use of io.gravitee.am.gateway.handler.common.vertx.web.endpoint.ErrorEndpoint in project gravitee-access-management by gravitee-io.
the class RootProvider method doStart.
@Override
protected void doStart() throws Exception {
super.doStart();
// create the root router
final Router rootRouter = Router.router(vertx);
// body handler
bodyHandler(rootRouter);
// static handler
staticHandler(rootRouter);
// session cookie handler
sessionAndCookieHandler(rootRouter);
// GraviteeContext handler
authFlowContextHandler(rootRouter);
// CSRF handler
csrfHandler(rootRouter);
// CSP Handler
cspHandler(rootRouter);
// common handler
Handler<RoutingContext> userTokenRequestParseHandler = new UserTokenRequestParseHandler(userService);
Handler<RoutingContext> clientRequestParseHandler = new ClientRequestParseHandler(clientSyncService).setRequired(true);
Handler<RoutingContext> clientRequestParseHandlerOptional = new ClientRequestParseHandler(clientSyncService);
Handler<RoutingContext> passwordPolicyRequestParseHandler = new PasswordPolicyRequestParseHandler(passwordService, domain);
Handler<RoutingContext> botDetectionHandler = new BotDetectionHandler(domain, botDetectionManager);
Handler<RoutingContext> geoIpHandler = new GeoIpHandler(vertx.eventBus());
Handler<RoutingContext> loginAttemptHandler = new LoginAttemptHandler(domain, identityProviderManager, loginAttemptService);
Handler<RoutingContext> rememberDeviceSettingsHandler = new RememberDeviceSettingsHandler();
final DeviceIdentifierHandler deviceIdentifierHandler = new DeviceIdentifierHandler(deviceService);
// Root policy chain handler
rootRouter.route().handler(new ClientRequestParseHandler(clientSyncService).setContinueOnError(true)).handler(geoIpHandler).handler(policyChainHandler.create(ExtensionPoint.ROOT));
// Identifier First Login route
rootRouter.route(PATH_IDENTIFIER_FIRST_LOGIN).handler(clientRequestParseHandler).handler(botDetectionHandler).handler(new LoginSocialAuthenticationHandler(identityProviderManager, jwtService, certificateManager)).handler(new IdentifierFirstLoginEndpoint(thymeleafTemplateEngine, domain, botDetectionManager));
// login route
rootRouter.get(PATH_LOGIN).handler(clientRequestParseHandler).handler(new LoginSocialAuthenticationHandler(identityProviderManager, jwtService, certificateManager)).handler(policyChainHandler.create(ExtensionPoint.PRE_LOGIN)).handler(new LoginHideFormHandler(domain)).handler(new LoginEndpoint(thymeleafTemplateEngine, domain, botDetectionManager, deviceIdentifierManager));
rootRouter.post(PATH_LOGIN).handler(clientRequestParseHandler).handler(botDetectionHandler).handler(loginAttemptHandler).handler(new LoginFormHandler(userAuthProvider)).handler(deviceIdentifierHandler).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(new LoginPostEndpoint());
rootRouter.route(PATH_LOGIN).failureHandler(new LoginFailureHandler(authenticationFlowContextService));
// logout route
rootRouter.route(PATH_LOGOUT).handler(new LogoutEndpoint(domain, clientSyncService, jwtService, userService, authenticationFlowContextService, identityProviderManager, certificateManager, webClient));
rootRouter.route(PATH_LOGOUT_CALLBACK).handler(new LogoutCallbackEndpoint(domain, clientSyncService, jwtService, userService, authenticationFlowContextService, certificateManager));
// SSO/Social login route
Handler<RoutingContext> socialAuthHandler = SocialAuthHandler.create(new SocialAuthenticationProvider(userAuthenticationManager, eventManager, domain));
Handler<RoutingContext> loginCallbackParseHandler = new LoginCallbackParseHandler(clientSyncService, identityProviderManager, jwtService, certificateManager);
Handler<RoutingContext> loginCallbackOpenIDConnectFlowHandler = new LoginCallbackOpenIDConnectFlowHandler(thymeleafTemplateEngine);
Handler<RoutingContext> loginCallbackFailureHandler = new LoginCallbackFailureHandler(authenticationFlowContextService);
Handler<RoutingContext> loginCallbackEndpoint = new LoginCallbackEndpoint();
Handler<RoutingContext> loginSSOPOSTEndpoint = new LoginSSOPOSTEndpoint(thymeleafTemplateEngine);
rootRouter.get(PATH_LOGIN_CALLBACK).handler(loginCallbackOpenIDConnectFlowHandler).handler(loginCallbackParseHandler).handler(socialAuthHandler).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(loginCallbackEndpoint).failureHandler(loginCallbackFailureHandler);
rootRouter.post(PATH_LOGIN_CALLBACK).handler(loginCallbackOpenIDConnectFlowHandler).handler(loginCallbackParseHandler).handler(socialAuthHandler).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(loginCallbackEndpoint).failureHandler(loginCallbackFailureHandler);
rootRouter.get(PATH_LOGIN_SSO_POST).handler(loginSSOPOSTEndpoint);
rootRouter.get(PATH_LOGIN_SSO_SPNEGO).handler(policyChainHandler.create(ExtensionPoint.PRE_LOGIN)).handler(new LoginNegotiateAuthenticationHandler(userAuthProvider, thymeleafTemplateEngine)).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(new LoginPostEndpoint());
// MFA route
rootRouter.route(PATH_MFA_ENROLL).handler(clientRequestParseHandler).handler(new MFAEnrollEndpoint(factorManager, thymeleafTemplateEngine, userService, domain));
rootRouter.route(PATH_MFA_CHALLENGE).handler(clientRequestParseHandler).handler(rememberDeviceSettingsHandler).handler(new MFAChallengeEndpoint(factorManager, userService, thymeleafTemplateEngine, deviceService, applicationContext, domain));
rootRouter.route(PATH_MFA_CHALLENGE_ALTERNATIVES).handler(clientRequestParseHandler).handler(new MFAChallengeAlternativesEndpoint(thymeleafTemplateEngine, factorManager));
rootRouter.route(PATH_MFA_RECOVERY_CODE).handler(clientRequestParseHandler).handler(new MFARecoveryCodeEndpoint(thymeleafTemplateEngine, domain, userService));
// WebAuthn route
Handler<RoutingContext> webAuthnAccessHandler = new WebAuthnAccessHandler(domain);
rootRouter.route(PATH_WEBAUTHN_REGISTER).handler(clientRequestParseHandler).handler(webAuthnAccessHandler).handler(new WebAuthnRegisterEndpoint(domain, userAuthenticationManager, webAuthn, thymeleafTemplateEngine));
rootRouter.route(PATH_WEBAUTHN_LOGIN).handler(clientRequestParseHandler).handler(webAuthnAccessHandler).handler(new WebAuthnLoginEndpoint(domain, userAuthenticationManager, webAuthn, thymeleafTemplateEngine, deviceIdentifierManager, deviceService));
rootRouter.post(PATH_WEBAUTHN_RESPONSE).handler(clientRequestParseHandler).handler(webAuthnAccessHandler).handler(new WebAuthnResponseEndpoint(userAuthenticationManager, webAuthn, credentialService, domain));
// Registration route
Handler<RoutingContext> registerAccessHandler = new RegisterAccessHandler(domain);
rootRouter.route(HttpMethod.GET, PATH_REGISTER).handler(clientRequestParseHandler).handler(registerAccessHandler).handler(policyChainHandler.create(ExtensionPoint.PRE_REGISTER)).handler(new RegisterEndpoint(thymeleafTemplateEngine, domain, botDetectionManager));
rootRouter.route(HttpMethod.POST, PATH_REGISTER).handler(new RegisterSubmissionRequestParseHandler()).handler(clientRequestParseHandlerOptional).handler(botDetectionHandler).handler(registerAccessHandler).handler(passwordPolicyRequestParseHandler).handler(new RegisterProcessHandler(userService, domain)).handler(policyChainHandler.create(ExtensionPoint.POST_REGISTER)).handler(new RegisterSubmissionEndpoint());
rootRouter.route(PATH_REGISTER).failureHandler(new RegisterFailureHandler());
rootRouter.route(HttpMethod.GET, PATH_CONFIRM_REGISTRATION).handler(new RegisterConfirmationRequestParseHandler(userService)).handler(clientRequestParseHandlerOptional).handler(new RegisterConfirmationEndpoint(thymeleafTemplateEngine, domain));
rootRouter.route(HttpMethod.POST, PATH_CONFIRM_REGISTRATION).handler(new RegisterConfirmationSubmissionRequestParseHandler()).handler(userTokenRequestParseHandler).handler(passwordPolicyRequestParseHandler).handler(policyChainHandler.create(ExtensionPoint.POST_REGISTER)).handler(new RegisterConfirmationSubmissionEndpoint(userService));
// Forgot password route
Handler<RoutingContext> forgotPasswordAccessHandler = new ForgotPasswordAccessHandler(domain);
rootRouter.route(HttpMethod.GET, PATH_FORGOT_PASSWORD).handler(clientRequestParseHandler).handler(forgotPasswordAccessHandler).handler(new ForgotPasswordEndpoint(thymeleafTemplateEngine, domain, botDetectionManager));
rootRouter.route(HttpMethod.POST, PATH_FORGOT_PASSWORD).handler(new ForgotPasswordSubmissionRequestParseHandler(domain)).handler(clientRequestParseHandler).handler(botDetectionHandler).handler(forgotPasswordAccessHandler).handler(new ForgotPasswordSubmissionEndpoint(userService, domain));
rootRouter.route(HttpMethod.GET, PATH_RESET_PASSWORD).handler(new ResetPasswordRequestParseHandler(userService)).handler(clientRequestParseHandlerOptional).handler(userTokenRequestParseHandler).handler(new ResetPasswordOneTimeTokenHandler()).handler(policyChainHandler.create(ExtensionPoint.PRE_RESET_PASSWORD)).handler(new ResetPasswordEndpoint(thymeleafTemplateEngine, domain));
rootRouter.route(HttpMethod.POST, PATH_RESET_PASSWORD).handler(new ResetPasswordSubmissionRequestParseHandler()).handler(userTokenRequestParseHandler).handler(new ResetPasswordOneTimeTokenHandler()).handler(passwordPolicyRequestParseHandler).handler(policyChainHandler.create(ExtensionPoint.POST_RESET_PASSWORD)).handler(new ResetPasswordSubmissionEndpoint(userService));
// error route
rootRouter.route(HttpMethod.GET, PATH_ERROR).handler(new ErrorEndpoint(domain, thymeleafTemplateEngine, clientSyncService, jwtService));
// error handler
errorHandler(rootRouter);
// mount root router
router.mountSubRouter(path(), rootRouter);
}
use of io.gravitee.am.gateway.handler.common.vertx.web.endpoint.ErrorEndpoint in project gravitee-access-management by gravitee-io.
the class OAuth2Provider method initRouter.
private void initRouter() {
// Create the OAuth 2.0 router
final Router oauth2Router = Router.router(vertx);
// client auth handler
final String certificateHeader = environment.getProperty(ConstantKeys.HTTP_SSL_CERTIFICATE_HEADER);
final Handler<RoutingContext> clientAuthHandler = ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, certificateHeader);
// static handler
staticHandler(oauth2Router);
// session cookie handler
sessionAndCookieHandler(oauth2Router);
// CSRF handler
csrfHandler(oauth2Router);
// CSP Handler
cspHandler(oauth2Router);
AuthenticationFlowContextHandler authenticationFlowContextHandler = new AuthenticationFlowContextHandler(authenticationFlowContextService, environment);
// Authorization endpoint
oauth2Router.route(HttpMethod.OPTIONS, "/authorize").handler(corsHandler);
oauth2Router.route(HttpMethod.GET, "/authorize").handler(corsHandler).handler(new AuthorizationRequestTransactionHandler(transactionHeader)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequiredParametersHandler()).handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestParseIdTokenHintHandler(idTokenService)).handler(new AuthorizationRequestParseParametersHandler(domain)).handler(authenticationFlowContextHandler).handler(authenticationFlowHandler.create()).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(new AuthorizationRequestEndUserConsentHandler(userConsentService)).handler(new AuthorizationEndpoint(flow, thymeleafTemplateEngine, parService)).failureHandler(new AuthorizationRequestFailureHandler(openIDDiscoveryService, jwtService, jweService, environment));
// Authorization consent endpoint
Handler<RoutingContext> userConsentPrepareContextHandler = new UserConsentPrepareContextHandler(clientSyncService);
oauth2Router.route(HttpMethod.GET, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(policyChainHandler.create(ExtensionPoint.PRE_CONSENT)).handler(new UserConsentEndpoint(userConsentService, thymeleafTemplateEngine, domain));
oauth2Router.route(HttpMethod.POST, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(new UserConsentProcessHandler(userConsentService, domain)).handler(policyChainHandler.create(ExtensionPoint.POST_CONSENT)).handler(new UserConsentPostEndpoint());
oauth2Router.route("/consent").failureHandler(new UserConsentFailureHandler());
// Token endpoint
oauth2Router.route(HttpMethod.OPTIONS, "/token").handler(corsHandler);
oauth2Router.route(HttpMethod.POST, "/token").handler(corsHandler).handler(new TokenRequestParseHandler()).handler(clientAuthHandler).handler(new TokenEndpoint(tokenGranter));
// Introspection endpoint
oauth2Router.route(HttpMethod.POST, "/introspect").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(clientAuthHandler).handler(new IntrospectionEndpoint(introspectionService));
// Revocation endpoint
oauth2Router.route(HttpMethod.OPTIONS, "/revoke").handler(corsHandler);
oauth2Router.route(HttpMethod.POST, "/revoke").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(corsHandler).handler(clientAuthHandler).handler(new RevocationTokenEndpoint(revocationTokenService));
// Error endpoint
oauth2Router.route(HttpMethod.GET, "/error").handler(new ErrorEndpoint(domain, thymeleafTemplateEngine, clientSyncService, jwtService));
// Pushed Authorization Request
oauth2Router.route(HttpMethod.POST, "/par").handler(clientAuthHandler).handler(new PushedAuthorizationRequestEndpoint(parService));
oauth2Router.route("/par").handler(new PushedAuthorizationRequestEndpoint.MethodNotAllowedHandler());
// error handler
errorHandler(oauth2Router);
// mount OAuth 2.0 router
router.mountSubRouter(path(), oauth2Router);
}
Aggregations