Example 16 with IdpSession
use of com.haulmont.cuba.security.global.IdpSession in project cuba by cuba-platform.
the class IdpAuthController method authenticate.
protected OAuth2AccessTokenResult authenticate(String idpTicket, Locale locale, String ipAddress, Map<String, String> parameters) {
IdpSession idpSession = getIdpSession(idpTicket);
if (idpSession == null) {
log.info("REST API authentication failed for IDP ticket: {} {}", idpTicket, ipAddress);
throw new BadCredentialsException("Bad credentials");
}
if (restApiConfig.getStandardAuthenticationUsers().contains(idpSession.getLogin())) {
log.info("User {} is not allowed to use external login in REST API", idpSession.getLogin());
throw new BadCredentialsException("Bad credentials");
}
OAuthTokenIssuer.OAuth2AccessTokenRequest tokenRequest = new OAuthTokenIssuer.OAuth2AccessTokenRequest();
tokenRequest.setLogin(idpSession.getLogin());
tokenRequest.setLocale(locale);
tokenRequest.setTokenDetails(ImmutableMap.of(IDP_SESSION_ID_TOKEN_ATTRIBUTE, idpSession.getId()));
return oAuthTokenIssuer.issueToken(tokenRequest);
}
Also used :
OAuthTokenIssuer(com.haulmont.restapi.auth.OAuthTokenIssuer)
IdpSession(com.haulmont.cuba.security.global.IdpSession)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Example 17 with IdpSession
use of com.haulmont.cuba.security.global.IdpSession in project cuba by cuba-platform.
the class IdpAuthController method getIdpSession.
@Nullable
protected IdpSession getIdpSession(String idpTicket) throws InvalidGrantException {
String idpBaseURL = this.idpBaseURL;
if (!idpBaseURL.endsWith("/")) {
idpBaseURL += "/";
}
String idpTicketActivateUrl = idpBaseURL + "service/activate";
HttpPost httpPost = new HttpPost(idpTicketActivateUrl);
httpPost.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.getMimeType());
UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(Arrays.asList(new BasicNameValuePair("serviceProviderTicket", idpTicket), new BasicNameValuePair("trustedServicePassword", idpTrustedServicePassword)), StandardCharsets.UTF_8);
httpPost.setEntity(formEntity);
HttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager();
HttpClient client = HttpClientBuilder.create().setConnectionManager(connectionManager).build();
String idpResponse;
try {
HttpResponse httpResponse = client.execute(httpPost);
int statusCode = httpResponse.getStatusLine().getStatusCode();
if (statusCode == 410) {
// used old ticket
return null;
}
if (statusCode != 200) {
throw new RuntimeException("Idp respond with status " + statusCode);
}
idpResponse = new BasicResponseHandler().handleResponse(httpResponse);
} catch (IOException e) {
throw new RuntimeException("Unable to connect to IDP", e);
} finally {
connectionManager.shutdown();
}
IdpSession session;
try {
session = new Gson().fromJson(idpResponse, IdpSession.class);
} catch (JsonSyntaxException e) {
throw new RuntimeException("Unable to parse idp response", e);
}
return session;
}
Also used :
HttpPost(org.apache.http.client.methods.HttpPost)
BasicResponseHandler(org.apache.http.impl.client.BasicResponseHandler)
HttpResponse(org.apache.http.HttpResponse)
Gson(com.google.gson.Gson)
UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity)
IOException(java.io.IOException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
HttpClient(org.apache.http.client.HttpClient)
IdpSession(com.haulmont.cuba.security.global.IdpSession)
HttpClientConnectionManager(org.apache.http.conn.HttpClientConnectionManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
Nullable(javax.annotation.Nullable)
Example 18 with IdpSession
use of com.haulmont.cuba.security.global.IdpSession in project cuba by cuba-platform.
the class IdpServiceController method pingSession.
@RequestMapping(value = "ping", method = RequestMethod.POST)
public void pingSession(@RequestParam("idpSessionId") String idpSessionId, @RequestParam("trustedServicePassword") String trustedServicePassword, HttpServletResponse response) {
if (!Objects.equals(idpConfig.getTrustedServicePassword(), trustedServicePassword)) {
response.setStatus(HttpStatus.UNAUTHORIZED.value());
log.warn("Incorrect trusted client password has been passed {}", trustedServicePassword);
return;
}
log.debug("Ping IDP session {}", idpSessionId);
IdpSession idpSession = idpService.getSession(idpSessionId);
if (idpSession == null) {
log.debug("IDP Session not found for id {}", idpSessionId);
response.setStatus(HttpStatus.GONE.value());
}
log.debug("IDP session {} ping successful", idpSession);
}
Also used :
IdpSession(com.haulmont.cuba.security.global.IdpSession)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
IdpSession (com.haulmont.cuba.security.global.IdpSession)18
Gson (com.google.gson.Gson)4
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)3
JsonSyntaxException (com.google.gson.JsonSyntaxException)2
VaadinRequest (com.vaadin.server.VaadinRequest)2
IOException (java.io.IOException)2
Principal (java.security.Principal)2
Nullable (javax.annotation.Nullable)2
HttpResponse (org.apache.http.HttpResponse)2
HttpClient (org.apache.http.client.HttpClient)2
UrlEncodedFormEntity (org.apache.http.client.entity.UrlEncodedFormEntity)2
HttpPost (org.apache.http.client.methods.HttpPost)2
HttpClientConnectionManager (org.apache.http.conn.HttpClientConnectionManager)2
BasicResponseHandler (org.apache.http.impl.client.BasicResponseHandler)2
BasicHttpClientConnectionManager (org.apache.http.impl.conn.BasicHttpClientConnectionManager)2
BasicNameValuePair (org.apache.http.message.BasicNameValuePair)2
Test (org.junit.Test)2
AuthenticationDetails (com.haulmont.cuba.security.auth.AuthenticationDetails)1
LoginPasswordCredentials (com.haulmont.cuba.security.auth.LoginPasswordCredentials)1
User (com.haulmont.cuba.security.entity.User)1
