WebSphere Portal oAuth2 – GAE

I have come up with below architecture to read GAE appspot data with oAuth2.0
1.Create Service account and private key using Google API console
2.Create JWT (JSON Web Token) on the portal application which wants to access the data from GAE
3.Pass JWT Token as part of the headers to appspot
4.Validate JWT token from appspot and send the request information in JSON format.
gae-oauth2

Sample code to create JWT :

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ResourceBundle;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.json.JSONException;
import org.json.JSONObject;
import com.google.gson.JsonParser;

/**
* Servlet implementation class GoogleServiceAccount
*/
public class GoogleServiceAccountOAuth {

static String keyAlias = "privatekey";
public ResourceBundle bundle = ResourceBundle
.getBundle("com.ibm.ereportscursors.nl.EReportsCursorsPortletResource");
public static byte[] signData(byte[] data, PrivateKey privateKey)
throws InvalidKeyException, SignatureException,
NoSuchAlgorithmException {
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
}

public static String encodeBase64(byte[] rawData) {
byte[] data = Base64.encodeBase64(rawData);
return data.toString();
}

private static PrivateKey getPrivateKey(InputStream fis, String password)
throws KeyStoreException, IOException, NoSuchAlgorithmException,
CertificateException, UnrecoverableKeyException {
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(fis, password.toCharArray());
PrivateKey privateKey = (PrivateKey) keystore.getKey(keyAlias, password
.toCharArray());
return privateKey;
}

public String getAccessToken(String oAuth_EmailID) {
String token_str="";
String password = bundle.getString("Certificate_Pwd");
try {
String jwtHeaderStr = null;
String jwtClaimStr = null;
PrivateKey privateKey = null;

// JWT HEADER
JSONObject jwtHeader = new JSONObject();
try {
jwtHeader.put("alg", "RS256");
jwtHeader.put("typ", "JWT");
jwtHeaderStr = jwtHeader.toString();
} catch (JSONException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

byte[] encodedHeader = Base64.encodeBase64(jwtHeaderStr
.getBytes("UTF-8"));

// JWT CLAIMSET
JSONObject jwtClaimSet = new JSONObject();
long iat = (System.currentTimeMillis() / 1000) - 60;
long exp = iat + 3600;
try {
jwtClaimSet
.put("iss",
oAuth_EmailID);
jwtClaimSet.put("scope",
bundle.getString("OAuth_Scope"));

jwtClaimSet.put("aud",
bundle.getString("OAuth_Aud"));
jwtClaimSet.put("exp", +exp);
jwtClaimSet.put("iat", +iat);
jwtClaimStr = jwtClaimSet.toString();
} catch (JSONException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

byte[] encodedClaimSet = Base64.encodeBase64(jwtClaimStr
.getBytes("UTF-8"));

StringBuffer token = new StringBuffer();
token.append(new String(encodedHeader));
token.append(".");
token.append(new String(encodedClaimSet));

// JWT SIGNATURE
InputStream fis = this.getClass().getResourceAsStream(
"ereports_test1.p12");
privateKey = getPrivateKey(fis, password);
byte[] sig = signData(token.toString().getBytes("UTF-8"),
privateKey);
byte[] encodedSig = Base64.encodeBase64(sig);
System.out.println("Signature before encoding:"
+ new String(encodedSig));
String signedPayload = encodeBase64(sig);
// System.out.println("Signature before encoding:"+signedPayload);
token.append(".");
// token.append(signedPayload);
token.append(new String(encodedSig));

HttpClient client = new HttpClient();
PostMethod method = new PostMethod(
bundle.getString("OAuth_PostURL"));
method.addRequestHeader("Content-Type",
bundle.getString("OAuth_PostContentType"));
method.addParameter("grant_type",
bundle.getString("OAuth_Grant_Type"));
System.out.println("printing Token.toString():" + token.toString());
method.addParameter("assertion", token.toString());

try {
int responseCode = client.executeMethod(method);
System.out.println(responseCode);
String respop = method.getResponseBodyAsString();
System.out.println(method.getResponseBodyAsString());

JsonParser parser = new JsonParser();

token_str = parser.parse(respop).getAsJsonObject().get(
"access_token").getAsString();
} catch (HttpException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (Exception e) {
e.printStackTrace();
}
return Ā token_str;

}

</div>
<div class="separator">

}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s