GUI improvements, refactoring, access token encryption. Added CodecIn…

…itializer, so codec could be used in other components (not just CookieTokenService) Conflicts: pom.xml Added module oauth-common. Refactoring existing code. Remove redundant request to Facebook Conflicts: pom.xml Improvement in FB workflow to handle revoked authorization request Removed OAuthHelper. Added UISocialLoginButtons and reuse it in UILoginForm.gtmpl and UIRegisterPortlet.gtmpl Added OAuthDelegateFilter and Oauth integrators to simplify configuration Added CodecInitializer, so codec could be used in other components (not just for CookieTokenService)) Encryption of oauth accessTokens. AccessTokenInvalidationListener for invalidation of accessTokens when oauth username was changed Move most of the stuff to oauth-common module. Renamed module oauth to oauth-web Conflicts: component/web/pom.xml Externalize some content in FacebookProcessor, so portlets could read it
gatein · May 7, 2013 · 55e9e7e · 55e9e7e
1 parent e595a32
commit 55e9e7e
Show file tree

Hide file tree

Showing 55 changed files with 1,563 additions and 451 deletions.
diff --git a/component/common/src/main/java/org/gatein/common/exception/GateInException.java b/component/common/src/main/java/org/gatein/common/exception/GateInException.java
@@ -63,6 +63,18 @@ public GateInException(int exceptionCode, Map<String, Object> exceptionAttribute
         this.exceptionAttributes = exceptionAttributes == null ? new HashMap<String, Object>() : exceptionAttributes;
     }
 
+    public GateInException(int exceptionCode, String message) {
+        this(exceptionCode, null, message);
+    }
+
+    public GateInException(int exceptionCode, Throwable cause) {
+        this(exceptionCode, (Map<String, Object>)null, cause);
+    }
+
+    public GateInException(int exceptionCode, String message, Throwable cause) {
+        this(exceptionCode, null, message, cause);
+    }
+
     public int getExceptionCode() {
         return exceptionCode;
     }

diff --git a/component/common/src/main/java/org/gatein/common/exception/GateInExceptionConstants.java b/component/common/src/main/java/org/gatein/common/exception/GateInExceptionConstants.java
@@ -49,6 +49,11 @@ public class GateInExceptionConstants {
      */
     public static final int EXCEPTION_CODE_DUPLICATE_OAUTH_PROVIDER_USERNAME = 20;
 
+    /**
+     * This error could happen during initialization of AbstractCodec for symmetric encryption
+     */
+    public static final int EXCEPTION_CODEC_INITIALIZATION = 30;
+
 
     // Key of exception attributes
 

diff --git a/component/web/oauth/pom.xml → component/web/oauth-common/pom.xml b/component/web/oauth/pom.xml → component/web/oauth-common/pom.xml
@@ -22,20 +22,24 @@
   ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
   -->
 
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <parent>
-    <groupId>org.gatein.portal</groupId>
     <artifactId>exo.portal.component.web</artifactId>
-    <version>3.6.0.MO1-SNAPSHOT</version>
+    <groupId>org.gatein.portal</groupId>
+    <version>3.6.0.Beta02-SNAPSHOT</version>
   </parent>
-
   <modelVersion>4.0.0</modelVersion>
-  <artifactId>exo.portal.component.web.oauth</artifactId>
+
+  <artifactId>exo.portal.component.web.oauth-common</artifactId>
   <packaging>jar</packaging>
-  <name>GateIn Portal Component Web OAuth</name>
-  <description>GateIn OAuth authentication and authorization</description>
+
+  <name>GateIn Portal Component Web OAuth Common</name>
+  <description>GateIn OAuth authentication and authorization common stuff</description>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
 
   <dependencies>
     <dependency>
@@ -48,14 +52,6 @@
         </exclusion>
       </exclusions>
     </dependency>
-    <dependency>
-      <groupId>org.picketlink</groupId>
-      <artifactId>picketlink-social</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.gatein.sso</groupId>
-      <artifactId>sso-agent</artifactId>
-    </dependency>
 
     <dependency>
       <groupId>org.gatein.portal</groupId>
@@ -77,8 +73,9 @@
       <type>test-jar</type>
       <scope>test</scope>
     </dependency>
-
+    <dependency>
+      <groupId>org.json</groupId>
+      <artifactId>json</artifactId>
+    </dependency>
   </dependencies>
-
-
-</project>
+</project>
diff --git a/.../security/oauth/utils/OAuthConstants.java → ...security/oauth/common/OAuthConstants.java b/.../security/oauth/utils/OAuthConstants.java → ...security/oauth/common/OAuthConstants.java
@@ -21,7 +21,7 @@
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
 
-package org.gatein.security.oauth.utils;
+package org.gatein.security.oauth.common;
 
 /**
  * Various constants related to OAuth
@@ -30,6 +30,21 @@
  */
 public class OAuthConstants {
 
+    // OAuth parameters used in http requests
+
+    public static final String CODE_PARAMETER = "code";
+
+    public static final String CLIENT_ID_PARAMETER = "client_id";
+
+    public static final String CLIENT_SECRET_PARAMETER = "client_secret";
+
+    public static final String SCOPE_PARAMETER = "scope";
+
+    public static final String REDIRECT_URI_PARAMETER = "redirect_uri";
+
+    public static final String ACCESS_TOKEN_PARAMETER = "access_token";
+
+    public static final String ERROR_PARAMETER = "error";
 
     // Properties from configuration.properties
 
@@ -83,4 +98,11 @@ public class OAuthConstants {
 
     public static final String GOOGLE_AUTHENTICATION_URL_PATH = "/googleAuth";
 
+
+    // Request parameters
+
+    public static final String PARAM_OAUTH_INTERACTION = "_oauthInteraction";
+
+    public static final String PARAM_OAUTH_INTERACTION_VALUE_START = "start";
+
 }
diff --git a/...ecurity/oauth/generic/OAuthPrincipal.java → ...security/oauth/common/OAuthPrincipal.java b/...ecurity/oauth/generic/OAuthPrincipal.java → ...security/oauth/common/OAuthPrincipal.java
@@ -21,10 +21,11 @@
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
 
-package org.gatein.security.oauth.generic;
+package org.gatein.security.oauth.common;
 
 import java.security.Principal;
 
+
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
  */

diff --git a/...nt/web/oauth-common/src/main/java/org/gatein/security/oauth/common/OAuthProviderType.java b/...nt/web/oauth-common/src/main/java/org/gatein/security/oauth/common/OAuthProviderType.java
@@ -0,0 +1,88 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2013, Red Hat Middleware, LLC, and individual
+ * contributors as indicated by the @authors tag. See the
+ * copyright.txt in the distribution for a full listing of
+ * individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.gatein.security.oauth.common;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public enum OAuthProviderType {
+
+    FACEBOOK(OAuthConstants.PROPERTY_FACEBOOK_ENABLED,
+            OAuthConstants.PROFILE_FACEBOOK_USERNAME,
+            OAuthConstants.PROFILE_FACEBOOK_ACCESS_TOKEN,
+            OAuthConstants.FACEBOOK_AUTHENTICATION_URL_PATH + "?" + OAuthConstants.PARAM_OAUTH_INTERACTION + "=" + OAuthConstants.PARAM_OAUTH_INTERACTION_VALUE_START,
+            "Facebook"),
+    GOOGLE(OAuthConstants.PROPERTY_GOOGLE_ENABLED,
+            OAuthConstants.PROFILE_GOOGLE_USERNAME,
+            OAuthConstants.PROFILE_GOOGLE_ACCESS_TOKEN,
+            OAuthConstants.GOOGLE_AUTHENTICATION_URL_PATH + "?" + OAuthConstants.PARAM_OAUTH_INTERACTION + "=" + OAuthConstants.PARAM_OAUTH_INTERACTION_VALUE_START,
+            "Google+");
+
+    private final boolean enabled;
+    private final String userNameAttrName;
+    private final String accessTokenAttrName;
+    private final String initOAuthURL;
+    private final String friendlyName;
+
+    OAuthProviderType(String enabledPropertyName, String userNameAttrName, String accessTokenAttrName, String initOAuthURL, String friendlyName) {
+        this.enabled = Boolean.getBoolean(enabledPropertyName);
+        this.userNameAttrName = userNameAttrName;
+        this.accessTokenAttrName = accessTokenAttrName;
+        this.initOAuthURL = initOAuthURL;
+        this.friendlyName = friendlyName;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public String getUserNameAttrName() {
+        return userNameAttrName;
+    }
+
+    public String getAccessTokenAttrName() {
+        return accessTokenAttrName;
+    }
+
+    public String getInitOAuthURL(String contextPath) {
+        return contextPath + initOAuthURL;
+    }
+
+    public String getFriendlyName() {
+        return friendlyName;
+    }
+
+    /**
+     * @return true if at least one OAuth provider is enabled
+     */
+    public static boolean isOAuthEnabled() {
+        OAuthProviderType[] allProviders = OAuthProviderType.values();
+        for (OAuthProviderType current : allProviders) {
+            if (current.isEnabled())
+                return true;
+        }
+
+        return false;
+    }
+}
diff --git a/...-common/src/main/java/org/gatein/security/oauth/data/AccessTokenInvalidationListener.java b/...-common/src/main/java/org/gatein/security/oauth/data/AccessTokenInvalidationListener.java
@@ -0,0 +1,71 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2013, Red Hat Middleware, LLC, and individual
+ * contributors as indicated by the @authors tag. See the
+ * copyright.txt in the distribution for a full listing of
+ * individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.gatein.security.oauth.data;
+
+import org.exoplatform.commons.utils.Safe;
+import org.exoplatform.services.organization.OrganizationService;
+import org.exoplatform.services.organization.UserProfile;
+import org.exoplatform.services.organization.UserProfileEventListener;
+import org.exoplatform.services.organization.UserProfileHandler;
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
+import org.gatein.security.oauth.common.OAuthProviderType;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class AccessTokenInvalidationListener extends UserProfileEventListener {
+
+    private static Logger log = LoggerFactory.getLogger(AccessTokenInvalidationListener.class);
+
+    private final UserProfileHandler userProfileHandler;
+
+    public AccessTokenInvalidationListener(OrganizationService orgService) {
+        this.userProfileHandler = orgService.getUserProfileHandler();
+    }
+
+    @Override
+    public void preSave(UserProfile userProfile, boolean isNew) throws Exception {
+        UserProfile foundUserProfile = userProfileHandler.findUserProfileByName(userProfile.getUserName());
+
+        for (OAuthProviderType opt : OAuthProviderType.values()) {
+            String oauthProviderUsername = userProfile.getAttribute(opt.getUserNameAttrName());
+            String foundOauthProviderUsername = foundUserProfile.getAttribute(opt.getUserNameAttrName());
+
+            // This means that oauthUsername has been changed. We may need to invalidate current accessToken as well
+            if (!Safe.equals(oauthProviderUsername, foundOauthProviderUsername)) {
+                String currentAccessToken = userProfile.getAttribute(opt.getAccessTokenAttrName());
+                String foundAccessToken = foundUserProfile.getAttribute(opt.getAccessTokenAttrName());
+
+                // In this case, we need to remove existing accessToken
+                if (currentAccessToken != null && currentAccessToken.equals(foundAccessToken)) {
+                    if (log.isTraceEnabled()) {
+                        log.trace("Removing accessToken for oauthProvider=" + opt + ", username=" + userProfile.getUserName());
+                    }
+                    userProfile.setAttribute(opt.getAccessTokenAttrName(), null);
+                }
+            }
+        }
+    }
+}
diff --git a/...rity/oauth/data/SocialNetworkService.java → ...rity/oauth/data/SocialNetworkService.java b/...rity/oauth/data/SocialNetworkService.java → ...rity/oauth/data/SocialNetworkService.java
@@ -24,7 +24,7 @@
 package org.gatein.security.oauth.data;
 
 import org.exoplatform.services.organization.User;
-import org.gatein.security.oauth.generic.OAuthProviderType;
+import org.gatein.security.oauth.common.OAuthProviderType;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>

diff --git a/.../oauth/data/SocialNetworkServiceImpl.java → .../oauth/data/SocialNetworkServiceImpl.java b/.../oauth/data/SocialNetworkServiceImpl.java → .../oauth/data/SocialNetworkServiceImpl.java
@@ -30,10 +30,12 @@
 import org.exoplatform.services.organization.UserHandler;
 import org.exoplatform.services.organization.UserProfile;
 import org.exoplatform.services.organization.UserProfileHandler;
+import org.exoplatform.web.security.codec.AbstractCodec;
+import org.exoplatform.web.security.codec.CodecInitializer;
 import org.gatein.common.exception.GateInException;
 import org.gatein.common.logging.Logger;
 import org.gatein.common.logging.LoggerFactory;
-import org.gatein.security.oauth.generic.OAuthProviderType;
+import org.gatein.security.oauth.common.OAuthProviderType;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -43,9 +45,11 @@ public class SocialNetworkServiceImpl implements SocialNetworkService {
     private static Logger log = LoggerFactory.getLogger(SocialNetworkServiceImpl.class);
 
     private OrganizationService orgService;
+    private AbstractCodec codec;
 
-    public SocialNetworkServiceImpl(OrganizationService orgService) {
+    public SocialNetworkServiceImpl(OrganizationService orgService, CodecInitializer codecInitializer) {
         this.orgService = orgService;
+        this.codec = codecInitializer.initCodec();
     }
 
     @Override
@@ -118,13 +122,19 @@ public void updateOAuthInfo(OAuthProviderType oauthProviderType, String username
     }
 
     protected String encryptAccessToken(String accessToken) {
-        // TODO: implement
-        return accessToken;
+        if (accessToken == null) {
+            return null;
+        } else {
+            return codec.encode(accessToken);
+        }
     }
 
     protected String decryptAccessToken(String accessToken) {
-        // TODO: implement
-        return accessToken;
+        if (accessToken == null) {
+            return null;
+        } else {
+            return codec.decode(accessToken);
+        }
     }
 
 }
diff --git a/.../UniqueOAuthProviderUsernameListener.java → .../UniqueOAuthProviderUsernameListener.java b/.../UniqueOAuthProviderUsernameListener.java → .../UniqueOAuthProviderUsernameListener.java
@@ -26,13 +26,12 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import org.exoplatform.container.xml.InitParams;
 import org.exoplatform.services.organization.User;
 import org.exoplatform.services.organization.UserProfile;
 import org.exoplatform.services.organization.UserProfileEventListener;
 import org.gatein.common.exception.GateInException;
 import org.gatein.common.exception.GateInExceptionConstants;
-import org.gatein.security.oauth.generic.OAuthProviderType;
+import org.gatein.security.oauth.common.OAuthProviderType;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -41,7 +40,7 @@ public class UniqueOAuthProviderUsernameListener extends UserProfileEventListene
 
     private final SocialNetworkService socialNetworkService;
 
-    public UniqueOAuthProviderUsernameListener(InitParams params, SocialNetworkService socialNetworkService) {
+    public UniqueOAuthProviderUsernameListener(SocialNetworkService socialNetworkService) {
         this.socialNetworkService = socialNetworkService;
     }