Package com.avoka.tm.security
Class OAuth2Authenticator
java.lang.Object
com.avoka.tm.security.OAuth2Authenticator
Provides an oAuth2 authenticator client that can be used by a transact security Manager to authenticate against an oAuth2 provider like Google.
Note this class performs standard oAuth2 authentication. It does NOT get the user profile from the authentication provider.Examples
Please find the OAuth2Authenticator examples below.
Create OAuth2Authenticator instance
This Groovy example shows how to create OAuth2Authenticator instance with request.
import com.avoka.tm.security.* import com.avoka.tm.test.* import com.avoka.tm.vo.* String authUri = "https://sample.com/oauth2/v1/authorize" String clientId = "clientId" String clientSecret = "clientSecret" String redirectUri = "secure/account/home.htm" String scope = "openid email profile groups" String tokenUrl = "https://sample.com/oauth2/v1/token" String testParamName = "testParamName" String testParamValue = "testParamValue" MockRequest request = new MockRequest() request.setParameter("code", "test") new OAuth2Authenticator(request) .setAuthUri(authUri) .setClientId(clientId) .setClientSecret(clientSecret) .setRedirectUri(redirectUri) .setScope(scope) .setExtraParamName(testParamName) .setExtraParamValue(testParamValue) .setTokenUrl(tokenUrl)
Get OAuth2Authenticator Access Token and Access Token Response Json
This Groovy example shows how to get Access Token and get Access Token Response Json.
import com.avoka.tm.security.* import com.avoka.tm.test.* import com.avoka.tm.vo.* String authUri = "https://sample.com/oauth2/v1/authorize" String clientId = "clientId" String clientSecret = "clientSecret" String redirectUri = "secure/account/home.htm" String scope = "openid email profile groups" String tokenUrl = "https://sample.com/oauth2/v1/token" String testParamName = "testParamName" String testParamValue = "testParamValue" MockRequest request = new MockRequest() request.setParameter("code", "test") // Returns the Access Token. Will redirect to the OAuthLoginPageURL if the requestCode is not available String accessToken = new OAuth2Authenticator(request) .setAuthUri(authUri) .setClientId(clientId) .setClientSecret(clientSecret) .setRedirectUri(redirectUri) .setScope(scope) .setExtraParamName(testParamName) .setExtraParamValue(testParamValue) .setTokenUrl(tokenUrl) .getAccessToken() // Returns the Access Token. Will redirect to the OAuthLoginPageURLEncoded if the requestCode is not available String accessTokenEncoded = new OAuth2Authenticator(request) .setAuthUri(authUri) .setClientId(clientId) .setClientSecret(clientSecret) .setRedirectUri(redirectUri) .setScope(scope) .setExtraParamName(testParamName) .setExtraParamValue(testParamValue) .setTokenUrl(tokenUrl) .getAccessTokenEncoded() // Returns the JSON response for the Access Token request. Will redirect to the OAuthLoginPageURL if the requestCode is not available String accessTokenResponseJson = new OAuth2Authenticator(request) .setAuthUri(authUri) .setClientId(clientId) .setClientSecret(clientSecret) .setRedirectUri(redirectUri) .setScope(scope) .setExtraParamName(testParamName) .setExtraParamValue(testParamValue) .setTokenUrl(tokenUrl) .getAccessTokenResponseJson()
- Since:
- 21.11.0
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The Security Manager Parameter Name for Auth Uristatic final String
The Security Manager Parameter Name for Client Idstatic final String
The Security Manager Parameter Name for Client Secretstatic final String
The Security Manager Parameter Name for Redirect Uristatic final String
The Security Manager Parameter Name for Scopestatic final String
The Security Manager Parameter Name for Token Uristatic final String
The Security Manager Parameter Name for User info Uristatic final String
The Security Manager Parameter Name for Validate Uri -
Constructor Summary
ConstructorDescriptionOAuth2Authenticator
(jakarta.servlet.http.HttpServletRequest request) Create an OAuth2Authenticator from the given request.OAuth2Authenticator
(jakarta.servlet.http.HttpServletRequest request, SecurityMgr securityMgr) Create an OAuth2Authenticator from the given request, securityMgr. -
Method Summary
Modifier and TypeMethodDescriptionPerforms the oAuth2 authentication.Performs the oAuth2 authentication.Returns the JSON response for the Access Token request.Check and validate the bearer token.Get the extra param nameGet the extra param valuegetUserProfile
(String accessToken) Get User profileboolean
Returns true if the request has a "code" request parameter.setAuthUri
(String authUri) Sets the authUri String propertysetClientId
(String clientId) Sets the clientId String propertysetClientSecret
(String clientSecret) Sets the clientSecret String propertysetExtraParamName
(String paramName) Sets the extra param name which will be appended to the redirect URLsetExtraParamValue
(String paramValue) Sets the param value, the extra param value which will be appended to the redirect URLsetRedirectUri
(String redirectUri) Sets the redirectUri String propertySets the scope String propertysetTokenUrl
(String tokenUri) Sets the tokenUri String propertysetUserInfoUri
(String userInfoUri) Sets the userInfoUri String propertysetValidateUri
(String validateUri) Sets the validateUri String property
-
Field Details
-
PARAMETER_AUTH_URI
The Security Manager Parameter Name for Auth Uri- See Also:
-
PARAMETER_CLIENT_ID
The Security Manager Parameter Name for Client Id- See Also:
-
PARAMETER_CLIENT_SECRET
The Security Manager Parameter Name for Client Secret- See Also:
-
PARAMETER_REDIRECT_URI
The Security Manager Parameter Name for Redirect Uri- See Also:
-
PARAMETER_SCOPE
The Security Manager Parameter Name for Scope- See Also:
-
PARAMETER_TOKEN_URI
The Security Manager Parameter Name for Token Uri- See Also:
-
PARAMETER_USER_INFO_URI
The Security Manager Parameter Name for User info Uri- See Also:
-
PARAMETER_VALIDATE_URI
The Security Manager Parameter Name for Validate Uri- See Also:
-
-
Constructor Details
-
OAuth2Authenticator
public OAuth2Authenticator(jakarta.servlet.http.HttpServletRequest request) Create an OAuth2Authenticator from the given request.- Parameters:
request
- - HttpServletRequest that contains the SAML Token (required)
-
OAuth2Authenticator
public OAuth2Authenticator(jakarta.servlet.http.HttpServletRequest request, SecurityMgr securityMgr) Create an OAuth2Authenticator from the given request, securityMgr.- Parameters:
request
- - HttpServletRequest that is calling the OAuth2Authenticator (required)securityMgr
- - The SecurityMgr that is using the OAuth2Authenticator (required)
-
-
Method Details
-
setAuthUri
Sets the authUri String property- Parameters:
authUri
- the String oAuth2 auth uri- Returns:
- the OAuth2Authenticator
-
setClientId
Sets the clientId String property- Parameters:
clientId
- the String oAuth2 client id- Returns:
- the OAuth2Authenticator
-
setClientSecret
Sets the clientSecret String property- Parameters:
clientSecret
- the String oAuth client secret- Returns:
- the OAuth2Authenticator
-
setExtraParamName
Sets the extra param name which will be appended to the redirect URL- Parameters:
paramName
- the param name- Returns:
- the OAuth2Authenticator
-
setExtraParamValue
Sets the param value, the extra param value which will be appended to the redirect URL- Parameters:
paramValue
- the param value- Returns:
- the OAuth2Authenticator
-
setRedirectUri
Sets the redirectUri String property- Parameters:
redirectUri
- the String uri to redirect back to transaction manager secure page: /secure/account/home.htm- Returns:
- the OAuth2Authenticator
-
setScope
Sets the scope String property- Parameters:
scope
- the String oAuth scope property- Returns:
- the OAuth2Authenticator
-
setTokenUrl
Sets the tokenUri String property- Parameters:
tokenUri
- the String uri for requesting the oAuth token- Returns:
- the OAuth2Authenticator
-
setUserInfoUri
Sets the userInfoUri String property- Parameters:
userInfoUri
- the String uri for getting the User Info from the Provider- Returns:
- the OAuth2Authenticator
-
setValidateUri
Sets the validateUri String property- Parameters:
validateUri
- the String uri for validating the bearer token- Returns:
- the OAuth2Authenticator
-
getExtraParamName
Get the extra param name- Returns:
- the extra param name.
-
getExtraParamValue
Get the extra param value- Returns:
- the extra param value.
-
getAccessToken
Performs the oAuth2 authentication. First redirects the browser to the oAuth2 providers auth url. Handles the return callback the gets the oAuth2 Access Token- Returns:
- the String oAuth2 Access Token that is used to call the user profile information.
-
getAccessTokenEncoded
Performs the oAuth2 authentication. First redirects the browser to the oAuth2 providers auth encoded url. Handles the return callback the gets the oAuth2 Access Token- Returns:
- the String oAuth2 Access Token that is used to call the user profile information.
-
getAccessTokenResponseJson
Returns the JSON response for the Access Token request.- Returns:
- the String representation of oAuth2 Access Token response.
-
getCheckAndValidateBearerToken
public Map<String,Object> getCheckAndValidateBearerToken() throws org.springframework.security.authentication.AuthenticationServiceExceptionCheck and validate the bearer token.- Returns:
- the validation details map, null if no token
- Throws:
org.springframework.security.authentication.AuthenticationServiceException
- if an error occurs during executing request
-
getUserProfile
public Map<String,Object> getUserProfile(String accessToken) throws org.springframework.security.authentication.AuthenticationServiceException Get User profile- Parameters:
accessToken
- (required)- Returns:
- the User Profile details map
- Throws:
org.springframework.security.authentication.AuthenticationServiceException
- if an error occurs during executing request
-
hasRequestCode
public boolean hasRequestCode()Returns true if the request has a "code" request parameter. When the SSO is initiated the request wont have a "code" request parameter. The request will be redirected to the oAuth2 login server where the user will authenticate. The oAuthLogin server will then redirect the browser back to the portal/secure/account/home.htm page with the code as a parameter like '/secure/account/home.htm?code=AKLDSFJASLKDJF123213SASDFLKJ234WERSDFTST'- Returns:
- true if the request has a "code" request parameter.
-