demoserver 2 without errors

Signed-off-by: Luca Fulchir <luca@fulchir.it>
parent 0c64003d
......@@ -7,9 +7,9 @@ PACKAGE_NAME="utils.jar"
LIBRARY="httpcore-4.2.2.jar httpclient-4.2.3.jar commons-io-2.4.jar"
SRC=${CWD}/jolie/net/
all: clean java install
all: java install
java: ${SRC}/utils/Hmac.java ${SRC}/utils/HTTP.java
java: ${SRC}/utils/Hmac.java ${SRC}/utils/HTTP.java ${SRC}/utils/HTTPServer.java
- mkdir -p ${BUILDDIR} 2>/dev/null
${JAVAC} -cp ${JOLIEDIR}/jolie.jar:${JARDIR}/commons-codec-1.6.jar -d ${BUILDDIR} jolie/net/utils/Hmac.java
${JAVAC} -cp ${JOLIEDIR}/jolie.jar:${JARDIR}/httpcore-4.2.2.jar:${JARDIR}/httpclient-4.2.3.jar:${JARDIR}/commons-io-2.4.jar:${JARDIR}/commons-codec-1.6.jar:${JOLIEDIR}/extensions/http.jar:${JOLIEDIR}/lib/json_simple.jar -d ${BUILDDIR} jolie/net/utils/HTTP.java
......@@ -19,7 +19,7 @@ java: ${SRC}/utils/Hmac.java ${SRC}/utils/HTTP.java
clean:
- rm -rf ${BUILDDIR}
install: ${SRC}/utils/Hmac.java ${SRC}/utils/HTTP.java ${BUILDDIR}/jolie/net/utils/HTTP.class ${BUILDDIR}/jolie/net/utils/HTTP.class
install: ${BUILDDIR}/jolie/net/utils/Hmac.class ${BUILDDIR}/jolie/net/utils/HTTP.class ${BUILDDIR}/jolie/net/utils/HTTPServer.class
cd ${BUILDDIR} && jar cvf ${PACKAGE_NAME} ./jolie/net/utils/*class && cd ${CWD}
cp ${BUILDDIR}/utils.jar ${JOLIEDIR}/javaServices/
cp ${JARDIR}/*.jar ${JOLIEDIR}/javaServices/
......@@ -31,9 +31,14 @@ uninstall:
-rm ${JOLIEDIR}/javaServices/httpcore-4.2.2.jar
-rm ${JOLIEDIR}/javaServices/commons-io-2.4.jar
-rm ${JOLIEDIR}/javaServices/httpclient-4.2.3.jar
-rm ${JOLIEDIR}/javaServices/json_simple.jar
demo1: ${JOLIEDIR}/javaServices/utils.jar
jolie jolie/net/OAuth/demo1.ol
demo1server: ${JOLIEDIR}/javaServices/utils.jar
jolie jolie/net/OAuth/demo1server.ol
demo2: ${JOLIEDIR}/javaServices/utils.jar
jolie jolie/net/OAuth/demo2.ol
demo2server: ${JOLIEDIR}/javaServices/utils.jar
jolie jolie/net/OAuth/demo2server.ol
......@@ -58,7 +58,7 @@ scope (errorHTTP) {
//finally start our HTTP server:
start@HTTP("OAuth1")();
// instead of a database we'll relay on these 2 variables
// instead of a database we'll relay on these variables
issued_token = "";
issued_token_secret = "";
issued_verifier="";
......@@ -170,6 +170,7 @@ scope (earlyreturn) {
createSecureToken@SecurityUtils(void)(issued_token_secret);
output.code = "200";
// finally communicate the data
output.headers[0].name="Content-Type";
output.headers[0].value="application/x-www-form-urlencoded";
......@@ -217,7 +218,7 @@ scope (earlyreturn) {
createSecureToken@SecurityUtils(void)(issued_verifier);
output.code = int(301);
output.code = int(302);
output.headers[0].name = "Location";
output.headers[0].value = last_callback + "?oauth_token=" + answer +
"&oauth_verifier=" +
......
include "time.iol"
include "console.iol"
include "string_utils.iol"
include "OAuth2.iol"
include "security_utils.iol"
include "jolie/net/OAuth/OAuth2Data.iol"
include "../utils/HTTPTypes.iol"
include "../utils/HTTP.iol"
execution{concurrent}
type codeRequest:void {
.code? :string
.error? :string
interface OAuth2Server {
RequestResponse:
OAuth2Authorize (HTTPCallbackReq) (HTTPCallbackAnsw),
OAuth2Token (HTTPCallbackReq) (HTTPCallbackAnsw)
}
interface OAuth2_HTTP {
RequestResponse:
code(codeRequest)(string)
inputPort OAuth2Server {
Location: "local"
Interfaces: OAuth2Server
}
inputPort HTTP_Get {
Location: "socket://localhost:8055/"
Protocol: http
Interfaces: OAuth2_HTTP
init
{
scope (errorHTTP) {
install (cannot_add =>
println@Console("cannot add page... wtf?")();
throw (demo_failure),
cannot_listen =>
println@Console("Cannlot make HTTP server listen")();
throw (demo_failure)
);
// Create an HTTP Server, with identification "OAuth2" on following
// parameters:
srv.id = "OAuth2";
srv.port = int(8000);
srv.host = "127.0.0.1";
srv.operation = "OAuth2Callback"; // Jolie method to call
srv.resource = "/"; // This Jolie service
initialize@HTTP(srv)();
// add pages to our HTTP server, with proper callbacks
page.id = "OAuth2";
// this page will manage but app & user autnentication.
// this is step 1 & 2 in OAuth1
page = "/authorize";
page.operation = "OAuth2Authorize";
page.resource = "/";
addPage@HTTP(page)(asd);
page = "/token";
page.operation = "OAuth2Token";
addPage@HTTP(page)(asd);
//finally start our HTTP server:
start@HTTP("OAuth2")();
// instead of a database we'll relay on this variable
issued_code=""
}
}
main
{
[authorize(codeRequest) (out) {
/* for an easy demonstration, we will authenticate only an app with
* these creadentials:
* consumer_key = "27250pnzil7tmhx";
* secret = "6yj3c6mjbdixm6i";
*
* and an user with these credentials
* token =
*
*/
[OAuth2Authorize (input) (output) {
scope (earlyreturn) {
install (errreturn =>
output.code = int(500);
undef(output.headers);
undef(output.body),
wrong_code =>
output.code = int(401); //unauthorized
undef(output.headers);
undef(output.body),
wrong_header =>
output.code = int(400); //wrong parameters
undef(output.headers);
undef(output.body),
missing_parameters =>
output.code = int(400); //wrong parameters
undef(output.headers);
undef(output.body)
);
if (input.page != "authorize") {
throw(errreturn)
};
search.pair = input.headers;
search.search = "Authentication";
pairSearch@HTTP (search) (answer);
if (!answer.found) {
throw(errreturn)
};
undef(answer.found);
//check that the required parameters are present:
search.pair << input.query;
search.search = "response_type";
pairSearch@HTTP (search) (answer);
if (!answer.found || answer != "code")
throw(missing_parameters);
response_type = answer;
search.search = "client_id";
pairSearch@HTTP (search) (answer);
if (!answer.found)
throw(missing_parameters);
client_id = answer;
// by RFC is optional, but we can require it
search.search = "redirect_uri";
pairSearch@HTTP (search) (answer);
if (!answer.found)
throw(missing_parameters);
last_callback = answer;
search.search = "scope";
pairSearch@HTTP (search) (answer);
if (!answer.found) {
authscope = "myscope"
} else {
authscope = answer
};
search.search = "state";
pairSearch@HTTP (search) (answer);
if (answer.found) {
state = answer
};
search.search = "username";
pairSearch@HTTP (search) (answer);
if (!answer.found) {
// make the user authenticate.
// this is for example ONLY.
// do NOT send user/pass in get requests...
output.code = int(200);
output.headers[0].name="Content-Type";
output.headers[0].value="text/html";
// Now we build our authentication page :
output.body =
"<html>
<head>
<title>Jolie OAuth2 auth page test</title>
</head>
<body>
<form action=\"/authorize?response_type=" + response_type +
"&client_id=" + client_id + "&redirect_uri="+last_callback+"&scope="+authscope;
if (is_defined(state)) {
output.body = output.body + "&state=" + state
};
output.body = output.body +
"\" method=\"GET\">
User: <input type=\"text\" name=\"username\"><br>
Pass: <input type=\"password\" name=\"password\"><br>
<input type=\"submit\" value=\"Authenticate\">
</form>
</body>
</html>
"
} else {
// check the credentials:
username = answer;
search.search = "password";
pairSearch@HTTP (search) (answer);
if (!answer.found)
throw(wrong_code);
if (username != "OAuthuser" || answer != "OAuthpass")
throw(wrong_code);
// everything ok. generate new tokens
createSecureToken@SecurityUtils(void)(issued_code);
// finally communicate the data
output.code = "302";
output.headers[0].name = "Location";
output.headers[0].value= last_callback + "?code=" + issued_code;
if (is_defined(state)) {
output.headers[0].value = output[0].headers.value +
"&state=" + state
}
}
}
}]{nullProcess}
[access(codeRequest) (out) {
[OAuth2Token (input) (output) {
install (errreturn =>
output.code = int(500);
undef(output.headers);
undef(output.body),
wrong_code =>
output.code = int(401); //unauthorized
undef(output.headers);
undef(output.body),
wrong_header =>
output.code = int(400); //wrong parameters
undef(output.headers);
undef(output.body)
);
scope (earlyreturn) {
if (input.page != "access") {
throw(errreturn)
};
parse_www_form@HTTP(input.body)(pairs);
pair.search = "code";
pairSearch@HTTP (pairs) (answer);
if (!answer.found || answer != issued_code)
throw(wrong_code);
pair.search = "grant_type";
pairSearch@HTTP (pairs) (answer);
if (!answer.found || answer != "authorization_code")
throw(wrong_header);
pair.search = "redirect_uri";
pairSearch@HTTP (pairs) (answer);
if (!answer.found)
throw(wrong_header);
pair.search = "client_id";
pairSearch@HTTP (pairs) (answer);
if (!answer.found || answer != "ourClientId")
throw(wrong_header);
pair.search = "client_secret";
pairSearch@HTTP (pairs) (answer);
if (!answer.found || answer != "ourClientSecret")
throw(wrong_code);
// all set, user has authenticated correctly.
// finally communicate the data
// these are the final user-authorized tokens.
// you should generate them at random and add them to your database
output.headers[0].name="Content-Type";
output.headers[0].value="application/json";
output.body ="{
\"access_token\" : \"Congratulations\",
\"token_type\" : \"bearer\",
\"expires_in\" : 3600,
}"
}
}]{nullProcess}
}
......@@ -144,7 +144,23 @@ public void handle (HttpExchange xchg) throws IOException {
req.getNewChild("protocol").setValue(xchg.getProtocol());
req.getNewChild("method").setValue(xchg.getRequestMethod());
req.getNewChild("page").setValue(xchg.getRequestURI().getPath());
req.getNewChild("query").setValue(xchg.getRequestURI().getQuery());
String query = xchg.getRequestURI().getQuery();
// save queries parameters as name-value entries
String[] queries = query.split("&");
for (int i = 0; i < queries.length; i++) {
String[] nameval = queries[i].split("=");
Value toAdd = Value.create();
if (nameval.length == 1) {
toAdd.getNewChild("name").setValue(nameval[0]);
toAdd.getNewChild("calue").setValue("");
req.getNewChild("query").deepCopy(toAdd);
} else if (nameval.length == 2) {
toAdd.getNewChild("name").setValue(nameval[0]);
toAdd.getNewChild("value").setValue(nameval[1]);
req.getNewChild("query").deepCopy(toAdd);
}
}
String encoding = "UTF-8";
Headers headers = xchg.getRequestHeaders();
......
......@@ -79,7 +79,7 @@ type HTTPCallbackReq:void {
.protocol :string
.method :string
.page :string
.query? :string
.query? :HTTPpair
.headers* :HTTPpair
.body :string
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment