Skip to main content
summaryrefslogtreecommitdiffstats
path: root/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/endpoints/ImplicitGrantEndpoint.java
blob: 16e81e866546fc4dd937e18920dbdce58b9a1306 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

/*******************************************************************************
 * Copyright (c) 2015 Boeing.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *     Boeing - initial API and implementation
 *******************************************************************************/
package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.endpoints;

import java.net.URI;
import java.util.List;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService;
import org.eclipse.osee.framework.jdk.core.util.Strings;
import org.eclipse.osee.jaxrs.server.internal.security.oauth2.OAuthUtil;
import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.ClientLogoUriResolver;

/**
 * @author Angel Avila
 */
public class ImplicitGrantEndpoint extends ImplicitGrantService {

   private final ClientLogoUriResolver clientLogoUriResolver;
   private boolean useRegisteredRedirectUriIfPossible = true;

   public ImplicitGrantEndpoint(ClientLogoUriResolver clientLogoUriResolver) {
      super();
      this.clientLogoUriResolver = clientLogoUriResolver;
   }

   @Override
   protected Response createGrant(MultivaluedMap<String, String> params, Client client, String redirectUri, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
      Response response =
         super.createGrant(params, client, redirectUri, requestedScope, approvedScope, userSubject, preAuthorizedToken);

      String forwardedServer = OAuthUtil.getForwarderServer();

      if (Strings.isValid(forwardedServer)) {
         URI location = response.getLocation();
         String scheme = location.getScheme();

         URI finalUri = UriBuilder//
            .fromPath(forwardedServer)//
            .scheme(scheme)//
            .path(location.getRawPath())//
            .replaceQuery(location.getRawQuery())//
            .fragment(location.getRawFragment())//
            .buildFromEncoded();

         response = Response.seeOther(finalUri).build();
      }

      return response;
   }

   @Override
   protected Response createErrorResponse(MultivaluedMap<String, String> params, String redirectUri, String error) {
      Response response = super.createErrorResponse(params, redirectUri, error);

      String forwardedServer = OAuthUtil.getForwarderServer();

      if (Strings.isValid(forwardedServer)) {
         URI location = response.getLocation();
         String scheme = location.getScheme();

         URI finalUri = UriBuilder//
            .fromPath(forwardedServer)//
            .scheme(scheme)//
            .path(location.getRawPath())//
            .replaceQuery(location.getRawQuery())//
            .fragment(location.getRawFragment())//
            .buildFromEncoded();

         response = Response.seeOther(finalUri).build();
      }

      return response;
   }

   /**
    * If a client does not include a redirect_uri parameter but has an exactly one pre-registered redirect_uri then use
    * that redirect_uri
    *
    * @param value allows to use a single registered redirect_uri if set to true (default)
    */
   @Override
   public void setUseRegisteredRedirectUriIfPossible(boolean value) {
      this.useRegisteredRedirectUriIfPossible = value;
      super.setUseRegisteredRedirectUriIfPossible(value);
   }

   /**
    * Override fixes OAuthAuthorizationData creation
    */
   @Override
   protected OAuthAuthorizationData createAuthorizationData(Client client, MultivaluedMap<String, String> params, UserSubject subject, String redirectUri, List<OAuthPermission> perms) {
      OAuthAuthorizationData secData = super.createAuthorizationData(client, params, subject, redirectUri, perms);

      String oldReplyTo = secData.getReplyTo();
      URI replyToUri = UriBuilder.fromPath(oldReplyTo).buildFromEncoded();

      String forwardedServer = OAuthUtil.getForwarderServer();

      if (Strings.isValid(forwardedServer)) {
         String scheme = replyToUri.getScheme();

         URI newReplyTo = UriBuilder//
            .fromPath(forwardedServer)//
            .scheme(scheme)//
            .path(replyToUri.getRawPath())//
            .replaceQuery(replyToUri.getRawQuery())//
            .fragment(replyToUri.getRawFragment())//
            .buildFromEncoded();

         secData.setReplyTo(newReplyTo.toString());
      }

      secData.setApplicationName(client.getApplicationName());
      secData.setApplicationCertificates(client.getApplicationCertificates());

      UriInfo uriInfo = getMessageContext().getUriInfo();
      URI clientLogoUri = clientLogoUriResolver.getClientLogoUri(uriInfo, client);

      if (Strings.isValid(forwardedServer)) {
         String scheme = clientLogoUri.getScheme();

         URI newClientLogoUri = UriBuilder//
            .fromPath(forwardedServer)//
            .scheme(scheme)//
            .path(clientLogoUri.getRawPath())//
            .replaceQuery(clientLogoUri.getRawQuery())//
            .fragment(clientLogoUri.getRawFragment())//
            .buildFromEncoded();

         secData.setApplicationLogoUri(newClientLogoUri.toString());
      } else {
         secData.setApplicationLogoUri(clientLogoUri.toString());
      }

      return secData;
   }

   @Override
   protected String validateRedirectUri(Client client, String redirectUri) {
      List<String> uris = client.getRedirectUris();
      if (redirectUri != null) {
         boolean foundMatch = false;
         for (String uriRegex : uris) {
            if (redirectUri.matches(uriRegex)) {
               foundMatch = true;
               break;
            }
         }
         if (!foundMatch) {
            redirectUri = null;
         }
      } else if (uris.size() == 1 && useRegisteredRedirectUriIfPossible) {
         redirectUri = uris.get(0);
      }
      if (redirectUri == null && uris.size() == 0 && !canRedirectUriBeEmpty(client)) {
         reportInvalidRequestError("Client Redirect Uri is invalid");
      }
      return redirectUri;
   }
}

Back to the top