All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.google.api.client.extensions.servlet.auth.AbstractCallbackServlet Maven / Gradle / Ivy

There is a newer version: 1.36.0
Show newest version
/*
 * Copyright (c) 2011 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */

package com.google.api.client.extensions.servlet.auth;

import com.google.api.client.extensions.auth.helpers.Credential;
import com.google.api.client.extensions.auth.helpers.ThreeLeggedFlow;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.util.Beta;
import java.io.IOException;
import java.util.logging.Logger;
import javax.jdo.JDOObjectNotFoundException;
import javax.jdo.PersistenceManager;
import javax.jdo.PersistenceManagerFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * {@link Beta} 
* Callback that will retrieve and complete a {@link ThreeLeggedFlow} when redirected to by a token * server or service provider. Developer should subclass to provide the necessary information * tailored to their specific use case. * *

Warning: starting with version 1.7, usage of this for OAuth 2.0 is deprecated. Instead use * {@link * com.google.api.client.extensions.servlet.auth.oauth2.AbstractAuthorizationCodeCallbackServlet}. * * @author [email protected] (Jacob Moshenko) * @since 1.4 * @deprecated Use {@link * com.google.api.client.extensions.servlet.auth.oauth2.AbstractAuthorizationCodeCallbackServlet}. */ @Beta @Deprecated public abstract class AbstractCallbackServlet extends HttpServlet { private static final long serialVersionUID = 1L; private static final Logger LOG = Logger.getLogger(AbstractCallbackServlet.class.getName()); private static final String ERROR_PARAM = "error"; private PersistenceManagerFactory pmf; private Class flowType; private String redirectUrl; private String deniedRedirectUrl; private String completionCodeQueryParam; private final HttpTransport httpTransport; private final JsonFactory jsonFactory; /** * Constructor with will ask the concrete subclass for all required information on the * environment. */ public AbstractCallbackServlet() { pmf = getPersistenceManagerFactory(); flowType = getConcreteFlowType(); redirectUrl = getSuccessRedirectUrl(); deniedRedirectUrl = getDeniedRedirectUrl(); completionCodeQueryParam = getCompletionCodeQueryParam(); httpTransport = newHttpTransportInstance(); jsonFactory = newJsonFactoryInstance(); } /** Return the {@link JsonFactory} instance for this servlet. */ protected final JsonFactory getJsonFactory() { return jsonFactory; } /** Return the {@link HttpTransport} instance for this servlet. */ protected final HttpTransport getHttpTransport() { return httpTransport; } /** * Override with your chosen method to get a PersistenceManagerFactory. For app engine * applications this should be a singleton. * * @return PersistenceManagerFactory instance. */ protected abstract PersistenceManagerFactory getPersistenceManagerFactory(); /** @return Specific ThreeLeggedFlow type that this callback should retreieve and complete. */ protected abstract Class getConcreteFlowType(); /** @return Url to redirect the user to upon a successful credential exchange. */ protected abstract String getSuccessRedirectUrl(); /** @return Url to redirect the user to upon failure. */ protected abstract String getDeniedRedirectUrl(); /** * @return Specific query parameter keyword to key off of to get completion code. (e.g. "code" for * OAuth2 and "verifier" for OAuth1) */ protected abstract String getCompletionCodeQueryParam(); /** * @return Get a string representation of a userId that can be used to associate credentials and * flows with a specific user. */ protected abstract String getUserId(); /** * Create a new {@link HttpTransport} instance. Implementations can create any type of applicable * transport and should be as simple as: * *

   * new NetHttpTransport();
   * 
* * @return {@link HttpTransport} instance for your particular environment */ protected abstract HttpTransport newHttpTransportInstance(); /** * Create a new {@link JsonFactory} instance. Implementations can create any type of applicable * json factory and should be as simple as: * *
   * new GsonFactory();
   * 
* * @return {@link JsonFactory} instance for your particular environment */ protected abstract JsonFactory newJsonFactoryInstance(); @Override protected final void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException { // Parse the token that will be used to look up the flow object String completionCode = req.getParameter(completionCodeQueryParam); String errorCode = req.getParameter(ERROR_PARAM); if ((completionCode == null || "".equals(completionCode)) && (errorCode == null || "".equals(errorCode))) { resp.setStatus(HttpServletResponse.SC_BAD_REQUEST); resp.getWriter().print("Must have a query parameter: " + completionCodeQueryParam); return; } else if (errorCode != null && !"".equals(errorCode)) { resp.sendRedirect(deniedRedirectUrl); return; } // Get a key for the logged in user to retrieve the flow String userId = getUserId(); // Get flow from the data store PersistenceManager manager = pmf.getPersistenceManager(); try { ThreeLeggedFlow flow = null; try { flow = manager.getObjectById(flowType, userId); } catch (JDOObjectNotFoundException e) { LOG.severe("Unable to locate flow by user: " + userId); resp.setStatus(HttpServletResponse.SC_NOT_FOUND); resp.getWriter().print("Unable to find flow for user: " + userId); return; } flow.setHttpTransport(getHttpTransport()); flow.setJsonFactory(getJsonFactory()); // Complete the flow object with the token we got in our query parameters Credential c = flow.complete(completionCode); manager.makePersistent(c); manager.deletePersistent(flow); resp.sendRedirect(redirectUrl); } finally { manager.close(); } } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy