OAuth2Component.java revision 073875d677d0cc89aa2cc1187c975225a2ead9d3
1670N/A/*
1670N/A * DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
1670N/A *
1670N/A * Copyright (c) 2012 ForgeRock Inc. All rights reserved.
1670N/A *
1670N/A * The contents of this file are subject to the terms
1670N/A * of the Common Development and Distribution License
1670N/A * (the License). You may not use this file except in
1670N/A * compliance with the License.
1670N/A *
1670N/A * You can obtain a copy of the License at
1670N/A * http://forgerock.org/license/CDDLv1.0.html
1670N/A * See the License for the specific language governing
1670N/A * permission and limitations under the License.
1670N/A *
1670N/A * When distributing Covered Code, include this CDDL
1670N/A * Header Notice in each file and include the License file
1670N/A * at http://forgerock.org/license/CDDLv1.0.html
1670N/A * If applicable, add the following below the CDDL Header,
1670N/A * with the fields enclosed by brackets [] replaced by
1670N/A * your own identifying information:
1670N/A * "Portions Copyrighted [2012] [ForgeRock Inc]"
1670N/A */
1670N/A
1670N/Apackage org.forgerock.restlet.ext.oauth2.internal;
1670N/A
1670N/Aimport java.util.HashMap;
1670N/Aimport java.util.Map;
1670N/Aimport java.util.logging.Logger;
1670N/A
1670N/Aimport org.forgerock.openam.oauth2.OAuth2Constants;
1670N/Aimport org.forgerock.openam.oauth2.provider.ClientVerifier;
1670N/Aimport org.forgerock.openam.oauth2.utils.OAuth2Utils;
1670N/Aimport org.forgerock.restlet.ext.oauth2.provider.ClientAuthenticationFilter;
1670N/Aimport org.forgerock.restlet.ext.oauth2.provider.OAuth2FlowFinder;
1670N/Aimport org.forgerock.openam.oauth2.provider.OAuth2Provider;
1670N/Aimport org.forgerock.openam.oauth2.provider.OAuth2TokenStore;
1670N/Aimport org.forgerock.restlet.ext.oauth2.representation.ClassDirectoryServerResource;
import org.restlet.Context;
import org.restlet.Restlet;
import org.restlet.data.ChallengeScheme;
import org.restlet.resource.Directory;
import org.restlet.routing.Router;
import org.restlet.security.ChallengeAuthenticator;
import org.restlet.security.Verifier;
/**
* This class can initialise the OAuth2 Endpoint. IT can be a Spring Bean or an
* OSGi component. Used to test OAuth2
*
* @author $author$
* @version $Revision$ $Date$
*/
public class OAuth2Component {
private OAuth2Provider provider = null;
private Map<String, Object> configuration = null;
private ClientVerifier clientVerifier;
private Verifier userVerifier;
protected OAuth2TokenStore tokenStore = null;
private String realm = null;
private Logger logger = null;
public OAuth2Provider getProvider() {
return provider;
}
public void setProvider(OAuth2Provider provider) {
this.provider = provider;
}
public Map<String, Object> getConfiguration() {
if (null == configuration) {
configuration = new HashMap<String, Object>();
}
return configuration;
}
public void setConfiguration(Map<String, Object> configuration) {
this.configuration = configuration;
}
public ClientVerifier getClientVerifier() {
return clientVerifier;
}
public void setClientVerifier(ClientVerifier clientVerifier) {
this.clientVerifier = clientVerifier;
}
public Verifier getUserVerifier() {
return userVerifier;
}
public void setUserVerifier(Verifier userVerifier) {
this.userVerifier = userVerifier;
}
public OAuth2TokenStore getTokenStore() {
return tokenStore;
}
public void setTokenStore(OAuth2TokenStore tokenStore) {
this.tokenStore = tokenStore;
}
public Restlet activate() {
logger = provider.getContext().getLogger();
Context childContext = getProvider().getContext().createChildContext();
Router root = new Router(childContext);
// Define Resources directory
Directory directory = new Directory(root.getContext(), "clap:///resources");
directory.setTargetClass(ClassDirectoryServerResource.class);
root.attach("/resources", directory);
// Define Authorization Endpoint
OAuth2FlowFinder finder =
new OAuth2FlowFinder(childContext, OAuth2Constants.EndpointType.AUTHORIZATION_ENDPOINT)
.supportAuthorizationCode().supportClientCredentials().supportImplicit()
.supportPassword();
ChallengeAuthenticator au =
new ChallengeAuthenticator(childContext, ChallengeScheme.HTTP_BASIC, "realm");
au.setVerifier(getUserVerifier());
au.setNext(finder);
// This endpoint protected by OpenAM Filter
root.attach(OAuth2Utils.getAuthorizePath(childContext), au);
// Define Token Endpoint
finder =
new OAuth2FlowFinder(childContext, OAuth2Constants.EndpointType.TOKEN_ENDPOINT)
.supportAuthorizationCode().supportClientCredentials().supportImplicit()
.supportPassword();
// Try to authenticate the client The verifier MUST set
ClientAuthenticationFilter filter = new ClientAuthenticationFilter(childContext);
filter.setVerifier(clientVerifier);
filter.setNext(finder);
root.attach(OAuth2Utils.getAccessTokenPath(childContext), filter);
if (getConfiguration().get(OAuth2Constants.Custom.REALM) instanceof String) {
realm = (String) getConfiguration().get(OAuth2Constants.Custom.REALM);
realm = OAuth2Utils.isNotBlank(realm) ? realm : null;
}
// Configure context
childContext.setDefaultVerifier(userVerifier);
OAuth2Utils.setClientVerifier(clientVerifier, childContext);
OAuth2Utils.setTokenStore(tokenStore, childContext);
OAuth2Utils.setContextRealm(realm, childContext);
if (null != realm ? provider.attachRealm(realm, root) : provider.attachDefaultRealm(root)) {
logger.fine("Realm attached");
}
return root;
}
public void deactivate() {
if (null != realm) {
provider.detachRealm(realm);
} else {
provider.detachDefaultRealm();
}
logger.fine("Realm detached");
}
// Null-Safe logger example
/*
* protected Logger getLogger(Context context) { Handler handler = new
* Handler(context.getLogger()); Class[] interfacesArray = new
* Class[]{Logger.class}; return (Logger)
* Proxy.newProxyInstance(org.restlet.
* engine.Engine.getInstance().getClassLoader(), interfacesArray, handler);
* }
*
* class Handler implements InvocationHandler { public Logger logger;
*
* public Handler(Logger sum) { this.logger = sum; }
*
* public Object invoke(Object proxy, Method method, Object[] args) throws
* Throwable { if (null != logger) { return method.invoke(logger, args); }
* else { return null; } } }
*/
}