me.tfeng.playmods.oauth2.OAuth2AuthenticationAction Maven / Gradle / Ivy
/**
* Copyright 2016 Thomas Feng
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package me.tfeng.playmods.oauth2;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.CompletionStage;
import org.apache.http.HttpStatus;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
import me.tfeng.playmods.avro.IpcContextHolder;
import me.tfeng.playmods.avro.IpcHelper;
import me.tfeng.playmods.spring.ApplicationError;
import me.tfeng.playmods.spring.ExceptionWrapper;
import me.tfeng.toolbox.spring.ApplicationManager;
import play.mvc.Action;
import play.mvc.Http.Context;
import play.mvc.Http.Request;
import play.mvc.Http.RequestHeader;
import play.mvc.Result;
/**
* @author Thomas Feng ([email protected])
*/
public class OAuth2AuthenticationAction extends Action {
public static final String ACCESS_TOKEN = "access_token";
public static final String AUTHORIZATION_HEADER = "Authorization";
public static final String BEARER = "Bearer";
private static final String OAUTH2_COMPONENT_KEY = "play-mods.oauth2.component";
public static String getAuthorizationToken(RequestHeader request) {
Optional authorizationHeader = request.header(AUTHORIZATION_HEADER);
if (authorizationHeader.isPresent()) {
if (authorizationHeader.get().toLowerCase().startsWith(BEARER.toLowerCase())) {
String authHeaderValue = authorizationHeader.get().substring(BEARER.length()).trim();
return authHeaderValue.split(",")[0];
}
}
return request.getQueryString(ACCESS_TOKEN);
}
@Inject
private ApplicationManager applicationManager;
public CompletionStage authorizeAndCall(Context context, Action delegate) {
OAuth2Component oauth2Component = applicationManager.getBean(OAUTH2_COMPONENT_KEY, OAuth2Component.class);
Request request = context.request();
String token = getAuthorizationToken(request);
return IpcHelper.preserveContext(() -> {
Map newContext = Maps.newHashMap(IpcContextHolder.getContext());
newContext.put(AUTHORIZATION_HEADER, token);
IpcContextHolder.setContext(newContext);
return oauth2Component
.callWithAuthorizationToken(token, () -> delegate.call(context)
.exceptionally(ExceptionWrapper.wrapFunction(t -> handleAuthenticationError(token, t))))
.exceptionally(ExceptionWrapper.wrapFunction(t -> handleAuthenticationError(token, t)));
}).get();
}
@Override
public CompletionStage call(Context context) {
return authorizeAndCall(context, delegate);
}
protected Result handleAuthenticationError(String token, Throwable t) throws Throwable {
t = ExceptionWrapper.unwrap(t);
if (OAuth2Component.isAuthenticationError(t)) {
if (!(t instanceof ApplicationError)) {
throw new ApplicationError(HttpStatus.SC_UNAUTHORIZED, "Authentication failed for token " + token, t);
}
}
throw t;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy