Examples of AuthorizationToken

Examples of com.porterhead.rest.user.domain.AuthorizationToken

197
198
199
200
201
202
203
204
205
206
    }

    @Override
    public AuthorizationToken createAuthorizationToken(User user) {
        if(user.getAuthorizationToken() == null || user.getAuthorizationToken().hasExpired()) {
            user.setAuthorizationToken(new AuthorizationToken(user, applicationConfig.getAuthorizationExpiryTimeInSeconds()));
            userRepository.save(user);
        }
        return user.getAuthorizationToken();
    }
View Full Code Here

Examples of com.porterhead.rest.user.domain.AuthorizationToken

167
168
169
170
171
172
173
174
175
176
177
178
     */
    private boolean isAuthorized(User user, AuthorizationRequestContext authorizationRequest, String hashedToken) {
        Assert.notNull(user);
        Assert.notNull(authorizationRequest.getAuthorizationToken());
        String unEncodedString = composeUnEncodedRequest(authorizationRequest);
        AuthorizationToken authorizationToken = user.getAuthorizationToken();
        String userTokenHash = encodeAuthToken(authorizationToken.getToken(), unEncodedString);
            if (hashedToken.equals(userTokenHash)) {
                return true;
            }
        LOG.error("Hash check failed for hashed token: {} for the following request: {} for user: {}",
                new Object[]{authorizationRequest.getAuthorizationToken(), unEncodedString, user.getId()});
View Full Code Here

Examples of com.porterhead.rest.user.domain.AuthorizationToken

38
39
40
41
42
43
44
45
46
47
48
        }
        User user =  userRepository.findBySession(token);
        if(user == null) {
            throw new AuthorizationException("Session token not valid");
        }
        AuthorizationToken authorizationToken = user.getAuthorizationToken();
            if (authorizationToken.getToken().equals(token)) {
                externalUser = new ExternalUser(user);
            }
        return externalUser;
    }
View Full Code Here

Examples of com.porterhead.rest.user.domain.AuthorizationToken

60
61
62
63
64
65
66
67
68
69
70
        containerRequest = filter.filter(containerRequest);
    }

    private void setUpValidRequest() {
        User user = new User();
        user.setAuthorizationToken(new AuthorizationToken(user));
        final ExternalUser externalUser = new ExternalUser(user);
        String dateString = new DateTime().toString(ISODateTimeFormat.dateTimeNoMillis());
        String hashedToken = new String(Base64.encodeBase64(DigestUtils.sha256(user.getAuthorizationToken().getToken() + ":user/555,POST," + dateString + ",123")));
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_AUTHORIZATION)).thenReturn(externalUser.getId() + ":" + hashedToken);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_DATE)).thenReturn(dateString);
View Full Code Here

Examples of org.fluxtream.core.domain.oauth2.AuthorizationToken

50
51
52
53
54
55
56
57
58
59
60
61
        final HttpServletResponse response = (HttpServletResponse) res;

        try {
            String tokenValue = parseToken(request);
            if (tokenValue!=null) {
                AuthorizationToken authToken = oAuth2MgmtService.getTokenFromAccessToken(tokenValue);
                if (authToken!=null&&authToken.getExpirationIn()>0) {
                    final Guest guest = guestService.getGuestById(authToken.guestId);
                    final FlxUserDetails userDetails = new FlxUserDetails(guest);
                    PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(userDetails, authToken,
                            getAuthorities(guest));
                    authentication.setDetails(userDetails);
View Full Code Here

Examples of org.fluxtream.core.domain.oauth2.AuthorizationToken

33
34
35
36
37
38
39
40
41
42
43
                final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                if (authentication instanceof PreAuthenticatedAuthenticationToken) {
                    PreAuthenticatedAuthenticationToken authToken = (PreAuthenticatedAuthenticationToken) authentication;
                    final Object credentials = authToken.getCredentials();
                    if (credentials instanceof AuthorizationToken) {
                        AuthorizationToken token = (AuthorizationToken) credentials;
                        final Application applicationForToken = oAuth2MgmtService.getApplicationForToken(token);
                        String addConnectorCallbackURL = applicationForToken.addConnectorCallbackURL;
                        if (addConnectorCallbackURL !=null) {
                            String connectorName = location.substring(location.lastIndexOf("/")+1);
                            addConnectorCallbackURL += addConnectorCallbackURL.indexOf("?")==-1
View Full Code Here

Examples of org.fluxtream.core.domain.oauth2.AuthorizationToken

97
98
99
100
101
102
103
104
105
106
    public AuthorizationToken issueAuthorizationToken(long guestId, long applicationId)
    {
        AuthorizationCode code = new AuthorizationCode(guestId, null, null);
        code.applicationId = applicationId;
        em.persist(code);
        AuthorizationToken token = new AuthorizationToken(guestId);
        token.authorizationCodeId = code.getId();
        em.persist(token);
        return token;
    }
View Full Code Here

Examples of org.fluxtream.core.domain.oauth2.AuthorizationToken

123
124
125
126
127
128
129
130
131
132
                "SELECT authorizationToken FROM AuthorizationToken authorizationToken " +
                        "WHERE authorizationToken.accessToken=?", AuthorizationToken.class);
        query.setParameter(1, accessToken);
        final List<AuthorizationToken> resultList = query.getResultList();
        if (resultList.size()>0) {
            final AuthorizationToken authorizationToken = resultList.get(0);
            return authorizationToken;
        }
        return null;
    }
View Full Code Here

Examples of org.fluxtream.core.domain.oauth2.AuthorizationToken

150
151
152
153
154
155
156
157
158
159
160
    }

    @Override
    @Transactional(readOnly=false)
    public void revokeAccessToken(final long guestId, final String accessToken) {
        final AuthorizationToken authorizationToken = getTokenFromAccessToken(accessToken);
        if (authorizationToken.guestId!=guestId)
            throw new RuntimeException("Attempt to revoke an authorizationToken by another user");

        // erase the token's associated authorization code response, if there is one
        Query query = em.createQuery("SELECT response FROM AuthorizationCodeResponse response WHERE authorizationCodeId=?");
View Full Code Here

Examples of org.fluxtream.core.domain.oauth2.AuthorizationToken

330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
            response.setStatus(oauthResponse.getResponseStatus());
            return oauthResponse.getBody();
        }

        // Handle the different types of token requests.
        AuthorizationToken token;
        if (GrantType.AUTHORIZATION_CODE.equals(grantType)) {
            // Attempt to get the code.
            String codeString = oauthRequest.getCode();
            if (codeString == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("An authorization code must be given to be exchanged  for an authorization token.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Attempt to lookup the actual AuthorizationCode object.
            AuthorizationCode code = oAuth2MgmtService.getCode(codeString);
            // If the code doesn't exist, reject the request.
            if (code == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The given authorization code is unknown: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Verify that the client asking for a token is the same as the one
            // that requested the code.
            if (code.applicationId != application.getId()) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("This client is not allowed to reference this code: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // If the code has expired, reject the request.
            if (System.currentTimeMillis() > code.expirationTime) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The given authorization code has expired: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Use the code to lookup the response information and error out if
            // a user has not yet verified it.
            AuthorizationCodeResponse codeResponse = oAuth2MgmtService.getResponse(code.code);
            if (codeResponse == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("A user has not yet verified the code: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Determine if the user granted access and, if not, error out.
            if (!codeResponse.granted) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The user denied the authorization: " + codeString)
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Create a new token.
            token = new AuthorizationToken(codeResponse);
        }
        // Handle a third-party refreshing an existing token.
        else if (GrantType.REFRESH_TOKEN.equals(grantType)) {
            // Get the refresh token from the request.
            String refreshToken = oauthRequest.getRefreshToken();
            if (refreshToken == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("A refresh token must be given to be exchanged for a new authorization token.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }
            // Use the refresh token to lookup the actual refresh token.
            AuthorizationToken currentToken = oAuth2MgmtService.getTokenFromRefreshToken(refreshToken);
            if (currentToken == null) {
                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("The refresh token is unknown.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Verify that the client asking for a token is the same as the one
            // that was issued the refresh token.
            // This is probably a very serious offense and should probably
            // raise some serious red flags!
            if (!oAuth2MgmtService.getApplicationForToken(currentToken).getId().equals(application.getId())) {

                // Create the OAuth response.
                OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
                        .setError(OAuthError.TokenResponse.INVALID_REQUEST)
                        .setErrorDescription("This token does not belong to this client.")
                        .buildJSONMessage();

                // Set the status and return the error message.
                response.setStatus(oauthResponse.getResponseStatus());
                return oauthResponse.getBody();
            }

            // Create a new authorization token from the current one.
            token = new AuthorizationToken(currentToken);
        }
        // If the grant-type is unknown, then we do not yet understand how
        // the request is built and, therefore, can do nothing more than
        // reject it via an OmhException.
        else {
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.