* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import aafoauth.v2_0.Introspect;
public class OAuthService {
-
+
private static final int TOK_EXP = 60*60*1000; // 1 hour, millis.
public enum TOKEN_TYPE {unknown,bearer,refresh}
public enum GRANT_TYPE {unknown,password,client_credentials,refresh_token};
public enum CLIENT_TYPE {unknown,confidential};
-
+
// Additional Expires
private final DAO<AuthzTrans, ?>[] daos;
public final OAuthTokenDAO tokenDAO;
String[] split = Split.split(',', alt_url);
int timeout = split.length>1?Integer.parseInt(split[1]):3000;
altIntrospectClient = tcf.newClient(split[0], timeout);
- altIntrospectClient.client_creds(access.getProperty(Config.AAF_ALT_CLIENT_ID,null),
+ altIntrospectClient.client_creds(access.getProperty(Config.AAF_ALT_CLIENT_ID,null),
access.getProperty(Config.AAF_ALT_CLIENT_SECRET,null));
altDomain = '@'+access.getProperty(Config.AAF_ALT_OAUTH2_DOMAIN,null);
} else {
} catch (GeneralSecurityException | CadiException | LocatorException e) {
throw new APIException("Could not construct TokenClientFactory",e);
}
-
+
}
public Result<Void> validate(AuthzTrans trans, OCreds creds) {
return Result.err(Result.ERR_BadData, "Unknown Grant Type");
}
}
-
+
private Result<Data> createBearerToken(AuthzTrans trans, OAuthTokenDAO.Data odd) {
if (odd.user==null) {
odd.user = trans.user();
odd.expires = new Date(exp=(System.currentTimeMillis()+TOK_EXP));
odd.exp_sec = exp/1000;
odd.req_ip = trans.ip();
-
+
try {
Result<Data> rd = loadToken(trans, odd);
if (rd.notOK()) {
}
return tokenDAO.create(trans, odd);
}
-
+
private Result<Data> loadToken(AuthzTrans trans, Data odd) throws APIException, CadiException {
Result<String> rs = permLoader.loadJSONPerms(trans,odd.user,odd.scopes(false));
if (rs.isOK()) {
return Result.err(Result.ERR_Backend,"Error accessing AAF Info: %s",rs.errorString());
}
}
-
-
+
+
private Result<Data> refreshBearerToken(AuthzTrans trans, Data odd) {
Result<List<Data>> rld = tokenDAO.readByUser(trans, trans.user());
break;
}
}
-
+
if (token==null) {
trans.audit().printf("Duplicate Refresh Token (%s) attempted for %s. Possible Replay Attack",odd.refresh.toString(),trans.user());
return Result.err(Result.ERR_Security,"Invalid Refresh Token");
Code Review / aaf / authz.git / blobdiff