@RequestMapping(value = "/login/callback/{origin}") public String handleXOAuthCallback(HttpSession session) { String redirectLocation = "/home"; SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); if (savedRequest != null && savedRequest.getRedirectUrl() != null) { redirectLocation = savedRequest.getRedirectUrl(); } return "redirect:" + redirectLocation; }
protected boolean hasSavedOauthAuthorizeRequest(HttpSession session) { if (session == null || session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE) == null) { return false; } SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); String redirectUrl = savedRequest.getRedirectUrl(); String[] client_ids = savedRequest.getParameterValues("client_id"); if (redirectUrl != null && redirectUrl.contains("/oauth/authorize") && client_ids != null && client_ids.length != 0) { return true; } return false; }
@RequestMapping(value = "/autologin", method = GET) public String performAutologin(HttpSession session) { if (mfaChecker.isMfaEnabled(IdentityZoneHolder.get(), "uaa")) { throw new BadCredentialsException("MFA is required"); } String redirectLocation = "home"; SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); if (savedRequest != null && savedRequest.getRedirectUrl() != null) { redirectLocation = savedRequest.getRedirectUrl(); } return "redirect:" + redirectLocation; }
@GetMapping("/authentication/require") @ResponseStatus(HttpStatus.UNAUTHORIZED) public String requireAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { SavedRequest savedRequest = requestCache.getRequest(request, response); if (savedRequest != null) { String targetUrl = savedRequest.getRedirectUrl(); if (StringUtils.endsWithIgnoreCase(targetUrl, ".html")) redirectStrategy.sendRedirect(request, response, "/login.html"); } return "访问的资源需要身份认证!"; } }
SavedRequest savedRequest = cache.getRequest(request, response); if (savedRequest != null) { logger.debug("Redirecting request to " + savedRequest.getRedirectUrl()); sendRedirect(savedRequest.getRedirectUrl(), request, response); } else { logger.debug("Redirecting request to /");
@RequestMapping(value = "/auth/security_check", method = RequestMethod.POST) public RedirectView performLogin(@RequestParam("j_username") String username, @RequestParam("j_password") String password, HttpServletRequest request) { if (securityIsDisabledOrAlreadyLoggedIn(request)) { return new RedirectView("/pipelines", true); } LOGGER.debug("Requesting authentication for form auth."); try { SavedRequest savedRequest = SessionUtils.savedRequest(request); final AuthenticationToken<UsernamePassword> authenticationToken = passwordBasedPluginAuthenticationProvider.authenticate(new UsernamePassword(username, password), null); if (authenticationToken == null) { return badAuthentication(request, BAD_CREDENTIALS_MSG); } else { SessionUtils.setAuthenticationTokenAfterRecreatingSession(authenticationToken, request); } String redirectUrl = savedRequest == null ? "/go/pipelines" : savedRequest.getRedirectUrl(); return new RedirectView(redirectUrl, false); } catch (AuthenticationException e) { LOGGER.error("Failed to authenticate user: {} ", username, e); return badAuthentication(request, e.getMessage()); } catch (Exception e) { return unknownAuthenticationError(request); } }
String targetUrl = savedRequest.getRedirectUrl();
private MockHttpServletRequest getMockHttpServletRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); SavedRequest savedRequest = mock(SavedRequest.class); when(savedRequest.getParameterValues("client_id")).thenReturn(new String[]{"client-id"}); when(savedRequest.getRedirectUrl()) .thenReturn("http://localhost:8080/uaa/oauth/authorize?client_id=identity&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Flogin&response_type=code&state=8tp0tR"); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); request.setSession(session); return request; }
@RequestMapping(value = "/plugin/{pluginId}/authenticate") public RedirectView authenticateWithWebBasedPlugin(@PathVariable("pluginId") String pluginId, HttpServletRequest request) { if (securityIsDisabledOrAlreadyLoggedIn(request)) { return new RedirectView("/pipelines", true); } LOGGER.debug("Requesting authentication for form auth."); SavedRequest savedRequest = SessionUtils.savedRequest(request); try { final AccessToken accessToken = webBasedPluginAuthenticationProvider.fetchAccessToken(pluginId, getRequestHeaders(request), getParameterMap(request)); AuthenticationToken<AccessToken> authenticationToken = webBasedPluginAuthenticationProvider.authenticate(accessToken, pluginId); if (authenticationToken == null) { return unknownAuthenticationError(request); } SessionUtils.setAuthenticationTokenAfterRecreatingSession(authenticationToken, request); } catch (AuthenticationException e) { LOGGER.error("Failed to authenticate user.", e); return badAuthentication(request, e.getMessage()); } catch (Exception e) { return unknownAuthenticationError(request); } SessionUtils.removeAuthenticationError(request); String redirectUrl = savedRequest == null ? "/go/pipelines" : savedRequest.getRedirectUrl(); return new RedirectView(redirectUrl, false); }
@Test public void do_filter_mfa_completed_with_saved_request() throws Exception { SavedRequest savedRequest = mock(SavedRequest.class); String redirect = "http://localhost:8080/uaa/oauth/authorize"; when(savedRequest.getRedirectUrl()).thenReturn(redirect); when(requestCache.getRequest(same(request), same(response))).thenReturn(savedRequest); request.setContextPath("/uaa"); when(spyFilter.getNextStep(any(HttpServletRequest.class))).thenReturn(MFA_COMPLETED); spyFilter.doFilter(request, response, chain); verify(requestCache, times(1)).getRequest(same(request), same(response)); verify(spyFilter, times(1)).sendRedirect(eq(redirect), same(request), same(response)); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (isIgnored(request, response)) { //pass through even though 'change' is required request filterChain.doFilter(request, response); } else if (isCompleted(request)) { logger.debug("Forced password change has been completed."); SavedRequest savedRequest = cache.getRequest(request, response); if (savedRequest != null) { sendRedirect(savedRequest.getRedirectUrl(), request, response); } else { sendRedirect("/", request, response); } } else if (needsPasswordReset() && !matcher.matches(request)) { logger.debug("Password change is required for user."); cache.saveRequest(request, response); sendRedirect(redirectUri, request, response); } else if (matcher.matches(request) && isAuthenticated() && !needsPasswordReset()) { sendRedirect("/", request, response); } else { //pass through filterChain.doFilter(request, response); } }
SavedRequest savedRequest = this.requestCache.getRequest(request, response); if (savedRequest != null) { redirectUrl = savedRequest.getRedirectUrl(); this.requestCache.removeRequest(request, response);
@Test public void testFilterIdpsForDefaultZone() throws Exception { // mock session and saved request MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); SavedRequest savedRequest = mock(SavedRequest.class); when(savedRequest.getParameterValues("client_id")).thenReturn(new String[]{"client-id"}); when(savedRequest.getRedirectUrl()).thenReturn("http://localhost:8080/uaa"); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); request.setSession(session); // mock SamlIdentityProviderConfigurator when(mockIDPConfigurator.getIdentityProviderDefinitions((List<String>) isNull(), eq(IdentityZone.getUaa()))).thenReturn(idps); LoginInfoEndpoint endpoint = getEndpoint(); endpoint.setIdpDefinitions(mockIDPConfigurator); endpoint.loginForHtml(model, null, request, Collections.singletonList(MediaType.TEXT_HTML)); Collection<SamlIdentityProviderDefinition> idpDefinitions = (Collection<SamlIdentityProviderDefinition>) model.asMap().get("idpDefinitions"); assertEquals(2, idpDefinitions.size()); Iterator<SamlIdentityProviderDefinition> iterator = idpDefinitions.iterator(); SamlIdentityProviderDefinition clientIdp = iterator.next(); assertEquals("awesome-idp", clientIdp.getIdpEntityAlias()); assertEquals(true, clientIdp.isShowSamlLink()); clientIdp = iterator.next(); assertEquals("my-client-awesome-idp", clientIdp.getIdpEntityAlias()); assertEquals(true, clientIdp.isShowSamlLink()); assertEquals(true, model.asMap().get("fieldUsernameShow")); assertEquals(true, model.asMap().get("linkCreateAccountShow")); }
@Test public void save_returns_correct_object() { request.setParameter(FORM_REDIRECT_PARAMETER, redirectUri); cache.saveClientRedirect(request, request.getParameter(FORM_REDIRECT_PARAMETER)); HttpSession session = request.getSession(false); assertNotNull(session); SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); assertNotNull(savedRequest); assertEquals(redirectUri, savedRequest.getRedirectUrl()); assertEquals(GET.name(), savedRequest.getMethod()); }
@Test void redirectToSavedRequest_ifPresent() throws Exception { MockHttpSession session = MockMvcUtils.getSavedRequestSession(); PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); mockMvc.perform(post("/create_account.do") .with(cookieCsrf()) .session(session) .param("email", "testuser@test.org") .param("password", "test-password") .param("password_confirmation", "test-password")) .andExpect(redirectedUrl("accounts/email_sent")); mockMvc.perform(get("/verify_user") .session(session) .param("code", "test" + generator.counter.get())) .andExpect(status().isFound()) .andExpect(redirectedUrl(LOGIN_REDIRECT)) .andReturn(); assertNotNull(((SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE)).getRedirectUrl()); }
SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); assertNotNull(savedRequest); assertEquals(authUrl, savedRequest.getRedirectUrl());
public ModelAndView login(HttpServletRequest req, HttpSession session) { ModelAndView mav = new ModelAndView("login"); if (session != null) { SavedRequest savedRequest = session.getAttribute("SPRING_SECURITY_SAVED_REQUEST"); if (savedRequest != null) { mav.addObject("redirectUrl", savedRequest.getRedirectUrl()); } } return mav; }
private boolean matchesSavedRequest(HttpServletRequest request, SavedRequest savedRequest) { if (savedRequest == null) { return false; } if (savedRequest instanceof DefaultSavedRequest) { DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest) savedRequest; return defaultSavedRequest.doesRequestMatch(request, this.portResolver); } String currentUrl = UrlUtils.buildFullRequestUrl(request); return savedRequest.getRedirectUrl().equals(currentUrl); }
/** * Close the dialog and display the specified message. * * @param message The message text. */ private void close(String message) { SecurityUtil.getSecurityService().logout(true, savedRequest == null ? null : savedRequest.getRedirectUrl(), message); }
HttpServletRequest req = (HttpServletRequest)request.getNativeRequest(); HttpServletResponse resp = (HttpServletResponse)request.getNativeResponse(); RequestCache rc = new HttpSessionRequestCache(); SavedRequest savedRequest = rc.getRequest(req, resp); String targetUrl = savedRequest.getRedirectUrl(); if(targetUrl != null){ log.info("Redirecting to DefaultSavedRequest Url: " + targetUrl); new DefaultRedirectStrategy().sendRedirect(req, resp, targetUrl); hasSentRedirect = true; }