MaDgiK-CITE
/
argos
13
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity
argos/dmp-backend/src/main/java/security/validators/GoogleTokenValidator.java

97 lines
2.8 KiB
Java
Raw Normal View History

Implementing the security.
2017-10-12 17:41:20 +02:00
package security.validators;
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request.
2017-09-27 18:15:39 +02:00
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
Finalized security, distinguish between internal and external users, etc
2017-10-20 12:03:55 +02:00
import java.util.Date;
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request.
2017-09-27 18:15:39 +02:00
import java.util.List;
Finalized security, distinguish between internal and external users, etc
2017-10-20 12:03:55 +02:00
import org.springframework.beans.factory.annotation.Autowired;
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request.
2017-09-27 18:15:39 +02:00
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
Finalized security, distinguish between internal and external users, etc
2017-10-20 12:03:55 +02:00
import dao.entities.UserInfoDao;
Changed links of proxies and of rest service
2017-10-18 15:12:25 +02:00
import entities.UserInfo;
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request.
2017-09-27 18:15:39 +02:00
import exceptions.NonValidTokenException;
Security is now completed... only token-based calls are now permitted.
2017-10-13 17:08:49 +02:00
public class GoogleTokenValidator implements TokenValidator {
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request.
2017-09-27 18:15:39 +02:00
private static final JacksonFactory jacksonFactory = new JacksonFactory();
private static final HttpTransport transport = new NetHttpTransport();
Finalized security, distinguish between internal and external users, etc
2017-10-20 12:03:55 +02:00
@Autowired private UserInfoDao userInfoDao;
MInor change on google token validator
2017-10-19 11:35:33 +02:00
private static final List<String> clientIDs = Arrays.asList(
"1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com",
Finalized security, distinguish between internal and external users, etc
2017-10-20 12:03:55 +02:00
"1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com"
MInor change on google token validator
2017-10-19 11:35:33 +02:00
);
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request.
2017-09-27 18:15:39 +02:00
private GoogleIdTokenVerifier verifier = null;
public GoogleTokenValidator() {
verifier = new GoogleIdTokenVerifier.Builder(transport, jacksonFactory)
.setAudience(clientIDs)
// Or, if multiple clients access the backend:
//.setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3))
.build();
}
Security is now completed... only token-based calls are now permitted.
2017-10-13 17:08:49 +02:00
@Override
Finalized security, distinguish between internal and external users, etc
2017-10-20 12:03:55 +02:00
public UserInfo validateToken(String token) throws NonValidTokenException {
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request.
2017-09-27 18:15:39 +02:00
GoogleIdToken idToken = null;
try {
idToken = verifier.verify(token);
}
catch(GeneralSecurityException ex) {
throw new NonValidTokenException("Token is not valid -> "+ex.getMessage());
}
catch(IOException ex) {
throw new NonValidTokenException("Could not verify token -> "+ex.getMessage());
}
catch(IllegalArgumentException ex) {
throw new NonValidTokenException("Could not verify token");
}
Security is now completed... only token-based calls are now permitted.
2017-10-13 17:08:49 +02:00
if(idToken == null) {
throw new NonValidTokenException("Not a valid token");
}
Finalized security, distinguish between internal and external users, etc
2017-10-20 12:03:55 +02:00
Payload payload = idToken.getPayload();
UserInfo userInfo = userInfoDao.getByMail(payload.getEmail());
if(userInfo == null) { //means not existing in db, so create one
userInfo = new UserInfo();
userInfo.setName((String)payload.get("name"));
userInfo.setVerified_email(payload.getEmailVerified());
userInfo.setEmail(payload.getEmail());
userInfo.setCreated(new Date());
userInfo.setLastloggedin(new Date());
userInfo.setAuthorization_level(new Short("1"));
userInfo.setUsertype(new Short("1"));
userInfo = userInfoDao.create(userInfo);
}
else {
userInfo.setLastloggedin(new Date());
userInfo = userInfoDao.update(userInfo);
}
Security is now completed... only token-based calls are now permitted.
2017-10-13 17:08:49 +02:00
Finalized security, distinguish between internal and external users, etc
2017-10-20 12:03:55 +02:00
return userInfo;
Added security over all endpoints. Now need to provide an 'oauth2-token' parameter on each http request.
2017-09-27 18:15:39 +02:00
}
}