Examples with AuthenticationErrorResponse com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse used on opensource projects

Search in sources :

Example 1 with AuthenticationErrorResponse

use of com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse in project nifi by apache.

the class AccessResource method oidcCallback.

@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.WILDCARD)
@Path("oidc/callback")
@ApiOperation(value = "Redirect/callback URI for processing the result of the OpenId Connect login sequence.", notes = NON_GUARANTEED_ENDPOINT)
public void oidcCallback(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws Exception {
    // only consider user specific access over https
    if (!httpServletRequest.isSecure()) {
        forwardToMessagePage(httpServletRequest, httpServletResponse, "User authentication/authorization is only supported when running over HTTPS.");
        return;
    }
    // ensure oidc is enabled
    if (!oidcService.isOidcEnabled()) {
        forwardToMessagePage(httpServletRequest, httpServletResponse, "OpenId Connect is not configured.");
        return;
    }
    final String oidcRequestIdentifier = getCookieValue(httpServletRequest.getCookies(), OIDC_REQUEST_IDENTIFIER);
    if (oidcRequestIdentifier == null) {
        forwardToMessagePage(httpServletRequest, httpServletResponse, "The login request identifier was not found in the request. Unable to continue.");
        return;
    }
    final com.nimbusds.openid.connect.sdk.AuthenticationResponse oidcResponse;
    try {
        oidcResponse = AuthenticationResponseParser.parse(getRequestUri());
    } catch (final ParseException e) {
        logger.error("Unable to parse the redirect URI from the OpenId Connect Provider. Unable to continue login process.");
        // remove the oidc request cookie
        removeOidcRequestCookie(httpServletResponse);
        // forward to the error page
        forwardToMessagePage(httpServletRequest, httpServletResponse, "Unable to parse the redirect URI from the OpenId Connect Provider. Unable to continue login process.");
        return;
    }
    if (oidcResponse.indicatesSuccess()) {
        final AuthenticationSuccessResponse successfulOidcResponse = (AuthenticationSuccessResponse) oidcResponse;
        // confirm state
        final State state = successfulOidcResponse.getState();
        if (state == null || !oidcService.isStateValid(oidcRequestIdentifier, state)) {
            logger.error("The state value returned by the OpenId Connect Provider does not match the stored state. Unable to continue login process.");
            // remove the oidc request cookie
            removeOidcRequestCookie(httpServletResponse);
            // forward to the error page
            forwardToMessagePage(httpServletRequest, httpServletResponse, "Purposed state does not match the stored state. Unable to continue login process.");
            return;
        }
        try {
            // exchange authorization code for id token
            final AuthorizationCode authorizationCode = successfulOidcResponse.getAuthorizationCode();
            final AuthorizationGrant authorizationGrant = new AuthorizationCodeGrant(authorizationCode, URI.create(getOidcCallback()));
            oidcService.exchangeAuthorizationCode(oidcRequestIdentifier, authorizationGrant);
        } catch (final Exception e) {
            logger.error("Unable to exchange authorization for ID token: " + e.getMessage(), e);
            // remove the oidc request cookie
            removeOidcRequestCookie(httpServletResponse);
            // forward to the error page
            forwardToMessagePage(httpServletRequest, httpServletResponse, "Unable to exchange authorization for ID token: " + e.getMessage());
            return;
        }
        // redirect to the name page
        httpServletResponse.sendRedirect("../../../nifi");
    } else {
        // remove the oidc request cookie
        removeOidcRequestCookie(httpServletResponse);
        // report the unsuccessful login
        final AuthenticationErrorResponse errorOidcResponse = (AuthenticationErrorResponse) oidcResponse;
        forwardToMessagePage(httpServletRequest, httpServletResponse, "Unsuccessful login attempt: " + errorOidcResponse.getErrorObject().getDescription());
    }
}
Also used : AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode) AuthenticationErrorResponse(com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse) AuthenticationSuccessResponse(com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse) IdentityAccessException(org.apache.nifi.authentication.exception.IdentityAccessException) AuthenticationException(org.springframework.security.core.AuthenticationException) InvalidAuthenticationException(org.apache.nifi.web.security.InvalidAuthenticationException) AdministrationException(org.apache.nifi.admin.service.AdministrationException) UntrustedProxyException(org.apache.nifi.web.security.UntrustedProxyException) AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException) ParseException(com.nimbusds.oauth2.sdk.ParseException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) InvalidLoginCredentialsException(org.apache.nifi.authentication.exception.InvalidLoginCredentialsException) JwtException(io.jsonwebtoken.JwtException) AuthorizationCodeGrant(com.nimbusds.oauth2.sdk.AuthorizationCodeGrant) State(com.nimbusds.oauth2.sdk.id.State) ParseException(com.nimbusds.oauth2.sdk.ParseException) AuthorizationGrant(com.nimbusds.oauth2.sdk.AuthorizationGrant) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Aggregations

AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)1 AuthorizationCodeGrant (com.nimbusds.oauth2.sdk.AuthorizationCodeGrant)1 AuthorizationGrant (com.nimbusds.oauth2.sdk.AuthorizationGrant)1 ParseException (com.nimbusds.oauth2.sdk.ParseException)1 State (com.nimbusds.oauth2.sdk.id.State)1 AuthenticationErrorResponse (com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse)1 AuthenticationSuccessResponse (com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse)1 JwtException (io.jsonwebtoken.JwtException)1 ApiOperation (io.swagger.annotations.ApiOperation)1 Consumes (javax.ws.rs.Consumes)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 Produces (javax.ws.rs.Produces)1 AdministrationException (org.apache.nifi.admin.service.AdministrationException)1 IdentityAccessException (org.apache.nifi.authentication.exception.IdentityAccessException)1 InvalidLoginCredentialsException (org.apache.nifi.authentication.exception.InvalidLoginCredentialsException)1 AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)1 InvalidAuthenticationException (org.apache.nifi.web.security.InvalidAuthenticationException)1 UntrustedProxyException (org.apache.nifi.web.security.UntrustedProxyException)1 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial