From 554aec3247fd54c1f8f4c5fb5603dbb622e42b0f Mon Sep 17 00:00:00 2001 From: Jyoti Athalye Date: Fri, 19 Jan 2018 17:03:33 +0530 Subject: [PATCH] code added to return token to the user in auth code grant flow --- .../oauth/internal/OAuthCallbackFilter.java | 23 +++++++++++++++++++ .../oauth/OAuthClientCredsFlowIT.java | 17 +++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java b/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java index cf08b97..d40a02d 100644 --- a/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java +++ b/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java @@ -59,11 +59,34 @@ public class OAuthCallbackFilter extends AuthenticatingFilter implements Session private static final Logger LOGGER = LoggerFactory.getLogger(OAuthCallbackFilter.class); private static final String DEFAULT_REDIRECT_URL = "/"; private String redirectUrl = DEFAULT_REDIRECT_URL; + private static final String AUTHORIZATION = "Authorization"; @Inject private OAuthProvider oauthProvider; @Configuration private OAuthConfig oauthConfig; + + @Override + protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception { + AuthenticationToken token = createToken(request, response); + if (token == null) { + String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken " + + "must be created in order to execute a login attempt."; + throw new IllegalStateException(msg); + } + try { + Subject subject = getSubject(request, response); + subject.login(token); + + ((HttpServletResponse)response).addHeader(AUTHORIZATION, token.getCredentials().toString()); + + return onLoginSuccess(token, subject, request, response); + } catch (AuthenticationException e) { + return onLoginFailure(token, e, request, response); + } + } + + @Override protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception { Tokens tokens = requestTokens(new AuthorizationCodeGrant(parseAuthorizationCode(WebUtils.toHttp(request)), diff --git a/src/test/java/org/seedstack/oauth/OAuthClientCredsFlowIT.java b/src/test/java/org/seedstack/oauth/OAuthClientCredsFlowIT.java index ae4515e..dc1f781 100644 --- a/src/test/java/org/seedstack/oauth/OAuthClientCredsFlowIT.java +++ b/src/test/java/org/seedstack/oauth/OAuthClientCredsFlowIT.java @@ -9,7 +9,6 @@ package org.seedstack.oauth; import static org.junit.Assert.assertNotNull; - import java.net.URL; import javax.inject.Inject; import org.apache.shiro.authc.AuthenticationToken; @@ -20,13 +19,21 @@ import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Test; import org.seedstack.seed.it.AbstractSeedWebIT; +//import org.apache.shiro.SecurityUtils; +//import org.apache.shiro.mgt.SecurityManager; +//import org.apache.shiro.util.ThreadContext; public class OAuthClientCredsFlowIT extends AbstractSeedWebIT { + @Inject private OAuthService oauthService; + @ArquillianResource private URL baseURL; + /*@Inject + private SecurityManager securityManager;*/ + @Deployment public static WebArchive createDeployment() { return ShrinkWrap.create(WebArchive.class); @@ -38,4 +45,12 @@ public void getAccessTokenFromCredentials() { AuthenticationToken token = oauthService.getTokenFromClientCredentials(); assertNotNull(token); } + + /*@Test + @RunAsClient + public void authenticateUser(){ + ThreadContext.bind(securityManager); + SecurityUtils.getSubject().login(oauthService.getTokenFromClientCredentials()); + + }*/ }