Examples with OAuthData org.gluu.oxauth.client.session.OAuthData used on opensource projects

Search in sources :

Example 1 with OAuthData

use of org.gluu.oxauth.client.session.OAuthData in project oxTrust by GluuFederation.

the class HttpServletRequestWrapperFilter method retrievePrincipalFromSessionOrRequest.

protected SimplePrincipal retrievePrincipalFromSessionOrRequest(final ServletRequest servletRequest) {
    final HttpServletRequest request = (HttpServletRequest) servletRequest;
    final HttpSession session = request.getSession(false);
    final OAuthData oAuthData = (OAuthData) (session == null ? request.getAttribute(Configuration.SESSION_OAUTH_DATA) : session.getAttribute(Configuration.SESSION_OAUTH_DATA));
    if (oAuthData == null) {
        log.trace("There is no OAuthData in session");
        return null;
    }
    SimplePrincipal principanl = new SimplePrincipal(oAuthData.getUserUid());
    return principanl;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) OAuthData(org.gluu.oxauth.client.session.OAuthData) SimplePrincipal(org.gluu.oxauth.client.authentication.SimplePrincipal)

Example 2 with OAuthData

use of org.gluu.oxauth.client.session.OAuthData in project oxTrust by GluuFederation.

the class AuthenticationFilter method preFilter.

/**
	 * Determine filter execution conditions
	 */
protected final boolean preFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
    final HttpServletRequest request = (HttpServletRequest) servletRequest;
    final HttpSession session = request.getSession(false);
    final OAuthData oAuthData = session != null ? (OAuthData) session.getAttribute(Configuration.SESSION_OAUTH_DATA) : null;
    if (oAuthData != null) {
        return false;
    }
    final String code = getParameter(request, Configuration.OAUTH_CODE);
    log.trace("code value: " + code);
    if (StringHelper.isNotEmpty(code)) {
        return false;
    }
    final String idToken = getParameter(request, Configuration.OAUTH_ID_TOKEN);
    log.trace("id_token value: " + idToken);
    if (StringHelper.isNotEmpty(idToken)) {
        return false;
    }
    return true;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) OAuthData(org.gluu.oxauth.client.session.OAuthData)

Example 3 with OAuthData

use of org.gluu.oxauth.client.session.OAuthData in project oxTrust by GluuFederation.

the class OAuthValidationFilter method doFilter.

@Override
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
    log.debug("Attempting to validate grants");
    final HttpServletRequest request = (HttpServletRequest) servletRequest;
    final HttpServletResponse response = (HttpServletResponse) servletResponse;
    // TODO: check chain
    if (!preFilter(servletRequest, servletResponse, filterChain)) {
        filterChain.doFilter(request, response);
        return;
    }
    final HttpSession session = request.getSession(false);
    String conversation = null;
    if (session != null) {
        conversation = (String) session.getAttribute("conversation");
        if (conversation == null || conversation.isEmpty()) {
            throw new ServletException("IDP v3 conversation param is null or empty");
        }
        log.debug("########## SESSION conversation = " + conversation);
    } else {
        log.error("Session not created yet");
    }
    final String code = getParameter(request, Configuration.OAUTH_CODE);
    final String idToken = getParameter(request, Configuration.OAUTH_ID_TOKEN);
    log.debug("Attempting to validate code: " + code + " and id_token: " + idToken);
    try {
        OAuthData oAuthData = getOAuthData(request, code, idToken);
        session.setAttribute(Configuration.SESSION_OAUTH_DATA, oAuthData);
    } catch (Exception ex) {
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        log.warn("Failed to validate code and id_token", ex);
        throw new ServletException(ex);
    }
    CustomHttpServletRequest customRequest = new CustomHttpServletRequest(request);
    customRequest.addCustomParameter("conversation", conversation);
    filterChain.doFilter(customRequest, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) HttpServletResponse(javax.servlet.http.HttpServletResponse) OAuthData(org.gluu.oxauth.client.session.OAuthData) MalformedURLException(java.net.MalformedURLException) EncryptionException(org.xdi.util.security.StringEncrypter.EncryptionException) IOException(java.io.IOException)

Example 4 with OAuthData

use of org.gluu.oxauth.client.session.OAuthData in project oxTrust by GluuFederation.

the class OAuthValidationFilter method getOAuthData.

private OAuthData getOAuthData(HttpServletRequest request, String authorizationCode, String idToken) throws Exception {
    String oAuthAuthorizeUrl = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_AUTHORIZE_URL, null);
    String oAuthHost = getOAuthHost(oAuthAuthorizeUrl);
    String oAuthTokenUrl = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_TOKEN_URL, null);
    String oAuthUserInfoUrl = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_USERINFO_URL, null);
    String oAuthClientId = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_ID, null);
    String oAuthClientPassword = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, null);
    if (oAuthClientPassword != null) {
        try {
            oAuthClientPassword = StringEncrypter.defaultInstance().decrypt(oAuthClientPassword, Configuration.instance().getCryptoPropertyValue());
        } catch (EncryptionException ex) {
            log.error("Failed to decrypt property: " + Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, ex);
        }
    }
    String scopes = getParameter(request, Configuration.OAUTH_SCOPE);
    log.trace("scopes : " + scopes);
    // 1. Request access token using the authorization code
    log.trace("Getting access token");
    TokenClient tokenClient1 = new TokenClient(oAuthTokenUrl);
    String redirectURL = constructRedirectUrl(request);
    TokenResponse tokenResponse = tokenClient1.execAuthorizationCode(authorizationCode, redirectURL, oAuthClientId, oAuthClientPassword);
    log.trace("tokenResponse : " + tokenResponse);
    log.trace("tokenResponse.getErrorType() : " + tokenResponse.getErrorType());
    String accessToken = tokenResponse.getAccessToken();
    log.trace("accessToken : " + accessToken);
    log.info("Session validation successful. User is logged in");
    UserInfoClient userInfoClient = new UserInfoClient(oAuthUserInfoUrl);
    UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
    OAuthData oAuthData = new OAuthData();
    oAuthData.setHost(oAuthHost);
    // Determine uid
    List<String> uidValues = userInfoResponse.getClaims().get(JwtClaimName.USER_NAME);
    if ((uidValues == null) || (uidValues.size() == 0)) {
        log.error("User infor response doesn't contains uid claim");
        return null;
    }
    oAuthData.setUserUid(uidValues.get(0));
    oAuthData.setAccessToken(accessToken);
    oAuthData.setAccessTokenExpirationInSeconds(tokenResponse.getExpiresIn());
    oAuthData.setScopes(scopes);
    oAuthData.setIdToken(idToken);
    log.trace("User uid: " + oAuthData.getUserUid());
    return oAuthData;
}
Also used : EncryptionException(org.xdi.util.security.StringEncrypter.EncryptionException) OAuthData(org.gluu.oxauth.client.session.OAuthData)

Aggregations

OAuthData (org.gluu.oxauth.client.session.OAuthData)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 HttpSession (javax.servlet.http.HttpSession)3 EncryptionException (org.xdi.util.security.StringEncrypter.EncryptionException)2 IOException (java.io.IOException)1 MalformedURLException (java.net.MalformedURLException)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 SimplePrincipal (org.gluu.oxauth.client.authentication.SimplePrincipal)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial