• Home
• com.clouway.security
• oauth2-server
• 1.0-RC21
• source code
• ClientAuthorizationActivity.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.clouway.oauth2.ClientAuthorizationActivity Maven / Gradle / Ivy

package com.clouway.oauth2;

import com.clouway.friendlyserve.Request;
import com.clouway.friendlyserve.Response;
import com.clouway.friendlyserve.RsRedirect;
import com.clouway.oauth2.authorization.Authorization;
import com.clouway.oauth2.authorization.ClientAuthorizationRepository;
import com.clouway.oauth2.client.Client;
import com.clouway.oauth2.client.ClientFinder;
import com.google.common.base.Optional;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Sets;

import java.util.Set;

/**
 * @author Miroslav Genov ([email protected])
 */
class ClientAuthorizationActivity implements IdentityActivity {
  private final ClientFinder clientFinder;
  private final ClientAuthorizationRepository clientAuthorizationRepository;

  ClientAuthorizationActivity(ClientFinder clientFinder, ClientAuthorizationRepository clientAuthorizationRepository) {
    this.clientFinder = clientFinder;
    this.clientAuthorizationRepository = clientAuthorizationRepository;
  }

  @Override
  public Response execute(String identityId, Request request) {
    String responseType = request.param("response_type");
    String clientId = request.param("client_id");
    String requestedUrl = request.param("redirect_uri");
    String state = request.param("state");
    String scope = request.param("scope") == null ? "" : request.param("scope");

    Optional possibleClientResponse = clientFinder.findClient(clientId);

    if (!possibleClientResponse.isPresent()) {
      return OAuthError.unauthorizedClient();
    }

    Client client = possibleClientResponse.get();

    Optional possibleRedirectUrl = client.determineRedirectUrl(requestedUrl);

    if (!possibleRedirectUrl.isPresent()) {
      return OAuthError.unauthorizedClient("Client Redirect URL is not matching the configured one.");
    }

    Set scopes = Sets.newTreeSet(Splitter.on(" ").omitEmptyStrings().split(scope));
    Optional possibleAuthorizationResponse = clientAuthorizationRepository.authorize(client, identityId, scopes, responseType);

    // RFC-6749 - Section: 4.2.2.1
    // The authorization server redirects the user-agent by
    // sending the following HTTP response:
    // HTTP/1.1 302 Found
    // Location: https://client.example.com/cb#error=access_denied&state=xyz
    if (!possibleAuthorizationResponse.isPresent()) {
      return new RsRedirect(possibleRedirectUrl.get() + "?error=access_denied");
    }

    String callback = possibleRedirectUrl.get();

    Authorization authorization = possibleAuthorizationResponse.get();
    return new RsRedirect(createCallbackUrl(callback, authorization.code, state));
  }

  private String createCallbackUrl(String callback, String code, String state) {
    if (Strings.isNullOrEmpty(state)) {
      return String.format("%s?code=%s", callback, code);
    }
    return String.format("%s?code=%s&state=%s", callback, code, state);
  }
}