001/* 002 * (C) Copyright 2006-2013 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nelson Silva <nelson.silva@inevo.pt> - initial API and implementation 018 * Nuxeo 019 */ 020 021package org.nuxeo.ecm.platform.oauth2.openid; 022 023import org.apache.commons.lang3.ArrayUtils; 024import org.apache.commons.lang3.StringUtils; 025import org.nuxeo.common.xmap.annotation.XNode; 026import org.nuxeo.common.xmap.annotation.XNodeList; 027import org.nuxeo.common.xmap.annotation.XObject; 028import org.nuxeo.ecm.platform.oauth2.openid.auth.DefaultOpenIDUserInfo; 029import org.nuxeo.ecm.platform.oauth2.openid.auth.EmailBasedUserResolver; 030import org.nuxeo.ecm.platform.oauth2.openid.auth.OpenIDUserInfo; 031import org.nuxeo.ecm.platform.oauth2.openid.auth.UserResolver; 032import org.nuxeo.runtime.model.Descriptor; 033 034@XObject("provider") 035public class OpenIDConnectProviderDescriptor implements Descriptor { 036 037 public static final String DEFAULT_ACCESS_TOKEN_KEY = "access_token"; 038 039 public static final Class<? extends UserResolver> DEFAULT_USER_RESOLVER_CLASS = EmailBasedUserResolver.class; 040 041 public static final Class<? extends RedirectUriResolver> DEFAULT_REDIRECT_URI_RESOLVER_CLASS = RedirectUriResolverHelper.class; 042 043 public static final Class<? extends OpenIDUserInfo> DEFAULT_USER_INFO_CLASS = DefaultOpenIDUserInfo.class; 044 045 /** 046 * @since 11.1 047 */ 048 public static final String URL_AUTHENTICATION_METHOD = "url"; 049 050 /** 051 * @since 11.1 052 */ 053 public static final String BEARER_AUTHENTICATION_METHOD = "bearer"; 054 055 /** 056 * @since 11.1 057 */ 058 public static final String DEFAULT_AUTHENTICATION_METHOD = URL_AUTHENTICATION_METHOD; 059 060 @XNode("@enabled") 061 protected boolean enabled = true; 062 063 @XNode("name") 064 protected String name; 065 066 @XNode("tokenServerURL") 067 protected String tokenServerURL; 068 069 @XNode("authorizationServerURL") 070 protected String authorizationServerURL; 071 072 @XNode("userInfoURL") 073 protected String userInfoURL; 074 075 @XNode("accessTokenKey") 076 protected String accessTokenKey = DEFAULT_ACCESS_TOKEN_KEY; 077 078 @XNode("clientId") 079 protected String clientId; 080 081 @XNode("clientSecret") 082 protected String clientSecret; 083 084 @XNodeList(value = "scope", type = String[].class, componentType = String.class) 085 protected String[] scopes; 086 087 @XNode("icon") 088 protected String icon; 089 090 @XNode("label") 091 protected String label; 092 093 @XNode("description") 094 protected String description; 095 096 @XNode("userResolverClass") 097 protected Class<? extends UserResolver> userResolverClass; 098 099 @XNode("userMapperName") 100 protected String userMapper; 101 102 @XNode("redirectUriResolver") 103 protected Class<? extends RedirectUriResolver> redirectUriResolver = DEFAULT_REDIRECT_URI_RESOLVER_CLASS; 104 105 @XNode("userInfoClass") 106 protected Class<? extends OpenIDUserInfo> userInfoClass = DEFAULT_USER_INFO_CLASS; 107 108 /** 109 * @since 11.1 110 */ 111 @XNode("authenticationMethod") 112 protected String authenticationMethod = DEFAULT_AUTHENTICATION_METHOD; 113 114 @Override 115 public String getId() { 116 return getName(); 117 } 118 119 public String getName() { 120 return name; 121 } 122 123 public String getTokenServerURL() { 124 return tokenServerURL; 125 } 126 127 public String getAuthorizationServerURL() { 128 return authorizationServerURL; 129 } 130 131 public String getClientId() { 132 return clientId; 133 } 134 135 public String getClientSecret() { 136 return clientSecret; 137 } 138 139 public String[] getScopes() { 140 return scopes; 141 } 142 143 public String getUserInfoURL() { 144 return userInfoURL; 145 } 146 147 public String getAccessTokenKey() { 148 return accessTokenKey; 149 } 150 151 public String getIcon() { 152 return icon; 153 } 154 155 public boolean isEnabled() { 156 return enabled; 157 } 158 159 public void setEnabled(boolean enabled) { 160 this.enabled = enabled; 161 } 162 163 public String getLabel() { 164 return label; 165 } 166 167 public String getDescription() { 168 return description; 169 } 170 171 public String getUserMapper() { 172 return userMapper; 173 } 174 175 public Class<? extends UserResolver> getUserResolverClass() { 176 if (userResolverClass == null && userMapper == null) { 177 return DEFAULT_USER_RESOLVER_CLASS; 178 } 179 return userResolverClass; 180 } 181 182 public Class<? extends RedirectUriResolver> getRedirectUriResolver() { 183 return redirectUriResolver; 184 } 185 186 public Class<? extends OpenIDUserInfo> getUserInfoClass() { 187 return userInfoClass; 188 } 189 190 /** 191 * @since 11.1 192 */ 193 public String getAuthenticationMethod() { 194 return authenticationMethod; 195 } 196 197 @Override 198 public Descriptor merge(Descriptor o) { 199 OpenIDConnectProviderDescriptor other = (OpenIDConnectProviderDescriptor) o; 200 OpenIDConnectProviderDescriptor merged = new OpenIDConnectProviderDescriptor(); 201 merged.name = name; 202 merged.enabled = other.enabled; 203 merged.authorizationServerURL = StringUtils.isNotBlank(other.authorizationServerURL) 204 ? other.authorizationServerURL 205 : authorizationServerURL; 206 merged.clientId = StringUtils.isNotBlank(other.clientId) ? other.clientId : clientId; 207 merged.clientSecret = StringUtils.isNotBlank(other.clientSecret) ? other.clientSecret : clientSecret; 208 merged.icon = StringUtils.isNotBlank(other.icon) ? other.icon : icon; 209 merged.scopes = ArrayUtils.isNotEmpty(other.scopes) ? other.scopes : scopes; 210 merged.tokenServerURL = StringUtils.isNotBlank(other.tokenServerURL) ? other.tokenServerURL : tokenServerURL; 211 merged.userInfoURL = StringUtils.isNotBlank(other.userInfoURL) ? other.userInfoURL : userInfoURL; 212 merged.label = StringUtils.isNotBlank(other.label) ? other.label : label; 213 merged.description = StringUtils.isNotBlank(other.description) ? other.description : description; 214 merged.accessTokenKey = !other.accessTokenKey.equals(DEFAULT_ACCESS_TOKEN_KEY) ? other.accessTokenKey 215 : accessTokenKey; 216 merged.userInfoClass = other.userInfoClass != DEFAULT_USER_INFO_CLASS ? other.userInfoClass : userInfoClass; 217 merged.redirectUriResolver = other.redirectUriResolver != DEFAULT_REDIRECT_URI_RESOLVER_CLASS 218 ? other.redirectUriResolver 219 : redirectUriResolver; 220 Class<? extends UserResolver> otherUserResolverClass = other.getUserResolverClass(); 221 merged.userResolverClass = otherUserResolverClass != DEFAULT_USER_RESOLVER_CLASS ? otherUserResolverClass : userResolverClass; 222 merged.userMapper = StringUtils.isNotBlank(other.userMapper) ? other.userMapper : userMapper; 223 merged.authenticationMethod = !other.authenticationMethod.equals(DEFAULT_AUTHENTICATION_METHOD) 224 ? other.authenticationMethod 225 : authenticationMethod; 226 return merged; 227 } 228}