My function
public Response authenticate(HttpServletRequest request,
MultivaluedMap<String, String> form,
RespType resType) {
try {
NewCookie cookie = new NewCookie(config.getCookieAuthAttrName(), "");
Token tok = autheManager.login(form.getFirst(OAuth.OAUTH_USERNAME),
form.getFirst(OAuth.OAUTH_PASSWORD), request.getRemoteHost());
if (tok == null) {
// return builder.entity(res.getBody()).build();
final Response.ResponseBuilder responseBuilder = Response
.status(HttpServletResponse.SC_FOUND);
final OAuthResponse response = OAuthASResponse
.errorResponse(HttpServletResponse.SC_FOUND)
.location(config.getLoginPage())
.setParam(OAuth.OAUTH_REDIRECT_URI,
form.getFirst(OAuth.OAUTH_REDIRECT_URI))
.setParam(OAuth.OAUTH_CLIENT_ID,
form.getFirst(OAuth.OAUTH_CLIENT_ID))
.setParam(OAuth.OAUTH_CLIENT_SECRET,
form.getFirst(OAuth.OAUTH_CLIENT_SECRET))
.setParam(OAuth.OAUTH_STATE,
form.getFirst(OAuth.OAUTH_STATE))
.setParam(OAuth.OAUTH_SCOPE,
form.getFirst(OAuth.OAUTH_SCOPE))
.setParam(OAuth.OAUTH_RESPONSE_TYPE,
form.getFirst(OAuth.OAUTH_RESPONSE_TYPE))
.setParam("ERROR", "Bad login or
password.").buildQueryMessage();
final URI location = new URI(response.getLocationUri());
if (hasSession(request) && config.isWithCookie()) {
// clean the cookie
responseBuilder.cookie(cookie);
}
return responseBuilder.location(location).build();
}
if (form.getFirst("authorize") != null &&
form.getFirst("authorize").equals("true")) {
final Response.ResponseBuilder responseBuilder = Response
.status(HttpServletResponse.SC_FOUND);
LOGGER.debug("User authentication value is false");
OAuthResponseBuilder builder = OAuthProperResponse
.create(HttpServletResponse.SC_FOUND)
.location(config.getAuthorizationPage())
.setParam(OAuth.OAUTH_REDIRECT_URI,
form.getFirst(OAuth.OAUTH_REDIRECT_URI))
.setParam(OAuth.OAUTH_CLIENT_ID,
form.getFirst(OAuth.OAUTH_CLIENT_ID))
.setParam(OAuth.OAUTH_CLIENT_SECRET,
form.getFirst(OAuth.OAUTH_CLIENT_SECRET))
.setParam(OAuth.OAUTH_STATE,
form.getFirst(OAuth.OAUTH_STATE))
.setParam(OAuth.OAUTH_SCOPE,
form.getFirst(OAuth.OAUTH_SCOPE))
.setParam(OAuth.OAUTH_RESPONSE_TYPE,
form.getFirst(OAuth.OAUTH_RESPONSE_TYPE));
if (!config.isWithCookie()) {
builder.setParam(OAuth.OAUTH_ACCESS_TOKEN, tok.getToken());
}
OAuthResponse response = builder.buildQueryMessage();
final URI location = new URI(response.getLocationUri());
ResponseBuilder builderUrl =
Response.status(response.getResponseStatus());
builderUrl.location(location);
if (config.isWithCookie()) {
builderUrl
.cookie(new
NewCookie(config.getCookieAuthAttrName(), tok.getToken()));
}
return builderUrl.build();
} else {
cookie = new NewCookie(config.getCookieAuthAttrName(),
tok.getToken());
OAuthTokenResponseBuilder responseBuilder = OAuthASResponse
.tokenResponse(HttpServletResponse.SC_OK).setAccessToken(tok.getToken())
.setRefreshToken(tok.getRefresh_token())
.setTokenType(TokenType.BEARER.toString())
.setExpiresIn(autheManager.getTokenLife());
OAuthResponse response =
OauthTools.manageResponseType(responseBuilder, resType);
ResponseBuilder builder =
Response.status(response.getResponseStatus());
if (config.isWithCookie()) {
// clean the cookie
builder.cookie(cookie);
}
return builder.entity(response.getBody()).build();
}
} catch (Exception e) {
final Response.ResponseBuilder responseBuilder = Response
.status(HttpServletResponse.SC_BAD_REQUEST);
throw new
WebApplicationException(responseBuilder.entity(e.getMessage()).build());
}
}
2015-05-22 12:10 GMT+02:00 Dimuthu Upeksha <dimu...@adroitlogic.com>:
> Do you mean that you designed those login UIs? Is there any sample you have
> used?
>
> On Fri, May 22, 2015 at 2:31 PM, Sebastien DIAZ <sebastien.d...@gmail.com>
> wrote:
>
> > Hi
> >
> > You are right. The authentication phase of the third party is not taken
> > into account.
> >
> > In my case I reuse some components for the pure authentication
> >
> > as OAuthTokenResponseBuilder
> >
> > I guess that I hope one day to have oltu as a open id provider and a good
> > identity server example.
> >
> > Regards
> >
> > S DIAZ
> >
> >
> >
> > 2015-05-22 10:38 GMT+02:00 Dimuthu Upeksha <dimu...@adroitlogic.com>:
> >
> > > Hi Diaz,
> > >
> > > Thank you for quick response.
> > >
> > > Yes I referred to it. Problem is, in authorization code grant type,
> first
> > > user is requested to log in if he hasn't already when he requests
> > > authorization code. This login html and other parts of the web
> > application
> > > is not given in documentation. What I would prefer is a sample web
> > > application that can provide Oauth 2 endpoints and those login pages.
> > >
> > > On Fri, May 22, 2015 at 1:27 PM, Sebastien DIAZ <
> > sebastien.d...@gmail.com>
> > > wrote:
> > >
> > > > hello
> > > >
> > > > I use some sample from the documentation.
> > > > https://cwiki.apache.org/confluence/display/OLTU/Documentation
> > > >
> > > > Regards
> > > >
> > > > S DIAZ
> > > >
> > > > 2015-05-22 9:52 GMT+02:00 Dimuthu Upeksha <dimu...@adroitlogic.com>:
> > > >
> > > > > Hi,
> > > > >
> > > > > I need to create an OAuth 2 server using Oltu libraries that gives
> > > > support
> > > > > to authorization code grant type. Is there any opensource identity
> > > > provider
> > > > > implementation that already do this? Or where can I find some
> samples
> > > > > describing how Oltu can be used to do this?
> > > > >
> > > > > Thanks
> > > > > Dimuthu
> > > > >
> > > >
> > >
> >
>
