OIDCCMServlet (OAuth for MyProxy 4.3 API)

java.lang.Object
- javax.servlet.GenericServlet
- - javax.servlet.http.HttpServlet
  - - edu.uiuc.ncsa.security.servlet.AbstractServlet
    - - edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.EnvServlet
      - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.oidc_cm.OIDCCMServlet

All Implemented Interfaces:

Logable, Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
```
public class OIDCCMServlet
extends EnvServlet
```
Note that in all of these calls, the assumption is that an admin client has been requested and approved out of band. The identifier and secret of that are used to make the bearer token that allows access to the calls in this API. This implements both RFC 7591 and part of RFC 7592. Mostly we do not allow the setting of client secrets via tha API and since we do not store them (only a hash of them) we cannot return them. If a secret is lost, the only option is to register a new client. RFC 7592 is not intended to become a specification since ther eis too much variance in how this can operate.
Created by Jeff Gaynor
on 11/28/18 at 10:04 AM

See Also:

Serialized Form

Field Summary
- Fields inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.EnvServlet
  storeUpdatesDone
- Fields inherited from class edu.uiuc.ncsa.security.servlet.AbstractServlet
  environment, initialization, PING_PARAMETER

Constructor Summary

Constructors
Constructor and Description

OIDCCMServlet()

Constructors
Constructor and Description
`OIDCCMServlet()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected void`	`checkAdminPermission(AdminClient adminClient, OA2Client client)` Checks that this client exists on the system and that if it exists, the admin client actually owns it.
`protected void`	`doDelete(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)` Remove the given client in toto.
`void`	`doGet(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse)` Return information about the client.
`protected void`	`doIt(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse)`
`void`	`doPost(javax.servlet.http.HttpServletRequest httpServletRequest, javax.servlet.http.HttpServletResponse httpServletResponse)`
`protected void`	`doPut(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)` Update a client.
`protected AdminClient`	`getAndCheckAdminClient(javax.servlet.http.HttpServletRequest request)` Pulls the id and secret from the header then verifies the secret and if it passes, returns the client.
`protected OA2Client`	`getClient(javax.servlet.http.HttpServletRequest req)` Get the client from the request.
`protected OA2SE`	`getOA2SE()`
`protected net.sf.json.JSON`	`getPayload(javax.servlet.http.HttpServletRequest httpServletRequest)`
`PermissionServer`	`getPermissionServer()` We want to be able to manage the permissions associated with a standard client and an admin client.
`protected OA2Client`	`processRegistrationRequest(net.sf.json.JSONObject jsonRequest, javax.servlet.http.HttpServletResponse httpResponse)`
`void`	`storeUpdates()` This will be invoked at init before anything else and should include code to seamlessly upgrade stores from earlier versions.
`protected net.sf.json.JSONObject`	`toJSONObject(OA2Client client)`
`protected OA2Client`	`updateClient(OA2Client client, net.sf.json.JSONObject jsonRequest, javax.servlet.http.HttpServletResponse httpResponse)`

Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.EnvServlet
loadEnvironment, loadProperties2, processStoreCheck

Methods inherited from class edu.uiuc.ncsa.security.servlet.AbstractServlet
CONST, debug, doPing, error, getConfigurationLoader, getEnvironment, getExceptionHandler, getFirstParameterValue, getInitialization, getMyLogger, handleException, info, init, isDebugOn, printAllParameters, resetState, setConfigurationLoader, setDebugOn, setEnvironment, setExceptionHandler, setInitialization, warn

Methods inherited from class javax.servlet.http.HttpServlet
doHead, doOptions, doTrace, getLastModified, service, service

Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- OIDCCMServlet
```
public OIDCCMServlet()
```

Method Detail

storeUpdates
```
public void storeUpdates()
                  throws IOException,
                         SQLException
```
Description copied from class: EnvServlet

This will be invoked at init before anything else and should include code to seamlessly upgrade stores from earlier versions. For instance, if a new column needs to be added to a table. This pre-supposes that the current user has the correct permissions to alter the table, btw. This also updates the internal flag EnvServlet.storeUpdatesDone which should be checks in overrides. If you override this method and call super, let super manage this flag. If it is true, do not execute your method.

Specified by:

storeUpdates in class EnvServlet

Throws:

IOException

SQLException

getOA2SE
```
protected OA2SE getOA2SE()
```

doGet
```
public void doGet(javax.servlet.http.HttpServletRequest httpServletRequest,
                  javax.servlet.http.HttpServletResponse httpServletResponse)
           throws javax.servlet.ServletException,
                  IOException
```
Return information about the client. Note that we do not return the client secret in this call, since among other reasons, we do not have it.

Overrides:

doGet in class AbstractServlet

Parameters:

httpServletRequest -

httpServletResponse -

Throws:

javax.servlet.ServletException

IOException

toJSONObject

protected net.sf.json.JSONObject toJSONObject(OA2Client client)

doDelete

protected void doDelete(javax.servlet.http.HttpServletRequest req,
                        javax.servlet.http.HttpServletResponse resp)
                 throws javax.servlet.ServletException,
                        IOException

Remove the given client in toto.

Overrides:: doDelete in class javax.servlet.http.HttpServlet
Parameters:: req -; resp -
Throws:: javax.servlet.ServletException; IOException

checkAdminPermission

protected void checkAdminPermission(AdminClient adminClient,
                                    OA2Client client)

Checks that this client exists on the system and that if it exists, the admin client actually owns it.

Parameters:: adminClient -; client -

doPut
```
protected void doPut(javax.servlet.http.HttpServletRequest req,
                     javax.servlet.http.HttpServletResponse resp)
              throws javax.servlet.ServletException,
                     IOException
```
Update a client. Note that as per the specification, all values that are sent over-write existing values and omitted values are taken to mean the stored value is unset.

Overrides:

doPut in class javax.servlet.http.HttpServlet

Parameters:

req -

resp -

Throws:

javax.servlet.ServletException

IOException

doPost

public void doPost(javax.servlet.http.HttpServletRequest httpServletRequest,
                   javax.servlet.http.HttpServletResponse httpServletResponse)
            throws javax.servlet.ServletException,
                   IOException

Overrides:: doPost in class AbstractServlet
Throws:: javax.servlet.ServletException; IOException

getPermissionServer
```
public PermissionServer getPermissionServer()
```
We want to be able to manage the permissions associated with a standard client and an admin client.

Returns:

getAndCheckAdminClient
```
protected AdminClient getAndCheckAdminClient(javax.servlet.http.HttpServletRequest request)
                                      throws Throwable
```
Pulls the id and secret from the header then verifies the secret and if it passes, returns the client.

Parameters:

request -

Returns:

Throws:

Throwable

doIt

protected void doIt(javax.servlet.http.HttpServletRequest httpServletRequest,
                    javax.servlet.http.HttpServletResponse httpServletResponse)
             throws Throwable

Specified by:: doIt in class AbstractServlet
Throws:: Throwable

getPayload

protected net.sf.json.JSON getPayload(javax.servlet.http.HttpServletRequest httpServletRequest)
                               throws IOException

Throws:: IOException

getClient
```
protected OA2Client getClient(javax.servlet.http.HttpServletRequest req)
```
Get the client from the request. Note that this may return null if no such client exists and it is up to the calling method to decide if this is ok.

Parameters:

req -

Returns:

updateClient

protected OA2Client updateClient(OA2Client client,
                                 net.sf.json.JSONObject jsonRequest,
                                 javax.servlet.http.HttpServletResponse httpResponse)

processRegistrationRequest

protected OA2Client processRegistrationRequest(net.sf.json.JSONObject jsonRequest,
                                               javax.servlet.http.HttpServletResponse httpResponse)

Class OIDCCMServlet

Field Summary

Fields inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.EnvServlet

Fields inherited from class edu.uiuc.ncsa.security.servlet.AbstractServlet

Constructor Summary

Method Summary

Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.EnvServlet

Methods inherited from class edu.uiuc.ncsa.security.servlet.AbstractServlet

Methods inherited from class javax.servlet.http.HttpServlet

Methods inherited from class javax.servlet.GenericServlet

Methods inherited from class java.lang.Object

Constructor Detail

OIDCCMServlet

Method Detail

storeUpdates

getOA2SE

doGet

toJSONObject

doDelete

checkAdminPermission

doPut

doPost

getPermissionServer

getAndCheckAdminClient

doIt

getPayload

getClient

updateClient

processRegistrationRequest