Example 1 with TransactionState
use of edu.uiuc.ncsa.security.delegation.servlet.TransactionState in project OA4MP by ncsa.
the class ACS2 method doDelegation.
protected void doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
info("6.a. Starting to process cert request");
PARequest paRequest = new PARequest(httpServletRequest, getClient(httpServletRequest));
String statusString = "client = " + paRequest.getClient().getIdentifier();
// The next call will pull the access token off of any parameters. The result may be null if there is
// no access token.
paRequest.setAccessToken(getAccessToken(httpServletRequest));
PAResponse paResponse = (PAResponse) getPAI().process(paRequest);
debug("6.a. " + statusString);
ServiceTransaction t = verifyAndGet(paResponse);
Map params = httpServletRequest.getParameterMap();
if (t.getCertReq() == null) {
String rawCR = ((String[]) params.get(CONST(ServiceConstantKeys.CERT_REQUEST_KEY)))[0];
// CIL-409 fix -- fail immediately if the cert request is missing
if (!params.containsKey(CONST(ServiceConstantKeys.CERT_REQUEST_KEY))) {
throw new GeneralException("Error: Missing cert request parameter.");
}
// CIL-409 fix
if (isEmpty(rawCR)) {
throw new GeneralException("Error: Empty cert request.");
}
MyPKCS10CertRequest certReq;
try {
certReq = CertUtil.fromStringToCertReq(rawCR);
} catch (Throwable throwable) {
throwable.printStackTrace();
throw new GeneralException("Error: cert request is bad/not understandable:" + (rawCR == null ? "(null)" : rawCR), throwable);
}
t.setCertReq(certReq);
// The assumption at this point is that this value is in seconds, which is valid for OIDC clients.
if (params.containsKey(CONST(ServiceConstantKeys.CERT_LIFETIME_KEY))) {
t.setLifetime(1000 * Long.parseLong(((String[]) params.get(CONST(ServiceConstantKeys.CERT_LIFETIME_KEY)))[0]));
} else {
// set the default to 10 days if there is no certlifetime parameter passed in.
t.setLifetime(1000 * 10 * 24 * 3600);
}
getTransactionStore().save(t);
}
info("6.a. Processing request for transaction " + t.getIdentifier());
doRealCertRequest(t, statusString);
t.setAccessTokenValid(false);
preprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
debug("6.a. protected asset:" + (t.getProtectedAsset() == null ? "(null)" : "ok") + ", " + statusString);
HashMap<String, String> username = new HashMap<String, String>();
username.put("username", t.getUsername());
if (paResponse.getParameters() != null) {
username.putAll(paResponse.getParameters());
}
paResponse.setAdditionalInformation(username);
paResponse.setProtectedAsset(t.getProtectedAsset());
debug("6.a. Added username \"" + t.getUsername() + "\" & cert for request from " + statusString);
getTransactionStore().save(t);
info("6.b. Done with cert request " + statusString);
paResponse.write(httpServletResponse);
info("6.b. Completed transaction " + t.getIdentifierString() + ", " + statusString);
postprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
}
Also used :
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
HashMap(java.util.HashMap)
PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)
PARequest(edu.uiuc.ncsa.security.delegation.server.request.PARequest)
HashMap(java.util.HashMap)
Map(java.util.Map)
MyPKCS10CertRequest(edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)
Example 2 with TransactionState
use of edu.uiuc.ncsa.security.delegation.servlet.TransactionState in project OA4MP by ncsa.
the class AbstractAccessTokenServlet method doDelegation.
protected IssuerTransactionState doDelegation(Client client, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable, ServletException {
printAllParameters(httpServletRequest);
info("5.a. Starting access token exchange");
Verifier v = getServiceEnvironment().getTokenForge().getVerifier(httpServletRequest);
AuthorizationGrant ag = getServiceEnvironment().getTokenForge().getAuthorizationGrant(httpServletRequest);
ATRequest atRequest = new ATRequest(httpServletRequest, client);
atRequest.setVerifier(v);
atRequest.setAuthorizationGrant(ag);
// FIXME!! make this configurable??
atRequest.setExpiresIn(DateUtils.MAX_TIMEOUT);
ATResponse atResp = (ATResponse) getATI().process(atRequest);
ServiceTransaction transaction = verifyAndGet(atResp);
String cc = "client=" + transaction.getClient();
info("5.a. got access token " + cc);
preprocess(new TransactionState(httpServletRequest, httpServletResponse, atResp.getParameters(), transaction));
debug("5.a. access token = " + atResp.getAccessToken() + " for verifier = " + v);
transaction.setAuthGrantValid(false);
transaction.setAccessToken(atResp.getAccessToken());
transaction.setAccessTokenValid(true);
try {
getTransactionStore().save(transaction);
info("5.a. updated transaction state for " + cc + ", sending response to client");
} catch (GeneralException e) {
throw new ServletException("Error saving transaction", e);
}
// atResp.write(httpServletResponse);
info("5.b. done with access token exchange with " + cc);
IssuerTransactionState transactionState = new IssuerTransactionState(httpServletRequest, httpServletResponse, atResp.getParameters(), transaction, atResp);
postprocess(transactionState);
return transactionState;
}
Also used :
ServletException(javax.servlet.ServletException)
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
ATRequest(edu.uiuc.ncsa.security.delegation.server.request.ATRequest)
Verifier(edu.uiuc.ncsa.security.delegation.token.Verifier)
AuthorizationGrant(edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)
ATResponse(edu.uiuc.ncsa.security.delegation.server.request.ATResponse)
Example 3 with TransactionState
use of edu.uiuc.ncsa.security.delegation.servlet.TransactionState in project OA4MP by ncsa.
the class AbstractAuthorizationServlet method createRedirect.
protected void createRedirect(HttpServletRequest request, HttpServletResponse response, ServiceTransaction trans) throws Throwable {
String userName = null;
String password = null;
// Fixes OAUTH-192.
if (getServiceEnvironment().getAuthorizationServletConfig().isUseHeader()) {
String headerName = getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName();
if (isEmpty(headerName) || headerName.toLowerCase().equals("remote_user")) {
userName = request.getRemoteUser();
} else {
Enumeration enumeration = request.getHeaders(headerName);
if (!enumeration.hasMoreElements()) {
throw new GeneralException("Error: A custom header of \"" + headerName + "\" was specified for authorization, but no value was found.");
}
userName = enumeration.nextElement().toString();
if (enumeration.hasMoreElements()) {
throw new GeneralException("Error: A custom header of \"" + headerName + "\" was specified for authorization, but multiple values were found.");
}
}
if (getServiceEnvironment().getAuthorizationServletConfig().isRequireHeader()) {
if (isEmpty(userName)) {
warn("Headers required, but none found.");
throw new GeneralException("Headers required, but none found.");
}
} else {
// So the score card is that the header is not required though use it if there for the username
if (isEmpty(userName)) {
userName = request.getParameter(AUTHORIZATION_USER_NAME_KEY);
}
trans.setUsername(userName);
}
} else {
// Headers not used, just pull it off the form the user POSTs.
userName = request.getParameter(AUTHORIZATION_USER_NAME_KEY);
password = request.getParameter(AUTHORIZATION_PASSWORD_KEY);
trans.setUsername(userName);
}
userName = trans.getUsername();
info("3.b. transaction has user name = " + userName);
// The right place to invoke the pre-processor.
preprocess(new TransactionState(request, response, null, trans));
String statusString = " transaction =" + trans.getIdentifierString() + " and client=" + trans.getClient().getIdentifierString();
trans.setVerifier(MyProxyDelegationServlet.getServiceEnvironment().getTokenForge().getVerifier());
MyProxyDelegationServlet.getServiceEnvironment().getTransactionStore().save(trans);
setupMPConnection(trans, userName, password);
// Change is to close this connection after verifying it works.
// Oauth 1 will get the cert, OAuth 2 will do nothing here, getting the cert later.
doRealCertRequest(trans, statusString);
debug("4.a. verifier = " + trans.getVerifier() + ", " + statusString);
String cb = createCallback(trans, getFirstParameters(request));
info("4.a. starting redirect to " + cb + ", " + statusString);
response.sendRedirect(cb);
info("4.b. Redirect to callback " + cb + " ok, " + statusString);
}
Also used :
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
Enumeration(java.util.Enumeration)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
Example 4 with TransactionState
use of edu.uiuc.ncsa.security.delegation.servlet.TransactionState in project OA4MP by ncsa.
the class AbstractAuthorizationServlet method present.
public void present(PresentableState state) throws Throwable {
AuthorizedState aState = (AuthorizedState) state;
postprocess(new TransactionState(state.getRequest(), aState.getResponse(), null, aState.getTransaction()));
switch(aState.getState()) {
case AUTHORIZATION_ACTION_START:
String initPage = INITIAL_PAGE;
info("*** STARTING present");
if (getServiceEnvironment().getAuthorizationServletConfig().isUseHeader()) {
initPage = REMOTE_USER_INITIAL_PAGE;
info("*** PRESENT: Use headers enabled.");
String x = null;
if (getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName().equals("REMOTE_USER")) {
// slightly more surefire way to get this.
x = aState.getRequest().getRemoteUser();
info("*** got user name from request = " + x);
} else {
x = aState.getRequest().getHeader(getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName());
info("Got username from header \"" + getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName() + "\" + directly: " + x);
}
if (isEmpty(x)) {
if (getServiceEnvironment().getAuthorizationServletConfig().isRequireHeader()) {
throw new GeneralException("Error: configuration required using the header \"" + getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName() + "\" " + "but this was not set. Cannot continue.");
}
// not required, it is null
} else {
// name is set. optional or required
aState.getTransaction().setUsername(x);
info("*** storing user name = " + x);
getTransactionStore().save(aState.getTransaction());
// make it display pretty as per usual conventions. This is never reused, however.
aState.getRequest().setAttribute(AUTHORIZATION_USER_NAME_VALUE, escapeHtml(x));
}
} else {
info("*** PRESENT: Use headers DISABLED.");
}
JSPUtil.fwd(state.getRequest(), state.getResponse(), initPage);
info("3.a. User information obtained for grant = " + aState.getTransaction().getAuthorizationGrant());
break;
case AUTHORIZATION_ACTION_OK:
JSPUtil.fwd(state.getRequest(), state.getResponse(), OK_PAGE);
break;
default:
// fall through and do nothing
debug("Hit default case in AbstractAuthZ servlet");
}
}
Also used :
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
Example 5 with TransactionState
use of edu.uiuc.ncsa.security.delegation.servlet.TransactionState in project OA4MP by ncsa.
the class AbstractCertServlet method doDelegation.
protected void doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
info("6.a. Starting to process cert request");
PARequest paRequest = new PARequest(httpServletRequest, getClient(httpServletRequest));
String cc = "client = " + paRequest.getClient().getIdentifier();
paRequest.setAccessToken(getServiceEnvironment().getTokenForge().getAccessToken(httpServletRequest));
PAResponse paResponse = (PAResponse) getPAI().process(paRequest);
AccessToken accessToken = paResponse.getAccessToken();
debug("6.a. " + cc);
ServiceTransaction t = verifyAndGet(paResponse);
info("6.a. Processing request for transaction " + t.getIdentifier());
t.setAccessTokenValid(false);
preprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
debug("6.a. protected asset:" + (t.getProtectedAsset() == null ? "(null)" : "ok") + ", " + cc);
HashMap<String, String> username = new HashMap<String, String>();
username.put("username", t.getUsername());
username.putAll(paResponse.getParameters());
paResponse.setAdditionalInformation(username);
paResponse.setProtectedAsset(t.getProtectedAsset());
debug("6.a. Added username \"" + t.getUsername() + "\" & cert for request from " + cc);
getTransactionStore().save(t);
info("6.b. Done with cert request " + cc);
paResponse.write(httpServletResponse);
info("6.b. Completed transaction " + t.getIdentifierString() + ", " + cc);
postprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
}
Also used :
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
HashMap(java.util.HashMap)
AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken)
PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)
PARequest(edu.uiuc.ncsa.security.delegation.server.request.PARequest)
Aggregations
TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)9
GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)5
ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)5
PARequest (edu.uiuc.ncsa.security.delegation.server.request.PARequest)2
PAResponse (edu.uiuc.ncsa.security.delegation.server.request.PAResponse)2
HashMap (java.util.HashMap)2
NoUsableMyProxyServerFoundException (edu.uiuc.ncsa.myproxy.NoUsableMyProxyServerFoundException)1
ConnectionException (edu.uiuc.ncsa.security.core.exceptions.ConnectionException)1
UnapprovedClientException (edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException)1
AGRequest (edu.uiuc.ncsa.security.delegation.server.request.AGRequest)1
AGResponse (edu.uiuc.ncsa.security.delegation.server.request.AGResponse)1
ATRequest (edu.uiuc.ncsa.security.delegation.server.request.ATRequest)1
ATResponse (edu.uiuc.ncsa.security.delegation.server.request.ATResponse)1
Client (edu.uiuc.ncsa.security.delegation.storage.Client)1
AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)1
AuthorizationGrant (edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)1
Verifier (edu.uiuc.ncsa.security.delegation.token.Verifier)1
MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)1
GeneralSecurityException (java.security.GeneralSecurityException)1
Enumeration (java.util.Enumeration)1
