Skip to main content
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml (renamed from plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.xml)2
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java27
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/ClientProvider.java (renamed from plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/endpoints/ClientDataProvider.java)6
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/CxfOAuthDataProvider.java234
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2Configuration.java12
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2DataProvider.java313
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2RequestFilter.java52
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2ServerProvider.java (renamed from plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2Provider.java)52
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/SubjectProvider.java (renamed from plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/CxfSubjectCreator.java)26
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/AccessToken.java57
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/AuthorizationCode.java49
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/CxfSessionAuthenticityTokenProvider.java48
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/OAuthEncryption.java61
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/RefreshOAuthToken.java57
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/SubjectProviderImpl.java180
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/endpoints/ClientRegistrationService.java5
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsOAuthStorage.java22
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsSessionProvider.java8
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthCodeGrant.java40
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthToken.java40
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthTokenType.java61
21 files changed, 959 insertions, 393 deletions
diff --git a/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.xml b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml
index 03bc15e599c..fddf8df53bc 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.xml
+++ b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" activate="start" configuration-policy="require" deactivate="stop" modified="update">
- <implementation class="org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.OAuth2Provider" />
+ <implementation class="org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.OAuth2ServerProvider" />
<reference bind="setLogger" cardinality="1..1" interface="org.eclipse.osee.logger.Log" name="Log" policy="static"/>
<reference bind="setJaxRsApplicationRegistry" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.internal.applications.JaxRsApplicationRegistry" name="JaxRsApplicationRegistry" policy="static"/>
<reference bind="setJaxRsAuthenticator" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator" name="JaxRsAuthenticator" policy="static"/>
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java
index 278821a898e..72f42cbf522 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java
@@ -169,11 +169,27 @@ public final class OAuthUtil {
}
public static OseePrincipal newOseePrincipal(UserSubject subject) {
- String value = subject.getId();
- Long id = Strings.isNumeric(value) ? Long.parseLong(value) : -1L;
+ Long id = getUserSubjectUuid(subject);
return new UserSubjectWrapper(id, subject);
}
+ public static Long getUserSubjectUuid(UserSubject subject) {
+ String value = subject.getId();
+ return Strings.isNumeric(value) ? Long.parseLong(value) : -1L;
+ }
+
+ public static String getDisplayName(UserSubject subject) {
+ return getProperty(subject.getProperties(), SUBJECT_DISPLAY_NAME, subject.getLogin());
+ }
+
+ public static String getProperty(Map<String, String> props, String key, String defaultValue) {
+ String toReturn = props.get(key);
+ if (toReturn == null) {
+ toReturn = defaultValue;
+ }
+ return toReturn;
+ }
+
private static final class UserSubjectWrapper extends BaseIdentity<Long> implements OseePrincipal {
private final UserSubject subject;
@@ -229,11 +245,8 @@ public final class OAuthUtil {
}
private String get(String key, String defaultValue) {
- String toReturn = subject.getProperties().get(key);
- if (toReturn == null) {
- toReturn = defaultValue;
- }
- return toReturn;
+ return getProperty(getProperties(), key, defaultValue);
}
}
+
}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/endpoints/ClientDataProvider.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/ClientProvider.java
index 189e7aaf25f..297af4e7ab2 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/endpoints/ClientDataProvider.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/ClientProvider.java
@@ -8,17 +8,19 @@
* Contributors:
* Boeing - initial API and implementation
*******************************************************************************/
-package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.endpoints;
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider;
import org.apache.cxf.rs.security.oauth2.common.Client;
/**
* @author Roberto E. Escobar
*/
-public interface ClientDataProvider {
+public interface ClientProvider {
Client getClient(String clientId);
Client createClient();
+ long getClientId(Client client);
+
} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/CxfOAuthDataProvider.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/CxfOAuthDataProvider.java
deleted file mode 100644
index 6f137536f43..00000000000
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/CxfOAuthDataProvider.java
+++ /dev/null
@@ -1,234 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Boeing.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- * Boeing - initial API and implementation
- *******************************************************************************/
-package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider;
-
-import java.util.Collections;
-import java.util.List;
-import javax.crypto.SecretKey;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthError;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
-import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
-import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
-import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
-import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.endpoints.ClientDataProvider;
-import org.eclipse.osee.jaxrs.server.security.JaxRsOAuthStorage;
-
-/**
- * @author Roberto E. Escobar
- */
-public class CxfOAuthDataProvider implements AuthorizationCodeDataProvider, ClientDataProvider {
-
- private final JaxRsOAuthStorage storage;
-
- private boolean isRefreshTokenAllowed;
- private long accessTokenExpiration;
- private long refreshTokenExpiration;
- private long codeGrantExpiration;
- private SecretKey secretKey;
-
- public CxfOAuthDataProvider(JaxRsOAuthStorage storage) {
- super();
- this.storage = storage;
- }
-
- public SecretKey getSecretKey() {
- return secretKey;
- }
-
- public void setSecretKey(SecretKey secretKey) {
- this.secretKey = secretKey;
- }
-
- public boolean isRefreshTokenAllowed() {
- return isRefreshTokenAllowed;
- }
-
- public long getAccessTokenExpiration() {
- return accessTokenExpiration;
- }
-
- public long getRefreshTokenExpiration() {
- return refreshTokenExpiration;
- }
-
- public long getCodeGrantExpiration() {
- return codeGrantExpiration;
- }
-
- public void setRefreshTokenAllowed(boolean isRefreshTokenAllowed) {
- this.isRefreshTokenAllowed = isRefreshTokenAllowed;
- }
-
- public void setAccessTokenExpiration(long accessTokenExpiration) {
- this.accessTokenExpiration = accessTokenExpiration;
- }
-
- public void setRefreshTokenExpiration(long refreshTokenExpiration) {
- this.refreshTokenExpiration = refreshTokenExpiration;
- }
-
- public void setCodeGrantExpiration(long codeGrantExpiration) {
- this.codeGrantExpiration = codeGrantExpiration;
- }
-
- @Override
- public Client createClient() {
- return null;
- }
-
- @Override
- public Client getClient(String clientId) {
- return storage.getClient(clientId);
- }
-
- @Override
- public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg) {
- long expiresIn = getCodeGrantExpiration();
-
- ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(reg.getClient(), expiresIn);
- grant.setAudience(reg.getAudience());
- grant.setRedirectUri(reg.getRedirectUri());
- grant.setClientCodeVerifier(reg.getClientCodeVerifier());
- grant.setSubject(reg.getSubject());
- grant.setApprovedScopes(getApprovedScopes(reg.getRequestedScope(), reg.getApprovedScope()));
- grant.setClientCodeVerifier(reg.getClientCodeVerifier());
-
- String encrypted = ModelEncryptionSupport.encryptCodeGrant(grant, getSecretKey());
- grant.setCode(encrypted);
-
- storage.storeCodeGrant(encrypted);
- return grant;
- }
-
- @Override
- public ServerAuthorizationCodeGrant removeCodeGrant(String code) {
- String codeGrant = storage.getCodeGrant(code);
- ServerAuthorizationCodeGrant grant = null;
- if (codeGrant != null) {
- storage.removeCodeGrant(codeGrant);
- grant = ModelEncryptionSupport.decryptCodeGrant(this, codeGrant, getSecretKey());
- }
- return grant;
- }
-
- @Override
- public ServerAccessToken createAccessToken(AccessTokenRegistration reg) {
- Client client = reg.getClient();
- List<String> approvedScopes = getApprovedScopes(reg.getRequestedScope(), reg.getApprovedScope());
- List<OAuthPermission> permissions = convertScopeToPermissions(client, approvedScopes);
-
- BearerAccessToken token = new BearerAccessToken(client, getAccessTokenExpiration());
- token.setSubject(reg.getSubject());
-
- token.setAudience(reg.getAudience());
- token.setGrantType(reg.getGrantType());
- token.setParameters(Collections.singletonMap("param", "value"));
- token.setScopes(permissions);
-
- String encryptedRefreshToken = null;
- if (isRefreshTokenAllowed()) {
- RefreshToken refreshToken = new RefreshToken(client, getRefreshTokenExpiration());
- encryptedRefreshToken = ModelEncryptionSupport.encryptRefreshToken(refreshToken, getSecretKey());
- token.setRefreshToken(encryptedRefreshToken);
- }
-
- String encryptedAccessToken = ModelEncryptionSupport.encryptAccessToken(token, getSecretKey());
- token.setTokenKey(encryptedAccessToken);
-
- storage.storeAccessToken(encryptedAccessToken);
- if (encryptedRefreshToken != null) {
- storage.storeRefreshToken(encryptedRefreshToken, encryptedAccessToken);
- }
- return token;
- }
-
- @Override
- public ServerAccessToken getAccessToken(String accessToken) {
- return ModelEncryptionSupport.decryptAccessToken(this, accessToken, getSecretKey());
- }
-
- @Override
- public ServerAccessToken refreshAccessToken(Client client, String refreshToken, List<String> requestedScopes) {
- if (!isRefreshTokenAllowed()) {
- OAuthError error = new OAuthError(OAuthConstants.INVALID_REQUEST, "Refresh tokens are not allowed.");
- throw new OAuthServiceException(error);
- }
- SecretKey secretKey = getSecretKey();
-
- String encryptedAccessToken = storage.getAccessTokenByRefreshToken(refreshToken);
- if (encryptedAccessToken != null) {
- storage.removeRefreshToken(refreshToken);
- }
-
- ServerAccessToken token = ModelEncryptionSupport.decryptAccessToken(this, encryptedAccessToken, secretKey);
- storage.removeAccessToken(token.getTokenKey());
-
- RefreshToken newRefreshToken = new RefreshToken(token.getClient(), getRefreshTokenExpiration());
- String newEncryptedRefreshToken = ModelEncryptionSupport.encryptRefreshToken(newRefreshToken, secretKey);
- token.setRefreshToken(newEncryptedRefreshToken);
-
- String newEncryptedAccessToken = ModelEncryptionSupport.encryptAccessToken(token, secretKey);
- storage.storeAccessToken(newEncryptedAccessToken);
- storage.storeRefreshToken(newEncryptedRefreshToken, newEncryptedAccessToken);
- token.setTokenKey(newEncryptedAccessToken);
- return token;
- }
-
- @Override
- public void removeAccessToken(ServerAccessToken accessToken) {
- storage.removeAccessToken(accessToken.getTokenKey());
- }
-
- @Override
- public void revokeToken(Client client, String token, String tokenTypeHint) {
- // the fast way: if it is the refresh token then there will be a matching value for it
- String accessToken = storage.getAccessTokenByRefreshToken(token);
- if (accessToken != null) {
- storage.removeRefreshToken(token);
- }
- // if no matching value then the token parameter is access token key
- storage.removeAccessToken(accessToken == null ? token : accessToken);
- }
-
- @Override
- public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes, UserSubject subject, String grantType) {
- // This is an optimization useful in cases where a client requests an authorization code:
- // if a user has already provided a given client with a pre-authorized token then challenging
- // a user with yet another form asking for the authorization is redundant
- String clientId = client.getClientId();
- String subjectId = subject.getId();
- String encryptedToken = storage.getPreauthorizedToken(clientId, subjectId, grantType);
- ServerAccessToken token = null;
- if (encryptedToken != null) {
- token = ModelEncryptionSupport.decryptAccessToken(this, encryptedToken, getSecretKey());
- }
- return token;
- }
-
- @Override
- public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScope) {
- return Collections.emptyList();
- }
-
- private List<String> getApprovedScopes(List<String> requestedScopes, List<String> approvedScopes) {
- return approvedScopes.isEmpty() ? requestedScopes : approvedScopes;
- }
-
-} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2Configuration.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2Configuration.java
index fe496d2678a..c92fcd77d00 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2Configuration.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2Configuration.java
@@ -51,6 +51,9 @@ public class OAuth2Configuration {
public static final String OAUTH2_PROVIDER__USE_USER_SUBJECT = qualify("use.user.subject");
public static final String OAUTH2_PROVIDER__WRITE_CUSTOM_ERRORS = qualify("write.custom.errors");
public static final String OAUTH2_PROVIDER__WRITE_OPTIONAL_PARAMETERS = qualify("write.optional.parameters");
+
+ public static final String OAUTH2_PROVIDER__SECRET_KEY_ALGORITHM = qualify("secret.key.algorithm");
+ public static final String OAUTH2_PROVIDER__ENCODED_SECRET_KEY = qualify("secret.key");
//@formatter:on
public static final boolean DEFAULT_OAUTH2_PROVIDER__SERVICE_ENABLED = false;
@@ -74,6 +77,8 @@ public class OAuth2Configuration {
public static final boolean DEFAULT_OAUTH2_PROVIDER__USE_USER_SUBJECT = false;
public static final boolean DEFAULT_OAUTH2_PROVIDER__WRITE_CUSTOM_ERRORS = true;
public static final boolean DEFAULT_OAUTH2_PROVIDER__WRITE_OPTIONAL_PARAMETERS = true;
+ public static final String DEFAULT_OAUTH2_PROVIDER__SECRET_KEY_ALGORITHM = null;
+ public static final String DEFAULT_OAUTH2_PROVIDER__ENCODED_SECRET_KEY = null;
public static OAuth2Configuration fromProperties(Map<String, Object> props) {
OAuth2Configuration config = new OAuth2Configuration(props);
@@ -191,4 +196,11 @@ public class OAuth2Configuration {
DEFAULT_OAUTH2_PROVIDER__WRITE_OPTIONAL_PARAMETERS);
}
+ public String getSecretKeyAlgorithm() {
+ return get(props, OAUTH2_PROVIDER__SECRET_KEY_ALGORITHM, DEFAULT_OAUTH2_PROVIDER__SECRET_KEY_ALGORITHM);
+ }
+
+ public String getEncodedSecretKey() {
+ return get(props, OAUTH2_PROVIDER__ENCODED_SECRET_KEY, DEFAULT_OAUTH2_PROVIDER__ENCODED_SECRET_KEY);
+ }
} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2DataProvider.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2DataProvider.java
new file mode 100644
index 00000000000..40fdf644e3d
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2DataProvider.java
@@ -0,0 +1,313 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider;
+
+import java.util.Collections;
+import java.util.List;
+import javax.crypto.SecretKey;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthError;
+import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.eclipse.osee.framework.jdk.core.util.Lib;
+import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters.AccessToken;
+import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters.AuthorizationCode;
+import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters.OAuthEncryption;
+import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters.RefreshOAuthToken;
+import org.eclipse.osee.jaxrs.server.security.JaxRsOAuthStorage;
+import org.eclipse.osee.jaxrs.server.security.OAuthCodeGrant;
+import org.eclipse.osee.jaxrs.server.security.OAuthToken;
+import org.eclipse.osee.jaxrs.server.security.OAuthTokenType;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public class OAuth2DataProvider implements AuthorizationCodeDataProvider {
+
+ private final OAuthEncryption serializer;
+ private final JaxRsOAuthStorage storage;
+ private final ClientProvider clientProvider;
+ private final SubjectProvider subjectProvider;
+
+ private boolean isRefreshTokenAllowed;
+ private long accessTokenExpiration;
+ private long refreshTokenExpiration;
+ private long codeGrantExpiration;
+
+ private String secretKeyEncoded;
+ private String secretKeyAlgorithm;
+
+ private volatile SecretKey secretKey;
+
+ public OAuth2DataProvider(ClientProvider clientProvider, SubjectProvider subjectProvider, OAuthEncryption serializer, JaxRsOAuthStorage storage) {
+ super();
+ this.clientProvider = clientProvider;
+ this.subjectProvider = subjectProvider;
+ this.serializer = serializer;
+ this.storage = storage;
+ }
+
+ public void setSecretKeyEncoded(String secretKeyEncoded) {
+ this.secretKeyEncoded = secretKeyEncoded;
+ }
+
+ public void setSecretKeyAlgorithm(String secretKeyAlgorithm) {
+ this.secretKeyAlgorithm = secretKeyAlgorithm;
+ }
+
+ public void setRefreshTokenAllowed(boolean isRefreshTokenAllowed) {
+ this.isRefreshTokenAllowed = isRefreshTokenAllowed;
+ }
+
+ public void setAccessTokenExpiration(long accessTokenExpiration) {
+ this.accessTokenExpiration = accessTokenExpiration;
+ }
+
+ public void setRefreshTokenExpiration(long refreshTokenExpiration) {
+ this.refreshTokenExpiration = refreshTokenExpiration;
+ }
+
+ public void setCodeGrantExpiration(long codeGrantExpiration) {
+ this.codeGrantExpiration = codeGrantExpiration;
+ }
+
+ public boolean isRefreshTokenAllowed() {
+ return isRefreshTokenAllowed;
+ }
+
+ public long getAccessTokenExpiration() {
+ return accessTokenExpiration;
+ }
+
+ public long getRefreshTokenExpiration() {
+ return refreshTokenExpiration;
+ }
+
+ public long getCodeGrantExpiration() {
+ return codeGrantExpiration;
+ }
+
+ private SecretKey getSecretKey() {
+ if (secretKey == null) {
+ secretKey = serializer.decodeSecretKey(secretKeyEncoded, secretKeyAlgorithm);
+ }
+ return secretKey;
+ }
+
+ private long getClientId(Client client) {
+ return clientProvider.getClientId(client);
+ }
+
+ private long getSubjectId(UserSubject subject) {
+ return subjectProvider.getSubjectId(subject);
+ }
+
+ @Override
+ public Client getClient(String clientId) {
+ return clientProvider.getClient(clientId);
+ }
+
+ @Override
+ public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg) {
+ long expiresIn = getCodeGrantExpiration();
+
+ long uuid = Lib.generateUuid();
+ long clientId = getClientId(reg.getClient());
+ long subjectId = getSubjectId(reg.getSubject());
+
+ AuthorizationCode grant = new AuthorizationCode(uuid, clientId, subjectId);
+ grant.setCode(OAuthUtils.generateRandomTokenKey());
+ grant.setIssuedAt(OAuthUtils.getIssuedAt());
+ grant.setExpiresIn(expiresIn);
+ grant.setClient(reg.getClient());
+ grant.setSubject(reg.getSubject());
+
+ grant.setAudience(reg.getAudience());
+ grant.setRedirectUri(reg.getRedirectUri());
+ grant.setClientCodeVerifier(reg.getClientCodeVerifier());
+ grant.setApprovedScopes(getApprovedScopes(reg.getRequestedScope(), reg.getApprovedScope()));
+ grant.setClientCodeVerifier(reg.getClientCodeVerifier());
+
+ String encrypted = serializer.encryptCodeGrant(grant, getSecretKey());
+ grant.setCode(encrypted);
+
+ storage.storeCodeGrant(grant);
+ return grant;
+ }
+
+ @Override
+ public ServerAuthorizationCodeGrant removeCodeGrant(String code) {
+ OAuthCodeGrant codeGrant = storage.getCodeGrant(code);
+ ServerAuthorizationCodeGrant toReturn = null;
+ if (codeGrant != null) {
+ String encryptedCode = codeGrant.getCode();
+ toReturn = serializer.decryptCodeGrant(this, encryptedCode, getSecretKey());
+ storage.removeCodeGrant(codeGrant);
+ }
+ return toReturn;
+ }
+
+ @Override
+ public ServerAccessToken createAccessToken(AccessTokenRegistration reg) {
+ Client client = reg.getClient();
+ List<String> approvedScopes = getApprovedScopes(reg.getRequestedScope(), reg.getApprovedScope());
+ List<OAuthPermission> permissions = convertScopeToPermissions(client, approvedScopes);
+
+ long uuid = Lib.generateUuid();
+ long clientId = getClientId(reg.getClient());
+ long subjectId = getSubjectId(reg.getSubject());
+
+ OAuthTokenType type = OAuthTokenType.BEARER_TOKEN;
+
+ AccessToken accessToken = new AccessToken(uuid, clientId, subjectId, type);
+ accessToken.setTokenKey(OAuthUtils.generateRandomTokenKey());
+ accessToken.setIssuedAt(OAuthUtils.getIssuedAt());
+ accessToken.setExpiresIn(getAccessTokenExpiration());
+ accessToken.setClient(client);
+ accessToken.setSubject(reg.getSubject());
+
+ accessToken.setTokenType(type.getType());
+ accessToken.setAudience(reg.getAudience());
+ accessToken.setGrantType(reg.getGrantType());
+ accessToken.setScopes(permissions);
+
+ RefreshOAuthToken refreshToken = null;
+ if (isRefreshTokenAllowed()) {
+ refreshToken = newRefreshToken(accessToken, clientId, subjectId, getSecretKey());
+ accessToken.setRefreshToken(refreshToken.getTokenKey());
+ }
+
+ String encryptedAccessToken = serializer.encryptAccessToken(accessToken, getSecretKey());
+ accessToken.setTokenKey(encryptedAccessToken);
+
+ if (refreshToken != null) {
+ storage.storeToken(accessToken, refreshToken);
+ storage.relateTokens(refreshToken, accessToken);
+ } else {
+ storage.storeToken(accessToken);
+ }
+ return accessToken;
+ }
+
+ @Override
+ public ServerAccessToken getAccessToken(String accessToken) {
+ return serializer.decryptAccessToken(this, accessToken, getSecretKey());
+ }
+
+ @Override
+ public ServerAccessToken refreshAccessToken(Client client, String refreshToken, List<String> requestedScopes) {
+ if (!isRefreshTokenAllowed()) {
+ OAuthError error = new OAuthError(OAuthConstants.INVALID_REQUEST, "Refresh tokens are not allowed.");
+ throw new OAuthServiceException(error);
+ }
+ SecretKey secretKey = getSecretKey();
+
+ RefreshToken oldRefreshToken = serializer.decryptRefreshToken(this, refreshToken, secretKey);
+
+ Iterable<OAuthToken> tokens = storage.getAccessTokensByRefreshToken(refreshToken);
+ storage.removeToken(tokens);
+ storage.removeTokenByKey(refreshToken);
+
+ long uuid = Lib.generateUuid();
+ long clientId = getClientId(oldRefreshToken.getClient());
+ long subjectId = getSubjectId(oldRefreshToken.getSubject());
+
+ OAuthTokenType type = OAuthTokenType.BEARER_TOKEN;
+
+ AccessToken newAccessToken = new AccessToken(uuid, clientId, subjectId, type);
+ newAccessToken.setTokenKey(OAuthUtils.generateRandomTokenKey());
+ newAccessToken.setIssuedAt(OAuthUtils.getIssuedAt());
+ newAccessToken.setExpiresIn(getAccessTokenExpiration());
+ newAccessToken.setClient(oldRefreshToken.getClient());
+ newAccessToken.setSubject(oldRefreshToken.getSubject());
+
+ newAccessToken.setTokenType(type.getType());
+ newAccessToken.setAudience(oldRefreshToken.getAudience());
+ newAccessToken.setGrantType(oldRefreshToken.getGrantType());
+ newAccessToken.setScopes(oldRefreshToken.getScopes());
+
+ RefreshOAuthToken newRefreshToken = newRefreshToken(newAccessToken, clientId, subjectId, getSecretKey());
+ newAccessToken.setRefreshToken(newRefreshToken.getTokenKey());
+
+ String newEncryptedAccessToken = serializer.encryptAccessToken(newAccessToken, secretKey);
+ newAccessToken.setTokenKey(newEncryptedAccessToken);
+
+ storage.storeToken(newAccessToken, newRefreshToken);
+ storage.relateTokens(newRefreshToken, newAccessToken);
+ return newAccessToken;
+ }
+
+ private RefreshOAuthToken newRefreshToken(AccessToken token, long clientId, long subjectId, SecretKey secretKey) {
+ long refreshUuid = Lib.generateUuid();
+
+ RefreshOAuthToken toReturn = new RefreshOAuthToken(refreshUuid, clientId, subjectId);
+ toReturn.setTokenKey(OAuthUtils.generateRandomTokenKey());
+ toReturn.setIssuedAt(OAuthUtils.getIssuedAt());
+ toReturn.setExpiresIn(getRefreshTokenExpiration());
+ toReturn.setClient(token.getClient());
+ toReturn.setSubject(token.getSubject());
+
+ toReturn.setAudience(token.getAudience());
+ toReturn.setGrantType(token.getGrantType());
+ toReturn.setScopes(token.getScopes());
+
+ String encryptedRefreshToken = serializer.encryptRefreshToken(toReturn, secretKey);
+ toReturn.setTokenKey(encryptedRefreshToken);
+ return toReturn;
+ }
+
+ @Override
+ public void removeAccessToken(ServerAccessToken accessToken) {
+ storage.removeTokenByKey(accessToken.getTokenKey());
+ }
+
+ @Override
+ public void revokeToken(Client client, String tokenKey, String tokenTypeHint) {
+ Iterable<OAuthToken> tokens = storage.getAccessTokensByRefreshToken(tokenKey);
+ storage.removeToken(tokens);
+ storage.removeTokenByKey(tokenKey);
+ }
+
+ @Override
+ public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes, UserSubject subject, String grantType) {
+ // This is an optimization useful in cases where a client requests an authorization code:
+ // if a user has already provided a given client with a pre-authorized token then challenging
+ // a user with yet another form asking for the authorization is redundant
+ long clientId = getClientId(client);
+ long subjectId = getSubjectId(subject);
+ OAuthToken accessToken = storage.getPreauthorizedToken(clientId, subjectId, grantType);
+
+ ServerAccessToken token = null;
+ if (accessToken != null) {
+ token = serializer.decryptAccessToken(this, accessToken.getTokenKey(), getSecretKey());
+ }
+ return token;
+ }
+
+ @Override
+ public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScope) {
+ return Collections.emptyList();
+ }
+
+ private List<String> getApprovedScopes(List<String> requestedScopes, List<String> approvedScopes) {
+ return approvedScopes.isEmpty() ? requestedScopes : approvedScopes;
+ }
+
+} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2RequestFilter.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2RequestFilter.java
index feb163260af..5a89bfa6d57 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2RequestFilter.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2RequestFilter.java
@@ -11,29 +11,24 @@
package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider;
import static org.eclipse.osee.jaxrs.server.internal.security.oauth2.OAuthUtil.newAuthorizationRequiredResponse;
-import static org.eclipse.osee.jaxrs.server.internal.security.oauth2.OAuthUtil.newUserSubject;
import java.net.URI;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.PreMatching;
-import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
+import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter;
-import org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerLoginHandler;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.security.SecurityContext;
import org.eclipse.osee.framework.jdk.core.util.Strings;
import org.eclipse.osee.jaxrs.server.internal.security.oauth2.OAuthUtil;
-import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator;
-import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator.Subject;
-import org.eclipse.osee.jaxrs.server.security.JaxRsSessionProvider;
import org.eclipse.osee.logger.Log;
/**
@@ -46,20 +41,18 @@ import org.eclipse.osee.logger.Log;
*/
@PreMatching
@Priority(Priorities.AUTHENTICATION)
-public class OAuth2RequestFilter extends OAuthRequestFilter implements ResourceOwnerLoginHandler {
+public class OAuth2RequestFilter extends OAuthRequestFilter {
private final Log logger;
- private final JaxRsAuthenticator authenticator;
- private final JaxRsSessionProvider sessionProvider;
+ private final SubjectProvider sessionProvider;
private volatile boolean useUserSubject;
private volatile URI redirectURI;
private volatile boolean ignoreBasePath;
- public OAuth2RequestFilter(Log logger, JaxRsAuthenticator authenticator, JaxRsSessionProvider sessionProvider) {
+ public OAuth2RequestFilter(Log logger, SubjectProvider sessionProvider) {
super();
this.logger = logger;
- this.authenticator = authenticator;
this.sessionProvider = sessionProvider;
}
@@ -77,9 +70,6 @@ public class OAuth2RequestFilter extends OAuthRequestFilter implements ResourceO
this.ignoreBasePath = ignoreBasePath;
}
- private @Context
- HttpServletRequest request;
-
@Override
public void filter(ContainerRequestContext context) {
if (isResourceOwnerRequest(context)) {
@@ -100,15 +90,16 @@ public class OAuth2RequestFilter extends OAuthRequestFilter implements ResourceO
private void handleResourceOwnerRequest(ContainerRequestContext context) {
Message msg = JAXRSUtils.getCurrentMessage();
- String authorizationHeader = context.getHeaderString(HttpHeaders.AUTHORIZATION);
- Object sc = sessionProvider.getFromSession(request);
- if (sc != null) {
- msg.put(SecurityContext.class, (SecurityContext) sc);
- } else {
+ MessageContext mc = getMessageContext();
+
+ SecurityContext sc = sessionProvider.getSecurityContextFromSession(mc);
+ if (sc == null) {
+ String authorizationHeader = context.getHeaderString(HttpHeaders.AUTHORIZATION);
+
Response jaxRsResponse = null;
if (isAuthenticationSchemeSupported(authorizationHeader)) {
try {
- doBasicAuthentication(context, msg, authorizationHeader);
+ doBasicAuthentication(mc, authorizationHeader);
} catch (Exception ex) {
jaxRsResponse = getAuthenticationException(ex, msg);
}
@@ -132,29 +123,12 @@ public class OAuth2RequestFilter extends OAuthRequestFilter implements ResourceO
return newAuthorizationRequiredResponse(redirectURI, ignoreBasePath, realm, msg);
}
- private void doBasicAuthentication(ContainerRequestContext context, Message msg, String header) {
+ private void doBasicAuthentication(MessageContext mc, String header) {
logger.debug("doBasicAuthentication called");
String[] basicAuthParts = OAuthUtil.decodeCredentials(header);
String username = basicAuthParts[0];
String password = basicAuthParts[1];
- authenticate(context, OAuthConstants.BASIC_SCHEME, username, password, msg);
- }
-
- private void authenticate(ContainerRequestContext context, String scheme, String username, String password, Message msg) {
- UserSubject subject = authenticate(scheme, username, password);
- SecurityContext sc = OAuthUtil.newSecurityContext(subject);
- sessionProvider.createSession(request, scheme, sc);
- msg.put(SecurityContext.class, sc);
- }
-
- private UserSubject authenticate(String scheme, String username, String password) {
- Subject user = authenticator.authenticate(scheme, username, password);
- return newUserSubject(user);
- }
-
- @Override
- public UserSubject createSubject(String username, String password) {
- return authenticate(OAuthConstants.BASIC_SCHEME, username, password);
+ sessionProvider.authenticate(mc, OAuthConstants.BASIC_SCHEME, username, password);
}
@Override
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2Provider.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2ServerProvider.java
index 2a0a497e451..e7eda3ca552 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2Provider.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2ServerProvider.java
@@ -17,7 +17,6 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
-import javax.crypto.SecretKey;
import javax.ws.rs.core.Application;
import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
import org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler;
@@ -29,11 +28,7 @@ import org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerLoginHandler;
import org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
-import org.apache.cxf.rs.security.oauth2.provider.DefaultResourceOwnerNameProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth2.provider.ResourceOwnerNameProvider;
-import org.apache.cxf.rs.security.oauth2.provider.SessionAuthenticityTokenProvider;
-import org.apache.cxf.rs.security.oauth2.provider.SubjectCreator;
import org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.services.AbstractOAuthService;
import org.apache.cxf.rs.security.oauth2.services.AbstractTokenService;
@@ -47,12 +42,11 @@ import org.apache.cxf.rs.security.oauth2.tokens.hawk.HawkAccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.tokens.hawk.NonceStore;
import org.apache.cxf.rs.security.oauth2.tokens.hawk.NonceVerifier;
import org.apache.cxf.rs.security.oauth2.tokens.hawk.NonceVerifierImpl;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
import org.eclipse.osee.jaxrs.server.internal.JaxRsConstants;
import org.eclipse.osee.jaxrs.server.internal.applications.JaxRsApplicationRegistry;
import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters.CxfAuthorizationCodeService;
-import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters.CxfSubjectCreator;
-import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.endpoints.ClientDataProvider;
+import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters.OAuthEncryption;
+import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters.SubjectProviderImpl;
import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.endpoints.ClientRegistrationService;
import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.writers.AuthorizationDataHtmlWriter;
import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.writers.OOBAuthorizationResponseHtmlWriter;
@@ -67,13 +61,13 @@ import org.osgi.framework.BundleContext;
/**
* @author Roberto E. Escobar
*/
-public class OAuth2Provider {
+public class OAuth2ServerProvider {
private static final String OAUTH2_APPLICATION_COMPONENT_NAME = qualify("application");
private final Set<String> registeredProviders = new HashSet<String>();
private List<String> audiences;
- private CxfOAuthDataProvider dataProvider;
+ private OAuth2DataProvider dataProvider;
private NonceVerifier nonceVerifier;
private OAuth2RequestFilter filter;
@@ -137,18 +131,15 @@ public class OAuth2Provider {
}
private void initialize(OAuth2Configuration config) {
- SecretKey secretKey = CryptoUtils.getSecretKey("AES");
-
- SubjectCreator subjectCreator = new CxfSubjectCreator(logger);
- ResourceOwnerNameProvider nameProvider = new DefaultResourceOwnerNameProvider();
- SessionAuthenticityTokenProvider tokenSessionProvider = null; //new CxfSessionAuthenticityTokenProvider(logger);
+ ClientProvider clientProvider = null;
+ SubjectProvider subjectProvider = new SubjectProviderImpl(logger, sessionProvider, authenticator);
audiences = Collections.emptyList();
- dataProvider = new CxfOAuthDataProvider(storage);
- dataProvider.setSecretKey(secretKey);
+ OAuthEncryption serializer = new OAuthEncryption();
+ dataProvider = new OAuth2DataProvider(clientProvider, subjectProvider, serializer, storage);
- filter = new OAuth2RequestFilter(logger, authenticator, sessionProvider);
+ filter = new OAuth2RequestFilter(logger, subjectProvider);
bind(filter, dataProvider);
endpoints = new HashSet<Object>();
@@ -156,12 +147,12 @@ public class OAuth2Provider {
endpoints.add(bind(new TokenRevocationService(), dataProvider));
//@formatter:off
- endpoints.add(bind(new CxfAuthorizationCodeService(), dataProvider, subjectCreator, nameProvider, tokenSessionProvider));
- endpoints.add(bind(new ImplicitGrantService(), dataProvider, subjectCreator, nameProvider, tokenSessionProvider));
+ endpoints.add(bind(new CxfAuthorizationCodeService(), dataProvider, subjectProvider));
+ endpoints.add(bind(new ImplicitGrantService(), dataProvider, subjectProvider));
//@formatter:on
endpoints.add(bind(new AccessTokenValidatorService(), dataProvider));
- endpoints.add(bind(new ClientRegistrationService(), dataProvider));
+ endpoints.add(bind(new ClientRegistrationService(), clientProvider));
// Add OAuth2 application local Writers
endpoints.add(new AuthorizationDataHtmlWriter());
@@ -172,7 +163,7 @@ public class OAuth2Provider {
grantHandlers = new ArrayList<AccessTokenGrantHandler>();
grantHandlers.add(bind(new AuthorizationCodeGrantHandler(), dataProvider, new DigestCodeVerifier()));
grantHandlers.add(bind(new ClientCredentialsGrantHandler(), dataProvider));
- grantHandlers.add(bind(new ResourceOwnerGrantHandler(), dataProvider, filter));
+ grantHandlers.add(bind(new ResourceOwnerGrantHandler(), dataProvider, subjectProvider));
grantHandlers.add(bind(new RefreshTokenGrantHandler(), dataProvider));
tokenValidators = new ArrayList<AccessTokenValidator>();
@@ -238,11 +229,15 @@ public class OAuth2Provider {
}
}
- private void configure(OAuth2Configuration config, CxfOAuthDataProvider provider) {
+ private void configure(OAuth2Configuration config, OAuth2DataProvider provider) {
provider.setRefreshTokenAllowed(config.isRefreshTokenAllowed());
provider.setCodeGrantExpiration(config.getCodeGrantExpiration());
provider.setAccessTokenExpiration(config.getAccessTokenExpiration());
provider.setRefreshTokenExpiration(config.getRefreshTokenExpiration());
+
+ provider.setSecretKeyAlgorithm(config.getSecretKeyAlgorithm());
+ provider.setSecretKeyEncoded(config.getEncodedSecretKey());
+
configureObject(config, provider);
}
@@ -319,10 +314,9 @@ public class OAuth2Provider {
accessTokenService.setAudiences(audiences);
accessTokenService.setGrantHandlers(grantHandlers);
}
-
}
- private static ClientRegistrationService bind(ClientRegistrationService object, ClientDataProvider dataProvider) {
+ private static ClientRegistrationService bind(ClientRegistrationService object, ClientProvider dataProvider) {
object.setDataProvider(dataProvider);
return object;
}
@@ -332,10 +326,10 @@ public class OAuth2Provider {
return object;
}
- private static AbstractOAuthService bind(RedirectionBasedGrantService object, OAuthDataProvider dataProvider, SubjectCreator subjectCreator, ResourceOwnerNameProvider nameProvider, SessionAuthenticityTokenProvider sessionProvider) {
- object.setResourceOwnerNameProvider(nameProvider);
- object.setSessionAuthenticityTokenProvider(sessionProvider);
- object.setSubjectCreator(subjectCreator);
+ private static AbstractOAuthService bind(RedirectionBasedGrantService object, OAuthDataProvider dataProvider, SubjectProvider subjectProvider) {
+ object.setResourceOwnerNameProvider(subjectProvider);
+ object.setSessionAuthenticityTokenProvider(subjectProvider);
+ object.setSubjectCreator(subjectProvider);
bind(object, dataProvider);
return object;
}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/CxfSubjectCreator.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/SubjectProvider.java
index 05d5dc89872..d141b5e2c1c 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/CxfSubjectCreator.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/SubjectProvider.java
@@ -8,29 +8,25 @@
* Contributors:
* Boeing - initial API and implementation
*******************************************************************************/
-package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters;
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerLoginHandler;
+import org.apache.cxf.rs.security.oauth2.provider.ResourceOwnerNameProvider;
+import org.apache.cxf.rs.security.oauth2.provider.SessionAuthenticityTokenProvider;
import org.apache.cxf.rs.security.oauth2.provider.SubjectCreator;
-import org.eclipse.osee.logger.Log;
+import org.apache.cxf.security.SecurityContext;
/**
* @author Roberto E. Escobar
*/
-public class CxfSubjectCreator implements SubjectCreator {
- private final Log logger;
+public interface SubjectProvider extends SessionAuthenticityTokenProvider, SubjectCreator, ResourceOwnerNameProvider, ResourceOwnerLoginHandler {
- public CxfSubjectCreator(Log logger) {
- super();
- this.logger = logger;
- }
+ long getSubjectId(UserSubject subject);
- @Override
- public UserSubject createUserSubject(MessageContext mc) throws OAuthServiceException {
- logger.debug("createUserSubject called");
- return null;
- }
+ void authenticate(MessageContext mc, String scheme, String username, String password);
-}
+ SecurityContext getSecurityContextFromSession(MessageContext mc);
+
+} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/AccessToken.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/AccessToken.java
new file mode 100644
index 00000000000..128097a3f2d
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/AccessToken.java
@@ -0,0 +1,57 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters;
+
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.eclipse.osee.jaxrs.server.security.OAuthToken;
+import org.eclipse.osee.jaxrs.server.security.OAuthTokenType;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public class AccessToken extends ServerAccessToken implements OAuthToken {
+
+ private static final long serialVersionUID = 5893901939888969786L;
+
+ private final long uuid;
+ private final long clientId;
+ private final long subjectId;
+ private final OAuthTokenType type;
+
+ public AccessToken(long uuid, long clientId, long subjectId, OAuthTokenType type) {
+ super();
+ this.uuid = uuid;
+ this.clientId = clientId;
+ this.subjectId = subjectId;
+ this.type = type;
+ }
+
+ @Override
+ public long getUuid() {
+ return uuid;
+ }
+
+ @Override
+ public long getSubjectId() {
+ return subjectId;
+ }
+
+ @Override
+ public long getClientId() {
+ return clientId;
+ }
+
+ @Override
+ public OAuthTokenType getType() {
+ return type;
+ }
+
+}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/AuthorizationCode.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/AuthorizationCode.java
new file mode 100644
index 00000000000..c5674d4aa11
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/AuthorizationCode.java
@@ -0,0 +1,49 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters;
+
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+import org.eclipse.osee.jaxrs.server.security.OAuthCodeGrant;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public class AuthorizationCode extends ServerAuthorizationCodeGrant implements OAuthCodeGrant {
+
+ private static final long serialVersionUID = 6207464542209610574L;
+
+ private final long uuid;
+ private final long clientId;
+ private final long subjectId;
+
+ public AuthorizationCode(long uuid, long clientId, long subjectId) {
+ super();
+ this.uuid = uuid;
+ this.clientId = clientId;
+ this.subjectId = subjectId;
+ }
+
+ @Override
+ public long getUuid() {
+ return uuid;
+ }
+
+ @Override
+ public long getSubjectId() {
+ return subjectId;
+ }
+
+ @Override
+ public long getClientId() {
+ return clientId;
+ }
+
+}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/CxfSessionAuthenticityTokenProvider.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/CxfSessionAuthenticityTokenProvider.java
deleted file mode 100644
index fc58be5487a..00000000000
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/CxfSessionAuthenticityTokenProvider.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Boeing.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- * Boeing - initial API and implementation
- *******************************************************************************/
-package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters;
-
-import javax.ws.rs.core.MultivaluedMap;
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.provider.SessionAuthenticityTokenProvider;
-import org.eclipse.osee.logger.Log;
-
-/**
- * @author Roberto E. Escobar
- */
-public class CxfSessionAuthenticityTokenProvider implements SessionAuthenticityTokenProvider {
- private final Log logger;
-
- public CxfSessionAuthenticityTokenProvider(Log logger) {
- super();
- this.logger = logger;
- }
-
- @Override
- public String createSessionToken(MessageContext mc, MultivaluedMap<String, String> params, UserSubject subject) {
- logger.debug("createSessionToken");
- return null;
- }
-
- @Override
- public String getSessionToken(MessageContext mc, MultivaluedMap<String, String> params, UserSubject subject) {
- logger.debug("getSessionToken");
- return null;
- }
-
- @Override
- public String removeSessionToken(MessageContext mc, MultivaluedMap<String, String> params, UserSubject subject) {
- logger.debug("removeSessionToken");
- return null;
- }
-
-}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/OAuthEncryption.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/OAuthEncryption.java
new file mode 100644
index 00000000000..62a68fe1654
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/OAuthEncryption.java
@@ -0,0 +1,61 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters;
+
+import javax.crypto.SecretKey;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
+import org.eclipse.osee.framework.jdk.core.util.Strings;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public class OAuthEncryption {
+
+ private static final String AES_CRYPTO_ALGO = "AES";
+
+ public SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgorithm) {
+ String secretKeyAlgorithmToUse = secretKeyAlgorithm;
+ if (!Strings.isValid(secretKeyAlgorithmToUse)) {
+ secretKeyAlgorithmToUse = AES_CRYPTO_ALGO;
+ }
+ return CryptoUtils.decodeSecretKey(encodedSecretKey, secretKeyAlgorithmToUse);
+ }
+
+ public String encryptCodeGrant(AuthorizationCode grant, SecretKey secretKey) {
+ return ModelEncryptionSupport.encryptCodeGrant(grant, secretKey);
+ }
+
+ public String encryptAccessToken(AccessToken token, SecretKey secretKey) {
+ return ModelEncryptionSupport.encryptAccessToken(token, secretKey);
+ }
+
+ public String encryptRefreshToken(RefreshOAuthToken refreshToken, SecretKey secretKey) {
+ return ModelEncryptionSupport.encryptRefreshToken(refreshToken, secretKey);
+ }
+
+ public ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider, String grant, SecretKey secretKey) {
+ return ModelEncryptionSupport.decryptCodeGrant(provider, grant, secretKey);
+ }
+
+ public ServerAccessToken decryptAccessToken(OAuthDataProvider provider, String token, SecretKey secretKey) {
+ ServerAccessToken accessToken = ModelEncryptionSupport.decryptAccessToken(provider, token, secretKey);
+ return accessToken;
+ }
+
+ public RefreshToken decryptRefreshToken(OAuthDataProvider provider, String token, SecretKey secretKey) {
+ return ModelEncryptionSupport.decryptRefreshToken(provider, token, secretKey);
+ }
+} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/RefreshOAuthToken.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/RefreshOAuthToken.java
new file mode 100644
index 00000000000..1d4659a1c4f
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/RefreshOAuthToken.java
@@ -0,0 +1,57 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters;
+
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.eclipse.osee.jaxrs.server.security.OAuthToken;
+import org.eclipse.osee.jaxrs.server.security.OAuthTokenType;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public class RefreshOAuthToken extends org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken implements OAuthToken {
+
+ private static final long serialVersionUID = 5893901939888969786L;
+
+ private final long uuid;
+ private final long clientId;
+ private final long subjectId;
+ private final OAuthTokenType type = OAuthTokenType.REFRESH_TOKEN;
+
+ public RefreshOAuthToken(long uuid, long clientId, long subjectId) {
+ super();
+ this.uuid = uuid;
+ this.clientId = clientId;
+ this.subjectId = subjectId;
+ setTokenType(OAuthConstants.REFRESH_TOKEN_TYPE);
+ }
+
+ @Override
+ public long getUuid() {
+ return uuid;
+ }
+
+ @Override
+ public long getSubjectId() {
+ return subjectId;
+ }
+
+ @Override
+ public long getClientId() {
+ return clientId;
+ }
+
+ @Override
+ public OAuthTokenType getType() {
+ return type;
+ }
+
+}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/SubjectProviderImpl.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/SubjectProviderImpl.java
new file mode 100644
index 00000000000..493f086cf41
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/SubjectProviderImpl.java
@@ -0,0 +1,180 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.adapters;
+
+import java.util.UUID;
+import javax.servlet.http.HttpSession;
+import javax.ws.rs.core.MultivaluedMap;
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.security.SecurityContext;
+import org.eclipse.osee.framework.jdk.core.util.Strings;
+import org.eclipse.osee.jaxrs.server.internal.security.oauth2.OAuthUtil;
+import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.SubjectProvider;
+import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator;
+import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator.Subject;
+import org.eclipse.osee.jaxrs.server.security.JaxRsSessionProvider;
+import org.eclipse.osee.logger.Log;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public class SubjectProviderImpl implements SubjectProvider {
+
+ private static final String SESSION_SECURITY_CONTEXT = "jaxrs.server.session.authentication.object";
+
+ private final Log logger;
+ private final JaxRsAuthenticator authenticator;
+ private final JaxRsSessionProvider sessionDelegate;
+
+ public SubjectProviderImpl(Log logger, JaxRsSessionProvider sessionDelegate, JaxRsAuthenticator authenticator) {
+ super();
+ this.logger = logger;
+ this.sessionDelegate = sessionDelegate;
+ this.authenticator = authenticator;
+ }
+
+ @Override
+ public long getSubjectId(UserSubject subject) {
+ return OAuthUtil.getUserSubjectUuid(subject);
+ }
+
+ @Override
+ public String getName(UserSubject subject) {
+ return OAuthUtil.getDisplayName(subject);
+ }
+
+ @Override
+ public String createSessionToken(MessageContext mc, MultivaluedMap<String, String> params, UserSubject subject) {
+ logger.debug("Create Session Token - subject[%s]", subject);
+
+ String sessionToken = null;
+ if (sessionDelegate != null) {
+ Long subjectId = OAuthUtil.getUserSubjectUuid(subject);
+ sessionToken = sessionDelegate.createSessionToken(subjectId);
+ } else {
+ HttpSession session = mc.getHttpServletRequest().getSession();
+ sessionToken = (String) session.getAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);
+ if (!Strings.isValid(sessionToken)) {
+ sessionToken = UUID.randomUUID().toString();
+ session.setAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN, sessionToken);
+ }
+ }
+ return sessionToken;
+ }
+
+ @Override
+ public String getSessionToken(MessageContext mc, MultivaluedMap<String, String> params, UserSubject subject) {
+ logger.debug("Get Session Token - subject[%s]", subject);
+
+ String sessionToken = null;
+ if (sessionDelegate != null) {
+ Long subjectId = OAuthUtil.getUserSubjectUuid(subject);
+ sessionToken = sessionDelegate.getSessionToken(subjectId);
+ } else {
+ HttpSession session = mc.getHttpServletRequest().getSession();
+ sessionToken = (String) session.getAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);
+ }
+ return sessionToken;
+ }
+
+ @Override
+ public String removeSessionToken(MessageContext mc, MultivaluedMap<String, String> params, UserSubject subject) {
+ logger.debug("Remove Session Token - subject[%s]", subject);
+
+ String sessionToken = null;
+ if (sessionDelegate != null) {
+ Long subjectId = OAuthUtil.getUserSubjectUuid(subject);
+ sessionToken = sessionDelegate.removeSessionToken(subjectId);
+ } else {
+ HttpSession session = mc.getHttpServletRequest().getSession();
+ sessionToken = (String) session.getAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);
+ if (sessionToken != null) {
+ session.removeAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);
+ }
+ }
+ return sessionToken;
+ }
+
+ @Override
+ public UserSubject createUserSubject(MessageContext mc) throws OAuthServiceException {
+ UserSubject subject = mc.getContent(UserSubject.class);
+ if (subject == null) {
+ SecurityContext securityContext = getSecurityContext(mc);
+ subject = OAuthUtils.createSubject(securityContext);
+ }
+ return subject;
+ }
+
+ @Override
+ public SecurityContext getSecurityContextFromSession(MessageContext mc) {
+ SecurityContext securityContext = null;
+ if (sessionDelegate != null) {
+ // Long subjectId = OAuthUtil.getUserSubjectUuid(subject);
+ // sessionDelegate.getSecurityContext(subjectId);
+ } else {
+ HttpSession session = mc.getHttpServletRequest().getSession(false);
+ if (session != null) {
+ securityContext = (SecurityContext) session.getAttribute(SESSION_SECURITY_CONTEXT);
+ }
+ }
+ saveSecurityContext(mc, securityContext);
+ return securityContext;
+ }
+
+ @Override
+ public void authenticate(MessageContext mc, String scheme, String username, String password) {
+ UserSubject subject = authenticate(scheme, username, password);
+ SecurityContext securityContext = OAuthUtil.newSecurityContext(subject);
+
+ if (sessionDelegate != null) {
+ // Long subjectId = OAuthUtil.getUserSubjectUuid(subject);
+ // sessionDelegate.storeSecurityContext(subjectId, sc);
+ } else {
+ HttpSession session = mc.getHttpServletRequest().getSession(true);
+ session.setAttribute(SESSION_SECURITY_CONTEXT, securityContext);
+ }
+ saveSecurityContext(mc, securityContext);
+ }
+
+ @Override
+ public UserSubject createSubject(String username, String password) {
+ return authenticate(OAuthConstants.BASIC_SCHEME, username, password);
+ }
+
+ private UserSubject authenticate(String scheme, String username, String password) {
+ logger.debug("Authenticate - scheme[%s] username[%s]", scheme, username);
+
+ Subject user = authenticator.authenticate(scheme, username, password);
+ return OAuthUtil.newUserSubject(user);
+ }
+
+ private SecurityContext getSecurityContext(MessageContext mc) {
+ SecurityContext securityContext = (SecurityContext) mc.get(SecurityContext.class);
+ if (securityContext == null) {
+ securityContext = (SecurityContext) mc.get(SecurityContext.class.getName());
+ }
+ if (securityContext == null) {
+ securityContext = mc.getContent(SecurityContext.class);
+ }
+ return securityContext;
+ }
+
+ private void saveSecurityContext(MessageContext mc, SecurityContext securityContext) {
+ if (securityContext != null) {
+ mc.put(SecurityContext.class, securityContext);
+ mc.put(SecurityContext.class.getName(), securityContext);
+ }
+ }
+} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/endpoints/ClientRegistrationService.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/endpoints/ClientRegistrationService.java
index 848e43afcbf..abef6a2608e 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/endpoints/ClientRegistrationService.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/endpoints/ClientRegistrationService.java
@@ -15,6 +15,7 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.ClientProvider;
/**
* @author Roberto E. Escobar
@@ -22,9 +23,9 @@ import org.apache.cxf.rs.security.oauth2.common.Client;
@Path("/clients")
public class ClientRegistrationService {
- private ClientDataProvider provider;
+ private ClientProvider provider;
- public void setDataProvider(ClientDataProvider provider) {
+ public void setDataProvider(ClientProvider provider) {
this.provider = provider;
}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsOAuthStorage.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsOAuthStorage.java
index 10337994b93..b51e2df9f53 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsOAuthStorage.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsOAuthStorage.java
@@ -10,31 +10,27 @@
*******************************************************************************/
package org.eclipse.osee.jaxrs.server.security;
-import org.apache.cxf.rs.security.oauth2.common.Client;
-
/**
* @author Roberto E. Escobar
*/
public interface JaxRsOAuthStorage {
- Client getClient(String clientId);
-
- void storeCodeGrant(String encrypted);
+ OAuthCodeGrant getCodeGrant(String code);
- void removeCodeGrant(String code);
+ void storeCodeGrant(OAuthCodeGrant codeGrant);
- String getAccessTokenByRefreshToken(String refreshToken);
+ void removeCodeGrant(OAuthCodeGrant codeGrant);
- void storeAccessToken(String encryptedToken);
+ Iterable<OAuthToken> getAccessTokensByRefreshToken(String refreshToken);
- void storeRefreshToken(String encryptedRefreshToken, String encryptedAccessToken);
+ OAuthToken getPreauthorizedToken(long clientId, long subjectId, String grantType);
- void removeRefreshToken(String refreshToken);
+ void storeToken(OAuthToken... tokens);
- void removeAccessToken(String tokenKey);
+ void relateTokens(OAuthToken refreshToken, OAuthToken accessToken);
- String getPreauthorizedToken(String clientId, String subjectId, String grantType);
+ void removeToken(Iterable<OAuthToken> tokens);
- String getCodeGrant(String code);
+ void removeTokenByKey(String tokenKey);
} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsSessionProvider.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsSessionProvider.java
index ab9554957d7..b51a1f7ff08 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsSessionProvider.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsSessionProvider.java
@@ -10,14 +10,16 @@
*******************************************************************************/
package org.eclipse.osee.jaxrs.server.security;
-import javax.servlet.http.HttpServletRequest;
/**
* @author Roberto E. Escobar
*/
public interface JaxRsSessionProvider {
- void createSession(HttpServletRequest request, String scheme, Object sc);
+ String createSessionToken(Long subjectId);
+
+ String removeSessionToken(Long subjectId);
+
+ String getSessionToken(Long subjectId);
- Object getFromSession(HttpServletRequest request);
} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthCodeGrant.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthCodeGrant.java
new file mode 100644
index 00000000000..9f081b16f12
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthCodeGrant.java
@@ -0,0 +1,40 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.security;
+
+import java.util.List;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public interface OAuthCodeGrant {
+
+ long getUuid();
+
+ long getSubjectId();
+
+ long getClientId();
+
+ long getIssuedAt();
+
+ long getExpiresIn();
+
+ String getCode();
+
+ String getRedirectUri();
+
+ String getClientCodeVerifier();
+
+ String getAudience();
+
+ List<String> getApprovedScopes();
+
+}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthToken.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthToken.java
new file mode 100644
index 00000000000..432f40ebe2d
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthToken.java
@@ -0,0 +1,40 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.security;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public interface OAuthToken {
+
+ long getUuid();
+
+ long getSubjectId();
+
+ long getClientId();
+
+ long getIssuedAt();
+
+ long getExpiresIn();
+
+ String getTokenKey();
+
+ String getTokenType();
+
+ String getGrantType();
+
+ String getAudience();
+
+ OAuthTokenType getType();
+
+ String getRefreshToken();
+
+}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthTokenType.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthTokenType.java
new file mode 100644
index 00000000000..94748ebb5d3
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/OAuthTokenType.java
@@ -0,0 +1,61 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.security;
+
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public enum OAuthTokenType {
+ UNKNOW_TOKEN("unknown", -1),
+ BEARER_TOKEN(OAuthConstants.BEARER_TOKEN_TYPE, 0),
+ REFRESH_TOKEN(OAuthConstants.REFRESH_TOKEN_TYPE, 1),
+ HAWK_TOKEN(OAuthConstants.HAWK_TOKEN_TYPE, 2);
+
+ private final String tokenType;
+ private final int value;
+
+ private OAuthTokenType(String tokenType, int value) {
+ this.tokenType = tokenType;
+ this.value = value;
+ }
+
+ public int getValue() {
+ return value;
+ }
+
+ public String getType() {
+ return tokenType;
+ }
+
+ public static OAuthTokenType fromValue(int value) {
+ OAuthTokenType toReturn = OAuthTokenType.UNKNOW_TOKEN;
+ for (OAuthTokenType tokenType : OAuthTokenType.values()) {
+ if (tokenType.getValue() == value) {
+ toReturn = tokenType;
+ break;
+ }
+ }
+ return toReturn;
+ }
+
+ public static OAuthTokenType fromType(String tokenType) {
+ OAuthTokenType toReturn = OAuthTokenType.UNKNOW_TOKEN;
+ for (OAuthTokenType type : OAuthTokenType.values()) {
+ if (type.getType().equals(tokenType)) {
+ toReturn = type;
+ break;
+ }
+ }
+ return toReturn;
+ }
+} \ No newline at end of file

Back to the top