11package com .homework .oauth2 .authorization .server .api ;
22
3+ // From the package
34import com .homework .oauth2 .authorization .server .handler .AuthorizationGrantTypeHandler ;
45import com .homework .oauth2 .authorization .server .model .AppDataRepository ;
56import com .homework .oauth2 .authorization .server .model .AuthorizationCode ;
67import com .homework .oauth2 .authorization .server .model .Client ;
78import com .homework .oauth2 .authorization .server .model .User ;
89
10+ // From JAVA
911import javax .annotation .security .RolesAllowed ;
1012import javax .enterprise .context .RequestScoped ;
1113import javax .enterprise .inject .Instance ;
2628import java .time .LocalDateTime ;
2729import java .util .*;
2830
31+ // Check if the user is logged-in, otherwise re-route to /login.jsp
2932@ FormAuthenticationMechanismDefinition (
3033 loginToContinue = @ LoginToContinue (loginPage = "/login.jsp" , errorPage = "/login.jsp" )
3134)
@@ -45,25 +48,24 @@ public class AuthorizationEndpoint {
4548
4649 @ GET
4750 @ Produces (MediaType .TEXT_HTML )
48- public Response doGet (@ Context HttpServletRequest request ,
49- @ Context HttpServletResponse response ,
50- @ Context UriInfo uriInfo ) throws ServletException , IOException {
51- MultivaluedMap <String , String > params = uriInfo .getQueryParameters ();
52- Principal principal = securityContext .getCallerPrincipal ();
51+ public Response doGet (@ Context final HttpServletRequest request ,
52+ @ Context final HttpServletResponse response ,
53+ @ Context final UriInfo uriInfo ) throws ServletException , IOException {
54+ final MultivaluedMap <String , String > params = uriInfo .getQueryParameters ();
55+ final Principal principal = securityContext .getCallerPrincipal ();
5356
5457 //error about redirect_uri && client_id ==> forward user, thus to error.jsp.
5558 //otherwise ==> sendRedirect redirect_uri?error=error&error_description=error_description
5659 //1. client_id
57- String clientId = params .getFirst ("client_id" );
60+ final String clientId = params .getFirst ("client_id" );
5861 if (clientId == null || clientId .isEmpty ()) {
5962 return informUserAboutError (request , response , "Invalid client_id :" + clientId );
6063 }
61- Client client = appDataRepository .getClient (clientId );
64+ final Client client = appDataRepository .getClient (clientId );
6265 if (client == null ) {
6366 return informUserAboutError (request , response , "Invalid client_id :" + clientId );
6467 }
6568 //2. Client Authorized Grant Type
66- String clientError = "" ;
6769 if (client .getAuthorizedGrantTypes () != null && !client .getAuthorizedGrantTypes ().contains ("authorization_code" )) {
6870 return informUserAboutError (request , response , "Authorization Grant type, authorization_code, is not allowed for this client :" + clientId );
6971 }
@@ -86,7 +88,7 @@ public Response doGet(@Context HttpServletRequest request,
8688 request .setAttribute ("client" , client );
8789
8890 //4. response_type
89- String responseType = params .getFirst ("response_type" );
91+ final String responseType = params .getFirst ("response_type" );
9092 if (!"code" .equals (responseType ) && !"token" .equals (responseType )) {
9193 //error = "invalid_grant :" + responseType + ", response_type params should be code or token:";
9294 //return informUserAboutError(error);
@@ -100,8 +102,8 @@ public Response doGet(@Context HttpServletRequest request,
100102 if (requestedScope == null || requestedScope .isEmpty ()) {
101103 requestedScope = client .getScope ();
102104 }
103- User user = appDataRepository .getUser (principal .getName ());
104- String allowedScopes = checkUserScopes (user .getScopes (), requestedScope );
105+ final User user = appDataRepository .getUser (principal .getName ());
106+ final String allowedScopes = checkUserScopes (user .getScopes (), requestedScope );
105107 request .setAttribute ("scopes" , allowedScopes );
106108
107109 request .getRequestDispatcher ("/authorize.jsp" ).forward (request , response );
@@ -111,73 +113,73 @@ public Response doGet(@Context HttpServletRequest request,
111113 @ POST
112114 @ Consumes (MediaType .APPLICATION_FORM_URLENCODED )
113115 @ Produces (MediaType .TEXT_HTML )
114- public Response doPost (@ Context HttpServletRequest request ,
115- @ Context HttpServletResponse response ,
116- MultivaluedMap <String , String > params ) throws Exception {
117- MultivaluedMap <String , String > originalParams = (MultivaluedMap <String , String >) request .getSession ().getAttribute ("ORIGINAL_PARAMS" );
116+ public Response doPost (@ Context final HttpServletRequest request ,
117+ @ Context final HttpServletResponse response ,
118+ final MultivaluedMap <String , String > params ) throws Exception {
119+ final MultivaluedMap <String , String > originalParams = (MultivaluedMap <String , String >) request .getSession ().getAttribute ("ORIGINAL_PARAMS" );
118120 if (originalParams == null ) {
119121 return informUserAboutError (request , response , "No pending authorization request." );
120122 }
121- String redirectUri = originalParams .getFirst ("resolved_redirect_uri" );
122- StringBuilder sb = new StringBuilder (redirectUri );
123+ final String redirectUri = originalParams .getFirst ("resolved_redirect_uri" );
124+ final StringBuilder sb = new StringBuilder (redirectUri );
123125
124- String approvalStatus = params .getFirst ("approval_status" );
126+ final String approvalStatus = params .getFirst ("approval_status" );
125127 if ("NO" .equals (approvalStatus )) {
126- URI location = UriBuilder .fromUri (sb .toString ())
128+ final URI location = UriBuilder .fromUri (sb .toString ())
127129 .queryParam ("error" , "User doesn't approved the request." )
128130 .queryParam ("error_description" , "User doesn't approved the request." )
129131 .build ();
130132 return Response .seeOther (location ).build ();
131133 }
132134 //==> YES
133- List <String > approvedScopes = params .get ("scope" );
135+ final List <String > approvedScopes = params .get ("scope" );
134136 if (approvedScopes == null || approvedScopes .isEmpty ()) {
135- URI location = UriBuilder .fromUri (sb .toString ())
137+ final URI location = UriBuilder .fromUri (sb .toString ())
136138 .queryParam ("error" , "User doesn't approved the request." )
137139 .queryParam ("error_description" , "User doesn't approved the request." )
138140 .build ();
139141 return Response .seeOther (location ).build ();
140142 }
141143
142- String responseType = originalParams .getFirst ("response_type" );
143- String clientId = originalParams .getFirst ("client_id" );
144+ final String responseType = originalParams .getFirst ("response_type" );
145+ final String clientId = originalParams .getFirst ("client_id" );
144146 if ("code" .equals (responseType )) {
145- String userId = securityContext .getCallerPrincipal ().getName ();
146- AuthorizationCode authorizationCode = new AuthorizationCode ();
147+ final String userId = securityContext .getCallerPrincipal ().getName ();
148+ final AuthorizationCode authorizationCode = new AuthorizationCode ();
147149 authorizationCode .setClientId (clientId );
148150 authorizationCode .setUserId (userId );
149151 authorizationCode .setApprovedScopes (String .join (" " , approvedScopes ));
150152 authorizationCode .setExpirationDate (LocalDateTime .now ().plusMinutes (10 ));
151153 authorizationCode .setRedirectUri (redirectUri );
152154 appDataRepository .save (authorizationCode );
153- String code = authorizationCode .getCode ();
155+ final String code = authorizationCode .getCode ();
154156 sb .append ("?code=" ).append (code );
155157 } else {
156158 //Implicit: responseType=token
157- AuthorizationGrantTypeHandler authorizationGrantTypeHandler = authorizationGrantTypeHandlers .select (NamedLiteral .of ("implicit" )).get ();
158- JsonObject tokenResponse = authorizationGrantTypeHandler .createAccessToken (clientId , params );
159+ final AuthorizationGrantTypeHandler authorizationGrantTypeHandler = authorizationGrantTypeHandlers .select (NamedLiteral .of ("implicit" )).get ();
160+ final JsonObject tokenResponse = authorizationGrantTypeHandler .createAccessToken (clientId , params );
159161 sb .append ("#access_token=" ).append (tokenResponse .getString ("access_token" ))
160162 .append ("&token_type=" ).append (tokenResponse .getString ("token_type" ))
161163 .append ("&scope=" ).append (tokenResponse .getString ("scope" ));
162164 }
163- String state = originalParams .getFirst ("state" );
165+ final String state = originalParams .getFirst ("state" );
164166 if (state != null ) {
165167 sb .append ("&state=" ).append (state );
166168 }
167169 return Response .seeOther (UriBuilder .fromUri (sb .toString ()).build ()).build ();
168170 }
169171
170- private String checkUserScopes (String userScopes , String requestedScope ) {
171- Set <String > allowedScopes = new LinkedHashSet <>();
172- Set <String > rScopes = new HashSet (Arrays .asList (requestedScope .split (" " )));
173- Set <String > uScopes = new HashSet (Arrays .asList (userScopes .split (" " )));
174- for (String scope : uScopes ) {
172+ private String checkUserScopes (final String userScopes , final String requestedScope ) {
173+ final Set <String > allowedScopes = new LinkedHashSet <>();
174+ final Set <String > rScopes = new HashSet (Arrays .asList (requestedScope .split (" " )));
175+ final Set <String > uScopes = new HashSet (Arrays .asList (userScopes .split (" " )));
176+ for (final String scope : uScopes ) {
175177 if (rScopes .contains (scope )) allowedScopes .add (scope );
176178 }
177179 return String .join (" " , allowedScopes );
178180 }
179181
180- private Response informUserAboutError (HttpServletRequest request , HttpServletResponse response , String error ) throws ServletException , IOException {
182+ private Response informUserAboutError (final HttpServletRequest request , final HttpServletResponse response , final String error ) throws ServletException , IOException {
181183 request .setAttribute ("error" , error );
182184 request .getRequestDispatcher ("/error.jsp" ).forward (request , response );
183185 return null ;
0 commit comments