Search in sources :

Example 1 with CustomScriptConfiguration

use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class ConsentGathererService method determineConsentScript.

private CustomScriptConfiguration determineConsentScript(String clientId) {
    if (appConfiguration.getConsentGatheringScriptBackwardCompatibility()) {
        // in 4.1 and earlier we returned default consent script
        return external.getDefaultExternalCustomScript();
    }
    final List<String> consentGatheringScripts = clientService.getClient(clientId).getAttributes().getConsentGatheringScripts();
    final List<CustomScriptConfiguration> scripts = external.getCustomScriptConfigurationsByDns(consentGatheringScripts);
    if (!scripts.isEmpty()) {
        // flow supports single script, thus taking the one with higher level
        final CustomScriptConfiguration script = Collections.max(scripts, Comparator.comparingInt(CustomScriptConfiguration::getLevel));
        log.debug("Determined consent gathering script `%s`", script.getName());
        return script;
    }
    log.debug("There no consent gathering script configured for client `%s`. Therefore taking default consent script.", clientId);
    return external.getDefaultExternalCustomScript();
}
Also used : CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)

Example 2 with CustomScriptConfiguration

use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class ConsentGathererService method prepareForStep.

public String prepareForStep() {
    try {
        final HttpServletRequest httpRequest = (HttpServletRequest) externalContext.getRequest();
        final HttpServletResponse httpResponse = (HttpServletResponse) externalContext.getResponse();
        final SessionId session = sessionService.getConsentSession(httpRequest, httpResponse, null, false);
        if (session == null || session.getSessionAttributes().isEmpty()) {
            log.error("Failed to restore claim-gathering session state");
            return result(Constants.RESULT_EXPIRED);
        }
        CustomScriptConfiguration script = getScript(session);
        if (script == null) {
            log.error("Failed to find script '{}' in session:", sessionService.getScriptName(session));
            return result(Constants.RESULT_FAILURE);
        }
        int step = sessionService.getStep(session);
        if (step < 1) {
            log.error("Invalid step: {}", step);
            return result(Constants.RESULT_INVALID_STEP);
        }
        if (!sessionService.isPassedPreviousSteps(session, step)) {
            log.error("There are consent-gathering steps not marked as passed. scriptName: '{}', step: '{}'", script.getName(), step);
            return result(Constants.RESULT_FAILURE);
        }
        this.context = new ConsentGatheringContext(script.getConfigurationAttributes(), httpRequest, httpResponse, session, pageAttributes, sessionService, userService, facesService, appConfiguration);
        boolean result = external.prepareForStep(script, step, context);
        log.debug("Consent-gathering prepare for step result for script '{}', step: '{}', gatheredResult: '{}'", script.getName(), step, result);
        if (result) {
            context.persist();
            return result(Constants.RESULT_SUCCESS);
        }
    } catch (Exception ex) {
        log.error("Failed to prepareForStep()", ex);
    }
    return result(Constants.RESULT_FAILURE);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ConsentGatheringContext(org.gluu.oxauth.service.external.context.ConsentGatheringContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) SessionId(org.gluu.oxauth.model.common.SessionId) CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)

Example 3 with CustomScriptConfiguration

use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class Authenticator method clientAuthentication.

public boolean clientAuthentication(Credentials credentials, boolean interactive, boolean skipPassword) {
    boolean isServiceUsesExternalAuthenticator = !interactive && externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE);
    if (isServiceUsesExternalAuthenticator) {
        CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
        if (customScriptConfiguration == null) {
            logger.error("Failed to get CustomScriptConfiguration. acr: '{}'", this.authAcr);
        } else {
            this.authAcr = customScriptConfiguration.getCustomScript().getName();
            boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, null, 1);
            logger.info("Authentication result for user '{}', result: '{}'", credentials.getUsername(), result);
            if (result) {
                Client client = authenticationService.configureSessionClient();
                showClientAuthenticationLog(client);
                return true;
            }
        }
    }
    boolean loggedIn = skipPassword;
    if (!loggedIn) {
        loggedIn = clientService.authenticate(credentials.getUsername(), credentials.getPassword());
    }
    if (loggedIn) {
        Client client = authenticationService.configureSessionClient();
        showClientAuthenticationLog(client);
        return true;
    }
    return false;
}
Also used : Client(org.gluu.oxauth.model.registration.Client) CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)

Example 4 with CustomScriptConfiguration

use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class ConsentGathererService method getScript.

protected CustomScriptConfiguration getScript(final SessionId session) {
    String scriptName = sessionService.getScriptName(session);
    CustomScriptConfiguration script = external.getCustomScriptConfigurationByName(scriptName);
    return script;
}
Also used : CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)

Example 5 with CustomScriptConfiguration

use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class UmaGatheringWS method gatherClaims.

public Response gatherClaims(String clientId, String ticket, String claimRedirectUri, String state, Boolean reset, Boolean authenticationRedirect, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    try {
        log.trace("gatherClaims client_id: {}, ticket: {}, claims_redirect_uri: {}, state: {}, authenticationRedirect: {}, queryString: {}", clientId, ticket, claimRedirectUri, state, authenticationRedirect, httpRequest.getQueryString());
        SessionId session = sessionService.getSession(httpRequest, httpResponse);
        if (authenticationRedirect != null && authenticationRedirect) {
            // restore parameters from session
            log.debug("Authentication redirect, restoring parameters from session ...");
            if (session == null) {
                log.error("Session is null however authentication=true. Wrong workflow! Please correct custom Glaims-Gathering Script.");
                throw errorResponseFactory.createWebApplicationException(BAD_REQUEST, INVALID_SESSION, "Session is null however authentication=true. Wrong workflow! Please correct custom Glaims-Gathering Script.");
            }
            clientId = sessionService.getClientId(session);
            ticket = sessionService.getTicket(session);
            claimRedirectUri = sessionService.getClaimsRedirectUri(session);
            state = sessionService.getState(session);
            log.debug("Restored parameters from session, clientId: {}, ticket: {}, claims_redirect_uri: {}, state: {}", clientId, ticket, claimRedirectUri, state);
        }
        validationService.validateClientAndClaimsRedirectUri(clientId, claimRedirectUri, state);
        List<UmaPermission> permissions = validationService.validateTicketWithRedirect(ticket, claimRedirectUri, state);
        String[] scriptNames = validationService.validatesGatheringScriptNames(getScriptNames(permissions), claimRedirectUri, state);
        CustomScriptConfiguration script = external.determineScript(scriptNames);
        if (script == null) {
            log.error("Failed to determine claims-gathering script for names: " + Arrays.toString(scriptNames));
            throw new UmaWebException(claimRedirectUri, errorResponseFactory, INVALID_CLAIMS_GATHERING_SCRIPT_NAME, state);
        }
        sessionService.configure(session, script.getName(), reset, permissions, clientId, claimRedirectUri, state);
        UmaGatherContext context = new UmaGatherContext(script.getConfigurationAttributes(), httpRequest, session, sessionService, permissionService, pctService, new HashMap<String, String>(), userService, null, appConfiguration);
        int step = sessionService.getStep(session);
        int stepsCount = external.getStepsCount(script, context);
        if (step < stepsCount) {
            String page = external.getPageForStep(script, step, context);
            context.persist();
            String baseEndpoint = StringUtils.removeEnd(appConfiguration.getBaseEndpoint(), "/");
            baseEndpoint = StringUtils.removeEnd(baseEndpoint, "restv1");
            baseEndpoint = StringUtils.removeEnd(baseEndpoint, "/");
            String fullUri = baseEndpoint + page;
            fullUri = StringUtils.removeEnd(fullUri, ".xhtml") + ".htm";
            log.trace("Redirecting to page: '{}', fullUri: {}", page, fullUri);
            return Response.status(FOUND).location(new URI(fullUri)).build();
        } else {
            log.error("Step '{}' is more or equal to stepCount: '{}'", stepsCount);
        }
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
    }
    log.error("Failed to handle call to UMA Claims Gathering Endpoint.");
    throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Failed to handle call to UMA Claims Gathering Endpoint.");
}
Also used : UmaWebException(org.gluu.oxauth.uma.authorization.UmaWebException) URI(java.net.URI) UmaWebException(org.gluu.oxauth.uma.authorization.UmaWebException) UmaPermission(org.gluu.oxauth.model.uma.persistence.UmaPermission) UmaGatherContext(org.gluu.oxauth.uma.authorization.UmaGatherContext) SessionId(org.gluu.oxauth.model.common.SessionId) CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)

Aggregations

CustomScriptConfiguration (org.gluu.model.custom.script.conf.CustomScriptConfiguration)35 SessionId (org.gluu.oxauth.model.common.SessionId)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 ArrayList (java.util.ArrayList)4 HashMap (java.util.HashMap)4 WebApplicationException (javax.ws.rs.WebApplicationException)3 CustomScript (org.gluu.model.custom.script.model.CustomScript)3 AuthenticationCustomScript (org.gluu.model.custom.script.model.auth.AuthenticationCustomScript)3 ConsentGatheringContext (org.gluu.oxauth.service.external.context.ConsentGatheringContext)3 UmaGatherContext (org.gluu.oxauth.uma.authorization.UmaGatherContext)3 AuthenticationScriptUsageType (org.gluu.model.AuthenticationScriptUsageType)2 User (org.gluu.oxauth.model.common.User)2 Client (org.gluu.oxauth.model.registration.Client)2 Scope (org.oxauth.persistence.model.Scope)2 IOException (java.io.IOException)1 URI (java.net.URI)1 Date (java.util.Date)1 HashSet (java.util.HashSet)1 List (java.util.List)1