Skip to content

Commit

Permalink
Authorization endpoint now supports code-based authn
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajs6f
ajs6f committed Jun 12, 2013
1 parent a573afe commit 0c65d53
Show file tree
Hide file tree
Showing 11 changed files with 113 additions and 209 deletions.
2 changes: 2 additions & 0 deletions src/main/java/org/fcrepo/auth/oauth/Constants.java
View file
Expand Up @@ -13,4 +13,6 @@ public interface Constants {

//TODO get namespaced properties to work
public static final String SCOPES_PROPERTY = "oauth-scopes";

public static final Long EXPIRATION_TIMEOUT = 3600l;
}
5 changes: 3 additions & 2 deletions src/main/java/org/fcrepo/auth/oauth/api/AuthzEndpoint.java
View file
Expand Up @@ -38,6 +38,7 @@

import static org.apache.oltu.oauth2.common.message.OAuthResponse.errorResponse;
import static org.fcrepo.auth.oauth.Constants.CLIENT_PROPERTY;
import static org.fcrepo.auth.oauth.Constants.EXPIRATION_TIMEOUT;
import static org.fcrepo.auth.oauth.Constants.OAUTH_WORKSPACE;
import static org.fcrepo.auth.oauth.api.Util.createOauthWorkspace;
import static org.slf4j.LoggerFactory.getLogger;
Expand All @@ -49,7 +50,7 @@ public class AuthzEndpoint extends AbstractResource {
private static final Logger LOGGER = getLogger(AuthzEndpoint.class);

@GET
public Response authorize(@Context
public Response getAuthorization(@Context
final HttpServletRequest request) throws URISyntaxException,
OAuthSystemException, RepositoryException {

Expand Down Expand Up @@ -78,7 +79,7 @@ public Response authorize(@Context
}
if (responseType.equals(TOKEN.toString())) {
builder.setAccessToken(oauthIssuerImpl.accessToken());
builder.setExpiresIn(3600l);
builder.setExpiresIn(EXPIRATION_TIMEOUT);
}

final String redirectURI =
Expand Down
33 changes: 15 additions & 18 deletions src/main/java/org/fcrepo/auth/oauth/api/TokenEndpoint.java
View file
@@ -1,8 +1,6 @@

package org.fcrepo.auth.oauth.api;

import static com.google.common.collect.Sets.intersection;
import static com.google.common.collect.Sets.newHashSet;
import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
import static javax.servlet.http.HttpServletResponse.SC_OK;
import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
Expand All @@ -19,10 +17,7 @@
import static org.fcrepo.auth.oauth.Constants.CLIENT_PROPERTY;
import static org.fcrepo.auth.oauth.Constants.OAUTH_WORKSPACE;
import static org.fcrepo.auth.oauth.Constants.PRINCIPAL_PROPERTY;
import static org.fcrepo.auth.oauth.Constants.SCOPES_PROPERTY;
import static org.fcrepo.auth.oauth.api.Util.createOauthWorkspace;
import static org.fcrepo.utils.FedoraTypesUtils.map;
import static org.fcrepo.utils.FedoraTypesUtils.value2string;
import static org.slf4j.LoggerFactory.getLogger;

import java.util.Set;
Expand Down Expand Up @@ -80,7 +75,7 @@ public Response getToken(@Context
oauthRequest = new OAuthTokenRequest(request);

// TODO check if clientid is valid
if (isValid()) {
if (isNotValid()) {
final OAuthResponse response =
OAuthASResponse.errorResponse(SC_BAD_REQUEST).setError(
INVALID_CLIENT).setErrorDescription(
Expand All @@ -90,7 +85,7 @@ public Response getToken(@Context
}

// TODO check if client_secret is valid
if (isValid()) {
if (isNotValid()) {
final OAuthResponse response =
OAuthASResponse
.errorResponse(SC_UNAUTHORIZED)
Expand All @@ -104,8 +99,7 @@ public Response getToken(@Context
// do checking for different grant types
if (oauthRequest.getParam(OAUTH_GRANT_TYPE).equals(
AUTHORIZATION_CODE.toString())) {
// TODO check if authzcode is valid
if (isValidAuthCode(oauthRequest)) {
if (!isValidAuthCode(oauthRequest)) {
final OAuthResponse response =
errorResponse(SC_BAD_REQUEST).setError(
INVALID_GRANT).setErrorDescription(
Expand All @@ -117,7 +111,7 @@ public Response getToken(@Context
} else if (oauthRequest.getParam(OAUTH_GRANT_TYPE).equals(
GrantType.PASSWORD.toString())) {
// TODO check if username/password is valid
if (isValid()) {
if (isNotValid()) {
final OAuthResponse response =
errorResponse(SC_BAD_REQUEST).setError(
INVALID_GRANT).setErrorDescription(
Expand Down Expand Up @@ -159,23 +153,26 @@ public Response getToken(@Context
private boolean isValidAuthCode(final OAuthTokenRequest oauthRequest)
throws RepositoryException {
final String client = oauthRequest.getClientId();
LOGGER.debug("Request has authorization client: {}", client);
final String code = oauthRequest.getCode();
final Set<String> scopes = oauthRequest.getScopes();
final Session session = sessions.getSession(OAUTH_WORKSPACE);
try {
final Node authCodeNode =
session.getNode("/authorization-codes/" + code);
LOGGER.debug("Found authorization code node stored: {}",
authCodeNode.getPath());
// if the client is right
if (authCodeNode.getProperty(CLIENT_PROPERTY).getString().equals(
client)) {
final Set<String> storedScopes =
newHashSet(map(authCodeNode
.getProperty(SCOPES_PROPERTY).getValues(),
value2string));
// final Set<String> storedScopes =
// newHashSet(map(authCodeNode
// .getProperty(SCOPES_PROPERTY).getValues(),
// value2string));
// and if there is at least one scope in common
if (intersection(storedScopes, scopes).size() > 0) {
return true;
}
//if (intersection(storedScopes, scopes).size() > 0) {
return true;
// }
}
} catch (final PathNotFoundException e) {
// this wasn't a code we stored
Expand Down Expand Up @@ -203,7 +200,7 @@ private void saveToken(final String token, final String client,

}

private boolean isValid() {
private boolean isNotValid() {
// TODO actually do some checking of client ID and secret and so forth
return false;
}
Expand Down
170 changes: 0 additions & 170 deletions src/main/java/org/fcrepo/auth/oauth/filter/InjectableOAuthFilter.java
View file

This file was deleted.

9 changes: 6 additions & 3 deletions src/main/java/org/fcrepo/auth/oauth/filter/OAuthFilter.java
View file
Expand Up @@ -14,6 +14,7 @@
import java.security.Principal;
import java.util.Set;

import javax.annotation.PostConstruct;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
Expand Down Expand Up @@ -42,9 +43,10 @@ public class OAuthFilter implements Filter {
private OAuthRSProvider provider;

private Set<ParameterStyle> parameterStyles;


@PostConstruct
public void init() {
LOGGER.debug("Initing {}", getClass().getName());
LOGGER.debug("Initializing {}", getClass().getName());

}

Expand All @@ -60,7 +62,8 @@ public void doFilter(ServletRequest request,
final HttpServletRequest req = (HttpServletRequest) request;
final HttpServletResponse res = (HttpServletResponse) response;

LOGGER.debug("Filtering {}", ((HttpServletRequest)request).getRequestURI());
LOGGER.debug("Filtering {}", ((HttpServletRequest) request)
.getRequestURI());
try {

// Make an OAuth Request out of this servlet request
Expand Down
7 changes: 4 additions & 3 deletions src/main/java/org/fcrepo/auth/oauth/filter/RestrictToAuthNFilter.java
View file
Expand Up @@ -6,6 +6,7 @@

import java.io.IOException;

import javax.annotation.PostConstruct;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
Expand All @@ -25,10 +26,10 @@ public class RestrictToAuthNFilter implements Filter {

@Override
public void init(final FilterConfig filterConfig) throws ServletException {
init();
init();
}
// used by Spring

@PostConstruct
public void init() {
LOGGER.debug("Initialized {}", this.getClass().getName());
}
Expand Down
10 changes: 8 additions & 2 deletions ...h/integration/api/AbstractResourceIT.java → ...egration/api/AbstractOAuthResourceIT.java
View file
Expand Up @@ -27,7 +27,13 @@

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("/spring-test/test-container.xml")
public abstract class AbstractResourceIT {
public abstract class AbstractOAuthResourceIT {

protected final String authzEndpoint = "http://" + HOSTNAME + ":" +
SERVER_PORT + "/authorization";

protected final String tokenEndpoint = "http://" + HOSTNAME + ":" +
SERVER_PORT + "/token";

protected Logger logger;

Expand All @@ -51,7 +57,7 @@ public void setLogger() {

protected static HttpClient client;

public AbstractResourceIT() {
public AbstractOAuthResourceIT() {
connectionManager.setMaxTotal(MAX_VALUE);
connectionManager.setDefaultMaxPerRoute(5);
connectionManager.closeIdleConnections(3, SECONDS);
Expand Down

0 comments on commit 0c65d53

Please sign in to comment.