public void handleError(PresentableState state, Throwable t) throws IOException, ServletException { AuthorizedState aState = (AuthorizedState) state; state.getResponse().setHeader("X-Frame-Options", "DENY"); state.getRequest().setAttribute("client", aState.getTransaction().getClient()); JSPUtil.handleException(t, state.getRequest(), state.getResponse(), ERROR_PAGE); }
public void present(PresentableState state) throws Throwable { postprocess(new TransactionState(state.getRequest(), state.getResponse(), null, null)); switch (state.getState()) { case INITIAL_STATE: JSPUtil.fwd(state.getRequest(), state.getResponse(), INIT_PAGE); break; case REQUEST_STATE: if (state instanceof ClientState) { ClientState cState = (ClientState) state; state.getRequest().setAttribute("client", cState.getClient()); JSPUtil.fwd(state.getRequest(), state.getResponse(), OK_PAGE); } else { throw new IllegalStateException("Error: An instance of ClientState was expected, but got an instance of \"" + state.getClass().getName() + "\""); } break; case ERROR_STATE: default: } }
public void prepare(PresentableState state) throws Throwable { preprocess(new TransactionState(state.getRequest(), state.getResponse(), null, null)); switch (state.getState()) { case INITIAL_STATE: HttpServletRequest request = state.getRequest(); info("Processing new client registration request."); request.setAttribute(CLIENT_NAME, CLIENT_NAME); request.setAttribute(CLIENT_PUBLIC_KEY, CLIENT_PUBLIC_KEY); request.setAttribute(CLIENT_HOME_URL, CLIENT_HOME_URL); request.setAttribute(CLIENT_ERROR_URL, CLIENT_ERROR_URL); request.setAttribute(CLIENT_EMAIL, CLIENT_EMAIL); request.setAttribute(CLIENT_PROXY_LIMITED, CLIENT_PROXY_LIMITED); request.setAttribute(CLIENT_ACTION_KEY, CLIENT_ACTION_KEY); request.setAttribute(CLIENT_ACTION_REQUEST_VALUE, CLIENT_ACTION_REQUEST_VALUE); request.setAttribute("actionToTake", request.getContextPath() + "/register"); break; case REQUEST_STATE: // nothing to do. return; case ERROR_STATE: default: warn("Error: unknown action request."); } }
public void handleError(PresentableState state, Throwable t) throws IOException, ServletException { state.getResponse().setHeader("X-Frame-Options", "DENY"); JSPUtil.handleException(t, state.getRequest(), state.getResponse(), ERROR_PAGE); }
@Override public void prepare(PresentableState state) throws Throwable { super.prepare(state); if (state.getState() == AUTHORIZATION_ACTION_START) { state.getRequest().setAttribute(AUTHORIZATION_REFRESH_TOKEN_LIFETIME_KEY, AUTHORIZATION_REFRESH_TOKEN_LIFETIME_KEY); } if (state.getState() == AUTHORIZATION_ACTION_OK) { AuthorizedState authorizedState = (AuthorizedState) state; ((OA2ServiceTransaction) authorizedState.getTransaction()).setAuthTime(new Date()); } }
@Override public void prepare(PresentableState state) throws Throwable { super.prepare(state); HttpServletRequest request = state.getRequest(); if (state.getState() == INITIAL_STATE) { String[] scopes = new String[getOA2SE().getScopes().size()]; getOA2SE().getScopes().toArray(scopes); request.setAttribute(SCOPES_NAME, scopes); request.setAttribute(VO_NAME, VO_NAME); request.setAttribute(LDAP_NAME, LDAP_NAME); request.setAttribute(ISSUER_NAME, ISSUER_NAME); request.setAttribute(CALLBACK_URI, CALLBACK_URI); request.setAttribute(getValueTag(CLIENT_CALLBACK_URI), "Put your callbacks here, one per line."); request.setAttribute(REFRESH_TOKEN_LIFETIME, REFRESH_TOKEN_LIFETIME); if (getOA2SE().isRefreshTokenEnabled()) { request.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, " "); // it's visible } else { request.setAttribute(REFRESH_TOKEN_FIELD_VISIBLE, " style=\"display: none;\""); // it's not } } }
public void prepare(PresentableState state) throws Throwable { AuthorizedState aState = (AuthorizedState) state; switch (aState.getState()) { case AUTHORIZATION_ACTION_OK: // nothing to do, really return; case AUTHORIZATION_ACTION_START: info("3.a. Starting authorization for grant =" + aState.getTransaction().getIdentifierString()); //Mess of information for the form HttpServletRequest request = state.getRequest(); request.setAttribute(AUTHORIZATION_USER_NAME_KEY, AUTHORIZATION_USER_NAME_KEY); request.setAttribute(AUTHORIZATION_PASSWORD_KEY, AUTHORIZATION_PASSWORD_KEY); request.setAttribute(AUTHORIZATION_ACTION_KEY, AUTHORIZATION_ACTION_KEY); request.setAttribute("actionOk", AUTHORIZATION_ACTION_OK_VALUE); request.setAttribute("authorizationGrant", aState.getTransaction().getIdentifierString()); request.setAttribute("tokenKey", CONST(TOKEN_KEY)); // OAuth 2.0 specific values that must be preserved. request.setAttribute("stateKey", "state"); request.setAttribute("authorizationState", getParam(aState.getRequest(), "state")); // HTML escape it to guard against HTML injection attacks. Addresses issue OAUTH-87. // If you aren't sure whether a form is secure against HTML injection attacks, paste the following into it: // ><script>alert('CSS Vulnerable')</script><b a=a a></a><script>alert('CSS Vulnerable')</script> \'><script>alert%28\'CSS Vulnerable\'%29</script>< // and get the form to re-display. If it is vulnerable, a popup saying so will appear. request.setAttribute("clientHome", escapeHtml(aState.getTransaction().getClient().getHomeUri())); request.setAttribute("clientName", escapeHtml(aState.getTransaction().getClient().getName())); request.setAttribute("actionToTake", request.getContextPath() + "/authorize"); return; } }
public void present(PresentableState state) throws Throwable { AuthorizedState aState = (AuthorizedState) state; postprocess(new TransactionState(state.getRequest(), aState.getResponse(), null, aState.getTransaction())); JSPUtil.fwd(state.getRequest(), state.getResponse(), initPage); info("3.a. User information obtained for grant = " + aState.getTransaction().getAuthorizationGrant()); break; case AUTHORIZATION_ACTION_OK: JSPUtil.fwd(state.getRequest(), state.getResponse(), OK_PAGE); break; default: