Skip to content

Instantly share code, notes, and snippets.

@jimfromsa

jimfromsa/TokenEndpoint.java Secret

Last active August 29, 2015 13:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jimfromsa/fc88297bf5aca811eba8 to your computer and use it in GitHub Desktop.
Save jimfromsa/fc88297bf5aca811eba8 to your computer and use it in GitHub Desktop.
Download ZIP
TokenEndpoint
Raw
TokenEndpoint.java
package com.unijunction.ordercloud.security.oauth.rest;
import com.unijunction.ordercloud.organisation.dao.UnitDao;
import com.unijunction.ordercloud.organisation.model.Unit;
import com.unijunction.ordercloud.security.dao.UserUnitLinksDao;
import com.unijunction.ordercloud.security.model.User;
import com.unijunction.ordercloud.security.model.UserUnitLinks;
import com.unijunction.ordercloud.security.oauth.dto.TokenRequestDto;
import com.unijunction.ordercloud.security.oauth.model.OAuthAccessToken;
import com.unijunction.ordercloud.security.password.OrderCloudPasswordService;
import com.unijunction.ordercloud.security.realm.OrderCloudRealm;
import com.unijunction.ordercloud.security.utils.DesEncryption;
import org.apache.oltu.oauth2.as.issuer.MD5Generator;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.error.OAuthError;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.ejb.EJB;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import java.util.Calendar;
/**
*
*
*
*/
@Path("/token")
public class TokenEndpoint {
private Logger log = LoggerFactory.getLogger(TokenEndpoint.class);
@EJB
UserUnitLinksDao userUnitLinksDao;
@EJB
OrderCloudRealm orderCloudRealm;
@EJB
UnitDao unitDao;
public static final String INVALID_CLIENT_DESCRIPTION = "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).";
@POST
@Consumes("application/json")
@Produces("application/json")
public Response authorize(final TokenRequestDto dto, @Context HttpServletRequest request) throws OAuthSystemException {
OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
//check if the Unit code exists
Unit unit;
try{
unit = unitDao.findByCode(dto.getOrganisation_code());
}catch(NullPointerException npe){
return buildInvalidClientIdResponse();
}
String decryptedClientSecret = "";
//TODO: Decide if it is safer to encrypt or decrypt to compare
try{
decryptedClientSecret = unitDao.decryptClientSecret(unit.getId());
}catch(Exception e){
log.error(e.getMessage(), e);
}
//encode the password and check against the database version
if(!dto.getOrganisation_secret().equals(decryptedClientSecret)){
return buildInvalidClientSecretResponse();
}
//for grant type client credentials
if (dto.getGrant_type().equals(GrantType.CLIENT_CREDENTIALS.toString())) {
User user = checkUserPass(dto.getUsername(), dto.getPassword());
if (user == null) {
return buildInvalidUserPassResponse();
}
} else if (dto.getGrant_type().equals(GrantType.REFRESH_TOKEN.toString())) {
if (!checkRefreshToken(dto.getRefresh_token(), dto.getOrganisation_code())) {
return buildBadRefreshCodeResponse();
}
}
UserUnitLinks userUnitLinks = userUnitLinksDao.findUserByValidRefreshToken(dto.getRefresh_token(),dto.getOrganisation_code());
if(userUnitLinks == null){
return buildClientNotAuthorized();
}
//genereate a token
final String accessToken = oauthIssuerImpl.accessToken();
OAuthAccessToken oAuthAccessToken;
try{
//Add the access token to the database
oAuthAccessToken = userUnitLinks.getAccess_token();
}catch(NullPointerException npe){
oAuthAccessToken = new OAuthAccessToken();
}
//set the new token
oAuthAccessToken.setToken(accessToken);
//set token length
oAuthAccessToken.setExpires(3600);
//calculate expiry time
Calendar cal = Calendar.getInstance();
cal.add(Calendar.SECOND, +3600);
//set expiry date
oAuthAccessToken.setExpiryDate(cal.getTime());
//valid
oAuthAccessToken.setValid(true);
//update link
userUnitLinks.setAccess_token(oAuthAccessToken);
userUnitLinksDao.edit(userUnitLinks);
OAuthResponse response = OAuthASResponse
.tokenResponse(HttpServletResponse.SC_OK)
.setAccessToken(accessToken)
.setExpiresIn("3600")
.buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
private Response buildInvalidClientIdResponse() throws OAuthSystemException {
OAuthResponse response =
OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.TokenResponse.INVALID_CLIENT)
.setErrorDescription(INVALID_CLIENT_DESCRIPTION)
.buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
private Response buildInvalidClientSecretResponse() throws OAuthSystemException {
OAuthResponse response =
OAuthASResponse.errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
.setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT)
.setErrorDescription(INVALID_CLIENT_DESCRIPTION)
.buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
private Response buildBadAuthCodeResponse() throws OAuthSystemException {
OAuthResponse response = OAuthASResponse
.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.TokenResponse.INVALID_GRANT)
.setErrorDescription("invalid authorization code")
.buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
private Response buildBadRefreshCodeResponse() throws OAuthSystemException {
OAuthResponse response = OAuthASResponse
.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.TokenResponse.INVALID_GRANT)
.setErrorDescription("invalid refresh token")
.buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
private Response buildClientNotAuthorized() throws OAuthSystemException {
OAuthResponse response = OAuthASResponse
.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT)
.setErrorDescription("Organization not authorized for user")
.buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
private Response buildInvalidUserPassResponse() throws OAuthSystemException {
OAuthResponse response = OAuthASResponse
.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.TokenResponse.INVALID_GRANT)
.setErrorDescription("invalid username or password")
.buildJSONMessage();
return Response.status(response.getResponseStatus()).entity(response.getBody()).build();
}
private byte[] encodePass(String clientSecret, String salt){
//removed
return null;
}
private boolean checkClientId(String clientId) {
//removed
return true;
}
private boolean checkClientSecret(String secret) {
//removed
return true;
}
private boolean checkAuthCode(String authCode) {
//removed
return false;
}
private boolean checkRefreshToken(String refreshToken, String organizationCode) {
//removed
return false;
}
private String encodePassword(String rawPassword) {
//removed
return "";
}
private User checkUserPass(String user, String pass) {
//removed
return null;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment