/** * Gets pac4j context. * * @param request the request * @param response the response * @param sessionStore the session store * @return the context */ public static J2EContext getPac4jJ2EContext(final HttpServletRequest request, final HttpServletResponse response, final SessionStore sessionStore) { return new J2EContext(request, response, sessionStore); }
/** * Store. * * @param webContext the web context */ public void store(final J2EContext webContext) { val session = Maps.<String, Object>newLinkedHashMap(); val webSession = (HttpSession) webContext.getSessionStore().getTrackableSession(webContext); val names = webSession.getAttributeNames(); while (names.hasMoreElements()) { val name = names.nextElement(); val value = webSession.getAttribute(name); session.put(name, value); } val cookieValue = serializeSessionValues(session); cookieGenerator.addCookie(webContext.getRequest(), webContext.getResponse(), cookieValue); }
@Override public boolean supports(final J2EContext context) { val responseType = context.getRequestParameter(OAuth20Constants.RESPONSE_TYPE); val clientId = context.getRequestParameter(OAuth20Constants.CLIENT_ID); return OAuth20Utils.isResponseType(responseType, OAuth20ResponseTypes.DEVICE_CODE) && StringUtils.isNotBlank(clientId); } }
@RequestMapping("/centralLogout") @ResponseBody public void centralLogout() { logoutController.logout(webContext.getRequest(), webContext.getResponse()); }
@Override public ModelAndView resolve(final J2EContext context, final OAuthRegisteredService service) { var bypassApprovalParameter = context.getRequestParameter(OAuth20Constants.BYPASS_APPROVAL_PROMPT); if (StringUtils.isBlank(bypassApprovalParameter)) { bypassApprovalParameter = (String) context.getSessionStore().get(context, OAuth20Constants.BYPASS_APPROVAL_PROMPT); } LOGGER.trace("Bypassing approval prompt for service [{}]: [{}]", service, bypassApprovalParameter); if (Boolean.TRUE.toString().equalsIgnoreCase(bypassApprovalParameter) || isConsentApprovalBypassed(context, service)) { context.getSessionStore().set(context, OAuth20Constants.BYPASS_APPROVAL_PROMPT, Boolean.TRUE.toString()); return new ModelAndView(); } return redirectToApproveView(context, service); }
ticketGrantingTicketCookieGenerator, this.ticketRegistry, context.getRequest()); val grantType = StringUtils.defaultIfEmpty(context.getRequestParameter(OAuth20Constants.GRANT_TYPE), OAuth20GrantTypes.AUTHORIZATION_CODE.getType()).toUpperCase(); val scopes = OAuth20Utils.parseRequestScopes(context); val codeChallenge =context.getRequestParameter(OAuth20Constants.CODE_CHALLENGE); val codeChallengeMethod = StringUtils.defaultIfEmpty(context.getRequestParameter(OAuth20Constants.CODE_CHALLENGE_METHOD), OAuth20GrantTypes.AUTHORIZATION_CODE.getType()).toUpperCase(); val holder = AccessTokenRequestDataHolder.builder()
/** * Gets requested scopes. * * @param context the context * @return the requested scopes */ public static Collection<String> getRequestedScopes(final J2EContext context) { return getRequestedScopes(context.getRequest()); }
/** * Retrieve. * * @param webContext the web context */ public void restore(final J2EContext webContext) { val value = cookieGenerator.retrieveCookieValue(webContext.getRequest()); if (StringUtils.isNotBlank(value)) { val blob = EncodingUtils.hexDecode(value); val session = serializer.from(blob); session.forEach((k, v) -> webContext.getSessionStore().set(webContext, k, v)); } removeCookie(webContext); }
/** * Remove cookie. * * @param webContext the web context */ public void removeCookie(final J2EContext webContext) { cookieGenerator.removeCookie(webContext.getResponse()); }
@RequestMapping("/index.html") public String index(final Map<String, Object> map) throws HttpAction { map.put("profiles", profileManager.getAll(true)); map.put("sessionId", webContext.getSessionStore().getOrCreateSessionId(webContext)); return "index"; }
@Override public boolean validate(final J2EContext context) { val request = context.getRequest(); val response = context.getResponse(); val grantType = request.getParameter(OAuth20Constants.GRANT_TYPE); if (!isGrantTypeSupported(grantType, OAuth20GrantTypes.values())) { LOGGER.warn("Grant type is not supported: [{}]", grantType); return false; } val manager = Pac4jUtils.getPac4jProfileManager(request, response); val profile = (Optional<CommonProfile>) manager.get(true); if (profile.isEmpty()) { LOGGER.warn("Could not locate authenticated profile for this request. Request is not authenticated"); return false; } val uProfile = profile.get(); return validateInternal(context, grantType, manager, uProfile); }
val metadata = new BasicCredentialMetaData(new BasicIdentifiableCredential(profile.getId())); val handlerResult = new DefaultAuthenticationHandlerExecutionResult(authenticator, metadata, newPrincipal, new ArrayList<>()); val scopes = CollectionUtils.toCollection(context.getRequest().getParameterValues(OAuth20Constants.SCOPE)); val state = StringUtils.defaultIfBlank(context.getRequestParameter(OAuth20Constants.STATE), StringUtils.EMPTY); val nonce = StringUtils.defaultIfBlank(context.getRequestParameter(OAuth20Constants.NONCE), StringUtils.EMPTY); LOGGER.debug("OAuth [{}] is [{}], and [{}] is [{}]", OAuth20Constants.STATE, state, OAuth20Constants.NONCE, nonce);
/** * Parse request scopes set. * * @param context the context * @return the set */ public static Set<String> parseRequestScopes(final J2EContext context) { return parseRequestScopes(context.getRequest()); }
/** * Verify the access token request. * * @param request the HTTP request * @param response the HTTP response * @return true, if successful */ private boolean verifyAccessTokenRequest(final HttpServletRequest request, final HttpServletResponse response) { if (accessTokenGrantRequestValidators.isEmpty()) { LOGGER.warn("No validators are defined to examine the access token request for eligibility"); return false; } val context = new J2EContext(request, response); return this.accessTokenGrantRequestValidators.stream() .filter(ext -> ext.supports(context)) .findFirst() .orElseThrow((Supplier<RuntimeException>) () -> new UnsupportedOperationException("Access token request is not supported")) .validate(context); } }
@Override public View build(final J2EContext context, final String clientId, final AccessTokenRequestDataHolder holder) { val accessTokenResult = accessTokenGenerator.generate(holder); val result = OAuth20AccessTokenResponseResult.builder() .registeredService(holder.getRegisteredService()) .service(holder.getService()) .accessTokenTimeout(accessTokenExpirationPolicy.getTimeToLive()) .responseType(OAuth20Utils.getResponseType(context)) .casProperties(casProperties) .generatedToken(accessTokenResult) .build(); accessTokenResponseGenerator.generate(context.getRequest(), context.getResponse(), result); return null; }
@Override protected boolean validateInternal(final J2EContext context, final String grantType, final ProfileManager manager, final UserProfile uProfile) { val request = context.getRequest(); val clientId = uProfile.getId(); val redirectUri = request.getParameter(OAuth20Constants.REDIRECT_URI); val code = context.getRequestParameter(OAuth20Constants.CODE); val token = ticketRegistry.getTicket(code, OAuthCode.class); if (token == null || token.isExpired()) {
/** * Is authorized grant type for service? * * @param context the context * @param registeredService the registered service * @return true/false */ public static boolean isAuthorizedGrantTypeForService(final J2EContext context, final OAuthRegisteredService registeredService) { return isAuthorizedGrantTypeForService( context.getRequestParameter(OAuth20Constants.GRANT_TYPE), registeredService); }
/** * Build service. * * @param registeredService the registered service * @param context the context * @param useServiceHeader the use service header * @return the service */ public Service buildService(final OAuthRegisteredService registeredService, final J2EContext context, final boolean useServiceHeader) { var id = StringUtils.EMPTY; if (useServiceHeader) { id = OAuth20Utils.getServiceRequestHeaderIfAny(context.getRequest()); LOGGER.debug("Located service based on request header is [{}]", id); } if (StringUtils.isBlank(id)) { id = registeredService.getClientId(); } return webApplicationServiceServiceFactory.createService(id); }
@Bean @RequestScope public J2EContext getWebContext() { return new J2EContext(request, response, getSessionStore()); }
@Override public boolean supports(final J2EContext context) { val grantType = context.getRequestParameter(OAuth20Constants.GRANT_TYPE); return OAuth20Utils.isGrantType(grantType, OAuth20GrantTypes.CLIENT_CREDENTIALS); } }