org.jboss.resteasy.skeleton.key.as7

Class OAuthAuthenticationServerValve

java.lang.Object

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.FormAuthenticator

org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve

All Implemented Interfaces:

MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.LifecycleListener, org.apache.catalina.Valve

public class OAuthAuthenticationServerValve
extends org.apache.catalina.authenticator.FormAuthenticator
implements org.apache.catalina.LifecycleListener

Turns a web deployment into an authentication server that follwos the OAuth 2 protocol and Skeleton Key bearer tokens. Authentication store is backed by a JBoss security domain.

Servlet FORM authentication that uses the local security domain to authenticate and for role mappings.

Supports bearer token creation and authentication. The client asking for access must be set up as a valid user within the security domain.

If no an OAuth access request, this works like normal FORM authentication and authorization.

Version:

$Revision: 1 $

Author:

Bill Burke

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	OAuthAuthenticationServerValve.AccessCode

Field Summary

Fields

Modifier and Type	Field and Description
protected ConcurrentHashMap<String,OAuthAuthenticationServerValve.AccessCode>	accessCodeMap
protected com.fasterxml.jackson.databind.ObjectWriter	accessTokenResponseWriter
protected com.fasterxml.jackson.databind.ObjectMapper	mapper
protected com.fasterxml.jackson.databind.ObjectWriter	mapWriter
protected ResteasyProviderFactory	providers
protected PrivateKey	realmPrivateKey
protected PublicKey	realmPublicKey
protected String	realmPublicKeyPem
protected ResourceMetadata	resourceMetadata
protected AuthServerConfig	skeletonKeyConfig
protected UserSessionManagement	userSessionManagement

Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator

characterEncoding, info, landingPage

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started

Fields inherited from class org.apache.catalina.valves.ValveBase

container, controller, domain, mserver, next, oname

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
OAuthAuthenticationServerValve()

Method Summary

Modifier and Type	Method and Description
protected AccessTokenResponse	accessTokenResponse(PrivateKey privateKey, SkeletonKeyToken token)
protected void	adminLogout(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)
boolean	authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, org.apache.catalina.deploy.LoginConfig config)
protected org.apache.catalina.realm.GenericPrincipal	basicAuth(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
protected void	basicAuthError(org.apache.catalina.connector.Response response)
boolean	bearer(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, boolean propagate)
protected SkeletonKeyToken	buildToken(org.apache.catalina.realm.GenericPrincipal gp)
protected String	buildTokenString(PrivateKey privateKey, SkeletonKeyToken token)
protected org.apache.catalina.realm.GenericPrincipal	checkLoggedIn(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)
protected ManagedResourceConfig	getRealmRepresentation(org.apache.catalina.connector.Request request)
protected boolean	handleLoginPage(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
protected void	handleOAuth(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
protected void	init()
void	invoke(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
void	lifecycleEvent(org.apache.catalina.LifecycleEvent event)
protected void	logoutCurrentUser(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)
protected void	logoutResources(String username, String admin)
protected void	publishRealmInfoHtml(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)
protected void	redirectAccessCode(boolean sso, org.apache.catalina.connector.Response response, String redirect_uri, String client_id, String state, org.apache.catalina.realm.GenericPrincipal gp)
protected void	redirectToWelcomePage(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)
protected void	register(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, Principal principal, String authType, String username, String password)
protected void	resolveAccessCode(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
void	start()
protected void	tokenGrant(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator

forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, isChangeSessionIdOnAuthentication, login, logout, reauthenticateFromSSO, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, stop, unregister

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

accessCodeMap

protected ConcurrentHashMap<String,OAuthAuthenticationServerValve.AccessCode> accessCodeMap

skeletonKeyConfig

protected AuthServerConfig skeletonKeyConfig

realmPrivateKey

protected PrivateKey realmPrivateKey

realmPublicKey

protected PublicKey realmPublicKey

realmPublicKeyPem

protected String realmPublicKeyPem

providers

protected ResteasyProviderFactory providers

resourceMetadata

protected ResourceMetadata resourceMetadata

userSessionManagement

protected UserSessionManagement userSessionManagement

mapper

protected com.fasterxml.jackson.databind.ObjectMapper mapper

accessTokenResponseWriter

protected com.fasterxml.jackson.databind.ObjectWriter accessTokenResponseWriter

mapWriter

protected com.fasterxml.jackson.databind.ObjectWriter mapWriter

Constructor Detail

OAuthAuthenticationServerValve

public OAuthAuthenticationServerValve()

Method Detail

start

public void start()
           throws org.apache.catalina.LifecycleException

Specified by:

start in interface org.apache.catalina.Lifecycle

Overrides:

start in class org.apache.catalina.authenticator.AuthenticatorBase

Throws:

org.apache.catalina.LifecycleException

lifecycleEvent

public void lifecycleEvent(org.apache.catalina.LifecycleEvent event)

Specified by:

lifecycleEvent in interface org.apache.catalina.LifecycleListener

init

protected void init()

invoke

public void invoke(org.apache.catalina.connector.Request request,
                   org.apache.catalina.connector.Response response)
            throws IOException,
                   javax.servlet.ServletException

Specified by:

invoke in interface org.apache.catalina.Valve

Overrides:

invoke in class org.apache.catalina.authenticator.AuthenticatorBase

Throws:

IOException

javax.servlet.ServletException

handleLoginPage

protected boolean handleLoginPage(org.apache.catalina.connector.Request request,
                                  org.apache.catalina.connector.Response response)
                           throws IOException,
                                  javax.servlet.ServletException

Throws:

IOException

javax.servlet.ServletException

checkLoggedIn

protected org.apache.catalina.realm.GenericPrincipal checkLoggedIn(org.apache.catalina.connector.Request request,
                                                                   javax.servlet.http.HttpServletResponse response)

adminLogout

protected void adminLogout(org.apache.catalina.connector.Request request,
                           javax.servlet.http.HttpServletResponse response)
                    throws IOException

Throws:

IOException

logoutCurrentUser

protected void logoutCurrentUser(org.apache.catalina.connector.Request request,
                                 javax.servlet.http.HttpServletResponse response)
                          throws IOException

Throws:

IOException

logoutResources

protected void logoutResources(String username,
                               String admin)

redirectToWelcomePage

protected void redirectToWelcomePage(org.apache.catalina.connector.Request request,
                                     javax.servlet.http.HttpServletResponse response)
                              throws IOException

Throws:

IOException

publishRealmInfoHtml

protected void publishRealmInfoHtml(org.apache.catalina.connector.Request request,
                                    javax.servlet.http.HttpServletResponse response)
                             throws IOException

Throws:

IOException

getRealmRepresentation

protected ManagedResourceConfig getRealmRepresentation(org.apache.catalina.connector.Request request)

bearer

public boolean bearer(org.apache.catalina.connector.Request request,
                      javax.servlet.http.HttpServletResponse response,
                      boolean propagate)
               throws IOException

Throws:

IOException

register

protected void register(org.apache.catalina.connector.Request request,
                        javax.servlet.http.HttpServletResponse response,
                        Principal principal,
                        String authType,
                        String username,
                        String password)

Overrides:

register in class org.apache.catalina.authenticator.AuthenticatorBase

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                            javax.servlet.http.HttpServletResponse response,
                            org.apache.catalina.deploy.LoginConfig config)
                     throws IOException

Overrides:

authenticate in class org.apache.catalina.authenticator.FormAuthenticator

Throws:

IOException

resolveAccessCode

protected void resolveAccessCode(org.apache.catalina.connector.Request request,
                                 org.apache.catalina.connector.Response response)
                          throws IOException

Throws:

IOException

accessTokenResponse

protected AccessTokenResponse accessTokenResponse(PrivateKey privateKey,
                                                  SkeletonKeyToken token)

buildTokenString

protected String buildTokenString(PrivateKey privateKey,
                                  SkeletonKeyToken token)

handleOAuth

protected void handleOAuth(org.apache.catalina.connector.Request request,
                           org.apache.catalina.connector.Response response)
                    throws IOException

Throws:

IOException

tokenGrant

protected void tokenGrant(org.apache.catalina.connector.Request request,
                          org.apache.catalina.connector.Response response)
                   throws IOException

Throws:

IOException

basicAuth

protected org.apache.catalina.realm.GenericPrincipal basicAuth(org.apache.catalina.connector.Request request,
                                                               org.apache.catalina.connector.Response response)
                                                        throws IOException

Throws:

IOException

basicAuthError

protected void basicAuthError(org.apache.catalina.connector.Response response)
                       throws IOException

Throws:

IOException

redirectAccessCode

protected void redirectAccessCode(boolean sso,
                                  org.apache.catalina.connector.Response response,
                                  String redirect_uri,
                                  String client_id,
                                  String state,
                                  org.apache.catalina.realm.GenericPrincipal gp)
                           throws IOException

Throws:

IOException

buildToken

protected SkeletonKeyToken buildToken(org.apache.catalina.realm.GenericPrincipal gp)