Class OAuth2Authenticator

java.lang.Object
com.avoka.tm.security.OAuth2Authenticator

public class OAuth2Authenticator extends Object

Provides an oAuth2 authenticator client that can be used by a transact security Manager to authenticate against an oAuth2 provider like Google.

Note this class performs standard oAuth2 authentication. It does NOT get the user profile from the authentication provider.

Examples

Please find the OAuth2Authenticator examples below.

Create OAuth2Authenticator instance

This Groovy example shows how to create OAuth2Authenticator instance with request.

 import com.avoka.tm.security.*
 import com.avoka.tm.test.*
 import com.avoka.tm.vo.*


 String authUri = "https://sample.com/oauth2/v1/authorize"
 String clientId = "clientId"
 String clientSecret = "clientSecret"
 String redirectUri = "secure/account/home.htm"
 String scope = "openid email profile groups"
 String tokenUrl = "https://sample.com/oauth2/v1/token"
 String testParamName = "testParamName"
 String testParamValue = "testParamValue"

 MockRequest request = new MockRequest()
 request.setParameter("code", "test")

 new OAuth2Authenticator(request)
              .setAuthUri(authUri)
              .setClientId(clientId)
              .setClientSecret(clientSecret)
              .setRedirectUri(redirectUri)
              .setScope(scope)
              .setExtraParamName(testParamName)
              .setExtraParamValue(testParamValue)
              .setTokenUrl(tokenUrl) 

Get OAuth2Authenticator Access Token and Access Token Response Json

This Groovy example shows how to get Access Token and get Access Token Response Json.

 import com.avoka.tm.security.*
 import com.avoka.tm.test.*
 import com.avoka.tm.vo.*


 String authUri = "https://sample.com/oauth2/v1/authorize"
 String clientId = "clientId"
 String clientSecret = "clientSecret"
 String redirectUri = "secure/account/home.htm"
 String scope = "openid email profile groups"
 String tokenUrl = "https://sample.com/oauth2/v1/token"
 String testParamName = "testParamName"
 String testParamValue = "testParamValue"

 MockRequest request = new MockRequest()
 request.setParameter("code", "test")

 // Returns the Access Token. Will redirect to the OAuthLoginPageURL if the requestCode is not available
 String accessToken = new OAuth2Authenticator(request)
                                  .setAuthUri(authUri)
                                  .setClientId(clientId)
                                  .setClientSecret(clientSecret)
                                  .setRedirectUri(redirectUri)
                                  .setScope(scope)
                                  .setExtraParamName(testParamName)
                                  .setExtraParamValue(testParamValue)
                                  .setTokenUrl(tokenUrl)
                                  .getAccessToken()

 // Returns the Access Token. Will redirect to the OAuthLoginPageURLEncoded if the requestCode is not available
 String accessTokenEncoded = new OAuth2Authenticator(request)
                                          .setAuthUri(authUri)
                                          .setClientId(clientId)
                                          .setClientSecret(clientSecret)
                                          .setRedirectUri(redirectUri)
                                          .setScope(scope)
                                          .setExtraParamName(testParamName)
                                          .setExtraParamValue(testParamValue)
                                          .setTokenUrl(tokenUrl)
                                          .getAccessTokenEncoded()

 // Returns the JSON response for the Access Token request. Will redirect to the OAuthLoginPageURL if the requestCode is not available
 String accessTokenResponseJson = new OAuth2Authenticator(request)
                                              .setAuthUri(authUri)
                                              .setClientId(clientId)
                                              .setClientSecret(clientSecret)
                                              .setRedirectUri(redirectUri)
                                              .setScope(scope)
                                              .setExtraParamName(testParamName)
                                              .setExtraParamValue(testParamValue)
                                              .setTokenUrl(tokenUrl)
                                              .getAccessTokenResponseJson()
Since:
21.11.0
  • Field Details

    • PARAMETER_AUTH_URI

      public static final String PARAMETER_AUTH_URI
      The Security Manager Parameter Name for Auth Uri
      See Also:
    • PARAMETER_CLIENT_ID

      public static final String PARAMETER_CLIENT_ID
      The Security Manager Parameter Name for Client Id
      See Also:
    • PARAMETER_CLIENT_SECRET

      public static final String PARAMETER_CLIENT_SECRET
      The Security Manager Parameter Name for Client Secret
      See Also:
    • PARAMETER_REDIRECT_URI

      public static final String PARAMETER_REDIRECT_URI
      The Security Manager Parameter Name for Redirect Uri
      See Also:
    • PARAMETER_SCOPE

      public static final String PARAMETER_SCOPE
      The Security Manager Parameter Name for Scope
      See Also:
    • PARAMETER_TOKEN_URI

      public static final String PARAMETER_TOKEN_URI
      The Security Manager Parameter Name for Token Uri
      See Also:
    • PARAMETER_USER_INFO_URI

      public static final String PARAMETER_USER_INFO_URI
      The Security Manager Parameter Name for User info Uri
      See Also:
    • PARAMETER_VALIDATE_URI

      public static final String PARAMETER_VALIDATE_URI
      The Security Manager Parameter Name for Validate Uri
      See Also:
  • Constructor Details

    • OAuth2Authenticator

      public OAuth2Authenticator(jakarta.servlet.http.HttpServletRequest request)
      Create an OAuth2Authenticator from the given request.
      Parameters:
      request - - HttpServletRequest that contains the SAML Token (required)
    • OAuth2Authenticator

      public OAuth2Authenticator(jakarta.servlet.http.HttpServletRequest request, SecurityMgr securityMgr)
      Create an OAuth2Authenticator from the given request, securityMgr.
      Parameters:
      request - - HttpServletRequest that is calling the OAuth2Authenticator (required)
      securityMgr - - The SecurityMgr that is using the OAuth2Authenticator (required)
  • Method Details

    • setAuthUri

      public OAuth2Authenticator setAuthUri(String authUri)
      Sets the authUri String property
      Parameters:
      authUri - the String oAuth2 auth uri
      Returns:
      the OAuth2Authenticator
    • setClientId

      public OAuth2Authenticator setClientId(String clientId)
      Sets the clientId String property
      Parameters:
      clientId - the String oAuth2 client id
      Returns:
      the OAuth2Authenticator
    • setClientSecret

      public OAuth2Authenticator setClientSecret(String clientSecret)
      Sets the clientSecret String property
      Parameters:
      clientSecret - the String oAuth client secret
      Returns:
      the OAuth2Authenticator
    • setExtraParamName

      public OAuth2Authenticator setExtraParamName(String paramName)
      Sets the extra param name which will be appended to the redirect URL
      Parameters:
      paramName - the param name
      Returns:
      the OAuth2Authenticator
    • setExtraParamValue

      public OAuth2Authenticator setExtraParamValue(String paramValue)
      Sets the param value, the extra param value which will be appended to the redirect URL
      Parameters:
      paramValue - the param value
      Returns:
      the OAuth2Authenticator
    • setRedirectUri

      public OAuth2Authenticator setRedirectUri(String redirectUri)
      Sets the redirectUri String property
      Parameters:
      redirectUri - the String uri to redirect back to transaction manager secure page: /secure/account/home.htm
      Returns:
      the OAuth2Authenticator
    • setScope

      public OAuth2Authenticator setScope(String scope)
      Sets the scope String property
      Parameters:
      scope - the String oAuth scope property
      Returns:
      the OAuth2Authenticator
    • setTokenUrl

      public OAuth2Authenticator setTokenUrl(String tokenUri)
      Sets the tokenUri String property
      Parameters:
      tokenUri - the String uri for requesting the oAuth token
      Returns:
      the OAuth2Authenticator
    • setUserInfoUri

      public OAuth2Authenticator setUserInfoUri(String userInfoUri)
      Sets the userInfoUri String property
      Parameters:
      userInfoUri - the String uri for getting the User Info from the Provider
      Returns:
      the OAuth2Authenticator
    • setValidateUri

      public OAuth2Authenticator setValidateUri(String validateUri)
      Sets the validateUri String property
      Parameters:
      validateUri - the String uri for validating the bearer token
      Returns:
      the OAuth2Authenticator
    • getExtraParamName

      public String getExtraParamName()
      Get the extra param name
      Returns:
      the extra param name.
    • getExtraParamValue

      public String getExtraParamValue()
      Get the extra param value
      Returns:
      the extra param value.
    • getAccessToken

      public String getAccessToken()
      Performs the oAuth2 authentication. First redirects the browser to the oAuth2 providers auth url. Handles the return callback the gets the oAuth2 Access Token
      Returns:
      the String oAuth2 Access Token that is used to call the user profile information.
    • getAccessTokenEncoded

      public String getAccessTokenEncoded()
      Performs the oAuth2 authentication. First redirects the browser to the oAuth2 providers auth encoded url. Handles the return callback the gets the oAuth2 Access Token
      Returns:
      the String oAuth2 Access Token that is used to call the user profile information.
    • getAccessTokenResponseJson

      public String getAccessTokenResponseJson()
      Returns the JSON response for the Access Token request.
      Returns:
      the String representation of oAuth2 Access Token response.
    • getCheckAndValidateBearerToken

      public Map<String,Object> getCheckAndValidateBearerToken() throws org.springframework.security.authentication.AuthenticationServiceException
      Check and validate the bearer token.
      Returns:
      the validation details map, null if no token
      Throws:
      org.springframework.security.authentication.AuthenticationServiceException - if an error occurs during executing request
    • getUserProfile

      public Map<String,Object> getUserProfile(String accessToken) throws org.springframework.security.authentication.AuthenticationServiceException
      Get User profile
      Parameters:
      accessToken - (required)
      Returns:
      the User Profile details map
      Throws:
      org.springframework.security.authentication.AuthenticationServiceException - if an error occurs during executing request
    • hasRequestCode

      public boolean hasRequestCode()
      Returns true if the request has a "code" request parameter. When the SSO is initiated the request wont have a "code" request parameter. The request will be redirected to the oAuth2 login server where the user will authenticate. The oAuthLogin server will then redirect the browser back to the portal/secure/account/home.htm page with the code as a parameter like '/secure/account/home.htm?code=AKLDSFJASLKDJF123213SASDFLKJ234WERSDFTST'
      Returns:
      true if the request has a "code" request parameter.