Java tutorial
/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; abstract class OAuth20BaseRequest extends RequestImpl { private static final long serialVersionUID = 1L; protected Set<String> allowedParameters = new HashSet<String>(); protected OAuth20BaseRequest() { } protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { String param = request.getParameter(name); Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); if (isNeeded && StringUtils.isEmpty(param)) { throw new OAuth20WrongParameterException(name); } this.allowedParameters.add(name); return param; } protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception { // moa id - load oa with client id! try { String oaURL = StringEscapeUtils .escapeHtml(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); if (!ParamValidatorUtils.isValidOA(oaURL)) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } this.setOAURL(oaURL); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } this.setTarget(oaParam.getTarget()); OAOAUTH20 config = oaParam.getoAuth20Config(); if (config == null) { throw new OAuth20InvalidRequestException(); } if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId()) || StringUtils.isEmpty(config.getOAuthRedirectUri())) { throw new OAuth20OANotSupportedException(); } } catch (ConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } // oAuth this.populateSpecialParameters(request); // cleanup parameters this.checkAllowedParameters(request); } private void checkAllowedParameters(final HttpServletRequest request) { Logger.debug("Going to check for allowed parameters"); this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION); this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD); @SuppressWarnings("rawtypes") Iterator iter = request.getParameterMap().keySet().iterator(); while (iter.hasNext()) { String name = (String) iter.next(); if (!this.allowedParameters.contains(name)) { Logger.debug("Found wrong parameter: " + name); throw new OAuth20WrongParameterException(name); } } } protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception; public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request) throws OAuth20Exception { OAuth20BaseRequest res; if (action.equals(OAuth20Protocol.AUTH_ACTION)) { res = new OAuth20AuthRequest(); } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) { res = new OAuth20TokenRequest(); } else { throw new OAuth20InvalidRequestException(); } res.setAction(action); res.setModule(OAuth20Protocol.NAME); res.populateParameters(request); return res; } }