Java tutorial
/** * Copyright 2013 DuraSpace, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.fcrepo.auth.oauth.api; import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST; import static javax.servlet.http.HttpServletResponse.SC_FOUND; import static; import static; import static org.apache.oltu.oauth2.common.OAuth.OAUTH_REDIRECT_URI; import static org.apache.oltu.oauth2.common.OAuth.OAUTH_RESPONSE_TYPE; import static org.apache.oltu.oauth2.common.OAuth.OAUTH_STATE; import static org.apache.oltu.oauth2.common.error.OAuthError.CodeResponse.UNSUPPORTED_RESPONSE_TYPE; import static org.apache.oltu.oauth2.common.message.OAuthResponse.errorResponse; import static org.apache.oltu.oauth2.common.message.types.ResponseType.CODE; import static org.apache.oltu.oauth2.common.utils.OAuthUtils.isEmpty; import static org.fcrepo.auth.oauth.Constants.CLIENT_PROPERTY; import static org.fcrepo.auth.oauth.Constants.OAUTH_WORKSPACE; import static org.fcrepo.auth.oauth.api.Util.createOauthWorkspace; import static org.slf4j.LoggerFactory.getLogger; import; import; import java.util.Set; import javax.annotation.PostConstruct; import javax.jcr.Node; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.servlet.http.HttpServletRequest; import; import; import; import; import; import; import; import; import; import; import org.apache.oltu.oauth2.common.exception.OAuthProblemException; import org.apache.oltu.oauth2.common.exception.OAuthSystemException; import org.apache.oltu.oauth2.common.message.OAuthResponse; import org.fcrepo.http.commons.AbstractResource; import org.fcrepo.auth.oauth.Constants; import org.slf4j.Logger; import org.springframework.stereotype.Component; /** * @author ajs6f * @date Jul 1, 2013 */ @Component @Path("/authorization") public class AuthzEndpoint extends AbstractResource { private static final Logger LOGGER = getLogger(AuthzEndpoint.class); /** * @param request An HTTP request * @return An authorization code for later use with the * {@link TokenEndpoint} * @throws URISyntaxException * @throws OAuthSystemException * @throws RepositoryException */ @GET public Response getAuthorization(@Context final HttpServletRequest request) throws URISyntaxException, OAuthSystemException, RepositoryException { final OAuthAuthzRequest oauthRequest; final OAuthIssuerImpl oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator()); try { oauthRequest = new OAuthAuthzRequest(request); // build response according to response_type final String responseType = oauthRequest.getParam(OAUTH_RESPONSE_TYPE); final OAuthAuthorizationResponseBuilder builder = authorizationResponse(request, SC_FOUND); if (responseType.equals(CODE.toString())) { final String authCode = oauthIssuerImpl.authorizationCode(); LOGGER.debug("Created authorization code: {}", authCode); final String client = oauthRequest.getClientId(); final Set<String> scopes = oauthRequest.getScopes(); saveAuthCode(authCode, scopes, client); builder.setCode(authCode); builder.setParam("grant_type", "authorization_code"); if (null != client) { builder.setParam("client_id", client); } final String clientSecret = oauthRequest.getClientSecret(); if (null != clientSecret) { builder.setParam("client_secret", clientSecret); } else { builder.setParam("client_secret", "YOUR_SECRET"); } } else { final String errorDesc = "Invalid response_type parameter value \"" + responseType + "\""; LOGGER.debug(errorDesc); OAuthProblemException e = OAuthProblemException.error(UNSUPPORTED_RESPONSE_TYPE, errorDesc); e.setRedirectUri(oauthRequest.getParam(OAUTH_REDIRECT_URI)); throw e; } final String redirectURI = oauthRequest.getParam(OAUTH_REDIRECT_URI); if (null != redirectURI) { builder.setParam(OAUTH_REDIRECT_URI, redirectURI); } if (oauthRequest.getState() != null) { builder.setParam(OAUTH_STATE, oauthRequest.getState()); } final OAuthResponse response = builder.location(redirectURI).buildQueryMessage(); final URI url = new URI(response.getLocationUri()); return status(response.getResponseStatus()).location(url).build(); } catch (final OAuthProblemException e) { final Response.ResponseBuilder responseBuilder = status(SC_FOUND); final String redirectUri = e.getRedirectUri(); if (isEmpty(redirectUri)) { throw new WebApplicationException(e, responseBuilder.status(SC_BAD_REQUEST) .entity("OAuth callback url needs to be provided by client!").build()); } final OAuthResponse response = errorResponse(SC_FOUND).error(e).location(redirectUri) .buildQueryMessage(); final URI location = new URI(response.getLocationUri()); return responseBuilder.location(location).build(); } } /** * Saves an authorization code for later retrieval at the token endpoint. * * @param authCode * @param scopes * @param client * @throws RepositoryException */ private void saveAuthCode(final String authCode, final Set<String> scopes, final String client) throws RepositoryException { final Session session = sessions.getInternalSession(OAUTH_WORKSPACE); try { final Node codeNode = jcrTools.findOrCreateNode(session, "/authorization-codes/" + authCode); codeNode.setProperty(CLIENT_PROPERTY, client); codeNode.setProperty(Constants.SCOPES_PROPERTY, Iterables.toArray(scopes, String.class));; } finally { session.logout(); } } /** * Ensures the existence of the workspace into which authorization codes are * stored. * * @throws RepositoryException */ @PostConstruct public void init() throws RepositoryException { createOauthWorkspace(sessions); } }