package com.perforce.workshop.tjuricek.p4oauth.jetty; import com.perforce.workshop.tjuricek.p4oauth.controllers.*; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.handler.AbstractHandler; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.Optional; import java.util.function.Supplier; /** * One of the main handlers we use. This intercepts ALL SSL traffic and assumes * that all requests are inteded for OAuth business. Otherwise, we just * ignore it, and assume it will be handled by another handler. * <p> * This handler basically does all of the parameter validation and basically * just calls one of it's registered endpoint methods once we know that we have * enough information to proceed. */ public class OAuthHandler extends AbstractHandler { private static final Logger logger = LogManager.getLogger(OAuthHandler.class); private List<ControllerMethod> methods; /** * The OAuthHandler is constructed with the underlying controller methods * it requires. */ public OAuthHandler(Supplier<AuthorizationStartGet> authorizationStartGetSupplier, Supplier<LoginGet> loginGetSupplier, Supplier<AuthorizationFinishPost> authorizationFinishPostSupplier, Supplier<AccessTokenPost> accessTokenPostSupplier, Supplier<FetchP4TokenGet> fetchP4TokenGetSupplier, Supplier<PasswordStartPost> passwordStartPostSupplier) { methods = new ArrayList<>(); methods.add(authorizationStartGetSupplier.get()); methods.add(loginGetSupplier.get()); methods.add(authorizationFinishPostSupplier.get()); methods.add(accessTokenPostSupplier.get()); methods.add(fetchP4TokenGetSupplier.get()); methods.add(passwordStartPostSupplier.get()); } /** * @param target * @param baseRequest * @param request * @param response * @throws IOException * @throws ServletException */ @Override public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { if (request.isSecure()) { Optional<ControllerMethod> method = methods.stream() .filter(m -> m.matches(request)) .findFirst(); if (method.isPresent()) { baseRequest.setHandled(true); method.get().handle(request, response); } } } }
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#4 | 9182 | tjuricek | 0.1.2 Added a password grant workflow | ||
#3 | 9180 | tjuricek |
0.1.1 Adding mechanism for fetching the p4 token given the bearer token on an Authorization header. This is probably secure since we can't use these tokens except for the restricted hosts. |
||
#2 | 9157 | tjuricek | Added basic "authorization code" workflow test. | ||
#1 | 9095 | tjuricek | Added some basic test data and renamed "workspace" to "workshop" in package name | ||
//guest/tjuricek/p4oauth/src/main/java/com/perforce/workspace/tjuricek/p4oauth/jetty/OAuthHandler.java | |||||
#1 | 9089 | tjuricek |
Moving some code that worked via some manual validation to the workshop. This just implements a basic code authorization grant scheme. Automated tests are forthcoming, awating some gradle plugin work that should sit outside of this project. |