at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20BaseRequest.java Source code

Java tutorial

Introduction

Here is the source code for at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20BaseRequest.java

Source

/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.protocol;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;

import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;

abstract class OAuth20BaseRequest extends RequestImpl {

    private static final long serialVersionUID = 1L;

    protected Set<String> allowedParameters = new HashSet<String>();

    protected OAuth20BaseRequest() {

    }

    protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded)
            throws OAuth20Exception {
        String param = request.getParameter(name);
        Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);

        if (isNeeded && StringUtils.isEmpty(param)) {
            throw new OAuth20WrongParameterException(name);
        }

        this.allowedParameters.add(name);

        return param;
    }

    protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception {

        // moa id - load oa with client id!
        try {
            String oaURL = StringEscapeUtils
                    .escapeHtml(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
            if (!ParamValidatorUtils.isValidOA(oaURL)) {
                throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
            }
            this.setOAURL(oaURL);
            OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);

            if (oaParam == null) {
                throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
            }
            this.setTarget(oaParam.getTarget());

            OAOAUTH20 config = oaParam.getoAuth20Config();
            if (config == null) {
                throw new OAuth20InvalidRequestException();
            }
            if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId())
                    || StringUtils.isEmpty(config.getOAuthRedirectUri())) {
                throw new OAuth20OANotSupportedException();
            }
        } catch (ConfigurationException e) {
            throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
        }

        // oAuth
        this.populateSpecialParameters(request);

        // cleanup parameters
        this.checkAllowedParameters(request);
    }

    private void checkAllowedParameters(final HttpServletRequest request) {
        Logger.debug("Going to check for allowed parameters");
        this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION);
        this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD);

        @SuppressWarnings("rawtypes")
        Iterator iter = request.getParameterMap().keySet().iterator();
        while (iter.hasNext()) {
            String name = (String) iter.next();
            if (!this.allowedParameters.contains(name)) {

                Logger.debug("Found wrong parameter: " + name);
                throw new OAuth20WrongParameterException(name);
            }
        }

    }

    protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;

    public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request)
            throws OAuth20Exception {
        OAuth20BaseRequest res;

        if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
            res = new OAuth20AuthRequest();
        } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) {
            res = new OAuth20TokenRequest();
        } else {
            throw new OAuth20InvalidRequestException();
        }

        res.setAction(action);
        res.setModule(OAuth20Protocol.NAME);

        res.populateParameters(request);
        return res;
    }
}