Package org.oa4mp.server.proxy
Class OA2ATServlet
- java.lang.Object
-
- javax.servlet.GenericServlet
-
- javax.servlet.http.HttpServlet
-
- edu.uiuc.ncsa.security.servlet.AbstractServlet
-
- All Implemented Interfaces:
edu.uiuc.ncsa.security.core.Logable,Serializable,javax.servlet.Servlet,javax.servlet.ServletConfig,TransactionFilter
public class OA2ATServlet extends AbstractAccessTokenServlet2
Created by Jeff Gaynor
on 10/3/13 at 2:03 PM- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classOA2ATServlet.RFC8693ThingieA class that encapsulates the results of setting up RFC 8693.
-
Field Summary
-
Fields inherited from class org.oa4mp.server.loader.oauth2.servlet.AbstractAccessTokenServlet2
txRecordCleanup
-
Fields inherited from class org.oa4mp.server.loader.oauth2.servlet.MultiAuthServlet
upkeepThreadList
-
Fields inherited from class org.oa4mp.server.api.storage.servlet.OA4MPServlet
caThread, kpt, lastAccessedThread, transactionCleanup
-
Fields inherited from class org.oa4mp.server.api.storage.servlet.EnvServlet
ERROR_NOTIFICATION_BODY_KEY, ERROR_NOTIFICATION_SUBJECT_KEY, notificationListeners, storeUpdatesDone
-
-
Constructor Summary
Constructors Constructor Description OA2ATServlet()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected AuthorizationGrantImplcheckAGExpiration(AuthorizationGrant ag)Contract: if the token gets updated (might have to because of changes to token versions), return it.protected voidcheckCodeChallenge(OA2ServiceTransaction serviceTransaction, OA2Client client, String verifier)protected List<String>convertToList(javax.servlet.http.HttpServletRequest req, String parameterName)Convert a string or list of strings to a list of them.protected List<URI>convertToURIList(javax.servlet.http.HttpServletRequest req, String parameterName)protected OA2ClientcreateErsatz(edu.uiuc.ncsa.security.core.Identifier provisioningClientID, OA2Client ersatzClient, List<edu.uiuc.ncsa.security.core.Identifier> ersatzChain)Takes a substitution chain and does the overrides.voiddestroy()protected IssuerTransactionStatedoAT(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, OA2Client client)protected IssuerTransactionStatedoAT(IssuerTransactionState state, OA2Client client)protected voiddoIt(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)protected TransactionStatedoNEWRefresh(OA2Client client, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)protected TransactionStatedoRefresh(OA2Client client, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)protected voiddoRFC6749_4_4(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, OA2Client client)protected voiddoRFC7523(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, OA2Client client)Processes a request from a service client.protected voiddoRFC7523InitiateFlow(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, BaseClient adminBaseClient)Processes a request from a service client.protected voiddoRFC8628(OA2Client client, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)device flowprotected booleanexecuteByGrant(String grantType, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Contains the tests for executing a request based on its grant type.protected ATRequestgetATRequest(javax.servlet.http.HttpServletRequest request, ServiceTransaction transaction, OA2Client client)protected OA2ServiceTransactiongetByRT(RefreshToken refreshToken)protected OA2SEgetOA2SE()protected OA2ClientgetRFC7523Client(BaseClient baseClient, net.sf.json.JSONObject jsonRequest)protected OA2TokenForgegetTF2()protected ServiceTransactiongetTransaction(AuthorizationGrant ag, javax.servlet.http.HttpServletRequest req)protected StringlistToString(List scopes)voidpreprocess(TransactionState state)Note that if you override this, you should call super, which sets some security-related headers, but touches nothing else.protected voidrollback(edu.uiuc.ncsa.security.storage.XMLMap backup)protected voidrollback(edu.uiuc.ncsa.security.storage.XMLMap backup, TXRecord txRecord)protected voidsetUsername(OA2ServiceTransaction serviceTransaction, OA2Client client, String user)Checks if the user name is allowed for this client and if so sets it, if not an exception is raised.ServiceTransactionverifyAndGet(IssuerResponse iResponse)This is called after the response is received so that the system can get the approproate transaction.-
Methods inherited from class org.oa4mp.server.loader.oauth2.servlet.AbstractAccessTokenServlet2
doDelegation, doDelegation, getClient, getIssuerTransactionState, getIssuerTransactionState
-
Methods inherited from class org.oa4mp.server.loader.oauth2.servlet.MultiAuthServlet
getAdminClient, getAdminClient, getClientSecret, verifyClient, verifyClient, verifyClientSecret
-
Methods inherited from class org.oa4mp.server.api.storage.servlet.OA4MPServlet
checkAdminClientStatus, checkClientApproval, createDebugger, getAGI, getATI, getClient, getClient, getFirstParameters, getFirstParameterValue, getGrantIDFromRequest, getServiceEnvironment, getTransaction, getTransactionByGrantID, getTransactionStore, isEmpty, loadProperties2, newTransaction, postprocess, realStoreUpdates, say, shutdownCleanup, storeUpdates
-
Methods inherited from class org.oa4mp.server.api.storage.servlet.EnvServlet
addNotificationListener, loadEnvironment, processStoreCheck, removeNotificationListener
-
Methods inherited from class edu.uiuc.ncsa.security.servlet.AbstractServlet
checkContentType, CONST, debug, doGet, doPing, doPost, error, error, getConfigurationLoader, getEnvironment, getExceptionHandler, getInitialization, getMyLogger, getRequestIPAddress, handleException, info, init, isDebugOn, logOK, logOK, printAllParameters, printAllParameters, resetState, setConfigurationLoader, setDebugOn, setEnvironment, setExceptionHandler, setInitialization, warn
-
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doHead, doOptions, doPut, doTrace, getLastModified, service, service
-
-
-
-
Method Detail
-
destroy
public void destroy()
- Specified by:
destroyin interfacejavax.servlet.Servlet- Overrides:
destroyin classOA4MPServlet
-
preprocess
public void preprocess(TransactionState state) throws Throwable
Description copied from class:OA4MPServletNote that if you override this, you should call super, which sets some security-related headers, but touches nothing else.- Specified by:
preprocessin interfaceTransactionFilter- Overrides:
preprocessin classOA4MPServlet- Throws:
Throwable
-
executeByGrant
protected boolean executeByGrant(String grantType, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Throwable
Contains the tests for executing a request based on its grant type. over-ride this as needed by writing your code then calling super. Returntrueis the request is serviced and false otherwise. This is invoked in thedoIt(HttpServletRequest, HttpServletResponse)method. If a grant is given' that is not supported in this method, the servlet should reject the request, as per the OAuth 2 spec.- Parameters:
request-response-- Throws:
Throwable
-
doRFC6749_4_4
protected void doRFC6749_4_4(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, OA2Client client) throws Throwable- Parameters:
request-response-client-- Throws:
Throwable
-
getRFC7523Client
protected OA2Client getRFC7523Client(BaseClient baseClient, net.sf.json.JSONObject jsonRequest)
-
doRFC7523InitiateFlow
protected void doRFC7523InitiateFlow(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, BaseClient adminBaseClient) throws ThrowableProcesses a request from a service client. This allows for getting tokens from a trusted client directly from the token endpoint by sending in the authorization grant request directly.- Parameters:
request-response-adminBaseClient-- Throws:
Throwable
-
doRFC7523
protected void doRFC7523(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, OA2Client client) throws ThrowableProcesses a request from a service client. This allows for getting tokens from a trusted client directly from the token endpoint by sending in the authorization grant request directly.- Parameters:
request-response-client-- Throws:
Throwable
-
setUsername
protected void setUsername(OA2ServiceTransaction serviceTransaction, OA2Client client, String user)
Checks if the user name is allowed for this client and if so sets it, if not an exception is raised.- Parameters:
serviceTransaction-client-user-
-
createErsatz
protected OA2Client createErsatz(edu.uiuc.ncsa.security.core.Identifier provisioningClientID, OA2Client ersatzClient, List<edu.uiuc.ncsa.security.core.Identifier> ersatzChain)
Takes a substitution chain and does the overrides. Any int or long < 0 is assumed unset and is skipped.- Parameters:
provisioningClientID-ersatzClient-ersatzChain-- Returns:
-
convertToList
protected List<String> convertToList(javax.servlet.http.HttpServletRequest req, String parameterName)
Convert a string or list of strings to a list of them. This is for lists of space delimited values The spec allows for multiple value which in practice can also mean that a client makes the request with multiple parameters, so we have to snoop for those and for space delimited strings inside of those. This is used by RFC 8693 and specific to it.- Parameters:
req-parameterName-- Returns:
-
convertToURIList
protected List<URI> convertToURIList(javax.servlet.http.HttpServletRequest req, String parameterName)
-
doIt
protected void doIt(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Throwable- Overrides:
doItin classAbstractAccessTokenServlet2- Throws:
Throwable
-
getATRequest
protected ATRequest getATRequest(javax.servlet.http.HttpServletRequest request, ServiceTransaction transaction, OA2Client client)
- Specified by:
getATRequestin classAbstractAccessTokenServlet2
-
checkAGExpiration
protected AuthorizationGrantImpl checkAGExpiration(AuthorizationGrant ag)
Description copied from class:AbstractAccessTokenServlet2Contract: if the token gets updated (might have to because of changes to token versions), return it. If no changes, return null.- Specified by:
checkAGExpirationin classAbstractAccessTokenServlet2- Returns:
-
getOA2SE
protected OA2SE getOA2SE()
-
doAT
protected IssuerTransactionState doAT(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, OA2Client client) throws Throwable
- Throws:
Throwable
-
checkCodeChallenge
protected void checkCodeChallenge(OA2ServiceTransaction serviceTransaction, OA2Client client, String verifier)
-
doAT
protected IssuerTransactionState doAT(IssuerTransactionState state, OA2Client client) throws Throwable
- Throws:
Throwable
-
getByRT
protected OA2ServiceTransaction getByRT(RefreshToken refreshToken) throws IOException
- Throws:
IOException
-
getTF2
protected OA2TokenForge getTF2()
-
doRefresh
protected TransactionState doRefresh(OA2Client client, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Throwable
- Throws:
Throwable
-
doNEWRefresh
protected TransactionState doNEWRefresh(OA2Client client, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Throwable
- Throws:
Throwable
-
rollback
protected void rollback(edu.uiuc.ncsa.security.storage.XMLMap backup) throws IOException- Throws:
IOException
-
rollback
protected void rollback(edu.uiuc.ncsa.security.storage.XMLMap backup, TXRecord txRecord) throws IOException- Throws:
IOException
-
verifyAndGet
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException
Description copied from class:OA4MPServletThis is called after the response is received so that the system can get the approproate transaction. Checks for the validity of the transaction should be done here too.- Specified by:
verifyAndGetin classOA4MPServlet- Returns:
- Throws:
IOException
-
getTransaction
protected ServiceTransaction getTransaction(AuthorizationGrant ag, javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException
- Specified by:
getTransactionin classAbstractAccessTokenServlet2- Throws:
javax.servlet.ServletException
-
-