@JsonIgnore @Override public URI getUnauthorizedRedirectUrl() { buildGroovyAccessStrategyInstanceIfNeeded(); return this.groovyStrategyInstance.getUnauthorizedRedirectUrl(); }
/** * Redirect to approve view model and view. * * @param ctx the ctx * @param svc the svc * @return the model and view */ @SneakyThrows protected ModelAndView redirectToApproveView(final J2EContext ctx, final OAuthRegisteredService svc) { val callbackUrl = ctx.getFullRequestURL(); LOGGER.trace("callbackUrl: [{}]", callbackUrl); val url = new URIBuilder(callbackUrl); url.addParameter(OAuth20Constants.BYPASS_APPROVAL_PROMPT, Boolean.TRUE.toString()); val model = new HashMap<String, Object>(); model.put("service", svc); model.put("callbackUrl", url.toString()); model.put("serviceName", svc.getName()); model.put("deniedApprovalUrl", svc.getAccessStrategy().getUnauthorizedRedirectUrl()); prepareApprovalViewModel(model, ctx, svc); return getApprovalModelAndView(model); }
@Override protected Event doExecute(final RequestContext context) throws Exception { final Service service = WebUtils.getService(context); final RegisteredService registeredService = this.servicesManager.findServiceBy(service); if (registeredService == null) { final String msg = String.format("Service Management: Unauthorized Service Access. " + "Service [%s] does not match entries in service registry.", service.getId()); logger.warn(msg); throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg); } if (!registeredService.getAccessStrategy().isServiceAccessAllowed()) { final String msg = String.format("Service Management: Access to service [%s] " + "is disabled by the service registry.", service.getId()); logger.warn(msg); WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl()); throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg); } return success(); } }
registeredService.getAccessStrategy().getUnauthorizedRedirectUrl()); throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
private RegisteredService determineRegisteredServiceForEvent(final RequestContext context, final Service service) { if (service == null) { return null; } LOGGER.debug("Locating service [{}] in service registry to determine authentication policy", service); val registeredService = this.servicesManager.findServiceBy(service); LOGGER.debug("Locating authentication event in the request context..."); val authn = WebUtils.getAuthentication(context); LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", registeredService, authn.getPrincipal()); val unauthorizedRedirectUrl = registeredService.getAccessStrategy().getUnauthorizedRedirectUrl(); if (unauthorizedRedirectUrl != null) { WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, unauthorizedRedirectUrl); } val audit = AuditableContext.builder() .service(service) .authentication(authn) .registeredService(registeredService) .retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE) .build(); val result = this.registeredServiceAccessStrategyEnforcer.execute(audit); result.throwExceptionIfNeeded(); return registeredService; }
if (accessStrategy.getUnauthorizedRedirectUrl() != null) { logger.debug("Placing registered service's unauthorized redirect url [{}] with id [{}] in context scope", accessStrategy.getUnauthorizedRedirectUrl(), registeredService.getServiceId()); WebUtils.putUnauthorizedRedirectUrl(context, accessStrategy.getUnauthorizedRedirectUrl());