Search in sources :

Example 1 with REDIRECT_URI_VALID

use of oidc.saml.AuthnRequestConverter.REDIRECT_URI_VALID in project OpenConext-oidcng by OpenConext.

the class RedirectAuthenticationFailureHandler method onAuthenticationFailure.

@SneakyThrows
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
    HttpSession session = request.getSession(false);
    SavedRequest savedRequest = null;
    if (session != null) {
        savedRequest = (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
    }
    if (savedRequest == null) {
        savedRequest = requestCache.getRequest(request, response);
    }
    if (savedRequest != null) {
        Map<String, String[]> parameterMap = savedRequest.getParameterMap();
        Map<String, List<String>> parameters = parameterMap.keySet().stream().collect(Collectors.toMap(key -> key, key -> Arrays.asList(parameterMap.get(key))));
        List<String> redirectUris = parameters.get("redirect_uri");
        URI redirectURI = CollectionUtils.isEmpty(redirectUris) ? null : new URI(redirectUris.get(0));
        List<String> clientIds = parameters.get("client_id");
        String clientId = CollectionUtils.isEmpty(clientIds) ? null : clientIds.get(0);
        OpenIDClient openIDClient = openIDClientRepository.findOptionalByClientId(clientId).orElseThrow(() -> new UnknownClientException(clientId));
        AuthorizationEndpoint.validateRedirectionURI(redirectURI, openIDClient);
        request.setAttribute(REDIRECT_URI_VALID, true);
    } else if (exception instanceof ContextSaml2AuthenticationException) {
        request.setAttribute(REDIRECT_URI_VALID, true);
        throw exception;
    }
    /*
         * Will be picked up by the ErrorController. Do note that if the user has stepped up his account in eduID, then
         * the initial session is no longer around.
         */
    if (exception instanceof Saml2AuthenticationException) {
        throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, "The requesting service has indicated that the authenticated user is required to have validated attributes. Your institution has not provided this."), "The requesting service has indicated that the authenticated user is required to have validated attributes. Your institution has not provided this.", exception);
    }
    throw exception;
}
Also used : RequestCache(org.springframework.security.web.savedrequest.RequestCache) Arrays(java.util.Arrays) SneakyThrows(lombok.SneakyThrows) ServletException(javax.servlet.ServletException) UnknownClientException(oidc.exceptions.UnknownClientException) HttpServletRequest(javax.servlet.http.HttpServletRequest) Map(java.util.Map) AuthenticationException(org.springframework.security.core.AuthenticationException) OpenIDClient(oidc.model.OpenIDClient) URI(java.net.URI) Saml2ErrorCodes(org.springframework.security.saml2.core.Saml2ErrorCodes) HttpSession(javax.servlet.http.HttpSession) REDIRECT_URI_VALID(oidc.saml.AuthnRequestConverter.REDIRECT_URI_VALID) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest) ContextSaml2AuthenticationException(oidc.saml.ContextSaml2AuthenticationException) Saml2Error(org.springframework.security.saml2.core.Saml2Error) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) List(java.util.List) AuthenticationRequest(oidc.model.AuthenticationRequest) CollectionUtils(org.springframework.util.CollectionUtils) OpenIDClientRepository(oidc.repository.OpenIDClientRepository) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache) Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException) AuthorizationEndpoint(oidc.endpoints.AuthorizationEndpoint) UnknownClientException(oidc.exceptions.UnknownClientException) HttpSession(javax.servlet.http.HttpSession) OpenIDClient(oidc.model.OpenIDClient) URI(java.net.URI) Saml2Error(org.springframework.security.saml2.core.Saml2Error) ContextSaml2AuthenticationException(oidc.saml.ContextSaml2AuthenticationException) ContextSaml2AuthenticationException(oidc.saml.ContextSaml2AuthenticationException) Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException) List(java.util.List) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest) SneakyThrows(lombok.SneakyThrows)

Aggregations

IOException (java.io.IOException)1 URI (java.net.URI)1 Arrays (java.util.Arrays)1 List (java.util.List)1 Map (java.util.Map)1 Collectors (java.util.stream.Collectors)1 ServletException (javax.servlet.ServletException)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 HttpSession (javax.servlet.http.HttpSession)1 SneakyThrows (lombok.SneakyThrows)1 AuthorizationEndpoint (oidc.endpoints.AuthorizationEndpoint)1 UnknownClientException (oidc.exceptions.UnknownClientException)1 AuthenticationRequest (oidc.model.AuthenticationRequest)1 OpenIDClient (oidc.model.OpenIDClient)1 OpenIDClientRepository (oidc.repository.OpenIDClientRepository)1 REDIRECT_URI_VALID (oidc.saml.AuthnRequestConverter.REDIRECT_URI_VALID)1 ContextSaml2AuthenticationException (oidc.saml.ContextSaml2AuthenticationException)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 Saml2Error (org.springframework.security.saml2.core.Saml2Error)1