edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.UserInfoServlet Maven / Gradle / Ivy
package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE;
import edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.MyProxyDelegationServlet;
import edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException;
import edu.uiuc.ncsa.security.delegation.server.ServiceTransaction;
import edu.uiuc.ncsa.security.delegation.server.request.IssuerResponse;
import edu.uiuc.ncsa.security.delegation.token.AccessToken;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Errors;
import edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError;
import edu.uiuc.ncsa.security.oauth_2_0.server.UII2;
import edu.uiuc.ncsa.security.oauth_2_0.server.UIIRequest2;
import edu.uiuc.ncsa.security.oauth_2_0.server.UIIResponse2;
import org.apache.http.HttpStatus;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
import static edu.uiuc.ncsa.security.core.util.DateUtils.checkTimestamp;
/**
* Created by Jeff Gaynor
* on 10/4/13 at 11:09 AM
*/
public class UserInfoServlet extends MyProxyDelegationServlet {
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
// The access token is sent in the authorization header and should look like
// Bearer oa4mp:...
AccessToken at = null;
OA2SE oa2SE = (OA2SE)getServiceEnvironment();
List authHeaders = getAuthHeader(request, "Bearer");
if(authHeaders.isEmpty()){
// it's not in a header, but was sent as a standard parameter.
at = oa2SE.getTokenForge().getAccessToken(request);
}else {
// only the very first one is taken. Don't try to snoop for them.
at = oa2SE.getTokenForge().getAccessToken(authHeaders.get(0));
}
if (at == null) {
// the bearer token should be sent in the authorization header.
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no access token was sent.", HttpStatus.SC_BAD_REQUEST);
}
ServiceTransaction transaction = (ServiceTransaction) getTransactionStore().get(at);
if (transaction == null) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no transaction for the access token was found.", HttpStatus.SC_BAD_REQUEST);
//throw new TransactionNotFoundException("error: The transaction with access token=" + at + " was not found.");
}
if (!transaction.isAccessTokenValid()) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "invalid access token.", HttpStatus.SC_BAD_REQUEST);
//throw new InvalidTokenException("Error: The access token is not valid.");
}
try {
checkTimestamp(at.getToken());
}catch(InvalidTimestampException itx){
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "token expired.", HttpStatus.SC_BAD_REQUEST);
}
UII2 uis = new UII2(oa2SE.getTokenForge(), getServiceEnvironment().getServiceAddress());
UIIRequest2 uireq = new UIIRequest2(request, at);
uireq.setUsername(getUsername(transaction));
UIIResponse2 uiresp = (UIIResponse2) uis.process(uireq);
oa2SE.getScopeHandler().process(uiresp.getUserInfo(), transaction);
uiresp.write(response);
}
/**
* Override this if needed.
* @param transaction
* @return
*/
protected String getUsername(ServiceTransaction transaction) {
return transaction.getUsername();
}
// not implemented.
@Override
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
return null;
}
}