Example 11 with HttpSessionRequestCache
use of org.springframework.security.web.savedrequest.HttpSessionRequestCache in project ORCID-Source by ORCID.
the class OauthRegistrationController method registerAndAuthorize.
@RequestMapping(value = "/oauth/custom/registerConfirm.json", method = RequestMethod.POST)
@ResponseBody
public RequestInfoForm registerAndAuthorize(HttpServletRequest request, HttpServletResponse response, @RequestBody OauthRegistrationForm form) {
RequestInfoForm requestInfoForm = (RequestInfoForm) request.getSession().getAttribute(REQUEST_INFO_FORM);
if (form.getApproved()) {
boolean usedCaptcha = false;
// block google.
if (form.getGrecaptchaWidgetId().getValue() != null) {
// to the login page
if (request.getSession().getAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME) == null || PojoUtil.isEmpty(form.getGrecaptcha()) || !form.getGrecaptcha().getValue().equals(request.getSession().getAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME))) {
String redirectUri = this.getBaseUri() + REDIRECT_URI_ERROR;
// Set the client id
redirectUri = redirectUri.replace("{0}", requestInfoForm.getClientId());
// Set the response type if needed
if (!PojoUtil.isEmpty(requestInfoForm.getResponseType()))
redirectUri += "&response_type=" + requestInfoForm.getResponseType();
// Set the redirect uri
if (!PojoUtil.isEmpty(requestInfoForm.getRedirectUrl()))
redirectUri += "&redirect_uri=" + requestInfoForm.getRedirectUrl();
// remove email access scope if present but not granted
if (requestInfoForm.containsEmailReadPrivateScope() && !form.isEmailAccessAllowed()) {
requestInfoForm.removeEmailReadPrivateScope();
}
// Set the scope param
if (!PojoUtil.isEmpty(requestInfoForm.getScopesAsString()))
redirectUri += "&scope=" + requestInfoForm.getScopesAsString();
// Copy the state param if present
if (!PojoUtil.isEmpty(requestInfoForm.getStateParam()))
redirectUri += "&state=" + requestInfoForm.getStateParam();
requestInfoForm.setRedirectUrl(redirectUri);
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
if (savedRequest != null)
LOGGER.info("OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl());
LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + requestInfoForm.getRedirectUrl());
return requestInfoForm;
}
usedCaptcha = true;
}
// Remove the session hash if needed
if (request.getSession().getAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME) != null) {
request.getSession().removeAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME);
}
//Strip any html code from names before validating them
if (!PojoUtil.isEmpty(form.getFamilyNames())) {
form.getFamilyNames().setValue(OrcidStringUtils.stripHtml(form.getFamilyNames().getValue()));
}
if (!PojoUtil.isEmpty(form.getGivenNames())) {
form.getGivenNames().setValue(OrcidStringUtils.stripHtml(form.getGivenNames().getValue()));
}
// Check there are no errors
registrationController.validateRegistrationFields(request, form);
if (form.getErrors().isEmpty()) {
// Register user
try {
// Locale
Locale locale = RequestContextUtils.getLocale(request);
// Ip
String ip = OrcidRequestUtil.getIpAddress(request);
registrationController.createMinimalRegistration(request, form, usedCaptcha, locale, ip);
} catch (Exception e) {
requestInfoForm.getErrors().add(getMessage("register.error.generalError"));
return requestInfoForm;
}
// Authenticate user
String email = form.getEmail().getValue();
String password = form.getPassword().getValue();
Authentication auth = authenticateUser(request, email, password);
// Create authorization params
SimpleSessionStatus status = new SimpleSessionStatus();
Map<String, Object> model = new HashMap<String, Object>();
Map<String, String> params = new HashMap<String, String>();
Map<String, String> approvalParams = new HashMap<String, String>();
fillOauthParams(requestInfoForm, params, approvalParams, form.getPersistentTokenEnabled(), form.isEmailAccessAllowed());
// Authorize
try {
authorizationEndpoint.authorize(model, params, status, auth);
} catch (RedirectMismatchException rUriError) {
String redirectUri = this.getBaseUri() + REDIRECT_URI_ERROR;
// Set the client id
redirectUri = redirectUri.replace("{0}", requestInfoForm.getClientId());
// Set the response type if needed
if (!PojoUtil.isEmpty(requestInfoForm.getResponseType()))
redirectUri += "&response_type=" + requestInfoForm.getResponseType();
// Set the redirect uri
if (!PojoUtil.isEmpty(requestInfoForm.getRedirectUrl()))
redirectUri += "&redirect_uri=" + requestInfoForm.getRedirectUrl();
// Set the scope param
if (!PojoUtil.isEmpty(requestInfoForm.getScopesAsString()))
redirectUri += "&scope=" + requestInfoForm.getScopesAsString();
// Copy the state param if present
if (!PojoUtil.isEmpty(requestInfoForm.getStateParam()))
redirectUri += "&state=" + requestInfoForm.getStateParam();
requestInfoForm.setRedirectUrl(redirectUri);
LOGGER.info("OauthRegisterController being sent to client browser: " + requestInfoForm.getRedirectUrl());
return requestInfoForm;
}
// Approve
RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth);
requestInfoForm.setRedirectUrl(view.getUrl());
}
} else {
requestInfoForm.setRedirectUrl(buildDenyRedirectUri(requestInfoForm.getRedirectUrl(), requestInfoForm.getStateParam()));
}
if (new HttpSessionRequestCache().getRequest(request, response) != null)
new HttpSessionRequestCache().removeRequest(request, response);
LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + requestInfoForm.getRedirectUrl());
return requestInfoForm;
}
Also used :
Locale(java.util.Locale)
HashMap(java.util.HashMap)
HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache)
RedirectMismatchException(org.springframework.security.oauth2.common.exceptions.RedirectMismatchException)
Authentication(org.springframework.security.core.Authentication)
RedirectMismatchException(org.springframework.security.oauth2.common.exceptions.RedirectMismatchException)
RedirectView(org.springframework.web.servlet.view.RedirectView)
RequestInfoForm(org.orcid.pojo.ajaxForm.RequestInfoForm)
SavedRequest(org.springframework.security.web.savedrequest.SavedRequest)
SimpleSessionStatus(org.springframework.web.bind.support.SimpleSessionStatus)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Example 12 with HttpSessionRequestCache
use of org.springframework.security.web.savedrequest.HttpSessionRequestCache in project ORCID-Source by ORCID.
the class OAuthAuthorizeNotSignedInFilter method doFilter.
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
if (OrcidUrlManager.getPathWithoutContextPath(request).equals("/oauth/authorize")) {
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
SecurityContext sci = null;
if (session != null)
sci = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT");
if (baseControllerUtil.getCurrentUser(sci) == null) {
String queryString = request.getQueryString();
if (session != null)
new HttpSessionRequestCache().saveRequest(request, response);
if (!PojoUtil.isEmpty(queryString) && queryString.contains(OAUTH2_TWO_SCREENS_FEATURE_FLAG)) {
response.sendRedirect(orcidUrlManager.getBaseUrl() + "/signin?oauth&" + queryString);
} else {
response.sendRedirect(orcidUrlManager.getBaseUrl() + "/oauth/signin?" + queryString);
}
return;
}
}
chain.doFilter(req, res);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache)
SecurityContext(org.springframework.security.core.context.SecurityContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Aggregations
HttpSessionRequestCache (org.springframework.security.web.savedrequest.HttpSessionRequestCache)12
SavedRequest (org.springframework.security.web.savedrequest.SavedRequest)6
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)5
RequestInfoForm (org.orcid.pojo.ajaxForm.RequestInfoForm)4
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)4
HashMap (java.util.HashMap)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
Authentication (org.springframework.security.core.Authentication)3
SimpleSessionStatus (org.springframework.web.bind.support.SimpleSessionStatus)3
RedirectView (org.springframework.web.servlet.view.RedirectView)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
HttpSession (javax.servlet.http.HttpSession)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
RedirectMismatchException (org.springframework.security.oauth2.common.exceptions.RedirectMismatchException)2
URI (java.net.URI)1
Locale (java.util.Locale)1
Matcher (java.util.regex.Matcher)1
FilterChain (javax.servlet.FilterChain)1
ServletException (javax.servlet.ServletException)1
