Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PAYARA-1394 OAuth 2 client integration #2650

Merged
merged 18 commits into from
Apr 25, 2018
Merged

PAYARA-1394 OAuth 2 client integration #2650

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
705ec61
PAYARA-1394 OAuth2 integration - new annotation and handler for it
Cousjava Apr 9, 2018
22c6bef
PAYARA-1394 Compiling version of basic mechanism
Cousjava Apr 10, 2018
2e6df98
PAYARA-1394 resolved OSGi errors
Cousjava Apr 10, 2018
a4cfb3c
PAYARA-1394 removed HK2 annotations, using pure CDi
Cousjava Apr 13, 2018
c3bb8d5
PAYARA-1394 added import for annotation
Cousjava Apr 13, 2018
4053261
PAYARA-1394 oauth mechanism handler successfuly created, although inn…
Cousjava Apr 16, 2018
e7875bf
PAYARA-1394 Another way to produce the mechanism
Cousjava Apr 16, 2018
03614b1
PAYARA-1394 OAuth handler now works
Cousjava Apr 16, 2018
d28bbe9
PAYARA-1394 Added default identity store
Cousjava Apr 17, 2018
79a5068
PAYARA-1394 authentication mechanism is now only used when a request …
Cousjava Apr 18, 2018
dd93bb5
PAYARA-1394 OAuth integration now only is called when necessary
Cousjava Apr 18, 2018
aee3604
PAYARA-1394 Split state into two files, added moduleinfo and javadoc …
Cousjava Apr 18, 2018
4021f8b
Merge branch 'master' of https://github.com/payara/Payara into PAYARA…
Cousjava Apr 19, 2018
208a18b
PAYARA-1394 minor bug fixes, now only use one logger name
Cousjava Apr 19, 2018
567b3cc
PAYARA-1394 Added enviroment variable substitution for the annotation
Cousjava Apr 20, 2018
a9fb9ba
PAYARA-1394 Correct scope name, remove extraenous code
Cousjava Apr 25, 2018
9da4897
Merge branch 'master' of https://github.com/payara/Payara into PAYARA…
Cousjava Apr 25, 2018
9b93b9f
PAYARA-1394 add comma in imports; fix incorrect merge
Cousjava Apr 25, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion api/payara-api/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,8 @@
fish.payara.cdi.jsr107.implementation,
javax.inject,
javax.enterprise.util,
javax.security.enterprise.credential,
javax.security.enterprise.identitystore,
javax.security.jacc
</Import-Package>
<Export-Package>
Expand All @@ -144,7 +146,9 @@
fish.payara.notification,
fish.payara.notification.eventbus,
fish.payara.notification.healthcheck,
fish.payara.notification.requesttracing
fish.payara.notification.requesttracing,
fish.payara.security.oauth2.annotation,
fish.payara.security.oauth2.api
</Export-Package>
</instructions>
</configuration>
Expand Down
115 changes: 115 additions & 0 deletions .../src/main/java/fish/payara/security/oauth2/annotation/OAuth2AuthenticationDefinition.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) [2018] Payara Foundation and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://github.com/payara/Payara/blob/master/LICENSE.txt
* See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at glassfish/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* The Payara Foundation designates this particular file as subject to the "Classpath"
* exception as provided by the Payara Foundation in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package fish.payara.security.oauth2.annotation;

import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Retention;

import java.lang.annotation.Target;
import javax.validation.constraints.NotNull;

/**
* This annotation is used for defining an OAuth2 authentication mechanism
*
* @author jonathan coustick
* @since 4.1.2.182
*/
@Target({TYPE, METHOD})
@Retention(RUNTIME)
public @interface OAuth2AuthenticationDefinition {

/**
* Required. The URL for the OAuth2 provider to provide authentication
* <p>
* This must be a https endpoint
* @return
*/
@NotNull
String authEndpoint();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please put a full name in here, not 'auth'


/**
* Required. The URL for the OAuth2 provider to give the authorisation token
* @return
*/
@NotNull
String tokenEndpoint();

/**
* Required. The client identifier issued when the application was registered
* @return the client identifier
*/
@NotNull
String clientId();

/**
* Required. The client secret
* <p>
* It is recommended to set this using an alias.
* @return
* @see <a href="https://docs.payara.fish/documentation/payara-server/password-aliases/password-aliases-overview.html">Payara Password Aliases Documentation</a>
*/
@NotNull
String clientSecret();

/**
* The callback URI.
* <p>
* If supplied this must be equal to one set in the OAuth2 Authentication provider
* @return
*/
String redirectURI() default "";

/**
* The scope that will be requested from the OAuth provider
* @return
*/
String scope() default "";

/**
* An array of extra options that will be sent to the OAuth provider.
* <p>
* These must be in the form of {@code "key=value"} i.e.
* <code> extraParameters={"key1=value", "key2=value2"} </code>
* @return
*/
String[] extraParameters() default {};
}
107 changes: 107 additions & 0 deletions api/payara-api/src/main/java/fish/payara/security/oauth2/api/OAuth2AccessToken.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) [2018] Payara Foundation and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://github.com/payara/Payara/blob/master/LICENSE.txt
* See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at glassfish/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* The Payara Foundation designates this particular file as subject to the "Classpath"
* exception as provided by the Payara Foundation in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package fish.payara.security.oauth2.api;

import java.io.Serializable;
import java.time.Instant;
import java.util.Optional;

/**
* Interface for the access token response returned by the OAuth provider
* @author jonathan coustick
* @since 4.1.2.182
*/
public interface OAuth2AccessToken extends Serializable {


/**
* Gets the authorisation token that was received from the OAuth provider
*
* @return
*/
public String getAccessToken();

/**
* Sets the access token that is to be used to verify the user with the OAuth provider once they are logged in.
* @param token
*/
public void setAccessToken(String token);

/**
* Gets the scope that the user has been given permission for your application to use with the OAuth provider
*
* @return
*/
public Optional<String> getScope();

/**
* Returns the refresh token that can be used to get a new access token
*
* @return
*/
public Optional<String> getRefreshToken();

/**
* Sets the refresh token that can be used to renew the access token
* @param refreshToken
*/
public void setRefreshToken(String refreshToken);

/**
* Return the time that the access token is granted for, if it is set to expire
*
* @return
*/
public Optional<Integer> getExpiresIn();

/**
* Sets the time that the access token is granted for
*
* @param expiresIn
*/
public void setExpiresIn(Integer expiresIn);

/**
* Gets the time that the access token was last set
*
* @return
*/
public Instant getTimeSet();
}
88 changes: 88 additions & 0 deletions api/payara-api/src/main/java/fish/payara/security/oauth2/api/OAuth2State.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) [2018] Payara Foundation and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://github.com/payara/Payara/blob/master/LICENSE.txt
* See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at glassfish/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* The Payara Foundation designates this particular file as subject to the "Classpath"
* exception as provided by the Payara Foundation in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package fish.payara.security.oauth2.api;

import java.io.Serializable;
import java.util.UUID;
import javax.enterprise.context.SessionScoped;

/**
* Class to hold state of OAuth2
* <p>
* This is used in the authentication mechanism to both help prevent CSRF and to
* pass data to the callback page.
* @author jonathan
* @since 4.1.2.182
*/
@SessionScoped
public class OAuth2State implements Serializable {

private final String state;


/**
* Creates a new instance with a random UUID as the state.
*/
public OAuth2State(){
state = UUID.randomUUID().toString();
}

/**
* Creates a new instance set the state to what is in the constructor.
* <p>
* This can be used so that the callback page knows the originating page,
* but is not used by the {@link fish.payara.security.oauth2.OAuth2AuthenticationMechanism} by default
* @param state
*/
public OAuth2State(String state){
this.state = state;
}

/**
* Gets the state
*
* @return
*/
public String getState(){
return state;
}


}
Loading