public BasicOAuth2Accessor(final OAuth2Accessor accessor) { this.accessToken = accessor.getAccessToken(); this.authorizationUrl = accessor.getAuthorizationUrl(); this.clientAuthenticationType = accessor.getClientAuthenticationType(); this.authorizationHeader = accessor.isAuthorizationHeader(); this.urlParameter = accessor.isUrlParameter(); this.clientId = accessor.getClientId(); this.clientSecret = accessor.getClientSecret(); this.gadgetUri = accessor.getGadgetUri(); this.grantType = accessor.getGrantType(); this.redirectUri = accessor.getRedirectUri(); this.refreshToken = accessor.getRefreshToken(); this.serviceName = accessor.getServiceName(); this.scope = accessor.getScope(); this.state = accessor.getState(); this.tokenUrl = accessor.getTokenUrl(); this.type = accessor.getType(); this.user = accessor.getUser(); this.allowModuleOverrides = false; this.globalRedirectUri = null; this.authority = null; this.contextRoot = null; this.errorResponse = accessor.isErrorResponse(); this.redirecting = accessor.isRedirecting(); this.error = accessor.getError(); this.errorContextMessage = accessor.getErrorContextMessage(); this.errorException = accessor.getErrorException(); this.errorUri = accessor.getErrorUri(); this.additionalRequestParams = Maps.newHashMap(); this.allowedDomains = accessor.getAllowedDomains();
private static String getAccessorKey(final OAuth2Accessor accessor) { if (accessor != null) { return "accessor:" + accessor.getGadgetUri() + ':' + accessor.getServiceName() + ':' + accessor.getUser() + ':' + accessor.getScope(); } return null; } }
public boolean handlesRequest(final OAuth2Accessor accessor, final HttpServletRequest request) { if (accessor == null) { return false; } else if (request == null) { return false; } else if (!accessor.isValid() || accessor.isErrorResponse() || !accessor.isRedirecting()) { return false; } else if (!accessor.getGrantType().equalsIgnoreCase(OAuth2Message.AUTHORIZATION)) { return false; } return true; }
@Test public void testGetOAuth2Accessor_4() throws Exception { final OAuth2Accessor result = GadgetOAuth2TokenStoreTest.gts.getOAuth2Accessor( GadgetOAuth2TokenStoreTest.securityToken, GadgetOAuth2TokenStoreTest.arguments, Uri.parse(MockUtils.GADGET_URI1)); Assert.assertNotNull(result); Assert.assertFalse(result.isErrorResponse()); Assert.assertEquals(null, result.getAccessToken()); Assert.assertEquals(MockUtils.AUTHORIZE_URL, result.getAuthorizationUrl()); Assert.assertEquals(OAuth2Message.BASIC_AUTH_TYPE, result.getClientAuthenticationType()); Assert.assertEquals(MockUtils.CLIENT_ID1, result.getClientId()); Assert.assertEquals(MockUtils.GADGET_URI1, result.getGadgetUri()); Assert.assertEquals(OAuth2Message.AUTHORIZATION, result.getGrantType()); Assert.assertEquals(MockUtils.REDIRECT_URI, result.getRedirectUri()); Assert.assertEquals(null, result.getRefreshToken()); Assert.assertEquals(MockUtils.SCOPE, result.getScope()); Assert.assertEquals(MockUtils.SERVICE_NAME, result.getServiceName()); Assert.assertEquals(MockUtils.TOKEN_URL, result.getTokenUrl()); Assert.assertEquals(OAuth2Accessor.Type.CONFIDENTIAL, result.getType()); Assert.assertEquals(MockUtils.USER, result.getUser()); Assert.assertTrue(result.isValid()); Assert.assertFalse(result.isAllowModuleOverrides()); Assert.assertFalse(result.isErrorResponse()); Assert.assertFalse(result.isRedirecting()); Assert.assertFalse(result.isUrlParameter()); Assert.assertTrue(result.isAuthorizationHeader()); }
if (!accessor.isValid() || accessor.isErrorResponse() || accessor.isRedirecting()) { throw new OAuth2RequestException(CodeGrantTypeHandler.ERROR, "accessor is invalid", null); if (!accessor.getGrantType().equalsIgnoreCase(OAuth2Message.AUTHORIZATION)) { throw new OAuth2RequestException(CodeGrantTypeHandler.ERROR, "grant type is not code", null); queryParams.put(OAuth2Message.CLIENT_ID, accessor.getClientId()); final String redirectUri = accessor.getRedirectUri(); if (redirectUri != null && redirectUri.length() > 0) { queryParams.put(OAuth2Message.REDIRECT_URI, redirectUri); final OAuth2CallbackState state = accessor.getState(); if (state != null) { try { final String scope = accessor.getScope(); if (scope != null && scope.length() > 0) { queryParams.put(OAuth2Message.SCOPE, scope); for (final Map.Entry<String, String> entry : accessor.getAdditionalRequestParams().entrySet()) { queryParams.put(entry.getKey(), entry.getValue()); return OAuth2Utils.buildUrl(accessor.getAuthorizationUrl(), queryParams, null);
if (!accessor.isValid() || accessor.isErrorResponse() || accessor.isRedirecting()) { throw new OAuth2RequestException(ClientCredentialsGrantTypeHandler.ERROR, "accessor is invalid", null); if (!accessor.getGrantType().equalsIgnoreCase(OAuth2Message.CLIENT_CREDENTIALS)) { throw new OAuth2RequestException(ClientCredentialsGrantTypeHandler.ERROR, "grant type is not client_credentials", null); queryParams.put(OAuth2Message.GRANT_TYPE, this.getGrantType()); final String clientId = accessor.getClientId(); final byte[] secretBytes = accessor.getClientSecret(); final String secret = new String(secretBytes, "UTF-8"); queryParams.put(OAuth2Message.CLIENT_ID, clientId); queryParams.put(OAuth2Message.CLIENT_SECRET, secret); final String scope = accessor.getScope(); if (scope != null && scope.length() > 0) { queryParams.put(OAuth2Message.SCOPE, scope); ret = OAuth2Utils.buildUrl(accessor.getTokenUrl(), queryParams, null); } catch (final UnsupportedEncodingException e) { throw new OAuth2RequestException(OAuth2Error.CLIENT_CREDENTIALS_PROBLEM,
@Test public void testStoreOAuth2Accessor_1() throws Exception { final OAuth2Store store = MockUtils.getDummyStore(this.cache, null, null, null, null, null, null); OAuth2Accessor accessor = new BasicOAuth2Accessor("XXX", "YYY", "ZZZ", "", false, store, "AAA", null, null); this.cache.storeOAuth2Accessor(accessor); final OAuth2CallbackState state = new OAuth2CallbackState(MockUtils.getDummyStateCrypter()); state.setGadgetUri(accessor.getGadgetUri()); state.setServiceName(accessor.getServiceName()); state.setUser(accessor.getUser()); state.setScope(accessor.getScope()); accessor = this.cache.getOAuth2Accessor(state); Assert.assertNotNull(accessor); Assert.assertEquals("XXX", accessor.getGadgetUri()); Assert.assertEquals("YYY", accessor.getServiceName()); Assert.assertEquals("ZZZ", accessor.getUser()); Assert.assertEquals("", accessor.getScope()); Assert.assertEquals(false, accessor.isAllowModuleOverrides()); Assert.assertEquals("AAA", accessor.getRedirectUri()); }
@Test public void testGetOAuth2Accessor_1() throws Exception { final OAuth2Accessor result = GadgetOAuth2TokenStoreTest.gts.getOAuth2Accessor(null, GadgetOAuth2TokenStoreTest.arguments, GadgetOAuth2TokenStoreTest.gadgetUri); Assert.assertNotNull(result); Assert.assertTrue(result.isErrorResponse()); Assert.assertEquals(OAuth2Error.GET_OAUTH2_ACCESSOR_PROBLEM, result.getError()); Assert.assertTrue(result.getErrorContextMessage().startsWith( "OAuth2Accessor missing a param")); }
if (ret == null && (accessor == null || !accessor.isValid() || accessor.isErrorResponse())) { ret = TokenAuthorizationResponseHandler.getError("accessor is invalid " + accessor); final String expiresIn = msg.getExpiresIn(); final String tokenType = msg.getTokenType(); final String providerName = accessor.getServiceName(); final String gadgetUri = accessor.getGadgetUri(); final String scope = accessor.getScope(); final String user = accessor.getUser(); final String macAlgorithm = msg.getMacAlgorithm(); final String macSecret = msg.getMacSecret(); accessor.setAccessToken(storedAccessToken); storedRefreshToken.setUser(user); this.store.setToken(storedRefreshToken); accessor.setRefreshToken(storedRefreshToken);
if (!accessor.isValid() || accessor.isErrorResponse() || accessor.isRedirecting()) { throw new OAuth2RequestException(ClientCredentialsGrantTypeHandler.ERROR, "accessor is invalid", null); if (!accessor.getGrantType().equalsIgnoreCase(OAuth2Message.CLIENT_CREDENTIALS)) { throw new OAuth2RequestException(ClientCredentialsGrantTypeHandler.ERROR, "grant type is not client_credentials", null); request.setMethod("POST"); request.setHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8"); request.setSecurityToken(new AnonymousSecurityToken("", 0L, accessor.getGadgetUri())); accessor.getClientAuthenticationType())) { final OAuth2HandlerError error = clientAuthenticationHandler.addOAuth2Authentication( request, accessor);
"accessor is null"); } else { accessor.setRedirecting(false); accessor.setAdditionalRequestParams(requestParams); if (!accessor.isErrorResponse()) { responseBuilder = this.attemptFetch(accessor); "exception occurred during fetch", ""); } else { accessor.setErrorResponse(t, OAuth2Error.FETCH_PROBLEM, "exception occurred during fetch", ""); } finally { if (accessor != null) { if (!accessor.isRedirecting()) { if (BasicOAuth2Request.LOG.isLoggable()) { BasicOAuth2Request.LOG.log("accessor is not redirecting, remove it", accessor); accessor.invalidate(); this.store.removeOAuth2Accessor(accessor); this.internalAccessor = null; } else { if (!accessor.isValid()) { if (BasicOAuth2Request.LOG.isLoggable()) { BasicOAuth2Request.LOG.log("accesssor is not valid", accessor); } else if (accessor.isErrorResponse()) {
if (accessor.isErrorResponse()) { return this.getErrorResponseBuilder(accessor.getErrorException(), accessor.getError(), accessor.getErrorContextMessage(), accessor.getErrorUri(), accessor.getErrorContextMessage()); } else { if (BasicOAuth2Request.haveAccessToken(accessor) != null) { accessor.setAccessToken(null); accessor.setRefreshToken(null); ret = this.attemptFetch(accessor); if (!accessor.isRedirecting() && this.checkCanAuthorize(accessor)) { final String completeAuthUrl = this.authorize(accessor); if (completeAuthUrl != null) { accessor.setRedirecting(true); } else { if (accessor.isRedirecting()) { accessor.setAccessToken(null); ret = this.attemptFetch(accessor);
public OAuth2HandlerError addOAuth2Params(final OAuth2Accessor accessor, final HttpRequest request) { try { if (accessor == null || !accessor.isValid() || accessor.isErrorResponse()) { return BearerTokenHandler.getError("accessor is invalid " + accessor); final OAuth2Token accessToken = accessor.getAccessToken(); if (accessor.isUrlParameter()) { final Map<String, String> queryParams = Maps.newHashMap(); final byte[] secretBytes = accessToken.getSecret(); if (accessor.isAuthorizationHeader()) { request.setHeader("Authorization", BearerTokenHandler.TOKEN_TYPE + ' ' + new String(accessToken.getSecret(), "UTF-8"));
if (accessor == null || !accessor.isValid() || accessor.isErrorResponse()) { String message; if (accessor != null) { message = accessor.isValid() ? "OAuth2CallbackServlet accessor isErrorResponse " : "OAuth2CallbackServlet accessor is invalid "; message = message + accessor; accessor.getErrorContextMessage(), accessor.getErrorUri(), accessor, resp, accessor.getErrorException(), this.sendTraceToClient); if (!accessor.isRedirecting()) { if (!accessor.isErrorResponse()) { accessor.invalidate(); this.store.removeOAuth2Accessor(accessor); } else {
private HttpResponse processResponse(final OAuth2Accessor accessor, final HttpResponseBuilder responseBuilder) { final boolean isLogging = BasicOAuth2Request.LOG.isLoggable(); if (isLogging) { BasicOAuth2Request.LOG.entering(BasicOAuth2Request.LOG_CLASS, "processResponse", new Object[] { accessor, responseBuilder == null }); } if (accessor.isErrorResponse() || responseBuilder == null) { return this.sendErrorResponse(accessor.getErrorException(), accessor.getError(), accessor.getErrorContextMessage(), accessor.getErrorUri(), ""); } if (this.responseParams.getAuthorizationUrl() != null) { responseBuilder.setMetadata(OAuth2ResponseParams.APPROVAL_URL, this.responseParams.getAuthorizationUrl()); accessor.setRedirecting(true); } else { accessor.setRedirecting(false); } final HttpResponse ret = responseBuilder.create(); if (isLogging) { BasicOAuth2Request.LOG.exiting(BasicOAuth2Request.LOG_CLASS, "processResponse", "response logged in fetch()"); } return ret; }
public OAuth2HandlerError addOAuth2Authentication(final HttpRequest request, final OAuth2Accessor accessor) { try { if (request == null) { return BasicAuthenticationHandler.getError("request is null"); } if (accessor == null || !accessor.isValid() || accessor.isErrorResponse()) { return BasicAuthenticationHandler.getError("accessor is invalid " + accessor); } final String clientId = accessor.getClientId(); if (clientId == null) { return BasicAuthenticationHandler.getError("client_id is null"); } final byte[] secretBytes = accessor.getClientSecret(); if (secretBytes == null) { return BasicAuthenticationHandler.getError("client_secret is secret"); } final String secret = new String(secretBytes, "UTF-8"); final String authString = clientId + ':' + secret; final byte[] authBytes = Base64.encodeBase64(authString.getBytes()); request.setHeader(OAuth2Message.AUTHORIZATION_HEADER, "Basic: " + new String(authBytes)); return null; } catch (final Exception e) { return BasicAuthenticationHandler.getError("Exception adding basic auth headers", e); } }
OAuth2Token accessToken = accessor.getAccessToken(); if (accessToken != null) { final long expiresAt = accessToken.getExpiresAt(); accessor.setAccessToken(null); if (!lastAttempt) { return null; OAuth2Token refreshToken = accessor.getRefreshToken(); if (refreshToken != null) { final long expiresAt = refreshToken.getExpiresAt(); accessor.setRefreshToken(null); if (!lastAttempt) { return null; final boolean isAllowed = OAuth2Utils.isUriAllowed(request.getUri(), accessor.getAllowedDomains()); if (isAllowed) { String tokenType = accessToken.getTokenType(); BasicOAuth2Request.LOG.log(Level.WARNING, "Gadget {0} attempted to send OAuth2 Token to an unauthorized domain: {1}.", new Object[] { accessor.getGadgetUri(), request.getUri() }); "error removing access_token", null); accessor.setAccessToken(null);
queryParams = Maps.newHashMap(); queryParams.put(OAuth2Message.GRANT_TYPE, OAuth2Message.REFRESH_TOKEN); queryParams.put(OAuth2Message.REFRESH_TOKEN, new String(accessor.getRefreshToken() .getSecret(), "UTF-8")); if (accessor.getScope() != null && accessor.getScope().length() > 0) { queryParams.put(OAuth2Message.SCOPE, accessor.getScope()); final String clientId = accessor.getClientId(); final byte[] secret = accessor.getClientSecret(); queryParams.put(OAuth2Message.CLIENT_ID, clientId); queryParams.put(OAuth2Message.CLIENT_SECRET, new String(secret, "UTF-8"));
HttpResponse response = null; final HttpRequest request = new HttpRequest(Uri.parse(refershTokenUrl)); request.setSecurityToken(new AnonymousSecurityToken("", 0L, accessor.getGadgetUri())); request.setMethod("POST"); request.setHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8"); accessor.getClientAuthenticationType())) { clientAuthenticationHandler.addOAuth2Authentication(request, accessor); if (!OAuth2Utils.isUriAllowed(request.getUri(), accessor.getAllowedDomains())) { ret = new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM, "error fetching refresh token - domain not allowed", null); || statusCode == HttpResponse.SC_BAD_REQUEST) { try { this.store.removeToken(accessor.getRefreshToken()); } catch (final GadgetException e) { ret = new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM, "failed to remove refresh token", e); accessor.setRefreshToken(null); if (isLogging) { BasicOAuth2Request.LOG.log(Level.FINEST, if (error != null) { try { this.store.removeToken(accessor.getRefreshToken()); } catch (final GadgetException e) { ret = new OAuth2HandlerError(OAuth2Error.REFRESH_TOKEN_PROBLEM,
.getTokenUrl()); request.setSecurityToken(new AnonymousSecurityToken("", 0L, accessor.getGadgetUri())); if (!OAuth2Utils.isUriAllowed(request.getUri(), accessor.getAllowedDomains())) { ret = new OAuth2HandlerError(OAuth2Error.AUTHORIZATION_CODE_PROBLEM, "Exception exchanging authorization code for access_token - domain not allowed", null); for (final ClientAuthenticationHandler clientAuthenticationHandler : this.clientAuthenticationHandlers) { if (clientAuthenticationHandler.geClientAuthenticationType().equalsIgnoreCase( accessor.getClientAuthenticationType())) { final OAuth2HandlerError error = clientAuthenticationHandler.addOAuth2Authentication( request, accessor);