Xinwen Deng / aem-src

OAuth2AuthorizationEndpointServlet.java 7.22 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 
/*
 * Decompiled with CFR 0_118.
 * 
 * Could not load the following classes:
 *  javax.jcr.RepositoryException
 *  javax.jcr.Session
 *  javax.servlet.Servlet
 *  javax.servlet.ServletException
 *  javax.servlet.http.HttpServlet
 *  javax.servlet.http.HttpServletRequest
 *  javax.servlet.http.HttpServletResponse
 *  org.apache.felix.scr.annotations.Component
 *  org.apache.felix.scr.annotations.Properties
 *  org.apache.felix.scr.annotations.Property
 *  org.apache.felix.scr.annotations.Reference
 *  org.apache.felix.scr.annotations.Service
 *  org.apache.oltu.oauth2.as.request.OAuthAuthzRequest
 *  org.apache.oltu.oauth2.as.response.OAuthASResponse
 *  org.apache.oltu.oauth2.common.exception.OAuthProblemException
 *  org.apache.oltu.oauth2.common.exception.OAuthSystemException
 *  org.apache.oltu.oauth2.common.message.OAuthResponse
 *  org.apache.oltu.oauth2.common.message.OAuthResponse$OAuthErrorResponseBuilder
 *  org.apache.oltu.oauth2.common.utils.OAuthUtils
 *  org.apache.sling.jcr.api.SlingRepository
 *  org.slf4j.Logger
 *  org.slf4j.LoggerFactory
 */
package com.adobe.granite.oauth.server.impl;

import com.adobe.granite.oauth.server.OAuth2ResourceServer;
import com.adobe.granite.oauth.server.impl.helper.OAuth2Helper;
import java.io.IOException;
import java.util.Collections;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.apache.sling.jcr.api.SlingRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(immediate=1, metatype=0)
@Service(value={Servlet.class})
@Properties(value={@Property(name="alias", value={"/oauth/authorize"})})
public class OAuth2AuthorizationEndpointServlet
extends HttpServlet {
    private final Logger logger;
    private static final long serialVersionUID = 6693148092624224413L;
    private static final String CONSENT_SCREEN_SERVLET = "/libs/granite/oauth/content/authorization.html";
    protected static final String DEFAULT_SERVLET_PATH = "/oauth/authorize";
    @Reference
    private SlingRepository repository;
    @Reference
    private OAuth2ResourceServer oAuth2ResourceServer;

    public OAuth2AuthorizationEndpointServlet() {
        this.logger = LoggerFactory.getLogger(this.getClass());
    }

    /*
     * WARNING - Removed try catching itself - possible behaviour change.
     */
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        OAuthAuthzRequest oauthRequest = null;
        Session oauthServiceSession = null;
        try {
            oauthRequest = new OAuthAuthzRequest(request);
            oauthServiceSession = this.repository.loginService(null, null);
            this.validateScope(request, oauthRequest);
            OAuth2Helper.validateAuthorizationEndpointInput(oauthServiceSession, oauthRequest.getClientId(), oauthRequest.getRedirectURI());
            String consentScreenURI = this.getConsentScreenURI(request, oauthRequest);
            response.sendRedirect(consentScreenURI);
        }
        catch (OAuthSystemException e) {
            OAuth2Helper.handleOAuthSystemException(e, response);
        }
        catch (OAuthProblemException e) {
            this.logger.error("doGet: OAuth Problem Exception in the Authorization Endpoint", (Throwable)e);
            try {
                String redirectUri = e.getRedirectUri();
                if (redirectUri == null) {
                    response.sendError(e.getResponseStatus(), e.getError());
                } else {
                    OAuthResponse resp = OAuthASResponse.errorResponse((int)302).error(e).location(e.getRedirectUri()).buildQueryMessage();
                    response.sendRedirect(resp.getLocationUri());
                }
            }
            catch (OAuthSystemException e1) {
                OAuth2Helper.handleOAuthSystemException(e1, response);
            }
        }
        catch (RepositoryException e) {
            OAuth2Helper.handleOAuthSystemException(new OAuthSystemException("failed while accessing repository"), response);
        }
        finally {
            if (oauthServiceSession != null) {
                oauthServiceSession.logout();
            }
        }
    }

    private void validateScope(HttpServletRequest request, OAuthAuthzRequest oAuthAuthzRequest) throws OAuthProblemException, OAuthSystemException {
        boolean invalidScope = false;
        String scopesParameter = request.getParameter("scope");
        if (OAuthUtils.isEmpty((String)scopesParameter)) {
            throw OAuthUtils.handleMissingParameters(Collections.singleton("scope"));
        }
        if (scopesParameter.contains(",")) {
            invalidScope = true;
        }
        if (invalidScope) {
            this.logger.info("the provided scope is not valid");
            OAuthProblemException oAuthProblemException = OAuthProblemException.error((String)"invalid_scope", (String)"Invalid scope");
            oAuthProblemException.responseStatus(400);
            throw oAuthProblemException;
        }
        OAuth2Helper.validateScopes(this.oAuth2ResourceServer, oAuthAuthzRequest.getScopes(), false);
    }

    private String getConsentScreenURI(HttpServletRequest request, OAuthAuthzRequest oauthRequest) {
        StringBuilder url = new StringBuilder("/libs/granite/oauth/content/authorization.html");
        url.append("?").append("client_id").append("=").append(oauthRequest.getClientId());
        url.append("&").append("scope").append("=").append(OAuth2Helper.getScopes(oauthRequest.getScopes()));
        url.append("&").append("redirect_uri").append("=").append(oauthRequest.getRedirectURI().replace("://", ":__"));
        String state = oauthRequest.getState();
        if (state != null && state.length() > 0) {
            url.append("&").append("state").append("=").append(state);
        }
        return url.toString();
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindOAuth2ResourceServer(OAuth2ResourceServer oAuth2ResourceServer) {
        this.oAuth2ResourceServer = oAuth2ResourceServer;
    }

    protected void unbindOAuth2ResourceServer(OAuth2ResourceServer oAuth2ResourceServer) {
        if (this.oAuth2ResourceServer == oAuth2ResourceServer) {
            this.oAuth2ResourceServer = null;
        }
    }
}