org.apigw.authserver.web.controller.AccessConfirmationController.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.apigw.authserver.web.controller.AccessConfirmationController.java

Introduction

Here is the source code for org.apigw.authserver.web.controller.AccessConfirmationController.java

Source

/**
 *   Copyright 2013 Stockholm County Council
 *
 *   This file is part of APIGW
 *
 *   APIGW is free software; you can redistribute it and/or modify
 *   it under the terms of version 2.1 of the GNU Lesser General Public
 *   License as published by the Free Software Foundation.
 *
 *   APIGW is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public
 *   License along with APIGW; if not, write to the
 *   Free Software Foundation, Inc., 59 Temple Place, Suite 330,
 *   Boston, MA 02111-1307  USA
 *
 */

package org.apigw.authserver.web.controller;

import java.util.ArrayList;
import java.util.List;
import java.util.TreeMap;

import org.apigw.authserver.svc.PermissionServices;
import org.apigw.authserver.types.domain.CertifiedClient;
import org.apigw.authserver.types.domain.Permission;
import org.apigw.commons.logging.CitizenLoggingUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.servlet.ModelAndView;

/**
 * Controller for retrieving the model for and displaying the confirmation page
 * for access to a protected resource.
 *
 * @author Ryan Heaton
 */
@Controller
@SessionAttributes(types = AuthorizationRequest.class)
public class AccessConfirmationController {

    private static final Logger log = LoggerFactory.getLogger(AccessConfirmationController.class);
    @Autowired
    private ClientDetailsService clientDetailsService;
    @Autowired
    private PermissionServices permissionServices;
    @Autowired
    private CitizenLoggingUtil citizenLoggingUtil;

    @RequestMapping("/oauth/confirm_access")
    public ModelAndView getAccessConfirmation(
            @ModelAttribute("authorizationRequest") AuthorizationRequest clientAuth) throws Exception {
        log.debug("getAccessConfirmation");
        CertifiedClient client = (CertifiedClient) clientDetailsService
                .loadClientByClientId(clientAuth.getClientId());
        TreeMap<String, Object> model = new TreeMap<String, Object>();
        UserDetails user = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        log.debug("Logged in user is: {}", citizenLoggingUtil.getLogsafeSSN(user.getUsername()));
        for (GrantedAuthority role : user.getAuthorities()) {
            log.debug("---> User has role: {}", role.getAuthority());
        }
        if (clientAuth.getClientId() != null) {
            log.debug("The request holds the following client id:{}", clientAuth.getClientId());
        } else {
            log.warn("No client id on the request");
        }
        if (clientAuth.getResourceIds() != null) {
            log.debug("The following resourceIds were requested:");
            for (String resourceId : clientAuth.getResourceIds()) {
                log.debug("Resource id:{}", resourceId);
            }
        } else {
            log.warn("No resource ids on the request");
        }

        int validity = 0;

        List<String> scopes = new ArrayList<String>();
        if (clientAuth.getScope() != null) {
            log.debug("The following scopes were requested:");
            for (String permissionName : clientAuth.getScope()) {
                log.debug("Scope:{}", permissionName);
                Permission permission = permissionServices.getPermissionByName(permissionName);
                if (permission != null) {
                    scopes.add(permission.getDescription());

                    if (validity == 0 || permission.getAccessTokenValiditySeconds() < validity) {
                        validity = permission.getAccessTokenValiditySeconds();
                    }

                } else {
                    log.warn("Unknown permission provided for client {}: {}", clientAuth.getClientId(),
                            permissionName);
                }
            }
        } else {
            log.warn("The request holds no scope parameter");
        }

        String clientName = client.getName();

        model.put("hsaId", clientAuth.getClientId());
        model.put("auth_request", clientAuth);
        model.put("scopes", scopes);
        model.put("client", client);
        model.put("clientName", clientName);
        model.put("organization", client.getOrganization());
        log.debug("returning from getAccessConfirmation");
        return new ModelAndView(".access_confirmation", model);
    }

}