package org.kvj.lima1.gae.sync;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.amber.oauth2.as.issuer.MD5Generator;
import org.apache.amber.oauth2.as.issuer.OAuthIssuer;
import org.apache.amber.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.amber.oauth2.as.request.OAuthTokenRequest;
import org.apache.amber.oauth2.as.response.OAuthASResponse;
import org.apache.amber.oauth2.common.OAuth;
import org.apache.amber.oauth2.common.error.OAuthError;
import org.apache.amber.oauth2.common.exception.OAuthProblemException;
import org.apache.amber.oauth2.common.message.OAuthResponse;
import org.apache.amber.oauth2.common.message.types.GrantType;
import org.kvj.lima1.gae.sync.data.UserStorage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class OAuthTokenServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private Logger log = LoggerFactory.getLogger(OAuthTokenServlet.class);
private String checkUserNamePassword(OAuthTokenRequest request,
String token) {
log.info("Checking " + request.getUsername() + " and "
+ request.getPassword()+", save: "+token);
return UserStorage.authorizeUser(request.getUsername(), request.getPassword(), token);
}
private void writeOAuthResponse(OAuthResponse r, HttpServletResponse response) throws IOException {
response.setStatus(r.getResponseStatus());
response.setContentType("application/json");
PrintWriter pw = response.getWriter();
pw.print(r.getBody());
pw.flush();
pw.close();
}
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
OAuthTokenRequest oauthRequest = null;
try {
OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
try {
oauthRequest = new OAuthTokenRequest(request);
String accessToken = oauthIssuerImpl.accessToken();
if (oauthRequest.getParam(OAuth.OAUTH_GRANT_TYPE).equals(GrantType.PASSWORD.toString())) {
String message = checkUserNamePassword(oauthRequest, accessToken);
if(null != message){
OAuthResponse r = OAuthASResponse
.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.TokenResponse.INVALID_GRANT)
.setErrorDescription(message)
.buildJSONMessage();
writeOAuthResponse(r, response);
return;
}
OAuthResponse r = OAuthASResponse
.tokenResponse(HttpServletResponse.SC_OK)
.setAccessToken(accessToken).setExpiresIn("0")
.buildJSONMessage();
writeOAuthResponse(r, response);
return;
}
OAuthResponse r = OAuthASResponse
.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.TokenResponse.INVALID_GRANT)
.setErrorDescription("unsupported grant_type")
.buildJSONMessage();
writeOAuthResponse(r, response);
return;
// if something goes wrong
} catch (OAuthProblemException ex) {
OAuthResponse r = OAuthResponse.errorResponse(401).error(ex)
.buildJSONMessage();
response.setStatus(r.getResponseStatus());
writeOAuthResponse(r, response);
return;
}
} catch (Exception e) {
throw new ServletException(e);
}
}
}