org.apigw.authserver.web.controller.TrustedController.java Source code

Java tutorial

Introduction

Here is the source code for org.apigw.authserver.web.controller.TrustedController.java

Source

/**
 *   Copyright 2013 Stockholm County Council
 *
 *   This file is part of APIGW
 *
 *   APIGW is free software; you can redistribute it and/or modify
 *   it under the terms of version 2.1 of the GNU Lesser General Public
 *   License as published by the Free Software Foundation.
 *
 *   APIGW is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public
 *   License along with APIGW; if not, write to the
 *   Free Software Foundation, Inc., 59 Temple Place, Suite 330,
 *   Boston, MA 02111-1307  USA
 *
 */
package org.apigw.authserver.web.controller;

import org.apache.commons.lang.StringUtils;
import org.apigw.authserver.svc.TokenServices;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

/**
 * Services used for trusted client purposes.
 * Must ONLY be exposed to trusted clients holding trusted 
 * client role or higher.  
 * @author Christian Hilmersson
 *
 */
@Controller
@RequestMapping(value = "/trusted")
public class TrustedController {

    private static final Logger log = LoggerFactory.getLogger(TrustedController.class);

    private TokenServices tokenServices;

    /**
     * Lets trusted clients create access tokens for themselves.
     * @param scope The requested scope
     * @param citizen The resident identification number of the citizen that is the subject of this access token
     * @param legalGuardian The resident identification number of the legal guardian that requested this access token. 
     * If this access token is not requested by a legal guardian this field shall be null or an empty string.
     * @return
     */
    @RequestMapping(value = "/oauth/token", method = RequestMethod.POST)
    public @ResponseBody OAuth2AccessToken createAccessToken(@RequestParam String scope,
            @RequestParam String citizen, @RequestParam(required = false) String legalGuardian) {
        log.debug("/trusted/oauth/token createAccessToken(scope:{}, citizen:{}, legalGuardian:{})", scope,
                "NOT LOGGED", "NOT LOGGED");

        UserDetails user = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        if (user == null) {
            throw new AuthenticationCredentialsNotFoundException("Not authenticated!");
        }
        String clientId = user.getUsername();
        log.debug("Trusted client with with clientId:{} creating access token creation with scope: {}", clientId,
                scope);

        List<String> scopeList = new ArrayList<String>();
        if (scope != null) {
            String[] scopeArray = scope.trim().split(",");
            scopeList = Arrays.asList(scopeArray);
        }
        if (StringUtils.isBlank(legalGuardian) || citizen.equals(legalGuardian)) {
            return tokenServices.createAccessToken(citizen, clientId, scopeList);
        } else {
            return tokenServices.createAccessToken(legalGuardian, citizen, clientId, scopeList);
        }
    }

    @RequestMapping(value = "/oauth/revoke", method = RequestMethod.POST)
    public @ResponseBody void revokeToken(@RequestParam String tokenValue) {
        log.debug("/trusted/oauth/revoke revokeToken(token:{})", tokenValue);
        tokenServices.revokeToken(tokenValue);
    }

    public void setTokenServices(TokenServices tokenServices) {
        this.tokenServices = tokenServices;
    }

    @ExceptionHandler(IllegalArgumentException.class)
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    @ResponseBody
    public String handleIllegalArgument() {
        return "Resident identification numbers must match yyyymmddnnnn.";
    }

}