org.gatein.security.oauth.google

Class GoogleProcessorImpl

java.lang.Object

org.gatein.security.oauth.google.GoogleProcessorImpl

All Implemented Interfaces:

GoogleProcessor, OAuthProviderProcessor<GoogleAccessTokenContext>

public class GoogleProcessorImpl
extends Object
implements GoogleProcessor

Author:

Marek Posolda

Constructor Summary

Constructors

Constructor and Description
GoogleProcessorImpl(org.exoplatform.container.ExoContainerContext context, org.exoplatform.container.xml.InitParams params, SecureRandomService secureRandomService)

Method Summary

Modifier and Type	Method and Description
GoogleAccessTokenContext	getAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec) Obtain needed data from given userProfile and create accessToken from them
<C> C	getAuthorizedSocialApiObject(GoogleAccessTokenContext accessToken, Class<C> socialApiObjectType) Return object, which can be used to call some operations on this Social network.
com.google.api.services.oauth2.Oauth2	getOAuth2Instance(GoogleAccessTokenContext accessTokenContext) Obtain instance of Google Oauth2 object, which can be used to call various operations in Google API (obtain user informations, obtain informations about your access token etc)
protected com.google.api.services.oauth2.Oauth2	getOAuth2InstanceImpl(com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse tokenData)
com.google.api.services.plus.Plus	getPlusService(GoogleAccessTokenContext accessTokenContext) Obtain instance of Google (@link Plus} object, which can be used to call various operations in Google+ API (Obtain list of your friends, obtain your statuses, comments, activities etc...)
protected InteractionState<GoogleAccessTokenContext>	initialInteraction(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Set<String> scopes)
protected com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse	obtainAccessToken(javax.servlet.http.HttpServletRequest request)
com.google.api.services.oauth2.model.Userinfo	obtainUserInfo(GoogleAccessTokenContext accessTokenContext) Obtain informations about user from Google+ .
InteractionState<GoogleAccessTokenContext>	processOAuthInteraction(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) Process OAuth workflow for this OAuth provider (social network).
InteractionState<GoogleAccessTokenContext>	processOAuthInteraction(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String scope) Possibility to create new OAuth interaction with custom scope (not just the scope which is provided in configuration of this OAuth processor)
protected InteractionState<GoogleAccessTokenContext>	processOAuthInteractionImpl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Set<String> scopes)
void	refreshToken(GoogleAccessTokenContext accessTokenContext) Refresh Google+ token.
void	removeAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile) Remove data about access token from this user profile
void	revokeToken(GoogleAccessTokenContext accessTokenContext) Revoke given access token on OAuth provider side, so application is removed from list of supported applications for given user
void	saveAccessTokenAttributesToUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec, GoogleAccessTokenContext accessToken) Save accessToken data to given userProfile.
GoogleAccessTokenContext	validateTokenAndUpdateScopes(GoogleAccessTokenContext accessTokenContext) Send request to OAuth Provider to validate if given access token is valid and ask for scopes, which are available for given accessToken.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GoogleProcessorImpl

public GoogleProcessorImpl(org.exoplatform.container.ExoContainerContext context,
                           org.exoplatform.container.xml.InitParams params,
                           SecureRandomService secureRandomService)

Method Detail

processOAuthInteraction

public InteractionState<GoogleAccessTokenContext> processOAuthInteraction(javax.servlet.http.HttpServletRequest httpRequest,
                                                                          javax.servlet.http.HttpServletResponse httpResponse)
                                                                   throws IOException,
                                                                          OAuthException

Description copied from interface: OAuthProviderProcessor

Process OAuth workflow for this OAuth provider (social network). Workflow is finished if returned InteractionState is in state InteractionState.State.FINISH and in this case, InteractionState should also have accessToken filled. If InteractionState is in state InteractionState.State.AUTH, then more redirections are needed. In this case, given HttpServletResponse should be already committed and prepared for redirection.

Specified by:

processOAuthInteraction in interface OAuthProviderProcessor<GoogleAccessTokenContext>

Returns:

InteractionState with state of OAuth interaction

Throws:

IOException - if IO error occured (for example if httpResponse.sendRedirect failed)

OAuthException - in case of some other error, which may be specific for this OAuth processor (Details are available in error code) Caller should be able to handle at least OAuthExceptionCode.USER_DENIED_SCOPE which happens when user denied scope (authorization screen in web of given social network)

processOAuthInteraction

public InteractionState<GoogleAccessTokenContext> processOAuthInteraction(javax.servlet.http.HttpServletRequest httpRequest,
                                                                          javax.servlet.http.HttpServletResponse httpResponse,
                                                                          String scope)
                                                                   throws IOException,
                                                                          OAuthException

Description copied from interface: OAuthProviderProcessor

Possibility to create new OAuth interaction with custom scope (not just the scope which is provided in configuration of this OAuth processor)

Specified by:

processOAuthInteraction in interface OAuthProviderProcessor<GoogleAccessTokenContext>

scope - custom scope, which contains all scopes in single String divided by AccessTokenContext.DELIMITER

Returns:

Throws:

IOException

OAuthException

See Also:

OAuthProviderProcessor.processOAuthInteraction(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)

processOAuthInteractionImpl

protected InteractionState<GoogleAccessTokenContext> processOAuthInteractionImpl(javax.servlet.http.HttpServletRequest request,
                                                                                 javax.servlet.http.HttpServletResponse response,
                                                                                 Set<String> scopes)
                                                                          throws IOException

Throws:

IOException

initialInteraction

protected InteractionState<GoogleAccessTokenContext> initialInteraction(javax.servlet.http.HttpServletRequest request,
                                                                        javax.servlet.http.HttpServletResponse response,
                                                                        Set<String> scopes)
                                                                 throws IOException

Throws:

IOException

obtainAccessToken

protected com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse obtainAccessToken(javax.servlet.http.HttpServletRequest request)
                                                                                      throws IOException

Throws:

IOException

validateTokenAndUpdateScopes

public GoogleAccessTokenContext validateTokenAndUpdateScopes(GoogleAccessTokenContext accessTokenContext)

Description copied from interface: OAuthProviderProcessor

Send request to OAuth Provider to validate if given access token is valid and ask for scopes, which are available for given accessToken. Returned access token should be always valid and prepared for invoke other operations

Specified by:

validateTokenAndUpdateScopes in interface OAuthProviderProcessor<GoogleAccessTokenContext>

Parameters:

accessTokenContext - accessToken which will be used to ask OAuthProvider about validation and for available scopes

Returns:

accessTokenContext, which will be quite same as the one from accessToken parameter. It could have some info updated (like scopes)

getAuthorizedSocialApiObject

public <C> C getAuthorizedSocialApiObject(GoogleAccessTokenContext accessToken,
                                          Class<C> socialApiObjectType)

Description copied from interface: OAuthProviderProcessor

Return object, which can be used to call some operations on this Social network. For example "Plus" object for Google+ network

Specified by:

getAuthorizedSocialApiObject in interface OAuthProviderProcessor<GoogleAccessTokenContext>

Parameters:

accessToken - access token used to initialize object

socialApiObjectType - Type of object, which we wanted to return. Method will return null if this type is not supported by this processor

Returns:

initialized object of required type or null if type wasn't found (supported) by this processor

obtainUserInfo

public com.google.api.services.oauth2.model.Userinfo obtainUserInfo(GoogleAccessTokenContext accessTokenContext)

Description copied from interface: GoogleProcessor

Obtain informations about user from Google+ .

Specified by:

obtainUserInfo in interface GoogleProcessor

Parameters:

accessTokenContext - google access token

Returns:

userinfo object with filled info about this user

getOAuth2Instance

public com.google.api.services.oauth2.Oauth2 getOAuth2Instance(GoogleAccessTokenContext accessTokenContext)

Description copied from interface: GoogleProcessor

Obtain instance of Google Oauth2 object, which can be used to call various operations in Google API (obtain user informations, obtain informations about your access token etc)

Specified by:

getOAuth2Instance in interface GoogleProcessor

Returns:

oauth2 object

getOAuth2InstanceImpl

protected com.google.api.services.oauth2.Oauth2 getOAuth2InstanceImpl(com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse tokenData)

getPlusService

public com.google.api.services.plus.Plus getPlusService(GoogleAccessTokenContext accessTokenContext)

Description copied from interface: GoogleProcessor

Obtain instance of Google (@link Plus} object, which can be used to call various operations in Google+ API (Obtain list of your friends, obtain your statuses, comments, activities etc...)

Specified by:

getPlusService in interface GoogleProcessor

Returns:

plus object

saveAccessTokenAttributesToUserProfile

public void saveAccessTokenAttributesToUserProfile(org.exoplatform.services.organization.UserProfile userProfile,
                                                   OAuthCodec codec,
                                                   GoogleAccessTokenContext accessToken)

Description copied from interface: OAuthProviderProcessor

Save accessToken data to given userProfile. Note that we are not calling any DB save operations, just filling data into given userProfile

Specified by:

saveAccessTokenAttributesToUserProfile in interface OAuthProviderProcessor<GoogleAccessTokenContext>

Parameters:

userProfile - where data about access token will be filled

codec - to encode some attributes (sensitive data) before save them to user profile

accessToken - specific access token for this OAuth processor

getAccessTokenFromUserProfile

public GoogleAccessTokenContext getAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile,
                                                              OAuthCodec codec)

Description copied from interface: OAuthProviderProcessor

Obtain needed data from given userProfile and create accessToken from them

Specified by:

getAccessTokenFromUserProfile in interface OAuthProviderProcessor<GoogleAccessTokenContext>

Parameters:

userProfile - where data from access token will be obtained

codec - to decode data from userProfile

Returns:

accesstoken or null if accessToken is not found in persistent storage

removeAccessTokenFromUserProfile

public void removeAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile)

Description copied from interface: OAuthProviderProcessor

Remove data about access token from this user profile

Specified by:

removeAccessTokenFromUserProfile in interface OAuthProviderProcessor<GoogleAccessTokenContext>

Parameters:

userProfile - from which data will be removed

revokeToken

public void revokeToken(GoogleAccessTokenContext accessTokenContext)
                 throws OAuthException

Description copied from interface: OAuthProviderProcessor

Revoke given access token on OAuth provider side, so application is removed from list of supported applications for given user

Specified by:

revokeToken in interface OAuthProviderProcessor<GoogleAccessTokenContext>

Parameters:

accessTokenContext - access token to revoke

Throws:

OAuthException - with code OAuthExceptionCode.TOKEN_REVOCATION_FAILED if remote revocation of access token failed for some reason

refreshToken

public void refreshToken(GoogleAccessTokenContext accessTokenContext)

Description copied from interface: GoogleProcessor

Refresh Google+ token. Note that argument needs to have "refreshToken" available. The "accessToken" will be refreshed and updated directly on this instance of accessTokenContext

Specified by:

refreshToken in interface GoogleProcessor