Java tutorial
/** * Copyright 2013 Stockholm County Council * * This file is part of APIGW * * APIGW is free software; you can redistribute it and/or modify * it under the terms of version 2.1 of the GNU Lesser General Public * License as published by the Free Software Foundation. * * APIGW is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with APIGW; if not, write to the * Free Software Foundation, Inc., 59 Temple Place, Suite 330, * Boston, MA 02111-1307 USA * */ package org.apigw.authserver.web.controller; import org.apache.commons.lang.StringUtils; import org.apigw.authserver.svc.TokenServices; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.*; import java.util.ArrayList; import java.util.Arrays; import java.util.List; /** * Services used for trusted client purposes. * Must ONLY be exposed to trusted clients holding trusted * client role or higher. * @author Christian Hilmersson * */ @Controller @RequestMapping(value = "/trusted") public class TrustedController { private static final Logger log = LoggerFactory.getLogger(TrustedController.class); private TokenServices tokenServices; /** * Lets trusted clients create access tokens for themselves. * @param scope The requested scope * @param citizen The resident identification number of the citizen that is the subject of this access token * @param legalGuardian The resident identification number of the legal guardian that requested this access token. * If this access token is not requested by a legal guardian this field shall be null or an empty string. * @return */ @RequestMapping(value = "/oauth/token", method = RequestMethod.POST) public @ResponseBody OAuth2AccessToken createAccessToken(@RequestParam String scope, @RequestParam String citizen, @RequestParam(required = false) String legalGuardian) { log.debug("/trusted/oauth/token createAccessToken(scope:{}, citizen:{}, legalGuardian:{})", scope, "NOT LOGGED", "NOT LOGGED"); UserDetails user = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (user == null) { throw new AuthenticationCredentialsNotFoundException("Not authenticated!"); } String clientId = user.getUsername(); log.debug("Trusted client with with clientId:{} creating access token creation with scope: {}", clientId, scope); List<String> scopeList = new ArrayList<String>(); if (scope != null) { String[] scopeArray = scope.trim().split(","); scopeList = Arrays.asList(scopeArray); } if (StringUtils.isBlank(legalGuardian) || citizen.equals(legalGuardian)) { return tokenServices.createAccessToken(citizen, clientId, scopeList); } else { return tokenServices.createAccessToken(legalGuardian, citizen, clientId, scopeList); } } @RequestMapping(value = "/oauth/revoke", method = RequestMethod.POST) public @ResponseBody void revokeToken(@RequestParam String tokenValue) { log.debug("/trusted/oauth/revoke revokeToken(token:{})", tokenValue); tokenServices.revokeToken(tokenValue); } public void setTokenServices(TokenServices tokenServices) { this.tokenServices = tokenServices; } @ExceptionHandler(IllegalArgumentException.class) @ResponseStatus(HttpStatus.BAD_REQUEST) @ResponseBody public String handleIllegalArgument() { return "Resident identification numbers must match yyyymmddnnnn."; } }