Example 16 with Exchange
use of com.predic8.membrane.core.exchange.Exchange in project service-proxy by membrane.
the class OAuth2ResourceInterceptor method handleRequestInternal.
private Outcome handleRequestInternal(Exchange exc) throws Exception {
if (initPublicURLOnFirstExchange)
setPublicURL(exc);
if (firstInitWhenDynamicAuthorizationService) {
firstInitWhenDynamicAuthorizationService = false;
getAuthService().dynamicRegistration(exc, publicURL);
}
if (isFaviconRequest(exc)) {
exc.setResponse(Response.badRequest().build());
return Outcome.RETURN;
}
if (isLoginRequest(exc)) {
handleLoginRequest(exc);
return Outcome.RETURN;
}
Session session = sessionManager.getSession(exc);
if (session == null) {
String auth = exc.getRequest().getHeader().getFirstValue(Header.AUTHORIZATION);
if (auth != null && auth.substring(0, 7).equalsIgnoreCase("Bearer ")) {
session = sessionManager.createSession(exc);
session.getUserAttributes().put(ParamNames.ACCESS_TOKEN, auth.substring(7));
OAuth2AnswerParameters oauth2Answer = new OAuth2AnswerParameters();
oauth2Answer.setAccessToken(auth.substring(7));
oauth2Answer.setTokenType("Bearer");
HashMap<String, String> userinfo = revalidateToken(oauth2Answer);
if (userinfo == null)
return respondWithRedirect(exc);
oauth2Answer.setUserinfo(userinfo);
session.getUserAttributes().put(OAUTH2_ANSWER, oauth2Answer.serialize());
processUserInfo(userinfo, session);
}
}
if (session == null)
return respondWithRedirect(exc);
if (session.getUserAttributes().get(OAUTH2_ANSWER) != null && tokenNeedsRevalidation(session.getUserAttributes().get(ParamNames.ACCESS_TOKEN))) {
if (revalidateToken(OAuth2AnswerParameters.deserialize(session.getUserAttributes().get(OAUTH2_ANSWER))) == null)
session.clear();
}
if (session.getUserAttributes().get(OAUTH2_ANSWER) != null)
exc.setProperty(Exchange.OAUTH2, OAuth2AnswerParameters.deserialize(session.getUserAttributes().get(OAUTH2_ANSWER)));
if (refreshingOfAccessTokenIsNeeded(session)) {
synchronized (session) {
refreshAccessToken(session);
exc.setProperty(Exchange.OAUTH2, OAuth2AnswerParameters.deserialize(session.getUserAttributes().get(OAUTH2_ANSWER)));
}
}
if (session.isAuthorized()) {
applyBackendAuthorization(exc, session);
statistics.successfulRequest();
return Outcome.CONTINUE;
}
if (handleRequest(exc, session.getUserAttributes().get("state"), publicURL, session)) {
if (exc.getResponse() == null && exc.getRequest() != null && session.isAuthorized() && session.getUserAttributes().containsKey(OAUTH2_ANSWER)) {
exc.setProperty(Exchange.OAUTH2, OAuth2AnswerParameters.deserialize(session.getUserAttributes().get(OAUTH2_ANSWER)));
return Outcome.CONTINUE;
}
if (exc.getResponse().getStatusCode() >= 400)
session.clear();
return Outcome.RETURN;
}
return respondWithRedirect(exc);
}
Also used :
Session(com.predic8.membrane.core.interceptor.authentication.session.SessionManager.Session)
Example 17 with Exchange
use of com.predic8.membrane.core.exchange.Exchange in project service-proxy by membrane.
the class OAuth2ResourceInterceptor method respondWithRedirect.
private Outcome respondWithRedirect(Exchange exc) {
if (loginLocation == null) {
String state = new BigInteger(130, new SecureRandom()).toString(32);
exc.setResponse(Response.redirectGet(auth.getLoginURL(state, publicURL, exc.getRequestURI())).build());
stateToOriginalUrl.put(state, exc.getRequest());
Session session = sessionManager.getOrCreateSession(exc);
synchronized (session) {
if (session.getUserAttributes().containsKey(ParamNames.STATE))
state = session.getUserAttributes().get(ParamNames.STATE) + " " + state;
if (!session.isPreAuthorized() || !session.isAuthorized())
session.preAuthorize("", new HashMap<>());
session.getUserAttributes().put(ParamNames.STATE, state);
}
} else {
exc.setResponse(Response.redirectGet(loginPath).build());
}
return Outcome.RETURN;
}
Also used :
HashMap(java.util.HashMap)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
BigInteger(java.math.BigInteger)
SecureRandom(java.security.SecureRandom)
Session(com.predic8.membrane.core.interceptor.authentication.session.SessionManager.Session)
Example 18 with Exchange
use of com.predic8.membrane.core.exchange.Exchange in project service-proxy by membrane.
the class OAuth2ResourceInterceptor method handleLoginRequest.
public void handleLoginRequest(Exchange exc) throws Exception {
Session s = sessionManager.getSession(exc);
String uri = exc.getRequest().getUri().substring(loginPath.length() - 1);
if (uri.indexOf('?') >= 0)
uri = uri.substring(0, uri.indexOf('?'));
exc.getDestinations().set(0, uri);
if (uri.equals("/logout")) {
if (s != null && s.getUserAttributes() != null) {
String token;
synchronized (s) {
token = s.getUserAttributes().get("access_token");
}
Exchange e = new Request.Builder().post(auth.getRevocationEndpoint()).header(Header.CONTENT_TYPE, "application/x-www-form-urlencoded").header(Header.USER_AGENT, Constants.USERAGENT).body(// TODO maybe send client credentials ( as it was before ) but Google doesn't accept that
"token=" + token).buildExchange();
Response response = auth.doRequest(e);
if (response.getStatusCode() != 200)
throw new RuntimeException("Revocation of token did not work. Statuscode: " + response.getStatusCode() + ".");
s.clear();
sessionManager.removeSession(exc);
}
exc.setResponse(Response.redirect("/", false).build());
} else if (uri.equals("/")) {
if (s == null || !s.isAuthorized()) {
String state = new BigInteger(130, new SecureRandom()).toString(32);
showPage(exc, state);
Session session = sessionManager.createSession(exc);
HashMap<String, String> userAttributes = new HashMap<String, String>();
userAttributes.put("state", state);
session.preAuthorize("", userAttributes);
} else {
showPage(exc, s.getUserAttributes().get("state"));
}
} else {
wsi.handleRequest(exc);
}
}
Also used :
Exchange(com.predic8.membrane.core.exchange.Exchange)
Response(com.predic8.membrane.core.http.Response)
HashMap(java.util.HashMap)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Request(com.predic8.membrane.core.http.Request)
BigInteger(java.math.BigInteger)
SecureRandom(java.security.SecureRandom)
Session(com.predic8.membrane.core.interceptor.authentication.session.SessionManager.Session)
Example 19 with Exchange
use of com.predic8.membrane.core.exchange.Exchange in project service-proxy by membrane.
the class OAuth2ResourceInterceptor method setPublicURL.
private void setPublicURL(Exchange exc) {
String xForwardedProto = exc.getRequest().getHeader().getFirstValue(Header.X_FORWARDED_PROTO);
boolean isHTTPS = xForwardedProto != null ? "https".equals(xForwardedProto) : exc.getRule().getSslInboundContext() != null;
publicURL = (isHTTPS ? "https://" : "http://") + exc.getOriginalHostHeader();
RuleKey key = exc.getRule().getKey();
if (!key.isPathRegExp() && key.getPath() != null)
publicURL += key.getPath();
normalizePublicURL();
initPublicURLOnFirstExchange = false;
}
Also used :
RuleKey(com.predic8.membrane.core.rules.RuleKey)
Example 20 with Exchange
use of com.predic8.membrane.core.exchange.Exchange in project service-proxy by membrane.
the class OAuth2ResourceInterceptor method refreshAccessToken.
private void refreshAccessToken(Session session) throws Exception {
if (!refreshingOfAccessTokenIsNeeded(session))
return;
OAuth2AnswerParameters oauth2Params = OAuth2AnswerParameters.deserialize(session.getUserAttributes().get(OAUTH2_ANSWER));
Exchange refreshTokenExchange = new Request.Builder().post(auth.getTokenEndpoint()).header(Header.CONTENT_TYPE, "application/x-www-form-urlencoded").header(Header.ACCEPT, "application/json").header(Header.USER_AGENT, Constants.USERAGENT).body("&grant_type=refresh_token" + "&refresh_token=" + oauth2Params.getRefreshToken()).buildExchange();
Response refreshTokenResponse = auth.doRequest(refreshTokenExchange);
if (!refreshTokenResponse.isOk()) {
refreshTokenResponse.getBody().read();
throw new RuntimeException("Statuscode from authorization server for refresh token request: " + refreshTokenResponse.getStatusCode());
}
HashMap<String, String> json = Util.parseSimpleJSONResponse(refreshTokenResponse);
if (json.get("access_token") == null || json.get("refresh_token") == null) {
refreshTokenResponse.getBody().read();
throw new RuntimeException("Statuscode was ok but no access_token and refresh_token was received: " + refreshTokenResponse.getStatusCode());
}
oauth2Params.setAccessToken(json.get("access_token"));
oauth2Params.setRefreshToken(json.get("refresh_token"));
oauth2Params.setExpiration(json.get("expires_in"));
oauth2Params.setReceivedAt(LocalDateTime.now());
if (json.containsKey("id_token")) {
if (idTokenIsValid(json.get("id_token")))
oauth2Params.setIdToken(json.get("id_token"));
else
oauth2Params.setIdToken("INVALID");
}
session.getUserAttributes().put(OAUTH2_ANSWER, oauth2Params.serialize());
}
Also used :
Exchange(com.predic8.membrane.core.exchange.Exchange)
Response(com.predic8.membrane.core.http.Response)
CacheBuilder(com.google.common.cache.CacheBuilder)
Aggregations
Exchange (com.predic8.membrane.core.exchange.Exchange)107
Test (org.junit.Test)39
IOException (java.io.IOException)32
Request (com.predic8.membrane.core.http.Request)25
Outcome (com.predic8.membrane.core.interceptor.Outcome)24
Response (com.predic8.membrane.core.http.Response)16
AbstractInterceptor (com.predic8.membrane.core.interceptor.AbstractInterceptor)16
ServiceProxy (com.predic8.membrane.core.rules.ServiceProxy)16
HttpRouter (com.predic8.membrane.core.HttpRouter)14
Before (org.junit.Before)13
ServiceProxyKey (com.predic8.membrane.core.rules.ServiceProxyKey)12
AbstractExchange (com.predic8.membrane.core.exchange.AbstractExchange)11
Header (com.predic8.membrane.core.http.Header)10
HttpClient (com.predic8.membrane.core.transport.http.HttpClient)10
CacheBuilder (com.google.common.cache.CacheBuilder)9
Rule (com.predic8.membrane.core.rules.Rule)6
URISyntaxException (java.net.URISyntaxException)6
UnknownHostException (java.net.UnknownHostException)6
ArrayList (java.util.ArrayList)6
Session (com.predic8.membrane.core.interceptor.authentication.session.SessionManager.Session)5
