/** * Creates a local DB session with credentials * @param credentials The credentials * @throws JasDBStorageException If unable to request the session */ public LocalDBSession(Credentials credentials) throws JasDBException { this(); SessionManager sessionManager = ApplicationContextProvider.getApplicationContext().getBean(SessionManager.class); userSession = sessionManager.startSession(credentials); }
private void validateSession() throws JasDBStorageException { if(session == null || !sessionManager.sessionValid(session.getSessionId())) { throw new JasDBSecurityException("Unable to change security principals, not logged in or session expired"); } } }
private void checkToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException { try { String token = httpServletRequest.getHeader("oauth_token"); String sessionId = httpServletRequest.getHeader("sessionid"); LOG.debug("Token: {} for session: {}", token, sessionId); if(StringUtils.stringNotEmpty(token) && StringUtils.stringNotEmpty(sessionId)) { UserSession session = sessionManager.getSession(sessionId); if(session != null) { CryptoEngine cryptoEngine = CryptoFactory.getEngine(); String expectedTokenHash = cryptoEngine.hash(sessionId, token); if (expectedTokenHash.equals(session.getAccessToken())) { httpServletRequest.setAttribute("session", new UserSessionImpl(sessionId, token, session.getEncryptedContentKey(), session.getUser())); filterChain.doFilter(httpServletRequest, httpServletResponse); } else { handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "Invalid token"); } } else { handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "Invalid token"); } } else { handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "No token"); } } catch(JasDBStorageException e) { LOG.error("Unknown error happened when processing token", e); handleErrorResponse(httpServletResponse, 500, "Unknown error"); } }
/** * Creates a local DB session bound to a specific instance with given credentials * @param instanceId The instance * @param credentials The credentials * @throws JasDBStorageException If unable to request the session */ public LocalDBSession(String instanceId, Credentials credentials) throws JasDBException { this(instanceId); SessionManager sessionManager = ApplicationContextProvider.getApplicationContext().getBean(SessionManager.class); userSession = sessionManager.startSession(credentials); }
@RequestMapping(method = RequestMethod.POST, value = "/token", produces = "application/json", consumes = "application/json") public @ResponseBody ResponseEntity<String> getToken(HttpServletRequest request) { if(request.isSecure()) { try { String clientId = request.getParameter("client_id"); String clientSecret = request.getParameter("client_secret"); LOG.debug("Client: {} host: {}", clientId, request.getRemoteHost()); UserSession session = sessionManager.startSession(new BasicCredentials(clientId, request.getRemoteHost(), clientSecret)); LOG.debug("Loaded session: {}", session); String responseMessage = String.format(GRANT_VALID, session.getAccessToken(), session.getSessionId(), "jasdb", 3600); return new ResponseEntity<>(responseMessage, HttpStatus.OK); } catch(JasDBSecurityException e) { return getErrorResponse("Invalid credentials"); } catch(JasDBStorageException e) { return getErrorResponse("Unknown error"); } } else { return getErrorResponse("Insecure connection"); } }