/** * Get the callback URL for the specified request. * * @param request The request. * @return The callback URL. */ protected String getCallbackURL(HttpServletRequest request) { return new DefaultSavedRequest(request, getPortResolver()).getRedirectUrl(); }
@RequestMapping(value = "/login/callback/{origin}") public String handleXOAuthCallback(HttpSession session) { String redirectLocation = "/home"; SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); if (savedRequest != null && savedRequest.getRedirectUrl() != null) { redirectLocation = savedRequest.getRedirectUrl(); } return "redirect:" + redirectLocation; }
protected boolean hasSavedOauthAuthorizeRequest(HttpSession session) { if (session == null || session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE) == null) { return false; } SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); String redirectUrl = savedRequest.getRedirectUrl(); String[] client_ids = savedRequest.getParameterValues("client_id"); if (redirectUrl != null && redirectUrl.contains("/oauth/authorize") && client_ids != null && client_ids.length != 0) { return true; } return false; }
case MFA_REQUIRED: logger.debug("Request requires MFA, redirecting to MFA flow for " + getAuthenticationLogInfo()); cache.saveRequest(request, response); sendRedirect(redirect, request, response); break; case MFA_COMPLETED: logger.debug("MFA has been completed for " + getAuthenticationLogInfo()); SavedRequest savedRequest = cache.getRequest(request, response); if (savedRequest != null) { logger.debug("Redirecting request to " + savedRequest.getRedirectUrl()); sendRedirect(savedRequest.getRedirectUrl(), request, response); } else { logger.debug("Redirecting request to /");
@GetMapping("/authentication/require") @ResponseStatus(HttpStatus.UNAUTHORIZED) public String requireAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { SavedRequest savedRequest = requestCache.getRequest(request, response); if (savedRequest != null) { String targetUrl = savedRequest.getRedirectUrl(); if (StringUtils.endsWithIgnoreCase(targetUrl, ".html")) redirectStrategy.sendRedirect(request, response, "/login.html"); } return "访问的资源需要身份认证!"; } }
@Test public void doFilterWhenAuthorizationResponseSuccessHasSavedRequestThenRedirectedToSavedRequest() throws Exception { String requestUri = "/saved-request"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); RequestCache requestCache = new HttpSessionRequestCache(); requestCache.saveRequest(request, response); requestUri = "/callback/client-1"; request.setRequestURI(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(request, response, this.registration1); this.setUpAuthenticationResult(this.registration1); this.filter.doFilter(request, response, filterChain); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/saved-request"); }
/** * Gets the {@link RequestCache} to use. If one is defined using * {@link #requestCache(org.springframework.security.web.savedrequest.RequestCache)}, * then it is used. Otherwise, an attempt to find a {@link RequestCache} shared object * is made. If that fails, an {@link HttpSessionRequestCache} is used * * @param http the {@link HttpSecurity} to attempt to fined the shared object * @return the {@link RequestCache} to use */ private RequestCache getRequestCache(H http) { RequestCache result = http.getSharedObject(RequestCache.class); if (result != null) { return result; } result = getBeanOrNull(RequestCache.class); if (result != null) { return result; } HttpSessionRequestCache defaultCache = new HttpSessionRequestCache(); defaultCache.setRequestMatcher(createDefaultSavedRequestMatcher(http)); return defaultCache; }
/** * Gets the {@link RequestCache} to use. If one is defined using * {@link #requestCache(org.springframework.security.web.savedrequest.RequestCache)}, * then it is used. Otherwise, an attempt to find a {@link RequestCache} shared object * is made. If that fails, an {@link HttpSessionRequestCache} is used * * @param http the {@link HttpSecurity} to attempt to fined the shared object * @return the {@link RequestCache} to use */ private RequestCache getRequestCache(H http) { RequestCache result = http.getSharedObject(RequestCache.class); if (result != null) { return result; } return new HttpSessionRequestCache(); } }
public static void saveRequest(HttpServletRequest request) { saveRequest(request, new DefaultSavedRequest(request, PORT_RESOLVER)); }
@Override public H disable() { getBuilder().setSharedObject(RequestCache.class, new NullRequestCache()); return super.disable(); }
@Override public void configure(H http) throws Exception { RequestCache requestCache = getRequestCache(http); RequestCacheAwareFilter requestCacheFilter = new RequestCacheAwareFilter( requestCache); requestCacheFilter = postProcess(requestCacheFilter); http.addFilter(requestCacheFilter); }
/** * Generate an authorization parameter map from the session's token request * @param defaultSavedRequest the default saved request from the session * @return a map of parameters containing the OAuth2 request details */ private Map<String, String> getAuthParameters(DefaultSavedRequest defaultSavedRequest) { Map<String, String> authParams = new HashMap<>(); authParams.put(OAuth2Utils.CLIENT_ID, defaultSavedRequest.getParameterMap().get(OAuth2Utils.CLIENT_ID)[0]); authParams.put(OAuth2Utils.REDIRECT_URI, defaultSavedRequest.getParameterMap().get(OAuth2Utils.REDIRECT_URI)[0]); if(defaultSavedRequest.getParameterMap().get(OAuth2Utils.STATE) != null) { authParams.put(OAuth2Utils.STATE, defaultSavedRequest.getParameterMap().get(OAuth2Utils.STATE)[0]); } authParams.put(OAuth2Utils.RESPONSE_TYPE, "code"); authParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); authParams.put(OAuth2Utils.GRANT_TYPE, "authorization_code"); return authParams; } }
@Test public void getWhenInvokingExceptionHandlingTwiceThenOriginalEntryPointUsed() throws Exception { this.spring.register(InvokeTwiceDoesNotOverrideConfig.class).autowire(); this.mvc.perform(get("/")); verify(InvokeTwiceDoesNotOverrideConfig.requestCache) .getMatchingRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); }
@Override @SuppressWarnings("rawtypes") public Enumeration getParameterNames() { List<String> names = new ArrayList<String>(); Enumeration enumeration = super.getParameterNames(); while (enumeration.hasMoreElements()) { names.add(JSCompatibilityHelper.unencode((String) enumeration.nextElement())); } return new Enumerator<String>(names); }
@Override public void saveRequest(HttpServletRequest request, HttpServletResponse response) { if (shouldSaveFormRedirectParameter(request)) { saveClientRedirect(request, request.getParameter(FORM_REDIRECT_PARAMETER)); } else if (GET.name().equals(request.getMethod())) { saveClientRedirect(request, UrlUtils.buildFullRequestUrl(request)); } else { //backwards compatible requests super.saveRequest(request, response); } }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (isIgnored(request, response)) { //pass through even though 'change' is required request filterChain.doFilter(request, response); } else if (isCompleted(request)) { logger.debug("Forced password change has been completed."); SavedRequest savedRequest = cache.getRequest(request, response); if (savedRequest != null) { sendRedirect(savedRequest.getRedirectUrl(), request, response); } else { sendRedirect("/", request, response); } } else if (needsPasswordReset() && !matcher.matches(request)) { logger.debug("Password change is required for user."); cache.saveRequest(request, response); sendRedirect(redirectUri, request, response); } else if (matcher.matches(request) && isAuthenticated() && !needsPasswordReset()) { sendRedirect("/", request, response); } else { //pass through filterChain.doFilter(request, response); } }
@Test public void do_filter_mfa_completed_with_saved_request() throws Exception { SavedRequest savedRequest = mock(SavedRequest.class); String redirect = "http://localhost:8080/uaa/oauth/authorize"; when(savedRequest.getRedirectUrl()).thenReturn(redirect); when(requestCache.getRequest(same(request), same(response))).thenReturn(savedRequest); request.setContextPath("/uaa"); when(spyFilter.getNextStep(any(HttpServletRequest.class))).thenReturn(MFA_COMPLETED); spyFilter.doFilter(request, response, chain); verify(requestCache, times(1)).getRequest(same(request), same(response)); verify(spyFilter, times(1)).sendRedirect(eq(redirect), same(request), same(response)); }
private MockHttpServletRequest getMockHttpServletRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); SavedRequest savedRequest = mock(SavedRequest.class); when(savedRequest.getParameterValues("client_id")).thenReturn(new String[]{"client-id"}); when(savedRequest.getRedirectUrl()) .thenReturn("http://localhost:8080/uaa/oauth/authorize?client_id=identity&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Flogin&response_type=code&state=8tp0tR"); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); request.setSession(session); return request; }
@RequestMapping(value = "/autologin", method = GET) public String performAutologin(HttpSession session) { if (mfaChecker.isMfaEnabled(IdentityZoneHolder.get(), "uaa")) { throw new BadCredentialsException("MFA is required"); } String redirectLocation = "home"; SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); if (savedRequest != null && savedRequest.getRedirectUrl() != null) { redirectLocation = savedRequest.getRedirectUrl(); } return "redirect:" + redirectLocation; }
private void setRequestAttributes(HttpServletRequest request, String newCode, UaaUser user) { RequestContextHolder.getRequestAttributes().setAttribute("IS_INVITE_ACCEPTANCE", true, RequestAttributes.SCOPE_SESSION); RequestContextHolder.getRequestAttributes().setAttribute("user_id", user.getId(), RequestAttributes.SCOPE_SESSION); HttpServletRequestWrapper wrapper = getNewCodeWrapper(request, newCode); SavedRequest savedRequest = new DefaultSavedRequest(wrapper, new PortResolverImpl()); RequestContextHolder.getRequestAttributes().setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest, RequestAttributes.SCOPE_SESSION); }