org.gots.server.auth.TempTokenAuthenticationServlet.java Source code

Java tutorial

Introduction

Here is the source code for org.gots.server.auth.TempTokenAuthenticationServlet.java

Source

/*
 * (C) Copyright 2006-20012 Nuxeo SA (http://nuxeo.com/) and contributors.
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the GNU Lesser General Public License
 * (LGPL) version 2.1 which accompanies this distribution, and is available at
 * http://www.gnu.org/licenses/lgpl.html
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * Contributors:
 *     Antoine Taillefer
 */
package org.gots.server.auth;

import java.io.IOException;
import java.io.OutputStream;
import java.security.Principal;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.util.URIUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.gots.server.auth.service.TokenAuthenticationService;
import org.nuxeo.runtime.api.Framework;

/**
 * Servlet that allows to get a unique authentication token given the request
 * Principal and some device information passed as request parameters:
 * application name, device id, device description, permission. An error
 * response will be sent with a 400 status code if one of the required
 * parameters is null or empty. All parameters are required except for the
 * device description.
 * <p>
 * The token is provided by the {@link TokenAuthenticationService}.
 *
 * @author Antoine Taillefer (ataillefer@nuxeo.com)
 * @since 5.7
 */
public class TempTokenAuthenticationServlet extends HttpServlet {

    private static final long serialVersionUID = 7792388601558509103L;

    private static final Log log = LogFactory.getLog(TempTokenAuthenticationServlet.class);

    protected static final String EMAIL_PARAM = "email";

    protected static final String APPLICATION_NAME_PARAM = "applicationName";

    protected static final String DEVICE_ID_PARAM = "deviceId";

    protected static final String DEVICE_DESCRIPTION_PARAM = "deviceDescription";

    protected static final String PERMISSION_PARAM = "permission";

    protected static final String REVOKE_PARAM = "revoke";

    @Override
    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        // Get request parameters
        String applicationName = req.getParameter(APPLICATION_NAME_PARAM);
        String deviceId = req.getParameter(DEVICE_ID_PARAM);
        String deviceDescription = req.getParameter(DEVICE_DESCRIPTION_PARAM);
        String permission = req.getParameter(PERMISSION_PARAM);
        String revokeParam = req.getParameter(REVOKE_PARAM);
        boolean revoke = Boolean.valueOf(revokeParam);

        // If one of the required parameters is null or empty, send an
        // error with the 400 status
        if (!revoke && (StringUtils.isEmpty(applicationName) || StringUtils.isEmpty(deviceId)
                || StringUtils.isEmpty(permission))) {
            log.error(
                    "The following request parameters are mandatory to acquire an authentication token: applicationName, deviceId, permission.");
            resp.sendError(HttpStatus.SC_BAD_REQUEST);
            return;
        }
        if (revoke && (StringUtils.isEmpty(applicationName) || StringUtils.isEmpty(deviceId))) {
            log.error(
                    "The following request parameters are mandatory to revoke an authentication token: applicationName, deviceId.");
            resp.sendError(HttpStatus.SC_BAD_REQUEST);
            return;
        }

        // Decode parameters
        applicationName = URIUtil.decode(applicationName);
        deviceId = URIUtil.decode(deviceId);
        if (!StringUtils.isEmpty(deviceDescription)) {
            deviceDescription = URIUtil.decode(deviceDescription);
        }
        if (!StringUtils.isEmpty(permission)) {
            permission = URIUtil.decode(permission);
        }

        // Get user name from request Principal
        Principal principal = req.getUserPrincipal();
        if (principal == null) {
            resp.sendError(HttpStatus.SC_UNAUTHORIZED);
            return;
        }
        String userName = principal.getName();
        log.error("The principal user is " + userName);
        // Write response
        String response = null;
        TokenAuthenticationService tokenAuthService = Framework.getLocalService(TokenAuthenticationService.class);
        try {
            // Token acquisition: acquire token and write it to the response
            // body
            if (!revoke) {
                response = tokenAuthService.acquireToken(userName, applicationName, deviceId, deviceDescription,
                        permission);
            }
            // Token revocation
            else {
                String token = tokenAuthService.getToken(userName, applicationName, deviceId);
                if (token == null) {
                    response = String.format(
                            "No token found for userName %s, applicationName %s and deviceId %s; nothing to do.",
                            userName, applicationName, deviceId);
                } else {
                    tokenAuthService.revokeToken(token);
                    response = String.format("Token revoked for userName %s, applicationName %s and deviceId %s.",
                            userName, applicationName, deviceId);
                }
            }
            sendTextResponse(resp, response);
        } catch (Exception e) {
            // Should never happen as parameters have already been checked
            resp.sendError(HttpStatus.SC_NOT_FOUND);
        }
    }

    protected void sendTextResponse(HttpServletResponse resp, String textResponse) throws IOException {

        resp.setContentType("text/plain");
        resp.setContentLength(textResponse.getBytes().length);
        OutputStream out = resp.getOutputStream();
        out.write(textResponse.getBytes());
        out.close();
    }

}