Identifying the current user requesting the rest endpoints - java

I am trying to implement authentication and authorization using angular and java where I came across "identifying the current user asking for resource" from this Link
The point where I am not able to understand is getting the user from getUserPrincipal() method using jax-rs SecurityContext.
Security Context:
requestContext.setSecurityContext(new SecurityContext() {
#Override
public Principal getUserPrincipal() {
return new Principal() {
#Override
public String getName() {
return email;
}
};
}
}
The above method apparently returns a user but the question is from where? I have searched on this topic but no where I see code for fetching the user from DB or any other resource.
Where as I have implemented some thing like this for validation:
#Secured
#Provider
#Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter {
#Override
public void filter(ContainerRequestContext requestContext) throws IOException {
// Get the HTTP Authorization header from the request
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
// Check if the HTTP Authorization header is present and formatted correctly
if (authorizationHeader == null || !authorizationHeader.startsWith("Basic ")) {
throw new NotAuthorizedException("Authorization header must be provided");
}
// Extract the token and email address from the HTTP Authorization header
String email = requestContext.getHeaderString("Email");
String token = authorizationHeader.substring("Basic".length()).trim();
try {
// Validate the token
validateToken(email, token);
} catch (Exception e) {
requestContext.abortWith(
Response.status(Response.Status.UNAUTHORIZED).build());
}
private void validateToken(String email, String token) throws Exception {
// Check if it was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
try {
TokenSaverAndValidatorDAO tokenValidator = new TokenSaverAndValidatorDAO();
String result = tokenValidator.checkTokenFromDB(email, token);
if (result.equals(token)) {
System.out.println("Token is same");
} else {
System.out.println("Token is not same");
throw new Exception();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
The above method validateToken() calls a method from DAO class for validation:
public String checkTokenFromDB(String email, String token) {
String result = "";
try {
String query = "Select USR_TOKEN From TBL_USER where USR_PRIMARY_EMAIL= ? ";
Connection con = DBConnection.getConnection();
PreparedStatement statement = con.prepareStatement(query);
statement.setString(1, email);
ResultSet rs = statement.executeQuery();
while (rs.next()) {
result = rs.getString("USR_TOKEN");
}
} catch (Exception ex) {
System.out.println("Error in TokenSaverDAO class");
ex.printStackTrace();
}
return result;
}
How do I use jax-rs securityContext in my application. Does it apply to my scenario?
I am sending the headers from angular like this:
$httpProvider.interceptors.push(['$q', '$location', '$localStorage', 'jwtHelper', function ($q, $location, $localStorage, jwtHelper) {
return {
'request': function (config) {
config.headers = config.headers || {};
if ($localStorage.token) {
var decodeToken = jwtHelper.decodeToken($localStorage.token);
config.headers.Email = decodeToken.email;
config.headers.Authorization = 'Basic ' + $localStorage.token;
}
return config;
},
'responseError': function (response) {
if (response.status === 401 || response.status === 403) {
$location.path('/Login');
}
return $q.reject(response);
}
};
}]);
Where the headers are set like this:
config.headers.Email = decodeToken.email;
config.headers.Authorization = 'Basic ' + $localStorage.token;

Related

How to authenticate Springboot API based on User role that is being fetched from DB

I have user role saved in DB, so based on role ID authentication has to be done for each API.
I tried few approaches but did not succeed.
Code Snippet:
CONTROLLER:
#PreAuthorize("#AuthService.getUserRole(1)")
#PostMapping(name = "POST - Save the user info to Automation Counter table", path = "userlogininfo")
#Operation(summary = "Save the user info to Automation Counter table")
public ResponseEntity<ApiResponse> saveUserInfoinDB(#RequestBody SaveUserInfo saveUserInfoDetails, Principal principal)
{
try
{
saveUserInfoDetails.ntid = principal.getName().split("\\n")[0];
if (saveUserInfoDetails.firstName != null && saveUserInfoDetails.lastName != null && saveUserInfoDetails.ntid != null && saveUserInfoDetails.applicationName !=null)
{
ApiResponse apiResponse = restService.osmAPIPost("/dashboard/userlogininfo",saveUserInfoDetails);
return ResponseEntity.ok(apiResponse);
}
else
{
ApiResponse response = new ApiResponse<>(false, "Did not receive data in correct format", null);
return ResponseEntity.badRequest().body(response);
}
}
catch (Exception ex)
{
String logMessage = SharedUtils.logErrorMessage(this.getClass().getSimpleName(), ex, "Error while saving user info in DB.");
ApiResponse response = new ApiResponse<>(false, logMessage, null);
return ResponseEntity.badRequest().body(response);
}
}
SERVICE:
#Service
public class AuthService {
private final AuthRepository authRepository;
public AuthService(AuthRepository authRepository)
{
this.authRepository = authRepository;
}
public boolean getUserRole(int roleId)
{
try
{
boolean userRole=authRepository.getUserLoginInfo(Principal.class.getName().split("\\n")[0],roleId);
return userRole;
}
catch (Exception ex)
{
throw ex;
}
}
}
REPOSITORY:
#Transactional
public boolean getUserLoginInfo(String ntid, int roleId )
{
try
{
String returnValue=null;
String sql = "SELECT Alias FROM Users where NTID=? AND RoleId=?" ;
returnValue= osmv2JdbcTemplate.queryForObject(sql,String.class,ntid,roleId);
if(returnValue!=null)
{
return true;
}
else
{
return false;
}
}
catch(Exception ex)
{
String logMessage = SharedUtils.logErrorMessage(this.getClass().getSimpleName(), ex, "Could not fetch the User alias based on role ID and NTID from DB");
LOGGER.info(logMessage);
return false;
}
}
I have created custom method that will be used in #PreAuthorize but it did not work. The method is fetching the role id from DB based on username.Please help.. Thanks in advance:)

Spring Boot error 403 when sending request

My system consists of 3 parts. Spring Boot app, Angular app and Android app. When my Android app sends request to reset password (if don't remember it) then Spring Boot app receives this request with this method:
#PostMapping("/forgot_password")
public String processForgotPassword(#RequestBody String email, HttpServletRequest request) {
try {
String token = RandomString.make(30);
userService.updateResetPasswordToken(token, email);
String resetPasswordLink = "https://jakuwegiel.web.app/projects/endless-blow/reset-password?token=" + token;
sendEmail(email, resetPasswordLink);
} catch (Exception ex) {
System.out.println(ex.getMessage());
}
return "Email has been sent";
}
where updateResetPasswordToken() is:
public void updateResetPasswordToken(String token, String email) throws SQLException {
UserDetails userDetails = usersDao.getUserDetailsByEmail(connFromUserService, email);
if (userDetails != null) {
User user = usersDao.getUserByName(connFromUserService, userDetails.getName());
usersDao.setResetPasswordToken(connFromUserService, user, token);
}
}
where getUserDetailsByEmail() is:
public UserDetails getUserDetailsByEmail(Connection connection, String email) {
UserDetails userDetails = new UserDetails();
PreparedStatement ps;
try {
ps = connection.prepareStatement("SELECT * from users_details where email = '"+email+"'");
ResultSet rs = ps.executeQuery();
if (rs.next()) {
userDetails = new UserDetails(rs.getString(2), rs.getString(3));
}
} catch (SQLException e) {
e.printStackTrace();
}
return userDetails;
}
and getUserByName() is:
public User getUserByName(Connection connection, String name) throws SQLException {
User user = new User();
PreparedStatement ps;
try {
ps = connection.prepareStatement("SELECT * from users where username = '"+name+"'");
ResultSet rs = ps.executeQuery();
if (rs.next()) {
user = new User(rs.getString(2), rs.getString(3));
}
} catch (SQLException e) {
e.printStackTrace();
}
return user;
}
and setResetPasswordToken() is:
public void setResetPasswordToken(Connection connection, User user, String token) {
PreparedStatement ps;
try {
ps = connection.prepareStatement("UPDATE users set reset_password_token = '" + token + "' where username = '" + user.getUsername() + "'");
ps.executeUpdate();
} catch (SQLException e) {
System.out.println(e.getMessage());
}
}
Then user receives reset link on email. He opens link which opens Angular app and I input on two EditText fields passsword twice and send with button send which performs this code:
public postResetPassword(token: string, password: string): Observable<any> {
const body = {
'token': token,
'password': password
};
const headers = new HttpHeaders().set('Content-Type', 'application/json; charset=utf-8');
return this.http.post<any>('https://endlessblow-1.herokuapp.com/reset_password', body,{headers: headers});
}
What's strange this Angular's code generates OPTIONS request not POST why?
Spring Boot app receives this request with method:
#RequestMapping(value = "/reset_password", consumes="application/json", method = {RequestMethod.OPTIONS, RequestMethod.POST, RequestMethod.GET})
public String processResetPassword(#RequestBody TokenAndPassword tokenAndPassword) {
try {
User user = userService.getByResetPasswordToken(tokenAndPassword.getToken());
if (user == null) {
return "message1";
} else {
userService.updatePassword(user, tokenAndPassword.getPassword());
System.out.println("You have successfully changed your password.");
}
}
catch (Exception ex) {
System.out.println(ex.getMessage());
return "Error. Did you use your token already? Or does this link come from email?";
}
return "You have successfully changed your password.";
}
But finally every time /reset_password comes then ERROR 403 shows up.
I also added such class:
#Configuration
#EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().anyRequest().permitAll();
}
}
but it gives nothing.
What's wrong with this code?
Thank you very very very much for help!

The issue is most likely with the preflight request that the angular app is sending. You could disable cors by adding this to your security configuration:
#Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("*");
}
or you can configure it to your use case by following the example from the spring documentation https://docs.spring.io/spring-framework/docs/current/reference/html/web.html#mvc-cors-global-java

How to implement servlet response.redirect in jersey?

While i am try to implement response.redirect in jersey by using Response.temporaryRedirect(location) and Response.seeOther(location), But both are not working as like Servlet response.sendRedirect.
As i tried,
Java script :-
function loginFunction(){
var password=$("#password").val();
var username=$("#emailId").val();
function make_base_auth(user, password) {
var tok = user + ':' + password;
var hash = btoa(tok);
return "Basic " + hash;
}
$.ajax({
url:'/test/login/filter',
type:'GET',
crossDomain: true,
beforeSend : function(req) {
req.setRequestHeader('Authorization', make_base_auth(username, password));
},
success:function(res,status,xhr){
userToken=xhr.getResponseHeader("Authorization");
localStorage.setItem("userToken", userToken);
if(userToken != undefined || userToken != null){
window.location.href = "./index.html";
}else{
$('.errmsg').html('please provide a valid credentials.')
$(this).load();
}
},
error : function(jqXHR, textStatus, errorThrown) {
console.log("textStatus is:"+textStatus);
}
});
}
Jersey Code:-
#Path("/login")
public class UserLogin {
private static Map<String ,Token> tokTable=new HashMap<String ,Token>();
#GET
#Path("/filter")
public void filter(#Context ContainerRequestContext context){
String authentication = filterContext.getHeaderString(HttpHeaders.AUTHORIZATION);
if (authentication == null) {
throw new AuthenticationException("Authentication credentials are required");
}
if (!authentication.startsWith("Basic ")) {
return null;
}
authentication = authentication.substring("Basic ".length());
String[] values = new String(DatatypeConverter.parseBase64Binary(authentication), Charset.forName("ASCII")).split(":");
String username=null,givenPass=null;
try{
username = values[0];
givenPass=org.glassfish.jersey.internal.util.Base64.encodeAsString( values[1]);
}catch(Exception e){
throw new AuthenticationException("User name and password can't be empty\r\n");
}
}
User user = AuthLookUpTables.userTable.get(username);
// Validate the extracted credentials
if ( user == null ) {
logger.info("USER NOT AUTHENTICATED");
throw new AuthenticationException("Invalid username");
}
String password=org.glassfish.jersey.internal.util.Base64.encodeAsString(givenPass.concat(user.getSalt()));
if ((username == null) || (password == null)) {
throw new WebApplicationException(400);
}
String dbPass=org.glassfish.jersey.internal.util.Base64.encodeAsString(user.getHashedPassword().concat(user.getSalt()));
if ( dbPass.equals(password) ) {
logger.info("USER AUTHENTICATED");
//SOme code using for main sever.
} else {
logger.info("USER NOT AUTHENTICATED");
throw new AuthenticationException("Invalid username or password\r\n");
}
return user;
}
POJO (USER):-
public class User {
public String username;
public String roles;
public String salt;
public String hashedPassword;
//and below getter and setter methods
}
Custom Exception:-
public class AuthenticationException extends RuntimeException {
public AuthenticationException() {
super();
}
public AuthenticationException(String message) {
super(message);
}
}
Exception Mapper:-
#Provider
public class AuthenticationExceptionMapper implements ExceptionMapper<AuthenticationException> {
private Logger logger=Logger.getLogger(AuthenticationExceptionMapper.class);
#Context
UriInfo uriInfo;
public Response toResponse(AuthenticationException e) {
UriBuilder builder=null;
if (e.getMessage() != null) {
builder=UriBuilder.fromPath(uriInfo.getBaseUriBuilder().toString()).path("..");
return Response.temporaryRedirect(builder.build()).build();
} else {
return Response
.status(Status.UNAUTHORIZED)
.type("text/plain")
.entity(e.getMessage())
.build();
}
}
}
this is what i get in developer tool,
But, i am expecting server redirect to login page, how do i do that, kindly same one help me to do this.
thank you

How to do an HTTP Post in Android to web api

I am trying to do a post to web api from android. The below is the code that I am using in android. The code is running without exception however the data is not inserted to the database. I included the code that I am using.
#Override
protected List doInBackground(Void... params)
{
List userDetails3 = new ArrayList();
URL url = null;
String urlshared = "http://10.0.0.9/MyWebApi/api/Student/PostAddStudent?userName="+"s4"+"&"+"password="+"1234"+"&"+"firsName="+"z"+"&"+"lastName="+"g"+"&"+"telephone="+"9160000000"+"&"+"address="+"2300 xxx"+"&"+"aliasMailId="+"s1.xx"+"&"+"emailId="+"xx#gmail.com"+"&"+"skypeId="+"z.g"+"";
try {
url = new URL(urlshared);
}
catch (MalformedURLException exception)
{
exception.printStackTrace();
}
HttpURLConnection httpURLConnection = null;
DataOutputStream dataOutputStream = null;
try
{
httpURLConnection = (HttpURLConnection) url.openConnection();
httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
httpURLConnection.setRequestMethod("POST");
PrintWriter out = new PrintWriter(httpURLConnection.getOutputStream()); // this code is executed without exception
}
catch (IOException exception)
{
exception.printStackTrace();
}
return userDetails3; // (in debug) the code will run successfuly till here without exception
}
I am trying to access the PostAddStudent in the webapi. The below is my implementation of the controller and I excluded the codes inside the methods. For your information, I did test "PostAddStudent" and the other methods in the RegisterController by using the postman and they are working fine and the data inserted to database.
public class RegisterController : ApiController
{
public IEnumerable<Register> GetRegisterAuth(string userName,string password)
{
//return instance of register
}
public IEnumerable<Register> GetRegisterByUserName(string userName)
{
//return instance of register
}
public HttpResponseMessage PostAddInstructor(string instUserName, string instPassword, string instFirsName, string instLastName, string instTelephone, string instAddress, string instAliasMailId, string instEmailId, string instSkypeId)
{
//add to database and if okay will return System.Net.HttpStatusCode.Created
var response = Request.CreateResponse<Instructor>(System.Net.HttpStatusCode.Created, inst);
//if error exist then just return Badrequest
var response = Request.CreateResponse<Instructor>(System.Net.HttpStatusCode.BadRequest, inst);
}
public HttpResponseMessage PostAddStudent(string userName, string password, string firsName, string lastName, string telephone, string address, string aliasMailId, string emailId, string skypeId)
{
//add to database and if okay will return System.Net.HttpStatusCode.Created
var response = Request.CreateResponse<Instructor>(System.Net.HttpStatusCode.Created, inst);
//if error exist then just return Badrequest
var response = Request.CreateResponse<Instructor>(System.Net.HttpStatusCode.BadRequest, inst);
}
}
the below is the RouteConfig
public class RouteConfig
{
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
);
//config.EnableSystemDiagnosticsTracing();
}
}
the below is the WebApiConfig
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
I need the android code that can do the post to PostAddStudent.
thanks

LinkedIn integration - Establish a requestToken

I'm developing (trying for now) portlet that will be integrated with LinkedIn.
Following the documentation about it:
http://developer.linkedin.com/docs/DOC-1008 -->
The first step to authorizing a LinkedIn member is requesting a requestToken. This request is done with an HTTP POST.
For the requestToken step, the following components should be present in your string to sign:
* HTTP Method (POST)
* Request URI (https://api.linkedin.com/uas/oauth/requestToken)
* oauth_callback
* oauth_consumer_key
* oauth_nonce
* oauth_signature_method
* oauth_timestamp
* oauth_version
I have already API(it's oauth_consumer_key) key and i need to generate specific URL string.
Have next java code for this URL and HTTP connection:
private void processAuthentication() {
Calendar cal = Calendar.getInstance();
Long ms = cal.getTimeInMillis();
Long timestamp = ms / 1000;
Random r = new Random();
Long nonce = r.nextLong();
String prefixUrl = "https://api.linkedin.com/uas/oauth/requestToken";
String oauthCallback = "oauth_callback=http://localhost/";
String oauthConsumerKey =
"&oauth_consumer_key=my_consumer_key";
String oauthNonce = "&oauth_nonce=" + nonce.toString();
String oauthSignatureMethod = "&oauth_signature_method=HMAC-SHA1";
String oauthTimestamp = "&oauth_timestamp=" + timestamp.toString();
String oauthVersion = "&oauth_version=1.0";
String mainUrl =
oauthCallback + oauthConsumerKey + oauthNonce + oauthSignatureMethod
+ oauthTimestamp + oauthVersion;
try {
prefixUrl =
URLEncoder.encode(prefixUrl, "UTF-8") + "&"
+ URLEncoder.encode(mainUrl, "UTF-8");
URL url = new URL(prefixUrl);
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
String msg = connection.getResponseMessage();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
The question is next,for those, who had faced this problem:
How should really look URL string for connection and how response is received?
For URL, it's interested the example of URL, you generated.
And for response interested, method to get it.
As i understand, after HTTP connection been established,that response is:
connection.getResponseMessage();

#sergionni I found answer to your Question from linkedin-developer
As you know
The first step to authorizing a Linked-In member is requesting a requestToken. This request is done with an HTTP POST.
Your base string should end up looking something like this if you're using a callback:
POST&https%3A%2F%2Fapi.linkedin.com%2Fuas%2Foauth%2FrequestToken
&oauth_callback%3Dhttp%253A%252F%252Flocalhost%252Foauth_callback%26o
auth_consumer_key%3DABCDEFGHIJKLMNOPQRSTUVWXYZ%26
oauth_nonce%3DoqwgSYFUD87MHmJJDv7bQqOF2EPnVus7Wkqj5duNByU%26
oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1259178158%26
oauth_version%3D1.0
You then sign this base string with your consumer_secret, computing a signature. In this case, if your secret was 1234567890, the signature would be TLQXuUzM7omwDbtXimn6bLDvfF8=.
Now you take the signature you generated, along with oauth_nonce, oauth_callback, oauth_signature_method, oauth_timestamp, oauth_consumer_key, and oauth_version and create an HTTP Authorization header. For this request, that HTTP header would look like:
Authorization: OAuth
oauth_nonce="oqwgSYFUD87MHmJJDv7bQqOF2EPnVus7Wkqj5duNByU",
oauth_callback="http%3A%2F%2Flocalhost%2Foauth_callback",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1259178158",
oauth_consumer_key="ABCDEFGHIJKLMNOPQRSTUVWXYZ",
oauth_signature="TLQXuUzM7omwDbtXimn6bLDvfF8=",
oauth_version="1.0"
Please note, that the HTTP header is a single header -- not an HTTP header for each component. You can optionally supply a realm="http://api.linkedin.com".
As a response to your request for a requestToken, your requestToken will be in the "oauth_token" response field, a validation that we acknowledged your callback with the "oauth_callback_confirmed" field, an oauth_token_secret, and a oauth_expires_in, and a few other values.
(here us Your answaer) response would look like:
oauth_token=94ab03c4-ae2c-45e4-8732-0e6c4899db63
&oauth_token_secret=be6ccb24-bf0a-4ea8-a4b1-0a70508e452b
&oauth_callback_confirmed=true&oauth_expires_in=599

You might try out the OAuth libraries to handle the connection: http://code.google.com/p/oauth/

I created a plugin for Play Framework to easily integrated with LinkedIn's OAuth: geeks.aretotally.in/projects/play-framework-linkedin-module. Hopefully it can help. You should def check out Play, very very cool Java framework.

portlet body:
public class LinkedInPortlet extends GenericPortlet {
public static final String PAGE_PIN = "pin";
public static final String PAGE_EDIT = "edit";
public static final String PAGE_PROFILE = "profile";
public static final String PAGE_CONNECTIONS = "connections";
public static final String FORM_LINKEDIN_PREFERENCES = "preferencesLinkedInForm";
public static final String PAGE_VIEW_MY_PROFILE = "/WEB-INF/portlets/linkedin/myProfile.jsp";
public static final String PAGE_VIEW_MY_CONNECTIONS =
"/WEB-INF/portlets/linkedin/myConnections.jsp";
public static final String PAGE_PREFERENCES = "/WEB-INF/portlets/linkedin/edit.jsp";
public void doView(RenderRequest request, RenderResponse response) throws PortletException,
IOException {
String view = PAGE_VIEW_MY_PROFILE;
String page =
(String) request.getPortletSession().getAttribute(
"page_" + getPortletIdentifier(request), PortletSession.PORTLET_SCOPE);
String accessTokenToken =
getStringConfiguration(request, LinkedInPreferencesForm.PARAM_ACCESS_TOKEN_TOKEN);
String accessTokenSecret =
getStringConfiguration(request, LinkedInPreferencesForm.PARAM_ACCESS_TOKEN_SECRET);
LinkedInContact profile = new LinkedInContact();
List<LinkedInContact> contacts = new ArrayList<LinkedInContact>();
if (PAGE_PIN.equals(page)) {
view = PAGE_PREFERENCES;
} else if (PAGE_EDIT.equals(page)) {
view = PAGE_PREFERENCES;
} else if (PAGE_CONNECTIONS.equals(page)) {
try {
contacts =
ServiceResolver.getResolver().getLinkedInService().getConnections(
accessTokenToken, accessTokenSecret);
} catch (ServiceException se) {
view = PAGE_PREFERENCES;
handleException(request, se);
}
view = PAGE_VIEW_MY_CONNECTIONS;
} else {
try {
profile =
ServiceResolver.getResolver().getLinkedInService().getProfile(
accessTokenToken, accessTokenSecret);
} catch (ServiceException se) {
view = PAGE_PREFERENCES;
handleException(request, se);
}
view = PAGE_VIEW_MY_PROFILE;
}
request.setAttribute("profile", profile);
request.setAttribute("contacts", contacts);
response.setContentType(request.getResponseContentType());
PortletRequestDispatcher rd = getPortletContext().getRequestDispatcher(view);
rd.include(request, response);
}
public void processAction(ActionRequest request, ActionResponse response)
throws PortletException, IOException {
String action;
action = (String) request.getParameter("action");
String page = request.getParameter("page");
if (page == null) {
page = PAGE_PROFILE;
} else if ("auth".equals(action)) {
request.getPortletSession().setAttribute(
"requestToken_" + getPortletIdentifier(request),
ServiceResolver.getResolver().getLinkedInService().getRequestToken(),
PortletSession.APPLICATION_SCOPE);
LinkedInPreferencesForm form = new LinkedInPreferencesForm(request);
request.getPortletSession().setAttribute(
FORM_LINKEDIN_PREFERENCES + getPortletIdentifier(request), form,
PortletSession.APPLICATION_SCOPE);
response.setPortletMode(PortletMode.EDIT);
} else if ("save".equals(action)) {
try {
try {
savePreferences(request, response);
} catch (ServiceException e) {
handleException(request, e);
}
} catch (PortletModeException e) {
handleException(request, e);
}
} else if ("myProfile".equals(action)) {
page = PAGE_PROFILE;
} else if ("myConnections".equals(action)) {
page = PAGE_CONNECTIONS;
}
if (page != null) {
request.getPortletSession().setAttribute("page_" + getPortletIdentifier(request), page,
PortletSession.PORTLET_SCOPE);
}
}
private void savePreferences(ActionRequest request, ActionResponse response)
throws PortletModeException, ServiceException {
LinkedInPreferencesForm form = new LinkedInPreferencesForm(request);
if (validateForm(request, form)) {
LinkedInRequestToken requestToken =
(LinkedInRequestToken) request.getPortletSession().getAttribute(
"requestToken_" + getPortletIdentifier(request),
PortletSession.APPLICATION_SCOPE);
String pin = request.getParameter("pinCode");
LinkedInAccessToken accessToken;
try {
accessToken =
ServiceResolver.getResolver().getLinkedInService().getAccessToken(
requestToken, pin);
} catch (LinkedInOAuthServiceException ase) {
response.setPortletMode(PortletMode.EDIT);
throw new ServiceException("linkedin.authentication.failed");
}
String tokenToken = requestToken.getToken();
String secret = requestToken.getTokenSecret();
String tokenURL = requestToken.getAuthorizationUrl();
Properties configuration = new Properties();
configuration.setProperty(LinkedInPreferencesForm.PARAM_PIN, form.getPin());
configuration
.setProperty(LinkedInPreferencesForm.PARAM_REQUEST_TOKEN_TOKEN, tokenToken);
configuration.setProperty(LinkedInPreferencesForm.PARAM_REQUEST_TOKEN_SECRET, secret);
configuration.setProperty(LinkedInPreferencesForm.PARAM_REQUEST_TOKEN_URL, tokenURL);
configuration.setProperty(LinkedInPreferencesForm.PARAM_ACCESS_TOKEN_TOKEN, accessToken
.getToken());
configuration.setProperty(LinkedInPreferencesForm.PARAM_ACCESS_TOKEN_SECRET,
accessToken.getTokenSecret());
ServiceResolver.getResolver().getPortalService().savePortletConfiguration(request,
configuration);
resetSessionForm(request, FORM_LINKEDIN_PREFERENCES);
response.setPortletMode(PortletMode.VIEW);
} else {
// store in session
request.getPortletSession().setAttribute(
FORM_LINKEDIN_PREFERENCES + getPortletIdentifier(request), form,
PortletSession.APPLICATION_SCOPE);
response.setPortletMode(PortletMode.EDIT);
logger.debug(FORM_LINKEDIN_PREFERENCES + " is in edit mode");
}
}
#Override
protected void addConfiguration(MessageSource messageSource, Locale locale,
Map<String, String> result) {
result.put(LinkedInPreferencesForm.PARAM_PIN, messageSource.getMessage(
"linkedIn.preferences.pin", null, locale));
result.put(LinkedInPreferencesForm.PARAM_REQUEST_TOKEN_TOKEN, messageSource.getMessage(
"linkedIn.preferences.requestTokenToken", null, locale));
result.put(LinkedInPreferencesForm.PARAM_REQUEST_TOKEN_SECRET, messageSource.getMessage(
"linkedIn.preferences.requestTokenSecret", null, locale));
result.put(LinkedInPreferencesForm.PARAM_REQUEST_TOKEN_URL, messageSource.getMessage(
"linkedIn.preferences.requestTokenURL", null, locale));
result.put(LinkedInPreferencesForm.PARAM_ACCESS_TOKEN_TOKEN, messageSource.getMessage(
"linkedIn.preferences.accessToken", null, locale));
result.put(LinkedInPreferencesForm.PARAM_ACCESS_TOKEN_SECRET, messageSource.getMessage(
"linkedIn.preferences.accessTokenSecret", null, locale));
}
#Override
protected void addPreference(MessageSource messageSource, Locale locale,
Map<String, String> result) {
}
#Override
public String getAsyncTitle(RenderRequest request) {
return this.getTitle(request);
}
protected boolean validateForm(ActionRequest request, LinkedInPreferencesForm form) {
return form.validate();
}
protected String myEdit(RenderRequest request, RenderResponse response)
throws PortletException, IOException {
LinkedInPreferencesForm form = new LinkedInPreferencesForm();
form.setPin(getStringConfiguration(request, LinkedInPreferencesForm.PARAM_PIN));
form.setRequestTokenToken(getStringConfiguration(request,
LinkedInPreferencesForm.PARAM_REQUEST_TOKEN_TOKEN));
form.setRequestTokenSecret(getStringConfiguration(request,
LinkedInPreferencesForm.PARAM_REQUEST_TOKEN_SECRET));
form.setRequestTokenURL(getStringConfiguration(request,
LinkedInPreferencesForm.PARAM_REQUEST_TOKEN_URL));
registerSessionForm(request, FORM_LINKEDIN_PREFERENCES, form);
LinkedInRequestToken requestToken;
requestToken =
(LinkedInRequestToken) request.getPortletSession().getAttribute(
"requestToken_" + getPortletIdentifier(request),
PortletSession.APPLICATION_SCOPE);
if (requestToken == null) {
requestToken =
new LinkedInRequestToken(form.getRequestTokenToken(), form
.getRequestTokenSecret());
requestToken.setAuthorizationUrl(form.getRequestTokenURL());
}
request.setAttribute("requestToken", requestToken);
return PAGE_PREFERENCES;
}
}

Categories