER_ID_PREFIX + payload.getSubject()).withEmail(payload.getEmail()) .withName((String) payload.getOrDefault(NAME_KEY, DEFAULT)) .withGivenName((String) payload.getOrDefault(GIVEN_NAME_KEY, DEFAULT)) .withFamilyName((String) payload.getOrDefault(FAMILY_NAME_KEY, DEFAULT)) .withHostedDomain(payload.getHostedDomain()) .withPicture((String) payload.getOrDefault(PICTURE_KEY, DEFAULT)).build(); LOG.info(format("Token successfully verified, matching user is [%s]", authenticatedUser)); return authenticatedUser; }
From source file:com.google.plus.samples.haikuplus.Authenticate.java
License:Open Source License
/** * Retrieves the Google ID of a user out of an ID token. *//* w w w . j a v a 2s . co m*/ private String getGoogleIdFromIdToken(GoogleIdToken idToken) { Payload payload = idToken.getPayload(); return payload.getSubject(); }
From source file:com.google.plus.samples.verifytoken.Checker.java
License:Open Source License
public GoogleIdToken.Payload check(String tokenString) { GoogleIdToken.Payload payload = null; try {//w w w . j a v a 2s . com GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString); if (mVerifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(mAudience)) mProblem = "Audience mismatch"; else if (!mClientIDs.contains(tempPayload.getAuthorizedParty())) mProblem = "Client ID mismatch"; else payload = tempPayload; } } catch (GeneralSecurityException e) { mProblem = "Security issue: " + e.getLocalizedMessage(); } catch (IOException e) { mProblem = "Network problem: " + e.getLocalizedMessage(); } return payload; }
From source file:com.keybox.manage.action.LoginAction.java
License:Apache License
@Action(value = "/loginSubmit", results = { @Result(name = "input", location = "/login.jsp"), @Result(name = "change_password", location = "/admin/userSettings.action", type = "redirect"), @Result(name = "otp", location = "/admin/viewOTP.action", type = "redirect"), @Result(name = "success", location = "/admin/menu.action", type = "redirect") }) public String loginSubmit() { String retVal = SUCCESS;//from ww w .ja v a 2 s . co m if (auth.getOauthToken() != null && !auth.getOauthToken().equals("")) { GoogleIdToken idToken = null; try { idToken = GoogleIdToken.parse(new JacksonFactory(), auth.getOauthToken()); } catch (IOException e) { loginAuditLogger.error("Token Verify Exception: " + e); addActionError(AUTH_ERROR); return (INPUT); } if (idToken != null) { Payload payload = idToken.getPayload(); auth.setUsername(payload.getEmail()); } } String authToken = AuthDB.login(auth); //get client IP String clientIP = null; if (StringUtils.isNotEmpty(AppConfig.getProperty("clientIPHeader"))) { clientIP = servletRequest.getHeader(AppConfig.getProperty("clientIPHeader")); } if (StringUtils.isEmpty(clientIP)) { clientIP = servletRequest.getRemoteAddr(); } if (authToken != null) { User user = AuthDB.getUserByAuthToken(authToken); if (user != null) { String sharedSecret = null; if (otpEnabled) { sharedSecret = AuthDB.getSharedSecret(user.getId()); if (StringUtils.isNotEmpty(sharedSecret) && (auth.getOtpToken() == null || !OTPUtil.verifyToken(sharedSecret, auth.getOtpToken()))) { loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR); addActionError(AUTH_ERROR); return INPUT; } } //check to see if admin has any assigned profiles if (!User.MANAGER.equals(user.getUserType()) && (user.getProfileList() == null || user.getProfileList().size() <= 0)) { loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR_NO_PROFILE); addActionError(AUTH_ERROR_NO_PROFILE); return INPUT; } AuthUtil.setAuthToken(servletRequest.getSession(), authToken); AuthUtil.setUserId(servletRequest.getSession(), user.getId()); AuthUtil.setAuthType(servletRequest.getSession(), user.getAuthType()); AuthUtil.setTimeout(servletRequest.getSession()); //for first time login redirect to set OTP if (otpEnabled && StringUtils.isEmpty(sharedSecret)) { retVal = "otp"; } else if ("changeme".equals(auth.getPassword()) && Auth.AUTH_BASIC.equals(user.getAuthType())) { retVal = "change_password"; } loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - Authentication Success"); } } else { loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR); addActionError(AUTH_ERROR); retVal = INPUT; } return retVal; }
From source file:com.lanastara.gtd.google.GoogleAuthenticator.java
@Override protected boolean authenticate(Request request, Response response) { GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new JacksonFactory()).setAudience( Arrays.asList("926615361246-oggengfh02hmjhjes5ki04pfin8m0hqa.apps.googleusercontent.com")) .build();//from w ww. j a v a 2 s . c o m Series<Cookie> cookies = request.getCookies(); Cookie token_cookie; if ((token_cookie = cookies.getFirst("id_token")) != null) { try { GoogleIdToken idToken = verifier.verify(token_cookie.getValue()); if (idToken != null) { GoogleIdToken.Payload payload = idToken.getPayload(); if (payload.getEmailVerified()) { request.getClientInfo().setUser(new User(payload.getEmail())); return true; } } } catch (GeneralSecurityException | IOException ex) { Logger.getLogger(GoogleAuthenticator.class.getName()).log(Level.SEVERE, null, ex); } } response.setStatus(Status.CLIENT_ERROR_UNAUTHORIZED); return false; }
From source file:com.predic8.membrane.core.interceptor.oauth2.GoogleAuthorizationService.java
License:Apache License
@Override public boolean handleRequest(Exchange exc, String state, String publicURL, Session session) throws Exception { String path = uriFactory.create(exc.getDestinations().get(0)).getPath(); if ("/oauth2callback".equals(path)) { try {//from w ww.j av a2 s .c o m Map<String, String> params = URLParamUtil.getParams(uriFactory, exc); String state2 = params.get("state"); if (state2 == null) throw new RuntimeException("No CSRF token."); Map<String, String> param = URLParamUtil.parseQueryString(state2); if (param == null || !param.containsKey("security_token")) throw new RuntimeException("No CSRF token."); if (!param.get("security_token").equals(state)) throw new RuntimeException("CSRF token mismatch."); String url = param.get("url"); if (url == null) url = "/"; if (log.isDebugEnabled()) log.debug("CSRF token match."); String code = params.get("code"); if (code == null) throw new RuntimeException("No code received."); Exchange e = new Request.Builder().post("https://accounts.google.com/o/oauth2/token") .header(Header.CONTENT_TYPE, "application/x-www-form-urlencoded") .body("code=" + code + "&client_id=" + clientId + ".apps.googleusercontent.com&client_secret=" + clientSecret + "&" + "redirect_uri=" + publicURL + "oauth2callback&grant_type=authorization_code") .buildExchange(); e.setRule(new NullRule() { @Override public SSLContext getSslOutboundContext() { return new SSLContext(new SSLParser(), null, null); } }); LogInterceptor logi = null; if (log.isDebugEnabled()) { logi = new LogInterceptor(); logi.setHeaderOnly(false); logi.handleRequest(e); } Response response = httpClient.call(e).getResponse(); if (response.getStatusCode() != 200) { response.getBody().read(); throw new RuntimeException( "Google Authentication server returned " + response.getStatusCode() + "."); } if (log.isDebugEnabled()) logi.handleResponse(e); HashMap<String, String> json = Util.parseSimpleJSONResponse(response); if (!json.containsKey("id_token")) throw new RuntimeException("No id_token received."); GoogleIdToken idToken = GoogleIdToken.parse(factory, json.get("id_token")); if (idToken == null) throw new RuntimeException("Token cannot be parsed"); if (!verifier.verify(idToken) || !idToken .verifyAudience(Collections.singletonList(clientId + ".apps.googleusercontent.com"))) throw new RuntimeException("Invalid token"); Map<String, String> userAttributes = session.getUserAttributes(); synchronized (userAttributes) { userAttributes.put("headerX-Authenticated-Email", idToken.getPayload().getEmail()); } session.authorize(); exc.setResponse(Response.redirect(url, false).build()); return true; } catch (Exception e) { exc.setResponse(Response.badRequest().body(e.getMessage()).build()); } } return false; }
From source file:com.rse.middleware.GoogleTokenVerifier.java
public Payload verify(String token) { try {/*from w w w .ja v a 2 s. c o m*/ String CLIENT_ID = this.CLIENT_ID; NetHttpTransport transport = new NetHttpTransport(); List mClientIDs = Arrays.asList(CLIENT_ID); JsonFactory jsonFactory = new GsonFactory(); GoogleIdTokenVerifier verifier; String mProblem = "Verification failed. (Time-out?)"; String mAudience = this.CLIENT_ID; verifier = new GoogleIdTokenVerifier(transport, jsonFactory); Payload payload = null; GoogleIdToken idToken = GoogleIdToken.parse(jsonFactory, token); if (verifier.verify(idToken)) { GoogleIdToken.Payload tempPayload = idToken.getPayload(); System.out.println(tempPayload.getAudience()); System.out.println(tempPayload.getIssuee()); System.out.println(tempPayload.getIssuer()); System.out.println(tempPayload.get("email")); if (!tempPayload.getAudience().equals(mAudience)) { mProblem = "Audience mismatch"; } else if (!mClientIDs.contains(tempPayload.getIssuee())) { mProblem = "Client ID mismatch"; } else { payload = tempPayload; } } else { System.out.println("Invalid ID token."); } return payload; } catch (GeneralSecurityException e) { System.out.println("Security issue: " + e.getLocalizedMessage()); } catch (IOException e) { System.out.println("Network problem: " + e.getLocalizedMessage()); } catch (IllegalArgumentException e) { System.out.println("Token Problem: " + e.getLocalizedMessage()); } catch (Exception e) { System.out.println("Exception: " + e.getLocalizedMessage()); } return null; }
From source file:com.tcc.servidor_tcc.api.LoginResource.java
@Path("/token") @POST/*from w ww . ja va2 s .c o m*/ @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Produces(MediaType.APPLICATION_JSON) public Response loginToken(@FormParam("tokenId") String tokenIdString) { System.out.println("Token:" + tokenIdString); GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory) .setAudience(Arrays.asList(CLIENT_ID)).setIssuer("https://accounts.google.com").build(); GoogleIdToken idToken = null; try { idToken = verifier.verify(tokenIdString); } catch (GeneralSecurityException ex) { Logger.getLogger(LoginResource.class.getName()).log(Level.SEVERE, null, ex); } catch (IOException ex) { Logger.getLogger(LoginResource.class.getName()).log(Level.SEVERE, null, ex); } if (idToken != null) { Payload payload = idToken.getPayload(); String userId = payload.getSubject(); System.out.println("User ID: " + userId); String email = payload.getEmail(); boolean emailVerified = payload.getEmailVerified(); String name = (String) payload.get("name"); String pictureUrl = (String) payload.get("picture"); String locale = (String) payload.get("locale"); String familyName = (String) payload.get("family_name"); String givenName = (String) payload.get("given_name"); ReviewerDAO dao = new ReviewerDAOjpa(); Optional<Reviewer> rev = dao.getOne(email); if (rev.isPresent()) { String clientToken = Token.createClientToken(email); return Response.ok().entity(clientToken).build(); } else { Reviewer reviewer = new Reviewer(); reviewer.setEmail(email); reviewer.setName(name); return Response.status(Response.Status.CREATED).entity(reviewer).build(); } } else { System.out.println("Invalid ID token."); return Response.status(Response.Status.UNAUTHORIZED).build(); } }
From source file:com.traveloka.sonarqube.plugin.GoogleIdentityProvider.java
License:Open Source License
@Override public void callback(CallbackContext context) { context.verifyCsrfState();//from w ww.j av a 2 s.c o m HttpServletRequest request = context.getRequest(); String code = null; try { code = request.getParameter("code"); } catch (NullPointerException e) { throw new IllegalStateException("Authorization Code Fail", e); } JsonFactory jsonFactory = new JacksonFactory(); GoogleTokenResponse tokenResponse; try { tokenResponse = new GoogleAuthorizationCodeTokenRequest(new NetHttpTransport(), jsonFactory, settings.clientId(), settings.clientSecret(), code, settings.redirectUri()).execute(); } catch (IOException e) { throw new IllegalStateException("Authorization Token Fail", e); } GoogleIdToken googleIdToken; String idToken = tokenResponse.getIdToken(); try { googleIdToken = GoogleIdToken.parse(jsonFactory, idToken); } catch (IOException e) { throw new IllegalStateException("ID Token Fail", e); } if (!googleIdToken.getPayload().getHostedDomain().equals(settings.hostedDomain()) || !googleIdToken.getPayload().getEmailVerified()) throw new UnauthorizedException("You must be a verified member of traveloka"); String email = googleIdToken.getPayload().getEmail(); String userName = email.substring(0, email.indexOf('@')); UserIdentity userIdentity = UserIdentity.builder().setProviderLogin(userName).setLogin(userName) .setName(userName).setEmail(googleIdToken.getPayload().getEmail()).build(); context.authenticate(userIdentity); context.redirectToRequestedPage(); }
From source file:edu.cmu.cs.lti.discoursedb.api.browsing.controller.BrowsingRestController.java
License:Open Source License
@Deprecated @CrossOrigin(origins = "*", maxAge = 3600) @RequestMapping(value = "/tokensigningoogle_deprecated", method = RequestMethod.POST, headers = "content-type=application/x-www-form-urlencoded") public String processRegistration(@RequestParam("idtoken") String idTokenString) //, ModelMap model) throws GeneralSecurityException, IOException { logger.info("Doing tokensigningoogle"); GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new GsonFactory()).setAudience(Arrays.asList(environment.getRequiredProperty("google.client_id"))) .setIssuer("accounts.google.com").build(); GoogleIdToken idToken = verifier.verify(idTokenString); if (idToken != null) { Payload payload = idToken.getPayload(); // Print user identifier String userId = payload.getSubject(); // Get profile information from payload String email = payload.getEmail(); logger.info("Logged in " + userId + " " + email); boolean emailVerified = Boolean.valueOf(payload.getEmailVerified()); //List<User> users = DbFunction.listHqlNew("FROM User WHERE email = :email", "email", email); if (!emailVerified) { //|| users.isEmpty()) { return "/error.html"; } else {/*from ww w . ja v a 2s .c o m*/ //List<String> roles = DbFunction.listSQLNew( // "SELECT role.name FROM user_role_association JOIN role ON role.id = role_id JOIN user on user.id = user_id WHERE user.email = :email", // "email", email); List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); //for (String role : roles) { // authorities.add(new SimpleGrantedAuthority(role)); //} authorities.add(new SimpleGrantedAuthority("USER_AUTH0RITY")); UserDetails userDetails = new org.springframework.security.core.userdetails.User(userId, "xxy", true, true, true, true, authorities); Authentication authentication = new UsernamePasswordAuthenticationToken(userId, null, userDetails.getAuthorities()); //UserDetails userDetails = new org.springframework.security.core.userdetails.User(users.get(0).getName(), // "xx", users.get(0).isEnabled(), true, true, true, authorities); //Authentication authentication = new UsernamePasswordAuthenticationToken(users.get(0).getName(), null, // userDetails.getAuthorities()); SecurityContextHolder.clearContext(); SecurityContextHolder.getContext().setAuthentication(authentication); httpSession.setAttribute("sch", userDetails); logger.info("first check " + httpSession.getAttribute("sch")); return "/browsing/databases"; } } else { System.out.println("Invalid ID token."); } return "/error.html"; }