This repository has been archived by the owner on Apr 8, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 91
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GUI improvements, refactoring, access token encryption. Added CodecIn…
…itializer, so codec could be used in other components (not just CookieTokenService) Conflicts: pom.xml Added module oauth-common. Refactoring existing code. Remove redundant request to Facebook Conflicts: pom.xml Improvement in FB workflow to handle revoked authorization request Removed OAuthHelper. Added UISocialLoginButtons and reuse it in UILoginForm.gtmpl and UIRegisterPortlet.gtmpl Added OAuthDelegateFilter and Oauth integrators to simplify configuration Added CodecInitializer, so codec could be used in other components (not just for CookieTokenService)) Encryption of oauth accessTokens. AccessTokenInvalidationListener for invalidation of accessTokens when oauth username was changed Move most of the stuff to oauth-common module. Renamed module oauth to oauth-web Conflicts: component/web/pom.xml Externalize some content in FacebookProcessor, so portlets could read it
- Loading branch information
Showing
55 changed files
with
1,563 additions
and
451 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
88 changes: 88 additions & 0 deletions
88
...nt/web/oauth-common/src/main/java/org/gatein/security/oauth/common/OAuthProviderType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
/* | ||
* JBoss, a division of Red Hat | ||
* Copyright 2013, Red Hat Middleware, LLC, and individual | ||
* contributors as indicated by the @authors tag. See the | ||
* copyright.txt in the distribution for a full listing of | ||
* individual contributors. | ||
* | ||
* This is free software; you can redistribute it and/or modify it | ||
* under the terms of the GNU Lesser General Public License as | ||
* published by the Free Software Foundation; either version 2.1 of | ||
* the License, or (at your option) any later version. | ||
* | ||
* This software is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* Lesser General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Lesser General Public | ||
* License along with this software; if not, write to the Free | ||
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | ||
* 02110-1301 USA, or see the FSF site: http://www.fsf.org. | ||
*/ | ||
|
||
package org.gatein.security.oauth.common; | ||
|
||
/** | ||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> | ||
*/ | ||
public enum OAuthProviderType { | ||
|
||
FACEBOOK(OAuthConstants.PROPERTY_FACEBOOK_ENABLED, | ||
OAuthConstants.PROFILE_FACEBOOK_USERNAME, | ||
OAuthConstants.PROFILE_FACEBOOK_ACCESS_TOKEN, | ||
OAuthConstants.FACEBOOK_AUTHENTICATION_URL_PATH + "?" + OAuthConstants.PARAM_OAUTH_INTERACTION + "=" + OAuthConstants.PARAM_OAUTH_INTERACTION_VALUE_START, | ||
"Facebook"), | ||
GOOGLE(OAuthConstants.PROPERTY_GOOGLE_ENABLED, | ||
OAuthConstants.PROFILE_GOOGLE_USERNAME, | ||
OAuthConstants.PROFILE_GOOGLE_ACCESS_TOKEN, | ||
OAuthConstants.GOOGLE_AUTHENTICATION_URL_PATH + "?" + OAuthConstants.PARAM_OAUTH_INTERACTION + "=" + OAuthConstants.PARAM_OAUTH_INTERACTION_VALUE_START, | ||
"Google+"); | ||
|
||
private final boolean enabled; | ||
private final String userNameAttrName; | ||
private final String accessTokenAttrName; | ||
private final String initOAuthURL; | ||
private final String friendlyName; | ||
|
||
OAuthProviderType(String enabledPropertyName, String userNameAttrName, String accessTokenAttrName, String initOAuthURL, String friendlyName) { | ||
this.enabled = Boolean.getBoolean(enabledPropertyName); | ||
this.userNameAttrName = userNameAttrName; | ||
this.accessTokenAttrName = accessTokenAttrName; | ||
this.initOAuthURL = initOAuthURL; | ||
this.friendlyName = friendlyName; | ||
} | ||
|
||
public boolean isEnabled() { | ||
return enabled; | ||
} | ||
|
||
public String getUserNameAttrName() { | ||
return userNameAttrName; | ||
} | ||
|
||
public String getAccessTokenAttrName() { | ||
return accessTokenAttrName; | ||
} | ||
|
||
public String getInitOAuthURL(String contextPath) { | ||
return contextPath + initOAuthURL; | ||
} | ||
|
||
public String getFriendlyName() { | ||
return friendlyName; | ||
} | ||
|
||
/** | ||
* @return true if at least one OAuth provider is enabled | ||
*/ | ||
public static boolean isOAuthEnabled() { | ||
OAuthProviderType[] allProviders = OAuthProviderType.values(); | ||
for (OAuthProviderType current : allProviders) { | ||
if (current.isEnabled()) | ||
return true; | ||
} | ||
|
||
return false; | ||
} | ||
} |
71 changes: 71 additions & 0 deletions
71
...-common/src/main/java/org/gatein/security/oauth/data/AccessTokenInvalidationListener.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
/* | ||
* JBoss, a division of Red Hat | ||
* Copyright 2013, Red Hat Middleware, LLC, and individual | ||
* contributors as indicated by the @authors tag. See the | ||
* copyright.txt in the distribution for a full listing of | ||
* individual contributors. | ||
* | ||
* This is free software; you can redistribute it and/or modify it | ||
* under the terms of the GNU Lesser General Public License as | ||
* published by the Free Software Foundation; either version 2.1 of | ||
* the License, or (at your option) any later version. | ||
* | ||
* This software is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* Lesser General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Lesser General Public | ||
* License along with this software; if not, write to the Free | ||
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | ||
* 02110-1301 USA, or see the FSF site: http://www.fsf.org. | ||
*/ | ||
|
||
package org.gatein.security.oauth.data; | ||
|
||
import org.exoplatform.commons.utils.Safe; | ||
import org.exoplatform.services.organization.OrganizationService; | ||
import org.exoplatform.services.organization.UserProfile; | ||
import org.exoplatform.services.organization.UserProfileEventListener; | ||
import org.exoplatform.services.organization.UserProfileHandler; | ||
import org.gatein.common.logging.Logger; | ||
import org.gatein.common.logging.LoggerFactory; | ||
import org.gatein.security.oauth.common.OAuthProviderType; | ||
|
||
/** | ||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> | ||
*/ | ||
public class AccessTokenInvalidationListener extends UserProfileEventListener { | ||
|
||
private static Logger log = LoggerFactory.getLogger(AccessTokenInvalidationListener.class); | ||
|
||
private final UserProfileHandler userProfileHandler; | ||
|
||
public AccessTokenInvalidationListener(OrganizationService orgService) { | ||
this.userProfileHandler = orgService.getUserProfileHandler(); | ||
} | ||
|
||
@Override | ||
public void preSave(UserProfile userProfile, boolean isNew) throws Exception { | ||
UserProfile foundUserProfile = userProfileHandler.findUserProfileByName(userProfile.getUserName()); | ||
|
||
for (OAuthProviderType opt : OAuthProviderType.values()) { | ||
String oauthProviderUsername = userProfile.getAttribute(opt.getUserNameAttrName()); | ||
String foundOauthProviderUsername = foundUserProfile.getAttribute(opt.getUserNameAttrName()); | ||
|
||
// This means that oauthUsername has been changed. We may need to invalidate current accessToken as well | ||
if (!Safe.equals(oauthProviderUsername, foundOauthProviderUsername)) { | ||
String currentAccessToken = userProfile.getAttribute(opt.getAccessTokenAttrName()); | ||
String foundAccessToken = foundUserProfile.getAttribute(opt.getAccessTokenAttrName()); | ||
|
||
// In this case, we need to remove existing accessToken | ||
if (currentAccessToken != null && currentAccessToken.equals(foundAccessToken)) { | ||
if (log.isTraceEnabled()) { | ||
log.trace("Removing accessToken for oauthProvider=" + opt + ", username=" + userProfile.getUserName()); | ||
} | ||
userProfile.setAttribute(opt.getAccessTokenAttrName(), null); | ||
} | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.