Package io.meeds.oauth.openid
Class OpenIdProcessorImpl
java.lang.Object
io.meeds.oauth.openid.OpenIdProcessorImpl
- All Implemented Interfaces:
OpenIdProcessor,OAuthProviderProcessor<OpenIdAccessTokenContext>,org.picocontainer.Startable
public class OpenIdProcessorImpl
extends Object
implements OpenIdProcessor, org.picocontainer.Startable
-
Constructor Summary
ConstructorsConstructorDescriptionOpenIdProcessorImpl(org.exoplatform.container.ExoContainerContext context, org.exoplatform.container.xml.InitParams params, org.exoplatform.web.security.security.SecureRandomService secureRandomService) -
Method Summary
Modifier and TypeMethodDescriptiongetAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec) Obtain needed data from given userProfile and create accessToken from them<C> CgetAuthorizedSocialApiObject(OpenIdAccessTokenContext accessToken, Class<C> socialApiObjectType) Return object, which can be used to call some operations on this Social network.protected URLprotected InteractionState<OpenIdAccessTokenContext>initialInteraction(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) protected com.github.scribejava.core.model.OAuth2AccessTokenobtainAccessToken(jakarta.servlet.http.HttpServletRequest request) org.json.JSONObjectobtainUserInfo(OpenIdAccessTokenContext accessTokenContext) processOAuthInteraction(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) Process OAuth workflow for this OAuth provider (social network).processOAuthInteraction(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String scope) Possibility to create new OAuth interaction with custom scope (not just the scope which is provided in configuration of this OAuth processor)protected InteractionState<OpenIdAccessTokenContext>processOAuthInteractionImpl(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Set<String> oauthScopes) voidremoveAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile) Remove data about access token from this user profilevoidrevokeToken(OpenIdAccessTokenContext accessToken) Revoke given access token on OAuth provider side, so application is removed from list of supported applications for given uservoidsaveAccessTokenAttributesToUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec, OpenIdAccessTokenContext accessToken) Save accessToken data to given userProfile.protected URLvoidstart()voidstop()validateTokenAndUpdateScopes(OpenIdAccessTokenContext accessToken) Send request to OAuth Provider to validate if given access token is valid and ask for scopes, which are available for given accessToken.
-
Constructor Details
-
OpenIdProcessorImpl
public OpenIdProcessorImpl(org.exoplatform.container.ExoContainerContext context, org.exoplatform.container.xml.InitParams params, org.exoplatform.web.security.security.SecureRandomService secureRandomService)
-
-
Method Details
-
processOAuthInteraction
public InteractionState<OpenIdAccessTokenContext> processOAuthInteraction(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) throws IOException, OAuthException Description copied from interface:OAuthProviderProcessorProcess OAuth workflow for this OAuth provider (social network). Workflow is finished if returnedInteractionStateis in stateInteractionState.State.FINISHand in this case, InteractionState should also have accessToken filled. IfInteractionStateis in stateInteractionState.State.AUTH, then more redirections are needed. In this case, givenHttpServletResponseshould be already committed and prepared for redirection.- Specified by:
processOAuthInteractionin interfaceOAuthProviderProcessor<OpenIdAccessTokenContext>- Returns:
- InteractionState with state of OAuth interaction
- Throws:
IOException- if IO error occured (for example if httpResponse.sendRedirect failed)OAuthException- in case of some other error, which may be specific for this OAuth processor (Details are available in error code) Caller should be able to handle at leastOAuthExceptionCode.USER_DENIED_SCOPEwhich happens when user denied scope (authorization screen in web of given social network)
-
processOAuthInteraction
public InteractionState<OpenIdAccessTokenContext> processOAuthInteraction(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String scope) throws IOException, OAuthException Description copied from interface:OAuthProviderProcessorPossibility to create new OAuth interaction with custom scope (not just the scope which is provided in configuration of this OAuth processor)- Specified by:
processOAuthInteractionin interfaceOAuthProviderProcessor<OpenIdAccessTokenContext>scope- custom scope, which contains all scopes in single String divided byAccessTokenContext.DELIMITER- Returns:
- Throws:
IOExceptionOAuthException- See Also:
-
processOAuthInteractionImpl
protected InteractionState<OpenIdAccessTokenContext> processOAuthInteractionImpl(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Set<String> oauthScopes) throws IOException - Throws:
IOException
-
initialInteraction
protected InteractionState<OpenIdAccessTokenContext> initialInteraction(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException - Throws:
IOException
-
obtainAccessToken
protected com.github.scribejava.core.model.OAuth2AccessToken obtainAccessToken(jakarta.servlet.http.HttpServletRequest request) -
validateTokenAndUpdateScopes
public OpenIdAccessTokenContext validateTokenAndUpdateScopes(OpenIdAccessTokenContext accessToken) throws OAuthException Description copied from interface:OAuthProviderProcessorSend request to OAuth Provider to validate if given access token is valid and ask for scopes, which are available for given accessToken. Returned access token should be always valid and prepared for invoke other operations- Specified by:
validateTokenAndUpdateScopesin interfaceOAuthProviderProcessor<OpenIdAccessTokenContext>- Parameters:
accessToken- accessToken which will be used to ask OAuthProvider about validation and for available scopes- Returns:
- accessTokenContext, which will be quite same as the one from accessToken parameter. It could have some info updated (like scopes)
- Throws:
OAuthException- usually with codes: -OAuthExceptionCode.ACCESS_TOKEN_ERRORif invalid access is used as argument -OAuthExceptionCode.IO_ERRORif IO error occurs
-
getAuthorizedSocialApiObject
public <C> C getAuthorizedSocialApiObject(OpenIdAccessTokenContext accessToken, Class<C> socialApiObjectType) Description copied from interface:OAuthProviderProcessorReturn object, which can be used to call some operations on this Social network. For example "Plus" object for Google+ network- Specified by:
getAuthorizedSocialApiObjectin interfaceOAuthProviderProcessor<OpenIdAccessTokenContext>- Parameters:
accessToken- access token used to initialize objectsocialApiObjectType- Type of object, which we wanted to return. Method will return null if this type is not supported by this processor- Returns:
- initialized object of required type or null if type wasn't found (supported) by this processor
-
saveAccessTokenAttributesToUserProfile
public void saveAccessTokenAttributesToUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec, OpenIdAccessTokenContext accessToken) Description copied from interface:OAuthProviderProcessorSave accessToken data to given userProfile. Note that we are not calling any DB save operations, just filling data into given userProfile- Specified by:
saveAccessTokenAttributesToUserProfilein interfaceOAuthProviderProcessor<OpenIdAccessTokenContext>- Parameters:
userProfile- where data about access token will be filledcodec- to encode some attributes (sensitive data) before save them to user profileaccessToken- specific access token for this OAuth processor
-
getAccessTokenFromUserProfile
public OpenIdAccessTokenContext getAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec) Description copied from interface:OAuthProviderProcessorObtain needed data from given userProfile and create accessToken from them- Specified by:
getAccessTokenFromUserProfilein interfaceOAuthProviderProcessor<OpenIdAccessTokenContext>- Parameters:
userProfile- where data from access token will be obtainedcodec- to decode data from userProfile- Returns:
- accesstoken or null if accessToken is not found in persistent storage
-
removeAccessTokenFromUserProfile
public void removeAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile) Description copied from interface:OAuthProviderProcessorRemove data about access token from this user profile- Specified by:
removeAccessTokenFromUserProfilein interfaceOAuthProviderProcessor<OpenIdAccessTokenContext>- Parameters:
userProfile- from which data will be removed
-
obtainUserInfo
- Specified by:
obtainUserInfoin interfaceOpenIdProcessor
-
revokeToken
Description copied from interface:OAuthProviderProcessorRevoke given access token on OAuth provider side, so application is removed from list of supported applications for given user- Specified by:
revokeTokenin interfaceOAuthProviderProcessor<OpenIdAccessTokenContext>- Parameters:
accessToken- access token to revoke- Throws:
OAuthException- with codeOAuthExceptionCode.TOKEN_REVOCATION_FAILEDif remote revocation of access token failed for some reason
-
sendAccessTokenRequest
- Throws:
IOException
-
getUserInfoURL
- Throws:
IOException
-
start
public void start()- Specified by:
startin interfaceorg.picocontainer.Startable
-
stop
public void stop()- Specified by:
stopin interfaceorg.picocontainer.Startable
-