Package com.cloudbees.cloud_resource.auth.jersey

Source Code of com.cloudbees.cloud_resource.auth.jersey.OauthAuthenticator$AuthContainerRequest

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package com.cloudbees.cloud_resource.auth.jersey;

import com.cloudbees.api.BeesClient;
import com.cloudbees.api.cr.Capability;
import com.cloudbees.api.oauth.OauthClient;
import com.cloudbees.api.oauth.OauthClientException;
import com.cloudbees.api.oauth.OauthToken;
import com.cloudbees.cloud_resource.auth.AuthException;
import com.cloudbees.cloud_resource.auth.CloudbeesPrincipal;
import com.cloudbees.cloud_resource.auth.CloudbeesPrincipalImpl;
import com.cloudbees.cloud_resource.auth.Secure;
import com.cloudbees.cloud_resource.auth.guice.InjectLogger;
import com.cloudbees.cloud_resource.auth.guice.OauthConfig;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import com.sun.jersey.spi.container.AdaptingContainerRequest;
import com.sun.jersey.spi.container.ContainerRequest;
import org.slf4j.Logger;

import java.net.MalformedURLException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

/**
* @author Vivek Pandey
*/
@Singleton
public class OauthAuthenticator implements Provider<Authenticator>, Authenticator {

    @InjectLogger
    private Logger logger;

    private final OauthConfig oauthConfig;

    @Inject
    public OauthAuthenticator(OauthConfig oauthConfig) {
        this.oauthConfig = oauthConfig;
    }

    @Override
    public Authenticator get() {
        return this;
    }


    @Override
    public ContainerRequest authenticate(ContainerRequest request, Secure secureAnnotation) {

        List<String> scopes = new ArrayList<String>(Arrays.asList(secureAnnotation.scopes()));
        String[] capabilities = secureAnnotation.capabilities();

        for(String cap:capabilities){
            try {
                scopes.add(new Capability(cap).to(request.getRequestUri().toURL()));
            } catch (MalformedURLException e) {
                throw new AuthException(500, "Invalid host name: "+ request.getRequestUri().toString());
            }
        }
        logger.debug("Expecting scopes: "+Arrays.toString(scopes.toArray()));

        // Create OAuth client
        OauthClient oauthClient = new BeesClient(oauthConfig.getClientId(), oauthConfig.getClientSecret()).getOauthClient();

        //parse Bearer token from Authorization header
        String token = oauthClient.parseAuthorizationHeader(request.getHeaderValue("Authorization"));

        // If not found get it from the access_token parameter
        if(token == null){
            token = request.getQueryParameters().getFirst("access_token");
        }

        if (token == null) {
            logger.error("No OAuth access_token found in the request.");
            throw new AuthException(401, "No OAuth access_token found in the request.");
        }

        OauthToken oauthToken;
        try {
            //Validate scopes
            if(secureAnnotation.validateAllScopes()){
                oauthToken = oauthClient.validateToken(token);
                if(oauthToken != null){
                    for(String scope:scopes){
                        if(!oauthToken.validateScope(scope)){
                            throw new AuthException(401, String.format("Expected scope: %s not found on the token", scope));
                        }
                    }
                }
            }else{
                oauthToken = oauthClient.validateToken(token,scopes.toArray(new String[scopes.size()]));
            }
        } catch (OauthClientException e) {
            logger.error(e.getMessage(),e);
            throw new AuthException(401, "Authentication failed, invalid token");
        }
        if (oauthToken == null || oauthToken.accessToken == null) {
            throw new AuthException(401, "Authentication failed, invalid token");
        }

        //Set principal to secu context in the request
        CloudbeesPrincipal principal = new CloudbeesPrincipalImpl(oauthToken);
        return new AuthContainerRequest(principal,request);
    }



    private class AuthContainerRequest extends AdaptingContainerRequest{

        private final CloudbeesPrincipal principal;
        protected AuthContainerRequest(CloudbeesPrincipal principal, ContainerRequest acr) {
            super(acr);
            this.principal = principal;
        }

        @Override
        public Principal getUserPrincipal() {
            return principal;
        }
    }
}
TOP

Related Classes of com.cloudbees.cloud_resource.auth.jersey.OauthAuthenticator$AuthContainerRequest

  • com.cloudbees.api.BeesClient
  • com.cloudbees.api.cr.Capability
  • com.cloudbees.api.oauth.OauthClient
  • com.cloudbees.api.oauth.OauthToken
  • com.cloudbees.cloud_resource.auth.CloudbeesPrincipal
  • com.cloudbees.cloud_resource.auth.CloudbeesPrincipalImpl
  • com.cloudbees.cloud_resource.types.CloudResourceError
  • org.cloudbees.cloud_resource.jersey.CloudResourceException
  • com.cloudbees.cloud_resource.auth.AuthException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.