Package com.avoka.tm.security

Class OAuth2Authenticator

  • public class OAuth2Authenticator
extends Object

    Provides an oAuth2 authenticator client that can be used by a transact security Manager to authenticate against an oAuth2 provider like Google.

    Note this class performs standard oAuth2 authentication. It does NOT get the user profile from the authentication provider.

    Examples

    Please find the OAuth2Authenticator examples below.

    Create OAuth2Authenticator instance

    This Groovy example shows how to create OAuth2Authenticator instance with request.

     import com.avoka.tm.security.*
 import com.avoka.tm.test.*
 import com.avoka.tm.vo.*


 String authUri = "https://sample.com/oauth2/v1/authorize"
 String clientId = "clientId"
 String clientSecret = "clientSecret"
 String redirectUri = "secure/account/home.htm"
 String scope = "openid email profile groups"
 String tokenUrl = "https://sample.com/oauth2/v1/token"
 String testParamName = "testParamName"
 String testParamValue = "testParamValue"

 MockRequest request = new MockRequest()
 request.setParameter("code", "test")

 new OAuth2Authenticator(request)
              .setAuthUri(authUri)
              .setClientId(clientId)
              .setClientSecret(clientSecret)
              .setRedirectUri(redirectUri)
              .setScope(scope)
              .setExtraParamName(testParamName)
              .setExtraParamValue(testParamValue)
              .setTokenUrl(tokenUrl)

    Get OAuth2Authenticator Access Token and Access Token Response Json

    This Groovy example shows how to get Access Token and get Access Token Response Json.

     import com.avoka.tm.security.*
 import com.avoka.tm.test.*
 import com.avoka.tm.vo.*


 String authUri = "https://sample.com/oauth2/v1/authorize"
 String clientId = "clientId"
 String clientSecret = "clientSecret"
 String redirectUri = "secure/account/home.htm"
 String scope = "openid email profile groups"
 String tokenUrl = "https://sample.com/oauth2/v1/token"
 String testParamName = "testParamName"
 String testParamValue = "testParamValue"

 MockRequest request = new MockRequest()
 request.setParameter("code", "test")

 // Returns the Access Token. Will redirect to the OAuthLoginPageURL if the requestCode is not available
 String accessToken = new OAuth2Authenticator(request)
                                  .setAuthUri(authUri)
                                  .setClientId(clientId)
                                  .setClientSecret(clientSecret)
                                  .setRedirectUri(redirectUri)
                                  .setScope(scope)
                                  .setExtraParamName(testParamName)
                                  .setExtraParamValue(testParamValue)
                                  .setTokenUrl(tokenUrl)
                                  .getAccessToken()

 // Returns the Access Token. Will redirect to the OAuthLoginPageURLEncoded if the requestCode is not available
 String accessTokenEncoded = new OAuth2Authenticator(request)
                                          .setAuthUri(authUri)
                                          .setClientId(clientId)
                                          .setClientSecret(clientSecret)
                                          .setRedirectUri(redirectUri)
                                          .setScope(scope)
                                          .setExtraParamName(testParamName)
                                          .setExtraParamValue(testParamValue)
                                          .setTokenUrl(tokenUrl)
                                          .getAccessTokenEncoded()

 // Returns the JSON response for the Access Token request. Will redirect to the OAuthLoginPageURL if the requestCode is not available
 String accessTokenResponseJson = new OAuth2Authenticator(request)
                                              .setAuthUri(authUri)
                                              .setClientId(clientId)
                                              .setClientSecret(clientSecret)
                                              .setRedirectUri(redirectUri)
                                              .setScope(scope)
                                              .setExtraParamName(testParamName)
                                              .setExtraParamValue(testParamValue)
                                              .setTokenUrl(tokenUrl)
                                              .getAccessTokenResponseJson()
    Since:
    21.11.0

    • Field Detail

      • PARAMETER_AUTH_URI

        public static final String PARAMETER_AUTH_URI
        The Security Manager Parameter Name for Auth Uri
        See Also:
        Constant Field Values

      • PARAMETER_CLIENT_ID

        public static final String PARAMETER_CLIENT_ID
        The Security Manager Parameter Name for Client Id
        See Also:
        Constant Field Values

      • PARAMETER_CLIENT_SECRET

        public static final String PARAMETER_CLIENT_SECRET
        The Security Manager Parameter Name for Client Secret
        See Also:
        Constant Field Values

      • PARAMETER_REDIRECT_URI

        public static final String PARAMETER_REDIRECT_URI
        The Security Manager Parameter Name for Redirect Uri
        See Also:
        Constant Field Values

      • PARAMETER_SCOPE

        public static final String PARAMETER_SCOPE
        The Security Manager Parameter Name for Scope
        See Also:
        Constant Field Values

      • PARAMETER_TOKEN_URI

        public static final String PARAMETER_TOKEN_URI
        The Security Manager Parameter Name for Token Uri
        See Also:
        Constant Field Values

      • PARAMETER_USER_INFO_URI

        public static final String PARAMETER_USER_INFO_URI
        The Security Manager Parameter Name for User info Uri
        See Also:
        Constant Field Values

      • PARAMETER_VALIDATE_URI

        public static final String PARAMETER_VALIDATE_URI
        The Security Manager Parameter Name for Validate Uri
        See Also:
        Constant Field Values

    • Constructor Detail

      • OAuth2Authenticator

        public OAuth2Authenticator​(HttpServletRequest request)
        Create an OAuth2Authenticator from the given request.
        Parameters:
        request - - HttpServletRequest that contains the SAML Token (required)

      • OAuth2Authenticator

        public OAuth2Authenticator​(HttpServletRequest request,
                           SecurityMgr securityMgr)
        Create an OAuth2Authenticator from the given request, securityMgr.
        Parameters:
        request - - HttpServletRequest that is calling the OAuth2Authenticator (required)
        securityMgr - - The SecurityMgr that is using the OAuth2Authenticator (required)

    • Method Detail

      • setAuthUri

        public OAuth2Authenticator setAuthUri​(String authUri)
        Sets the authUri String property
        Parameters:
        authUri - the String oAuth2 auth uri
        Returns:
        the OAuth2Authenticator

      • setClientId

        public OAuth2Authenticator setClientId​(String clientId)
        Sets the clientId String property
        Parameters:
        clientId - the String oAuth2 client id
        Returns:
        the OAuth2Authenticator

      • setClientSecret

        public OAuth2Authenticator setClientSecret​(String clientSecret)
        Sets the clientSecret String property
        Parameters:
        clientSecret - the String oAuth client secret
        Returns:
        the OAuth2Authenticator

      • setExtraParamName

        public OAuth2Authenticator setExtraParamName​(String paramName)
        Sets the extra param name which will be appended to the redirect URL
        Parameters:
        paramName - the param name
        Returns:
        the OAuth2Authenticator

      • setExtraParamValue

        public OAuth2Authenticator setExtraParamValue​(String paramValue)
        Sets the param value, the extra param value which will be appended to the redirect URL
        Parameters:
        paramValue - the param value
        Returns:
        the OAuth2Authenticator

      • setRedirectUri

        public OAuth2Authenticator setRedirectUri​(String redirectUri)
        Sets the redirectUri String property
        Parameters:
        redirectUri - the String uri to redirect back to transaction manager secure page: /secure/account/home.htm
        Returns:
        the OAuth2Authenticator

      • setScope

        public OAuth2Authenticator setScope​(String scope)
        Sets the scope String property
        Parameters:
        scope - the String oAuth scope property
        Returns:
        the OAuth2Authenticator

      • setTokenUrl

        public OAuth2Authenticator setTokenUrl​(String tokenUri)
        Sets the tokenUri String property
        Parameters:
        tokenUri - the String uri for requesting the oAuth token
        Returns:
        the OAuth2Authenticator

      • setUserInfoUri

        public OAuth2Authenticator setUserInfoUri​(String userInfoUri)
        Sets the userInfoUri String property
        Parameters:
        userInfoUri - the String uri for getting the User Info from the Provider
        Returns:
        the OAuth2Authenticator

      • setValidateUri

        public OAuth2Authenticator setValidateUri​(String validateUri)
        Sets the validateUri String property
        Parameters:
        validateUri - the String uri for validating the bearer token
        Returns:
        the OAuth2Authenticator

      • getExtraParamName

        public String getExtraParamName()
        Get the extra param name
        Returns:
        the extra param name.

      • getExtraParamValue

        public String getExtraParamValue()
        Get the extra param value
        Returns:
        the extra param value.

      • getAccessToken

        public String getAccessToken()
        Performs the oAuth2 authentication. First redirects the browser to the oAuth2 providers auth url. Handles the return callback the gets the oAuth2 Access Token
        Returns:
        the String oAuth2 Access Token that is used to call the user profile information.

      • getAccessTokenEncoded

        public String getAccessTokenEncoded()
        Performs the oAuth2 authentication. First redirects the browser to the oAuth2 providers auth encoded url. Handles the return callback the gets the oAuth2 Access Token
        Returns:
        the String oAuth2 Access Token that is used to call the user profile information.

      • getAccessTokenResponseJson

        public String getAccessTokenResponseJson()
        Returns the JSON response for the Access Token request.
        Returns:
        the String representation of oAuth2 Access Token response.

      • getCheckAndValidateBearerToken

        public Map<String,​Object> getCheckAndValidateBearerToken()
                                                        throws org.springframework.security.authentication.AuthenticationServiceException
        Check and validate the bearer token.
        Returns:
        the validation details map, null if no token
        Throws:
        org.springframework.security.authentication.AuthenticationServiceException - if an error occurs during executing request

      • getUserProfile

        public Map<String,​Object> getUserProfile​(String accessToken)
                                        throws org.springframework.security.authentication.AuthenticationServiceException
        Get User profile
        Parameters:
        accessToken - (required)
        Returns:
        the User Profile details map
        Throws:
        org.springframework.security.authentication.AuthenticationServiceException - if an error occurs during executing request

      • hasRequestCode

        public boolean hasRequestCode()
        Returns true if the request has a "code" request parameter. When the SSO is initiated the request wont have a "code" request parameter. The request will be redirected to the oAuth2 login server where the user will authenticate. The oAuthLogin server will then redirect the browser back to the portal/secure/account/home.htm page with the code as a parameter like '/secure/account/home.htm?code=AKLDSFJASLKDJF123213SASDFLKJ234WERSDFTST'
        Returns:
        true if the request has a "code" request parameter.