public static String getParam(HttpServletRequest req, String key){ String[] values = req.getParameterValues(key); if(values == null && values.length == 0) return null; if(1 < values.length){ throw new OA2RedirectableError(OA2Errors.INVALID_REQUEST, "Invalid request: Multiple parameters are not supported for \"" + key + "\"", req.getParameter(OA2Constants.STATE)); } return values[0]; } }
protected void handleOA2Error(OA2RedirectableError oa2RedirectableError, HttpServletResponse response) throws IOException { if (oa2RedirectableError.getCallback() == null) { String cb = oa2RedirectableError.getCallback().toString(); boolean hasQM = (0 < cb.indexOf("?")); // CIL-407 FIX cb = cb + (hasQM?"&":"?") + OA2Constants.ERROR + "=" + oa2RedirectableError.getError() + "&" + URLEncoder.encode(OA2Constants.ERROR_DESCRIPTION, "UTF-8") + "=" + URLEncoder.encode(oa2RedirectableError.getDescription(), "UTF-8"); String state = oa2RedirectableError.getState(); state = state == null ? "" : state; cb = cb + "&" + OA2Constants.STATE + "=" + URLEncoder.encode(state, "UTF-8");
/** * Convert a redirectable error to a general one. The default is to set the status code * to 400 = bad request so something is there. * @param error */ public OA2GeneralError(OA2RedirectableError error) { setDescription(error.getDescription()); setError(error.getError()); setHttpStatus(HttpStatus.SC_BAD_REQUEST); }
getLogger().info("get a standard error with a redirect"); OA2RedirectableError oa2RedirectableError = (OA2RedirectableError) t; request.setAttribute(OA2Constants.ERROR, oa2RedirectableError.getError()); request.setAttribute(OA2Constants.ERROR_DESCRIPTION, oa2RedirectableError.getDescription()); request.setAttribute(OA2Constants.STATE, oa2RedirectableError.getState()); } else if (t instanceof ServiceClientHTTPException) {
/** * Basically, if the prompt parameter is there, we only support the login option. * * @param map */ protected void checkPrompts(Map<String, String> map) { if (!map.containsKey(PROMPT)) return; //nix to do String prompts = map.get(PROMPT); // now we have tos ee what is in it. StringTokenizer st = new StringTokenizer(prompts); ArrayList<String> prompt = new ArrayList<>(); while (st.hasMoreElements()) { prompt.add(st.nextToken()); } // CIL-91 if prompt = none is passed in, return an error with login_required as the message. if (!prompt.contains(PROMPT_NONE) && prompt.size() == 0) { throw new OA2RedirectableError(OA2Errors.LOGIN_REQUIRED, "A login is required on this server", map.get(OA2Constants.STATE)); } if (prompt.contains(PROMPT_NONE) && 1 < prompt.size()) { throw new OA2RedirectableError(OA2Errors.INVALID_REQUEST, "You cannot specify \"none\" for the prompt and any other option", map.get(OA2Constants.STATE)); } if (prompt.contains(PROMPT_LOGIN)) return; // At this point there is neither a "none" or a "login" and we don's support anything else. throw new OA2RedirectableError(OA2Errors.LOGIN_REQUIRED, "You must specify \"login\" as an option", map.get(OA2Constants.STATE)); }
String callback = httpServletRequest.getParameter(OA2Constants.REDIRECT_URI); if (httpServletRequest.getParameterMap().containsKey(OA2Constants.REQUEST_URI)) { throw new OA2RedirectableError(OA2Errors.REQUEST_URI_NOT_SUPPORTED, "Request uri not supported by this server", httpServletRequest.getParameter(OA2Constants.STATE), throw new OA2RedirectableError(OA2Errors.REQUEST_NOT_SUPPORTED, "Request not supported by this server", httpServletRequest.getParameter(OA2Constants.STATE), throw new OA2RedirectableError(OA2Errors.INVALID_REQUEST, "no response type", httpServletRequest.getParameter(OA2Constants.STATE),
if (!t.getClient().getIdentifierString().equals(idToken.getString(OA2Claims.AUDIENCE))) { throw new OA2RedirectableError(OA2Errors.REQUEST_NOT_SUPPORTED, "Incorrect aud parameter in the ID token. This request is not supported on this server", state, callback); throw new OA2RedirectableError(OA2Errors.REQUEST_NOT_SUPPORTED, "No aud parameter in the ID token. This request is not supported on this server", state, callback); throw new OA2RedirectableError(OA2Errors.LOGIN_REQUIRED, "Login required.", state, callback);
DebugUtil.dbg(this, ".resolveScopes: server scopes=" + ((OA2SE) MyProxyDelegationServlet.getServiceEnvironment()).getScopes()); if (rawScopes == null || rawScopes.length() == 0) { throw new OA2RedirectableError(OA2Errors.INVALID_SCOPE, "Missing scopes parameter.", state, givenRedirect); String x = stringTokenizer.nextToken(); if (!OA2Scopes.ScopeUtil.hasScope(x)) { throw new OA2RedirectableError(OA2Errors.INVALID_SCOPE, "Unrecognized scope \"" + x + "\"", state, givenRedirect); throw new OA2RedirectableError(OA2Errors.INVALID_REQUEST, "Scopes must contain " + OA2Scopes.SCOPE_OPENID, state, givenRedirect); return scopes;
throw new OA2RedirectableError(OA2Errors.INVALID_REQUEST, "Only " + DISPLAY + "=" + DISPLAY_PAGE + " is supported", state, givenRedirect); throw new OA2RedirectableError(OA2Errors.INVALID_REQUEST, "The " + OA2Constants.MAX_AGE + " parameter is not supported at this time.", state, givenRedirect); throw new OA2RedirectableError(OA2Errors.REQUEST_NOT_SUPPORTED, "The \"request\" parameter is not supported on this server", state, givenRedirect); throw new OA2RedirectableError(OA2Errors.REQUEST_URI_NOT_SUPPORTED, "The \"request_uri\" parameter is not supported on this server", state, givenRedirect);
@Override protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable { if (request.getParameterMap().containsKey(OA2Constants.ERROR)) { throw new OA2RedirectableError(request.getParameter(OA2Constants.ERROR), request.getParameter(OA2Constants.ERROR_DESCRIPTION), request.getParameter(OA2Constants.STATE));