Examples with HttpServletResponse jakarta.servlet.http.HttpServletResponse used on opensource projects

Example 76 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class DefaultOAuth2AuthorizedClientManager method authorize.

@Nullable
@Override
public OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest authorizeRequest) {
    Assert.notNull(authorizeRequest, "authorizeRequest cannot be null");
    String clientRegistrationId = authorizeRequest.getClientRegistrationId();
    OAuth2AuthorizedClient authorizedClient = authorizeRequest.getAuthorizedClient();
    Authentication principal = authorizeRequest.getPrincipal();
    HttpServletRequest servletRequest = getHttpServletRequestOrDefault(authorizeRequest.getAttributes());
    Assert.notNull(servletRequest, "servletRequest cannot be null");
    HttpServletResponse servletResponse = getHttpServletResponseOrDefault(authorizeRequest.getAttributes());
    Assert.notNull(servletResponse, "servletResponse cannot be null");
    OAuth2AuthorizationContext.Builder contextBuilder;
    if (authorizedClient != null) {
        contextBuilder = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
    } else {
        authorizedClient = this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, servletRequest);
        if (authorizedClient != null) {
            contextBuilder = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
        } else {
            ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId);
            Assert.notNull(clientRegistration, "Could not find ClientRegistration with id '" + clientRegistrationId + "'");
            contextBuilder = OAuth2AuthorizationContext.withClientRegistration(clientRegistration);
        }
    }
    // @formatter:off
    OAuth2AuthorizationContext authorizationContext = contextBuilder.principal(principal).attributes((attributes) -> {
        Map<String, Object> contextAttributes = this.contextAttributesMapper.apply(authorizeRequest);
        if (!CollectionUtils.isEmpty(contextAttributes)) {
            attributes.putAll(contextAttributes);
        }
    }).build();
    // @formatter:on
    try {
        authorizedClient = this.authorizedClientProvider.authorize(authorizationContext);
    } catch (OAuth2AuthorizationException ex) {
        this.authorizationFailureHandler.onAuthorizationFailure(ex, principal, createAttributes(servletRequest, servletResponse));
        throw ex;
    }
    if (authorizedClient != null) {
        this.authorizationSuccessHandler.onAuthorizationSuccess(authorizedClient, principal, createAttributes(servletRequest, servletResponse));
    } else {
        // `authorizationContext.authorizedClient`.
        if (authorizationContext.getAuthorizedClient() != null) {
            return authorizationContext.getAuthorizedClient();
        }
    }
    return authorizedClient;
}

Example 77 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class ServletOAuth2AuthorizedClientExchangeFilterFunction method reauthorizeClient.

private Mono<OAuth2AuthorizedClient> reauthorizeClient(OAuth2AuthorizedClient authorizedClient, ClientRequest request) {
    if (this.authorizedClientManager == null) {
        return Mono.just(authorizedClient);
    }
    Map<String, Object> attrs = request.attributes();
    Authentication authentication = getAuthentication(attrs);
    if (authentication == null) {
        authentication = createAuthentication(authorizedClient.getPrincipalName());
    }
    HttpServletRequest servletRequest = getRequest(attrs);
    HttpServletResponse servletResponse = getResponse(attrs);
    OAuth2AuthorizeRequest.Builder builder = OAuth2AuthorizeRequest.withAuthorizedClient(authorizedClient).principal(authentication);
    builder.attributes((attributes) -> addToAttributes(attributes, servletRequest, servletResponse));
    OAuth2AuthorizeRequest reauthorizeRequest = builder.build();
    // blocking I/O operation using RestTemplate internally
    return Mono.fromSupplier(() -> this.authorizedClientManager.authorize(reauthorizeRequest)).subscribeOn(Schedulers.boundedElastic());
}

Example 78 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class ServletOAuth2AuthorizedClientExchangeFilterFunction method populateRequestAttributes.

private void populateRequestAttributes(Map<String, Object> attrs, Context ctx) {
    // this key
    if (!ctx.hasKey(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY)) {
        return;
    }
    Map<Object, Object> contextAttributes = ctx.get(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY);
    HttpServletRequest servletRequest = (HttpServletRequest) contextAttributes.get(HttpServletRequest.class);
    if (servletRequest != null) {
        attrs.putIfAbsent(HTTP_SERVLET_REQUEST_ATTR_NAME, servletRequest);
    }
    HttpServletResponse servletResponse = (HttpServletResponse) contextAttributes.get(HttpServletResponse.class);
    if (servletResponse != null) {
        attrs.putIfAbsent(HTTP_SERVLET_RESPONSE_ATTR_NAME, servletResponse);
    }
    Authentication authentication = (Authentication) contextAttributes.get(Authentication.class);
    if (authentication != null) {
        attrs.putIfAbsent(AUTHENTICATION_ATTR_NAME, authentication);
    }
}

Example 79 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class ChannelProcessingFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    FilterInvocation filterInvocation = new FilterInvocation(request, response, chain);
    Collection<ConfigAttribute> attributes = this.securityMetadataSource.getAttributes(filterInvocation);
    if (attributes != null) {
        this.logger.debug(LogMessage.format("Request: %s; ConfigAttributes: %s", filterInvocation, attributes));
        this.channelDecisionManager.decide(filterInvocation, attributes);
        if (filterInvocation.getResponse().isCommitted()) {
            return;
        }
    }
    chain.doFilter(request, response);
}

Example 80 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method outputStreamFlushesDelegate.

// SEC-SEC-2055
@Test
public void outputStreamFlushesDelegate() throws Exception {
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    repo.setSpringSecurityContextKey("imTheContext");
    MockHttpServletRequest request = new MockHttpServletRequest();
    HttpServletResponse response = mock(HttpServletResponse.class);
    ServletOutputStream outputstream = mock(ServletOutputStream.class);
    given(response.getOutputStream()).willReturn(outputstream);
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
    SecurityContextHolder.setContext(repo.loadContext(holder));
    SecurityContextHolder.getContext().setAuthentication(this.testToken);
    holder.getResponse().getOutputStream().flush();
    verify(outputstream).flush();
}