@Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String requestUrl = req.getRequestURL().append('?').append(req.getQueryString()).toString(); AuthorizationCodeResponseUrl authorizationCodeResponseUrl = new AuthorizationCodeResponseUrl(requestUrl); if (authorizationCodeResponseUrl.getError() != null) { throw new IOException("Received error: " + authorizationCodeResponseUrl.getError()); } else { // Authenticate the user and store their credential with their user ID (derived from // the request). HttpSession httpSession = req.getSession(true); if (httpSession.getAttribute(Server.USER_SESSION_ID) == null) { httpSession.setAttribute(Server.USER_SESSION_ID, new Random().nextLong()); } String authorizationCode = authorizationCodeResponseUrl.getCode(); oAuth2Credentials.authenticate(authorizationCode, httpSession.getAttribute(Server.USER_SESSION_ID).toString()); } resp.sendRedirect("/"); } }
private String getUserFromUrl(AuthorizationCodeResponseUrl authorizationCodeResponseUrl) throws IOException { String state = authorizationCodeResponseUrl.getState(); if (!(state == null || state.isEmpty())) { String decoded = URLDecoder.decode(state, "UTF-8"); String[] items = decoded.split("&"); for (String str : items) { if (str.startsWith("userId=")) { return str.substring(7, str.length()); } } } return null; }
/** * When the identity provider is done with its thing, the user comes back here. */ public HttpResponse doFinishLogin(StaplerRequest request) throws IOException { StringBuffer buf = request.getRequestURL(); if (request.getQueryString() != null) { buf.append('?').append(request.getQueryString()); } AuthorizationCodeResponseUrl responseUrl = new AuthorizationCodeResponseUrl(buf.toString()); if (! uuid.equals(responseUrl.getState())) { return HttpResponses.error(401, "State is invalid"); } String code = responseUrl.getCode(); if (responseUrl.getError() != null) { return HttpResponses.error(401, "Error from provider: " + code); } else if (code == null) { return HttpResponses.error(404, "Missing authorization code"); } else { return onSuccess(code); } }
@Override protected final void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { StringBuffer buf = req.getRequestURL(); if (req.getQueryString() != null) { buf.append('?').append(req.getQueryString()); } AuthorizationCodeResponseUrl responseUrl = new AuthorizationCodeResponseUrl(buf.toString()); String code = responseUrl.getCode(); if (responseUrl.getError() != null) { onError(req, resp, responseUrl); } else if (code == null) { resp.setStatus(HttpServletResponse.SC_BAD_REQUEST); resp.getWriter().print("Missing authorization code"); } else { lock.lock(); try { if (flow == null) { flow = initializeFlow(); } String redirectUri = getRedirectUri(req); TokenResponse response = flow.newTokenRequest(code).setRedirectUri(redirectUri).execute(); String userId = getUserId(req); Credential credential = flow.createAndStoreCredential(response, userId); onSuccess(req, resp, credential); } finally { lock.unlock(); } } }
new AuthorizationCodeResponseUrl(requestUrl.toString()); final String error = authorizationCodeResponseUrl.getError(); if (error != null) { throw new OAuthAuthenticationException("Authentication failed: " + error); final String code = authorizationCodeResponseUrl.getCode(); if (code == null) { throw new OAuthAuthenticationException("Missing authorization code. ");