Refine search
@Override public void handle(Request req, Response rsp, Route.Chain chain) throws Throwable { try { WebContext context = req.require(WebContext.class); /** 1: don't save authentication urls: */ String existingRequestedUrl = (String) context .getSessionAttribute(Pac4jConstants.REQUESTED_URL); boolean resetRequestedUrl = excludes.stream() .filter(it -> !it.endsWith("/**") && req.matches(it)) .findFirst() .isPresent(); conf.getSecurityLogic() .perform(context, conf, new Pac4jGrantAccessAdapter(req, rsp, chain), conf.getHttpActionAdapter(), clients, authorizers, matchers, multiProfile); /** 2: don't save authentication urls: */ if (resetRequestedUrl && req.ifSession().isPresent()) { // log.info("ignoring {} by {}", ctx.g, existingRequestedUrl); context.setSessionAttribute(Pac4jConstants.REQUESTED_URL, existingRequestedUrl); } } catch (TechnicalException x) { Throwable cause = x.getCause(); if (!(cause instanceof Err)) { // Pac4j wrap everything as TechnicalException, it makes stacktrace ugly, so we rethrow // Err cause = x; } throw cause; } // } }
public static String getFullRequestURL(WebContext ctx, Request req, String path) { StringBuilder url = new StringBuilder(); url.append(ctx.getScheme()).append("://").append(ctx.getServerName()).append(":") .append(ctx.getServerPort()); url.append(req.contextPath()).append(path); req.queryString().ifPresent(query -> url.append("?").append(query)); return url.toString(); }
@Override protected void clientInit() { CommonHelper.assertNotNull("scope", this.scope); if (this.scope == null) this.scope = WeiboScope.EMAIL; this.scopeValue = this.scope.toString().toLowerCase(); configuration.setApi(new WeiboApi20()); configuration.setScope(scopeValue); configuration.setProfileDefinition(new WeiboProfileDefinition()); configuration.setWithState(true); configuration.setHasBeenCancelledFactory(ctx -> { final String error = ctx.getRequestParameter(OAuthCredentialsException.ERROR); if ("access_denied".equals(error)) { return true; } return false; }); super.clientInit(); }
@Override protected UsernamePasswordCredentials retrieveCredentials(final WebContext context) { assertNotNull("credentialsExtractor", getCredentialsExtractor()); assertNotNull("authenticator", getAuthenticator()); // set the www-authenticate in case of error context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Basic realm=\"" + realmName + "\""); final UsernamePasswordCredentials credentials; try { // retrieve credentials credentials = getCredentialsExtractor().extract(context); logger.debug("credentials : {}", credentials); if (credentials == null) { throw HttpAction.unauthorized(context); } // validate credentials getAuthenticator().validate(credentials, context); } catch (final CredentialsException e) { throw HttpAction.unauthorized(context); } return credentials; }
@Override protected void clientInit() { CommonHelper.assertNotBlank("fields", getConfiguration().getFields()); configuration.setApi(FacebookApi.instance()); configuration.setProfileDefinition(new FacebookProfileDefinition()); configuration.setHasBeenCancelledFactory(ctx -> { final String error = ctx.getRequestParameter(OAuthCredentialsException.ERROR); final String errorReason = ctx.getRequestParameter(OAuthCredentialsException.ERROR_REASON); // user has denied permissions if ("access_denied".equals(error) && "user_denied".equals(errorReason)) { return true; } else { return false; } }); configuration.setWithState(true); defaultProfileCreator(new FacebookProfileCreator(configuration, this)); super.clientInit(); }
nonce = new Nonce((String) context.getSessionStore().get(context, OidcConfiguration.NONCE_SESSION_ATTRIBUTE)); } else { nonce = null; assertNotNull("claimsSet", claimsSet); profile.setId(ProfileHelper.sanitizeIdentifier(profile, claimsSet.getSubject()));
if (configuration.isWithState()) { final String stateParameter = context.getRequestParameter(OAuth20Configuration.STATE_REQUEST_PARAMETER); if (CommonHelper.isNotBlank(stateParameter)) { final String stateSessionAttributeName = this.configuration.getStateSessionAttributeName(client.getName()); final String sessionState = (String) context.getSessionStore().get(context, stateSessionAttributeName); context.getSessionStore().set(context, stateSessionAttributeName, null); logger.debug("sessionState: {} / stateParameter: {}", sessionState, stateParameter); if (!stateParameter.equals(sessionState)) { final String codeParameter = context.getRequestParameter(OAuth20Configuration.OAUTH_CODE); if (codeParameter != null) { final String code = OAuthEncoder.decode(codeParameter);
@Override public RedirectAction getLogoutAction(final WebContext context, final U currentProfile, final String targetUrl) { final String logoutUrl = configuration.getLogoutUrl(); if (CommonHelper.isNotBlank(logoutUrl)) { try { final URI endSessionEndpoint = new URI(logoutUrl); final JWT idToken = currentProfile.getIdToken(); LogoutRequest logoutRequest; if (CommonHelper.isNotBlank(targetUrl)) { logoutRequest = new LogoutRequest(endSessionEndpoint, idToken, new URI(targetUrl), null); } else { logoutRequest = new LogoutRequest(endSessionEndpoint, idToken); } if (ajaxRequestResolver.isAjax(context)) { context.getSessionStore().set(context, Pac4jConstants.REQUESTED_URL, ""); context.setResponseHeader(HttpConstants.LOCATION_HEADER, logoutRequest.toURI().toString()); throw HttpAction.status(403, context); } return RedirectAction.redirect(logoutRequest.toURI().toString()); } catch (final URISyntaxException e) { throw new TechnicalException(e); } } return null; }
protected byte[] getBase64DecodedMessage() throws MessageDecodingException { String encodedMessage = null; for (final String parameter : SAML_PARAMETERS) { encodedMessage = this.context.getRequestParameter(parameter); if (CommonHelper.isNotBlank(encodedMessage)) { break; } } if (Strings.isNullOrEmpty(encodedMessage)) { encodedMessage = this.context.getRequestContent(); } if (Strings.isNullOrEmpty(encodedMessage)) { throw new MessageDecodingException("Request did not contain either a SAMLRequest parameter, a SAMLResponse parameter, " + "a logoutRequest parameter or a body content"); } else { if (encodedMessage.contains("<")) { logger.trace("Raw SAML message:\n{}", encodedMessage); return encodedMessage.getBytes(StandardCharsets.UTF_8); } else { final byte[] decodedBytes = Base64Support.decode(encodedMessage); logger.trace("Decoded SAML message:\n{}", new String(decodedBytes, StandardCharsets.UTF_8)); return decodedBytes; } } }
@Override public U generate(final WebContext context, final U profile) { final String rmeValue = context.getRequestParameter(rememberMeParameterName); if (rememberMeValue.equals(rmeValue)) { profile.setRemembered(true); } return profile; }
protected Result redirectToOriginallyRequestedUrl(final WebContext context) { final String requestedUrl = (String) context.getSessionAttribute(Pac4jConstants.REQUESTED_URL); logger.debug("requestedUrl: {}", requestedUrl); if (CommonHelper.isNotBlank(requestedUrl)) { context.setSessionAttribute(Pac4jConstants.REQUESTED_URL, null); return redirect(requestedUrl); } else { return redirect(this.defaultUrl); } }
@Override protected void clientInit() { configuration.setApi(getApi()); configuration.setProfileDefinition(new TwitterProfileDefinition(includeEmail)); configuration.setHasBeenCancelledFactory(ctx -> { final String denied = ctx.getRequestParameter("denied"); if (CommonHelper.isNotBlank(denied)) { return true; } else { return false; } }); defaultLogoutActionBuilder((ctx, profile, targetUrl) -> RedirectAction.redirect("https://twitter.com/logout")); super.clientInit(); }
/** * Updates session with the internalMessages key. Some application servers require session value to be updated * in order to replicate the session across nodes or persist it correctly. */ private void updateSession(final LinkedHashMap<String, XMLObject> messages) { context.getSessionStore().set(context, SAML_STORAGE_KEY, messages); } }
public void setNoCacheHeaders() { webContext.setResponseHeader("Cache-control", "no-cache, no-store"); webContext.setResponseHeader("Pragma", "no-cache"); }
public void set(WebContext context, String key, Object value) { logger.debug("Save in session: {} = {}", key, value); final Cookie cookie = new Cookie(PAC4J_SESSION_PREFIX + key, compressEncryptBase64(value)); try { String domain = Urls.getDomainName(context.getFullRequestURL(), this.domainSuffix); if (domain == null) { domain = context.getServerName(); } cookie.setDomain(domain); } catch (final Exception e) { throw new TechnicalException(e); } cookie.setHttpOnly(true); cookie.setSecure(ContextHelper.isHttpsOrSecure(context)); context.addResponseCookie(cookie); }
@Override protected OAuth10Credentials getOAuthCredentials(final WebContext context) { final String tokenParameter = context.getRequestParameter(OAuth10Configuration.OAUTH_TOKEN); final String verifierParameter = context.getRequestParameter(OAuth10Configuration.OAUTH_VERIFIER); if (tokenParameter != null && verifierParameter != null) { // get request token from session final OAuth1RequestToken tokenSession = (OAuth1RequestToken) context .getSessionStore().get(context, configuration.getRequestTokenSessionAttributeName(client.getName())); logger.debug("tokenRequest: {}", tokenSession); final String token = OAuthEncoder.decode(tokenParameter); final String verifier = OAuthEncoder.decode(verifierParameter); logger.debug("token: {} / verifier: {}", token, verifier); return new OAuth10Credentials(tokenSession, token, verifier); } else { final String message = "No credential found"; throw new OAuthCredentialsException(message); } } }
protected void saveRequestedUrl(final WebContext context, final List<Client> currentClients) { final String requestedUrl = context.getFullRequestURL(); logger.debug("requestedUrl: {}", requestedUrl); context.setSessionAttribute(Pac4jConstants.REQUESTED_URL, requestedUrl); }
@SneakyThrows private static Optional<NameValuePair> getQueryParameter(final WebContext context, final String name) { val builderContext = new URIBuilder(context.getFullRequestURL()); return builderContext.getQueryParams() .stream() .filter(p -> p.getName().equalsIgnoreCase(name)) .findFirst(); }
final String requestedUrl = req.path() + queryString; log.debug("requestedUrl: {}", requestedUrl); ctx.setSessionAttribute(Pac4jConstants.REQUESTED_URL, requestedUrl); client.redirect(ctx); rsp.end();
private String ipFromHeaders(WebContext context) { String ip; for (String header : alternateIpHeaders) { ip = context.getRequestHeader(header); if (ip != null && !ip.isEmpty()) { return ip; } } return null; }