use of com.predic8.membrane.core.interceptor.Outcome in project service-proxy by membrane.
the class AuthHead2BodyInterceptor method handleRequest.
public Outcome handleRequest(AbstractExchange exchange) throws Exception {
Document doc = getDocument(exchange.getRequest().getBodyAsStreamDecoded(), exchange.getRequest().getCharset());
Element header = getAuthorisationHeader(doc);
if (header == null)
return Outcome.CONTINUE;
// System.out.println(DOM2String(doc));
Element nor = getNorElement(doc);
nor.appendChild(getUsername(doc, header));
nor.appendChild(getPassword(doc, header));
header.getParentNode().removeChild(header);
exchange.getRequest().setBody(new Body(DOM2String(doc).getBytes(exchange.getRequest().getCharset())));
return Outcome.CONTINUE;
}
use of com.predic8.membrane.core.interceptor.Outcome in project service-proxy by membrane.
the class UserFeatureInterceptor method handleRequest.
@Override
public Outcome handleRequest(Exchange exc) throws Exception {
Rule predecessorRule = exc.getRule();
Outcome outcome = flowController.invokeRequestHandlers(exc, predecessorRule.getInterceptors());
while (isTargetInternalAndContinue(exc, outcome)) {
log.debug("routing to serviceProxy with name: " + getServiceProxyName(exc));
// rule matching
String destination = exc.getDestinations().get(0);
Rule newRule = getRuleByDest(destination);
if (newRule == null)
throw new Exception("No proxy found for destination " + destination);
exc.setRule(newRule);
// dispatching
exc.getDestinations().clear();
exc.getDestinations().add(DispatchingInterceptor.getForwardingDestination(exc));
// user feature
outcome = flowController.invokeRequestHandlers(exc, newRule.getInterceptors());
}
exc.setRule(predecessorRule);
return outcome;
}
use of com.predic8.membrane.core.interceptor.Outcome in project service-proxy by membrane.
the class OAuth2ResourceInterceptor method handleRequestInternal.
private Outcome handleRequestInternal(Exchange exc) throws Exception {
if (initPublicURLOnFirstExchange)
setPublicURL(exc);
if (firstInitWhenDynamicAuthorizationService) {
firstInitWhenDynamicAuthorizationService = false;
getAuthService().dynamicRegistration(exc, publicURL);
}
if (isFaviconRequest(exc)) {
exc.setResponse(Response.badRequest().build());
return Outcome.RETURN;
}
if (isLoginRequest(exc)) {
handleLoginRequest(exc);
return Outcome.RETURN;
}
Session session = sessionManager.getSession(exc);
if (session == null) {
String auth = exc.getRequest().getHeader().getFirstValue(Header.AUTHORIZATION);
if (auth != null && auth.substring(0, 7).equalsIgnoreCase("Bearer ")) {
session = sessionManager.createSession(exc);
session.getUserAttributes().put(ParamNames.ACCESS_TOKEN, auth.substring(7));
OAuth2AnswerParameters oauth2Answer = new OAuth2AnswerParameters();
oauth2Answer.setAccessToken(auth.substring(7));
oauth2Answer.setTokenType("Bearer");
HashMap<String, String> userinfo = revalidateToken(oauth2Answer);
if (userinfo == null)
return respondWithRedirect(exc);
oauth2Answer.setUserinfo(userinfo);
session.getUserAttributes().put(OAUTH2_ANSWER, oauth2Answer.serialize());
processUserInfo(userinfo, session);
}
}
if (session == null)
return respondWithRedirect(exc);
if (session.getUserAttributes().get(OAUTH2_ANSWER) != null && tokenNeedsRevalidation(session.getUserAttributes().get(ParamNames.ACCESS_TOKEN))) {
if (revalidateToken(OAuth2AnswerParameters.deserialize(session.getUserAttributes().get(OAUTH2_ANSWER))) == null)
session.clear();
}
if (session.getUserAttributes().get(OAUTH2_ANSWER) != null)
exc.setProperty(Exchange.OAUTH2, OAuth2AnswerParameters.deserialize(session.getUserAttributes().get(OAUTH2_ANSWER)));
if (refreshingOfAccessTokenIsNeeded(session)) {
synchronized (session) {
refreshAccessToken(session);
exc.setProperty(Exchange.OAUTH2, OAuth2AnswerParameters.deserialize(session.getUserAttributes().get(OAUTH2_ANSWER)));
}
}
if (session.isAuthorized()) {
applyBackendAuthorization(exc, session);
statistics.successfulRequest();
return Outcome.CONTINUE;
}
if (handleRequest(exc, session.getUserAttributes().get("state"), publicURL, session)) {
if (exc.getResponse() == null && exc.getRequest() != null && session.isAuthorized() && session.getUserAttributes().containsKey(OAUTH2_ANSWER)) {
exc.setProperty(Exchange.OAUTH2, OAuth2AnswerParameters.deserialize(session.getUserAttributes().get(OAUTH2_ANSWER)));
return Outcome.CONTINUE;
}
if (exc.getResponse().getStatusCode() >= 400)
session.clear();
return Outcome.RETURN;
}
return respondWithRedirect(exc);
}
use of com.predic8.membrane.core.interceptor.Outcome in project service-proxy by membrane.
the class OAuth2ResourceInterceptor method respondWithRedirect.
private Outcome respondWithRedirect(Exchange exc) {
if (loginLocation == null) {
String state = new BigInteger(130, new SecureRandom()).toString(32);
exc.setResponse(Response.redirectGet(auth.getLoginURL(state, publicURL, exc.getRequestURI())).build());
stateToOriginalUrl.put(state, exc.getRequest());
Session session = sessionManager.getOrCreateSession(exc);
synchronized (session) {
if (session.getUserAttributes().containsKey(ParamNames.STATE))
state = session.getUserAttributes().get(ParamNames.STATE) + " " + state;
if (!session.isPreAuthorized() || !session.isAuthorized())
session.preAuthorize("", new HashMap<>());
session.getUserAttributes().put(ParamNames.STATE, state);
}
} else {
exc.setResponse(Response.redirectGet(loginPath).build());
}
return Outcome.RETURN;
}
use of com.predic8.membrane.core.interceptor.Outcome in project service-proxy by membrane.
the class OAuth2Processors method runProcessors.
public Outcome runProcessors(Exchange exc) throws Exception {
for (EndpointProcessor excProc : processors) {
if (excProc.isResponsible(exc)) {
Outcome result = excProc.process(exc);
postProcessing(exc);
return result;
}
}
throw new RuntimeException("No OAuthEndpointProcessor found. This should never happen!");
}
Aggregations