Package org.cilogon.proxy.servlet

Class DBService2

  • All Implemented Interfaces:
    edu.uiuc.ncsa.security.core.Logable, Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig, org.oa4mp.delegation.common.servlet.TransactionFilter
    public class DBService2
extends AbstractDBService

    Created by Jeff Gaynor
    on 1/22/15 at 12:15 PM

    See Also:
    Serialized Form

    • Constructor Detail

      • DBService2

        public DBService2()

    • Method Detail

      • init

        public void init​(javax.servlet.ServletConfig config)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Servlet
        Overrides:
        init in class javax.servlet.GenericServlet
        Throws:
        javax.servlet.ServletException

      • doAction

        protected void doAction​(javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response,
                        String action)
                 throws IOException,
                        javax.servlet.ServletException
        Description copied from class: AbstractDBService
        Override this to add more actions.
        Overrides:
        doAction in class AbstractDBService
        Throws:
        IOException
        javax.servlet.ServletException

      • checkUserCode

        protected void checkUserCode​(javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws IOException
        Taken from CIL-934 action: checkUserCode param: user_code (required, but can be empty)

        Purpose: This is an "internal" dbService method used by the PHP web front end to (1) verify that a user_code input by the user is valid and (2) return the client_id associated with this transaction in order to display client information to the end user. The user_code parameter is required, but it can be empty. The user_code parameter can contain extra "user-friendly" characters such as dash '-', space ' ', underscore '_', etc. These extra characters will be stripped out/ignored by the dbService. The user_code can contain lower-case and/or upper-case characters which will be transformed to upper-case characters by the dbService. Returns: HTTP 200 response, body is basic text, one line per returned value:

        status=INTEGER 0 = Success 1048569 = missing parameter 65537 = transaction not found 65539 = expired user_code (token) client_id=The OIDC client_id matching the user_code user_code=The original user_code to be displayed to the end user. The purpose of this is that the returned user_code should visually match the one that was returned to the device so the user can easily verify a match (i.e., ignore any transformations done by the user when inputting the user_code). scope=A (possibly empty/absent) space-separated list of scopes that were requested by the client. This is needed when displaying the list of attributes to be delegated since the scopes requested by the device client may differ from those registered.

        Parameters:
        request -
        response -
        Throws:
        IOException

      • userCodeApproved

        protected void userCodeApproved​(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response)
                         throws IOException
        action: userCodeApproved param(s):

        user_code (required) approved (optional; defaults to 1; 1=approved; 0=denied)

        Purpose: This is an "internal" dbService method used by the PHP web front end to let the dbService know that the user has logged on to their chosen Identity Provider and approved the transaction OR that the user has clicked a "Cancel" button and denied the transaction. If the user has approved the transaction (approved=1 or 'approved' is absent, the default), the OA4MP server can proceed with the rest of the Device authz grant flow. If the user has denied the transaction (approved=0), the OA4MP server should inform the device that the user has canceled the transaction. Returns: HTTP 200 response, body is basic text, one line per returned value:

        status=INTEGER 0 = Success 1048569 = missing parameter 65537 = transaction not found

        Throws:
        IOException

      • writeClient

        protected void writeClient​(org.oa4mp.server.loader.oauth2.storage.clients.OA2Client client,
                           int statusCode,
                           javax.servlet.http.HttpServletResponse response)
                    throws IOException
        Throws:
        IOException

      • writeTransaction

        protected void writeTransaction​(org.oa4mp.server.loader.oauth2.storage.transactions.OA2ServiceTransaction oa2ServiceTransaction,
                                int status,
                                javax.servlet.http.HttpServletResponse response)
                         throws IOException
        Throws:
        IOException

      • writeTransaction

        protected void writeTransaction​(org.oa4mp.server.loader.oauth2.storage.transactions.OA2ServiceTransaction oa2ServiceTransaction,
                                Err errResponse,
                                javax.servlet.http.HttpServletResponse response)
                         throws IOException
        Throws:
        IOException

      • doError

        protected void doError​(String message,
                       int errorCode,
                       javax.servlet.http.HttpServletResponse resp)
                throws IOException
        Throws:
        IOException

      • createTransaction

        protected void createTransaction​(javax.servlet.http.HttpServletRequest req,
                                 javax.servlet.http.HttpServletResponse resp)
                          throws IOException
        This accepts the following parameters 
         client_id
 scopes
 state
 code_challenge          (RFC 7636)
 code_challenge_method      "   "
        and the response
        Parameters:
        req -
        resp -
        Throws:
        IOException

      • writeMessage

        protected void writeMessage​(javax.servlet.http.HttpServletResponse response,
                            Err errResponse)
                     throws IOException
        Throws:
        IOException

      • setTransactionState

        protected void setTransactionState​(javax.servlet.http.HttpServletRequest req,
                                   javax.servlet.http.HttpServletResponse resp)
                            throws IOException
        Throws:
        IOException

      • getClient

        protected void getClient​(javax.servlet.http.HttpServletRequest req,
                         javax.servlet.http.HttpServletResponse resp)
                  throws IOException
        Throws:
        IOException