use of io.jans.as.common.model.common.User in project jans by JanssenProject.
the class RevokeSessionRestWebService method requestRevokeSession.
@POST
@Path("/revoke_session")
@Produces({ MediaType.APPLICATION_JSON })
public Response requestRevokeSession(@FormParam("user_criterion_key") String userCriterionKey, @FormParam("user_criterion_value") String userCriterionValue, @Context HttpServletRequest request, @Context HttpServletResponse response, @Context SecurityContext sec) {
try {
log.debug("Attempting to revoke session: userCriterionKey = {}, userCriterionValue = {}, isSecure = {}", userCriterionKey, userCriterionValue, sec.isSecure());
errorResponseFactory.validateComponentEnabled(ComponentType.REVOKE_SESSION);
validateAccess();
final User user = userService.getUserByAttribute(userCriterionKey, userCriterionValue);
if (user == null) {
log.trace("Unable to find user by {}={}", userCriterionKey, userCriterionValue);
// no error because we don't want to disclose internal AS info about users
return Response.ok().build();
}
List<SessionId> sessionIdList = sessionIdService.findByUser(user.getDn());
if (sessionIdList == null || sessionIdList.isEmpty()) {
log.trace("No sessions found for user uid: {}, dn: {}", user.getUserId(), user.getDn());
return Response.ok().build();
}
final List<SessionId> authenticatedSessions = sessionIdList.stream().filter(sessionId -> sessionId.getState() == SessionIdState.AUTHENTICATED).collect(Collectors.toList());
sessionIdService.remove(authenticatedSessions);
log.debug("Revoked {} user's sessions (user: {})", authenticatedSessions.size(), user.getUserId());
return Response.ok().build();
} catch (WebApplicationException e) {
throw e;
} catch (Exception e) {
log.error(e.getMessage(), e);
return Response.status(500).build();
}
}
use of io.jans.as.common.model.common.User in project jans by JanssenProject.
the class SectorIdentifierService method getSub.
public String getSub(IAuthorizationGrant grant) {
Client client = grant.getClient();
User user = grant.getUser();
if (user == null) {
log.trace("User is null, return blank sub");
return "";
}
if (client == null) {
log.trace("Client is null, return blank sub.");
return "";
}
return getSub(client, user, grant instanceof CIBAGrant);
}
use of io.jans.as.common.model.common.User in project jans by JanssenProject.
the class SessionIdService method setSessionIdStateAuthenticated.
public SessionId setSessionIdStateAuthenticated(HttpServletRequest httpRequest, HttpServletResponse httpResponse, SessionId sessionId, String userDn) {
sessionId.setUserDn(userDn);
sessionId.setAuthenticationTime(new Date());
sessionId.setState(SessionIdState.AUTHENTICATED);
final User user = getUser(sessionId);
if (user != null) {
statService.reportActiveUser(user.getUserId());
}
final boolean persisted;
if (isTrue(appConfiguration.getChangeSessionIdOnAuthentication()) && httpResponse != null) {
final String oldSessionId = sessionId.getId();
final String newSessionId = UUID.randomUUID().toString();
log.debug("Changing session id from {} to {} ...", oldSessionId, newSessionId);
remove(sessionId);
sessionId.setId(newSessionId);
sessionId.setDn(buildDn(newSessionId));
sessionId.getSessionAttributes().put(SessionId.OLD_SESSION_ID_ATTR_KEY, oldSessionId);
if (isTrue(sessionId.getIsJwt())) {
sessionId.setJwt(generateJwt(sessionId, sessionId.getUserDn()).asString());
}
persisted = persistSessionId(sessionId, true);
cookieService.createSessionIdCookie(sessionId, httpRequest, httpResponse, false);
log.debug("Session identifier changed from {} to {} .", oldSessionId, newSessionId);
} else {
persisted = updateSessionId(sessionId, true, true, true);
}
auditLogging(sessionId);
log.trace("Authenticated session, id = '{}', state = '{}', persisted = '{}'", sessionId.getId(), sessionId.getState(), persisted);
if (externalApplicationSessionService.isEnabled()) {
String userName = sessionId.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
boolean externalResult = externalApplicationSessionService.executeExternalStartSessionMethods(httpRequest, sessionId);
log.info("Start session result for '{}': '{}'", userName, externalResult);
if (!externalResult) {
reinitLogin(sessionId, true);
throw new InvalidSessionStateException("Session creation is prohibited by external session script!");
}
externalEvent(new SessionEvent(SessionEventType.AUTHENTICATED, sessionId).setHttpRequest(httpRequest).setHttpResponse(httpResponse));
}
return sessionId;
}
use of io.jans.as.common.model.common.User in project jans by JanssenProject.
the class AuthenticationPersistenceService method save.
public void save(Fido2AuthenticationData authenticationData) {
String userName = authenticationData.getUsername();
User user = userService.getUser(userName, "inum");
if (user == null) {
if (appConfiguration.getFido2Configuration().isUserAutoEnrollment()) {
user = userService.addDefaultUser(userName);
} else {
throw new Fido2RuntimeException("Auto user enrollment was disabled. User not exists!");
}
}
String userInum = userService.getUserInum(user);
prepareBranch(userInum);
Date now = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
final String id = UUID.randomUUID().toString();
String dn = getDnForAuthenticationEntry(userInum, id);
Fido2AuthenticationEntry authenticationEntity = new Fido2AuthenticationEntry(dn, authenticationData.getId(), now, userInum, authenticationData);
authenticationEntity.setAuthenticationStatus(authenticationData.getStatus());
authenticationData.setCreatedDate(now);
authenticationData.setCreatedBy(userName);
persistenceEntryManager.persist(authenticationEntity);
}
use of io.jans.as.common.model.common.User in project jans by JanssenProject.
the class IdTokenFactory method fillClaims.
private void fillClaims(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, AuthorizationCode authorizationCode, AccessToken accessToken, RefreshToken refreshToken, ExecutionContext executionContext) throws Exception {
jwr.getClaims().setIssuer(appConfiguration.getIssuer());
Audience.setAudience(jwr.getClaims(), authorizationGrant.getClient());
int lifeTime = appConfiguration.getIdTokenLifetime();
int lifetimeFromScript = externalUpdateTokenService.getIdTokenLifetimeInSeconds(ExternalUpdateTokenContext.of(executionContext));
if (lifetimeFromScript > 0) {
lifeTime = lifetimeFromScript;
log.trace("Override id token lifetime with value from script: {}", lifetimeFromScript);
}
Calendar calendar = Calendar.getInstance();
Date issuedAt = calendar.getTime();
calendar.add(Calendar.SECOND, lifeTime);
Date expiration = calendar.getTime();
jwr.getClaims().setExpirationTime(expiration);
jwr.getClaims().setIssuedAt(issuedAt);
jwr.setClaim("code", UUID.randomUUID().toString());
if (executionContext.getPreProcessing() != null) {
executionContext.getPreProcessing().apply(jwr);
}
final SessionId session = sessionIdService.getSessionByDn(authorizationGrant.getSessionDn());
if (session != null) {
jwr.setClaim("sid", session.getOutsideSid());
}
if (authorizationGrant.getAcrValues() != null) {
jwr.setClaim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, authorizationGrant.getAcrValues());
setAmrClaim(jwr, authorizationGrant.getAcrValues());
}
String nonce = executionContext.getNonce();
if (StringUtils.isNotBlank(nonce)) {
jwr.setClaim(JwtClaimName.NONCE, nonce);
}
if (authorizationGrant.getAuthenticationTime() != null) {
jwr.getClaims().setClaim(JwtClaimName.AUTHENTICATION_TIME, authorizationGrant.getAuthenticationTime());
}
if (authorizationCode != null) {
String codeHash = AbstractToken.getHash(authorizationCode.getCode(), jwr.getHeader().getSignatureAlgorithm());
jwr.setClaim(JwtClaimName.CODE_HASH, codeHash);
}
if (accessToken != null) {
String accessTokenHash = AbstractToken.getHash(accessToken.getCode(), jwr.getHeader().getSignatureAlgorithm());
jwr.setClaim(JwtClaimName.ACCESS_TOKEN_HASH, accessTokenHash);
}
String state = executionContext.getState();
if (Strings.isNotBlank(state)) {
String stateHash = AbstractToken.getHash(state, jwr.getHeader().getSignatureAlgorithm());
jwr.setClaim(JwtClaimName.STATE_HASH, stateHash);
}
if (authorizationGrant.getGrantType() != null) {
jwr.setClaim("grant", authorizationGrant.getGrantType().getValue());
}
jwr.setClaim(JwtClaimName.OX_OPENID_CONNECT_VERSION, appConfiguration.getOxOpenIdConnectVersion());
User user = authorizationGrant.getUser();
List<Scope> dynamicScopes = new ArrayList<>();
if (executionContext.isIncludeIdTokenClaims() && authorizationGrant.getClient().isIncludeClaimsInIdToken()) {
for (String scopeName : executionContext.getScopes()) {
Scope scope = scopeService.getScopeById(scopeName);
if (scope == null) {
continue;
}
if (DYNAMIC == scope.getScopeType()) {
dynamicScopes.add(scope);
continue;
}
Map<String, Object> claims = scopeService.getClaims(user, scope);
if (Boolean.TRUE.equals(scope.isGroupClaims())) {
JwtSubClaimObject groupClaim = new JwtSubClaimObject();
groupClaim.setName(scope.getId());
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
groupClaim.setClaim(key, (List) value);
} else {
groupClaim.setClaim(key, (String) value);
}
}
jwr.getClaims().setClaim(scope.getId(), groupClaim);
} else {
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
jwr.getClaims().setClaim(key, (List) value);
} else if (value instanceof Boolean) {
jwr.getClaims().setClaim(key, (Boolean) value);
} else if (value instanceof Date) {
jwr.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
} else {
jwr.setClaim(key, (String) value);
}
}
}
jwr.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute("inum"));
}
}
setClaimsFromJwtAuthorizationRequest(jwr, authorizationGrant, executionContext.getScopes());
setClaimsFromRequestedClaims(executionContext.getClaimsAsString(), jwr, user);
filterClaimsBasedOnAccessToken(jwr, accessToken, authorizationCode);
jwrService.setSubjectIdentifier(jwr, authorizationGrant);
if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwr, unmodifiableAuthorizationGrant);
externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
}
processCiba(jwr, authorizationGrant, refreshToken);
if (executionContext.getPostProcessor() != null) {
executionContext.getPostProcessor().apply(jwr);
}
}
Aggregations