io.github.howiefh.jeews.modules.oauth2.controller.AuthorizeController.java Source code

Java tutorial

Introduction

Here is the source code for io.github.howiefh.jeews.modules.oauth2.controller.AuthorizeController.java

Source

/**
 * Copyright (c) 2015 https://github.com/howiefh
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 */
package io.github.howiefh.jeews.modules.oauth2.controller;

import java.net.URI;
import java.net.URISyntaxException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import io.github.howiefh.jeews.modules.oauth2.Constants;
import io.github.howiefh.jeews.modules.oauth2.service.ClientService;
import io.github.howiefh.jeews.modules.oauth2.service.OAuthService;

import org.apache.oltu.oauth2.as.issuer.MD5Generator;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.error.OAuthError;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.ResponseType;
import org.apache.oltu.oauth2.common.message.types.TokenType;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * 
 *
 * @author howiefh
 */
@RestController
public class AuthorizeController {
    @Value("${shiro.login.url}")
    private String loginUrl = "/views/login.html";

    @Autowired
    private OAuthService oAuthService;
    @Autowired
    private ClientService clientService;

    @RequestMapping("/authentication")
    public Object authorize(HttpServletRequest request) throws URISyntaxException, OAuthSystemException {
        try {

            // OAuth ?
            OAuthAuthzRequest oauthRequest = new OAuthAuthzRequest(request);

            // id?
            if (!oAuthService.checkClientId(oauthRequest.getClientId())) {
                OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_CLIENT)
                        .setErrorDescription(Constants.INVALID_CLIENT_DESCRIPTION).buildJSONMessage();
                return new ResponseEntity<String>(response.getBody(),
                        HttpStatus.valueOf(response.getResponseStatus()));
            }

            Subject subject = SecurityUtils.getSubject();
            // ?
            if (!subject.isAuthenticated()) {
                if (!login(subject, request)) {// ?
                    // TODO
                    HttpHeaders headers = new HttpHeaders();
                    headers.setLocation(new URI(loginUrl));
                    return new ResponseEntity<Object>(headers, HttpStatus.UNAUTHORIZED);
                }
            }

            String username = (String) subject.getPrincipal();
            // ???
            String authorizationCode = null;
            // responseType??CODE?TOKEN
            String responseType = oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE);
            OAuthIssuerImpl oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
            // OAuth?
            OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse
                    .authorizationResponse(request, HttpServletResponse.SC_FOUND);
            if (responseType.equals(ResponseType.CODE.toString())) {
                authorizationCode = oauthIssuerImpl.authorizationCode();
                oAuthService.addAuthCode(authorizationCode, username);
                // ??
                builder.setCode(authorizationCode);
            } else if (responseType.equals(ResponseType.TOKEN.toString())) {
                final String accessToken = oauthIssuerImpl.accessToken();
                oAuthService.addAccessToken(accessToken, username);
                builder.setAccessToken(accessToken);
                builder.setParam("token_type", TokenType.BEARER.toString());
                builder.setExpiresIn(oAuthService.getExpireIn());
            }

            // ???
            String redirectURI = oauthRequest.getParam(OAuth.OAUTH_REDIRECT_URI);

            // ?
            final OAuthResponse response = builder.location(redirectURI).buildQueryMessage();

            // ?OAuthResponseResponseEntity?
            HttpHeaders headers = new HttpHeaders();
            headers.setLocation(new URI(response.getLocationUri()));
            return new ResponseEntity<Object>(headers, HttpStatus.valueOf(response.getResponseStatus()));
        } catch (OAuthProblemException e) {
            // ?
            String redirectUri = e.getRedirectUri();
            if (OAuthUtils.isEmpty(redirectUri)) {
                // redirectUri
                return new ResponseEntity<String>("OAuth callback url needs to be provided by client!!!",
                        HttpStatus.NOT_FOUND);
            }

            // ??error=
            final OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).error(e)
                    .location(redirectUri).buildQueryMessage();
            HttpHeaders headers = new HttpHeaders();
            headers.setLocation(new URI(response.getLocationUri()));
            return new ResponseEntity<Object>(headers, HttpStatus.valueOf(response.getResponseStatus()));
        }
    }

    private boolean login(Subject subject, HttpServletRequest request) {
        if ("get".equalsIgnoreCase(request.getMethod())) {
            return false;
        }
        String username = request.getParameter("username");
        String password = request.getParameter("password");

        if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
            return false;
        }

        UsernamePasswordToken token = new UsernamePasswordToken(username, password);

        try {
            subject.login(token);
            return true;
        } catch (Exception e) {
            throw new RuntimeException("login error: " + e.getMessage());
        }
    }
}