Java tutorial
/* * Licensed to Apereo under one or more contributor license * agreements. See the NOTICE file distributed with this work * for additional information regarding copyright ownership. * Apereo licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a * copy of the License at the following location: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.jasig.cas.support.oauth.web; import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.lang3.StringUtils; import org.apache.http.HttpStatus; import org.jasig.cas.support.oauth.CentralOAuthService; import org.jasig.cas.support.oauth.InvalidParameterException; import org.jasig.cas.support.oauth.OAuthConstants; import org.jasig.cas.support.oauth.OAuthUtils; import org.jasig.cas.support.oauth.token.AccessToken; import org.jasig.cas.support.oauth.token.InvalidTokenException; import org.jasig.cas.support.oauth.token.RefreshToken; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.AbstractController; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.HashMap; import java.util.Map; import java.util.concurrent.TimeUnit; /** * This controller handles requests for grant type refresh token, * returning an access token which is the CAS service ticket according * to the service and refresh token (granting ticket) given. * * @author Michael Haselton * @since 4.1.0 */ public final class OAuth20TokenRefreshTokenController extends AbstractController { private static final Logger LOGGER = LoggerFactory.getLogger(OAuth20TokenRefreshTokenController.class); private final CentralOAuthService centralOAuthService; private final long timeout; /** * Instantiates a new o auth20 grant type refresh token controller. * * @param centralOAuthService the central oauth service * @param timeout the timeout */ public OAuth20TokenRefreshTokenController(final CentralOAuthService centralOAuthService, final long timeout) { this.centralOAuthService = centralOAuthService; this.timeout = timeout; } @Override protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception { final String refreshTokenId = request.getParameter(OAuthConstants.REFRESH_TOKEN); LOGGER.debug("{} : {}", OAuthConstants.REFRESH_TOKEN, refreshTokenId); final String clientId = request.getParameter(OAuthConstants.CLIENT_ID); LOGGER.debug("{} : {}", OAuthConstants.CLIENT_ID, clientId); final String clientSecret = request.getParameter(OAuthConstants.CLIENT_SECRET); LOGGER.debug("{} : {}", OAuthConstants.CLIENT_SECRET, "*********"); final String grantType = request.getParameter(OAuthConstants.GRANT_TYPE); LOGGER.debug("{} : {}", OAuthConstants.GRANT_TYPE, grantType); try { verifyRequest(refreshTokenId, clientId, clientSecret, grantType); } catch (final InvalidParameterException e) { return OAuthUtils.writeJsonError(response, OAuthConstants.INVALID_REQUEST, e.getMessage(), HttpStatus.SC_BAD_REQUEST); } final RefreshToken refreshToken; try { refreshToken = centralOAuthService.getToken(refreshTokenId, RefreshToken.class); } catch (final InvalidTokenException e) { LOGGER.error("Invalid {} : {}", OAuthConstants.REFRESH_TOKEN, refreshTokenId); return OAuthUtils.writeJsonError(response, OAuthConstants.INVALID_REQUEST, OAuthConstants.INVALID_REFRESH_TOKEN_DESCRIPTION, HttpStatus.SC_BAD_REQUEST); } final AccessToken accessToken = centralOAuthService.grantOfflineAccessToken(refreshToken); final Map<String, Object> map = new HashMap<>(); map.put(OAuthConstants.ACCESS_TOKEN, accessToken.getId()); map.put(OAuthConstants.EXPIRES_IN, (int) (timeout - TimeUnit.MILLISECONDS .toSeconds(System.currentTimeMillis() - accessToken.getTicket().getCreationTime()))); map.put(OAuthConstants.TOKEN_TYPE, OAuthConstants.BEARER_TOKEN); final ObjectMapper mapper = new ObjectMapper(); final String result = mapper.writeValueAsString(map); LOGGER.debug("result : {}", result); response.setContentType("application/json"); return OAuthUtils.writeText(response, result, HttpStatus.SC_OK); } /** * Verify the request by reviewing the values of client id, client secret, refresh token, etc. * * @param refreshTokenId the refresh token id * @param clientId the client id * @param clientSecret the client secret * @param grantType the grant type * @throws InvalidParameterException with the name of the invalid parameter */ private void verifyRequest(final String refreshTokenId, final String clientId, final String clientSecret, final String grantType) throws InvalidParameterException { // refreshToken is required if (StringUtils.isBlank(refreshTokenId)) { LOGGER.error("Missing {}", OAuthConstants.REFRESH_TOKEN); throw new InvalidParameterException(OAuthConstants.REFRESH_TOKEN); } // clientId is required if (StringUtils.isBlank(clientId)) { LOGGER.error("Missing {}", OAuthConstants.CLIENT_ID); throw new InvalidParameterException(OAuthConstants.CLIENT_ID); } // clientSecret is required if (StringUtils.isBlank(clientSecret)) { LOGGER.error("Missing {}", OAuthConstants.CLIENT_SECRET); throw new InvalidParameterException(OAuthConstants.CLIENT_SECRET); } // grantType is required if (StringUtils.isBlank(grantType)) { LOGGER.error("Missing {}", OAuthConstants.GRANT_TYPE); throw new InvalidParameterException(OAuthConstants.GRANT_TYPE); } if (!grantType.equalsIgnoreCase(OAuthConstants.REFRESH_TOKEN)) { LOGGER.error("Invalid {} : {}", OAuthConstants.GRANT_TYPE, grantType); throw new InvalidParameterException(OAuthConstants.GRANT_TYPE); } } }