diff --git a/Server/src/main/java/org/gluu/oxauth/revoke/RevokeRestWebServiceImpl.java b/Server/src/main/java/org/gluu/oxauth/revoke/RevokeRestWebServiceImpl.java index 41443e9873..e929483d43 100644 --- a/Server/src/main/java/org/gluu/oxauth/revoke/RevokeRestWebServiceImpl.java +++ b/Server/src/main/java/org/gluu/oxauth/revoke/RevokeRestWebServiceImpl.java @@ -20,6 +20,8 @@ import org.gluu.oxauth.security.Identity; import org.gluu.oxauth.service.ClientService; import org.gluu.oxauth.service.GrantService; +import org.gluu.oxauth.service.external.ExternalRevokeTokenService; +import org.gluu.oxauth.service.external.context.RevokeTokenContext; import org.gluu.oxauth.util.ServerUtil; import org.slf4j.Logger; @@ -62,6 +64,9 @@ public class RevokeRestWebServiceImpl implements RevokeRestWebService { @Inject private ClientService clientService; + @Inject + private ExternalRevokeTokenService externalRevokeTokenService; + @Override public Response requestAccessToken(String token, String tokenTypeHint, String clientId, HttpServletRequest request, HttpServletResponse response, SecurityContext sec) { @@ -113,6 +118,13 @@ public Response requestAccessToken(String token, String tokenTypeHint, String cl return response(builder, oAuth2AuditLog); } + RevokeTokenContext revokeTokenContext = new RevokeTokenContext(request, client, authorizationGrant, builder); + final boolean scriptResult = externalRevokeTokenService.revokeTokenMethods(revokeTokenContext); + if (!scriptResult) { + log.trace("Revoke is forbidden by 'Revoke Token' custom script (method returned false). Exit without revoking."); + return response(builder, oAuth2AuditLog); + } + grantService.removeAllByGrantId(authorizationGrant.getGrantId()); log.trace("Revoked successfully."); diff --git a/Server/src/main/java/org/gluu/oxauth/service/external/ExternalRevokeTokenService.java b/Server/src/main/java/org/gluu/oxauth/service/external/ExternalRevokeTokenService.java new file mode 100644 index 0000000000..904b83b78f --- /dev/null +++ b/Server/src/main/java/org/gluu/oxauth/service/external/ExternalRevokeTokenService.java @@ -0,0 +1,56 @@ +package org.gluu.oxauth.service.external; + +import org.gluu.model.custom.script.CustomScriptType; +import org.gluu.model.custom.script.conf.CustomScriptConfiguration; +import org.gluu.model.custom.script.type.revoke.RevokeTokenType; +import org.gluu.oxauth.service.external.context.RevokeTokenContext; +import org.gluu.service.custom.script.ExternalScriptService; +import org.slf4j.Logger; + +import javax.ejb.DependsOn; +import javax.enterprise.context.ApplicationScoped; +import javax.inject.Inject; +import javax.inject.Named; + +/** + * @author Yuriy Zabrovarnyy + */ +@ApplicationScoped +@DependsOn("appInitializer") +@Named +public class ExternalRevokeTokenService extends ExternalScriptService { + + @Inject + private Logger log; + + public ExternalRevokeTokenService() { + super(CustomScriptType.REVOKE_TOKEN); + } + + public boolean revokeToken(CustomScriptConfiguration script, RevokeTokenContext context) { + try { + log.trace("Executing python 'revokeToken' method, context: {}", context); + context.setScript(script); + RevokeTokenType revokeTokenType = (RevokeTokenType) script.getExternalType(); + final boolean result = revokeTokenType.revoke(context); + log.trace("Finished 'revokeToken' method, result: {}, context: {}", result, context); + return result; + } catch (Exception ex) { + log.error(ex.getMessage(), ex); + saveScriptError(script.getCustomScript(), ex); + } + + return false; + } + + public boolean revokeTokenMethods(RevokeTokenContext context) { + for (CustomScriptConfiguration script : this.customScriptConfigurations) { + if (script.getExternalType().getApiVersion() > 1) { + if (!revokeToken(script, context)) { + return false; + } + } + } + return true; + } +} diff --git a/Server/src/main/java/org/gluu/oxauth/service/external/context/RevokeTokenContext.java b/Server/src/main/java/org/gluu/oxauth/service/external/context/RevokeTokenContext.java new file mode 100644 index 0000000000..0fd74bd618 --- /dev/null +++ b/Server/src/main/java/org/gluu/oxauth/service/external/context/RevokeTokenContext.java @@ -0,0 +1,54 @@ +package org.gluu.oxauth.service.external.context; + +import org.gluu.model.custom.script.conf.CustomScriptConfiguration; +import org.gluu.oxauth.model.common.AuthorizationGrant; +import org.gluu.oxauth.model.registration.Client; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.Response; + +/** + * @author Yuriy Zabrovarnyy + */ +public class RevokeTokenContext extends ExternalScriptContext { + + private final Client client; + private final AuthorizationGrant grant; + private final Response.ResponseBuilder responseBuilder; + private CustomScriptConfiguration script; + + public RevokeTokenContext(HttpServletRequest httpRequest, Client client, AuthorizationGrant grant, Response.ResponseBuilder responseBuilder) { + super(httpRequest); + this.client = client; + this.grant = grant; + this.responseBuilder = responseBuilder; + } + + public Client getClient() { + return client; + } + + public AuthorizationGrant getGrant() { + return grant; + } + + public Response.ResponseBuilder getResponseBuilder() { + return responseBuilder; + } + + public CustomScriptConfiguration getScript() { + return script; + } + + public void setScript(CustomScriptConfiguration script) { + this.script = script; + } + + @Override + public String toString() { + return "RevokeTokenContext{" + + "clientId=" + (client != null ? client.getClientId() : "") + + ", script=" + (script != null ? script.getName() : "") + + "} " + super.toString(); + } +}