PL-9551 JavaDoc for new IDP methods and REST API events

modules/global/src/com/haulmont/cuba/security/app/IdpService.java

@@ -67,22 +67,28 @@ public interface IdpService {
     boolean logoutUserSession(String idpSessionId);
 
     /**
+     * Activate service provider ticket and get IDP session.
+     *
      * @param serviceProviderTicket service provider ticket
-     * @return IDP session object
+     * @return IDP session object or null if service provider ticket not found.
      */
     @Nullable
     IdpSession activateServiceProviderTicket(String serviceProviderTicket);
 
     /**
+     * Create service provider ticket.
+     *
      * @param sessionId IDP session id
-     * @return new service provider ticket
+     * @return new service provider ticket or null if session not found.
      */
     @Nullable
     String createServiceProviderTicket(String sessionId);
 
     /**
+     * Get session object.
+     *
      * @param sessionId IDP session id
-     * @return IDP session object
+     * @return IDP session object or null if session not found.
      */
     @Nullable
     IdpSession getSession(String sessionId);

modules/rest-api/src/com/haulmont/restapi/auth/OAuthTokenIssuer.java

@@ -31,8 +31,8 @@ public interface OAuthTokenIssuer {
     /**
      * Issue token for principal.
      *
-     * @param login  an existing user login
-     * @param locale locale
+     * @param login       an existing user login
+     * @param locale      locale
      * @param loginParams params that are passed to login mechanism
      * @return result with logged in user session and newly generated OAuth2 access token
      * @throws BadCredentialsException in case of user is now allowed to use REST-API or middleware
@@ -43,14 +43,14 @@ public interface OAuthTokenIssuer {
     /**
      * Issue token for principal.
      *
-     * @param login  an existing user login
-     * @param locale locale
-     * @param tokenReqest additional login and token parameters
+     * @param login        an existing user login
+     * @param locale       locale
+     * @param tokenRequest additional login and token parameters
      * @return result with logged in user session and newly generated OAuth2 access token
      * @throws BadCredentialsException in case of user is now allowed to use REST-API or middleware
      *                                 throws {@link com.haulmont.cuba.security.global.LoginException} during login
      */
-    OAuth2AccessTokenResult issueToken(String login, Locale locale, OAuth2AccessTokenReqest tokenReqest);
+    OAuth2AccessTokenResult issueToken(String login, Locale locale, OAuth2AccessTokenReqest tokenRequest);
 
     /**
      * Result of programmatic access token generation.

modules/rest-api/src/com/haulmont/restapi/events/AfterRestInvocationEvent.java

@@ -22,6 +22,9 @@ import org.springframework.security.core.Authentication;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
+/**
+ * Event fired after REST controller call.
+ */
 public class AfterRestInvocationEvent extends ApplicationEvent {
 
     private ServletRequest request;

modules/rest-api/src/com/haulmont/restapi/events/BeforeRestInvocationEvent.java

@@ -22,6 +22,10 @@ import org.springframework.security.core.Authentication;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
+/**
+ * Event fired before a call of a REST controller.
+ * Event listeners can prevent a controller invocation using {@link #preventInvocation()} method.
+ */
 public class BeforeRestInvocationEvent extends ApplicationEvent {
 
     private ServletRequest request;

modules/rest-api/src/com/haulmont/restapi/events/OAuthTokenRevokedEvent.java

@@ -20,6 +20,9 @@ import com.haulmont.restapi.auth.TokenRevocationInitiator;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 
+/**
+ * Event fired after OAuth token revocation.
+ */
 public class OAuthTokenRevokedEvent extends ApplicationEvent {
     protected TokenRevocationInitiator revocationInitiator;
 
@@ -33,6 +36,10 @@ public class OAuthTokenRevokedEvent extends ApplicationEvent {
         return (OAuth2AccessToken) super.getSource();
     }
 
+    public OAuth2AccessToken getAccessToken() {
+        return (OAuth2AccessToken) super.getSource();
+    }
+
     public TokenRevocationInitiator getRevocationInitiator() {
         return revocationInitiator;
     }

modules/rest-api/src/com/haulmont/restapi/events/OAuthTokenRevokedResponseEvent.java

@@ -23,7 +23,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import javax.annotation.Nullable;
 
 /**
- * Event fired when token has been revoked by client.
+ * Event fired when token has been revoked by client before HTTP response is sent.
  */
 public class OAuthTokenRevokedResponseEvent extends ApplicationEvent {
     protected String requestedRevocationToken;

modules/rest-api/src/com/haulmont/restapi/idp/IdpAuthController.java

@@ -132,6 +132,12 @@ public class IdpAuthController implements InitializingBean {
 
     @GetMapping(value = "/v2/idp/login")
     public ResponseEntity login(@RequestParam(value = "redirectUrl", required = false) String redirectUrl) {
+        if (!idpConfig.getIdpEnabled()) {
+            log.debug("IDP authentication is disabled. Property cuba.rest.idp.enabled is false");
+
+            throw new InvalidGrantException("IDP is not supported");
+        }
+
         if (redirectUrl == null) {
             redirectUrl = idpDefaultRedirectUrl;
         }
@@ -152,6 +158,12 @@ public class IdpAuthController implements InitializingBean {
 
     @GetMapping(value = "/v2/idp/status")
     public ResponseEntity status() {
+        if (!idpConfig.getIdpEnabled()) {
+            log.debug("IDP authentication is disabled. Property cuba.rest.idp.enabled is false");
+
+            throw new InvalidGrantException("IDP is not supported");
+        }
+
         return ResponseEntity
                 .status(HttpStatus.FOUND)
                 .location(URI.create(getIdpStatusUrl()))

modules/rest-api/src/com/haulmont/restapi/idp/IdpAuthLifecycleManager.java

@@ -95,7 +95,7 @@ public class IdpAuthLifecycleManager implements InitializingBean {
 
                     String idpLoginUrl = getIdpLoginUrl(idpConfig.getIdpDefaultRedirectUrl());
                     Gson gson = new Gson();
-                    String body = gson.toJson(new IdpLogoutResponse(idpLoginUrl));
+                    String body = gson.toJson(new IdpSessionExpiredResponse("idp_session_expired", idpLoginUrl));
 
                     HttpServletResponse response = (HttpServletResponse) event.getResponse();
                     try {

modules/rest-api/src/com/haulmont/restapi/idp/IdpSessionExpiredResponse.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2008-2017 Haulmont.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.haulmont.restapi.idp;
+
+public class IdpSessionExpiredResponse {
+    private String error;
+    private String location;
+
+    public IdpSessionExpiredResponse() {
+    }
+
+    public IdpSessionExpiredResponse(String error, String location) {
+        this.location = location;
+        this.error = error;
+    }
+
+    public String getLocation() {
+        return location;
+    }
+
+    public void setLocation(String location) {
+        this.location = location;
+    }
+
+    public String getError() {
+        return error;
+    }
+
+    public void setError(String error) {
+        this.error = error;
+    }
+}