Example 1 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class ConsentGathererService method getScopes.
public List<org.oxauth.persistence.model.Scope> getScopes() {
if (context == null) {
return Collections.emptyList();
}
SessionId authenticatedSessionId = sessionIdService.getSessionId();
// Fix the list of scopes in the authorization page. oxAuth #739
Set<String> grantedScopes = scopeChecker.checkScopesPolicy(context.getClient(), authenticatedSessionId.getSessionAttributes().get(AuthorizeRequestParam.SCOPE));
String allowedScope = org.gluu.oxauth.model.util.StringUtils.implode(grantedScopes, " ");
return authorizeService.getScopes(allowedScope);
}
Also used :
SessionId(org.gluu.oxauth.model.common.SessionId)
Example 2 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class ConsentGathererService method prepareForStep.
public String prepareForStep() {
try {
final HttpServletRequest httpRequest = (HttpServletRequest) externalContext.getRequest();
final HttpServletResponse httpResponse = (HttpServletResponse) externalContext.getResponse();
final SessionId session = sessionService.getConsentSession(httpRequest, httpResponse, null, false);
if (session == null || session.getSessionAttributes().isEmpty()) {
log.error("Failed to restore claim-gathering session state");
return result(Constants.RESULT_EXPIRED);
}
CustomScriptConfiguration script = getScript(session);
if (script == null) {
log.error("Failed to find script '{}' in session:", sessionService.getScriptName(session));
return result(Constants.RESULT_FAILURE);
}
int step = sessionService.getStep(session);
if (step < 1) {
log.error("Invalid step: {}", step);
return result(Constants.RESULT_INVALID_STEP);
}
if (!sessionService.isPassedPreviousSteps(session, step)) {
log.error("There are consent-gathering steps not marked as passed. scriptName: '{}', step: '{}'", script.getName(), step);
return result(Constants.RESULT_FAILURE);
}
this.context = new ConsentGatheringContext(script.getConfigurationAttributes(), httpRequest, httpResponse, session, pageAttributes, sessionService, userService, facesService, appConfiguration);
boolean result = external.prepareForStep(script, step, context);
log.debug("Consent-gathering prepare for step result for script '{}', step: '{}', gatheredResult: '{}'", script.getName(), step, result);
if (result) {
context.persist();
return result(Constants.RESULT_SUCCESS);
}
} catch (Exception ex) {
log.error("Failed to prepareForStep()", ex);
}
return result(Constants.RESULT_FAILURE);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ConsentGatheringContext(org.gluu.oxauth.service.external.context.ConsentGatheringContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SessionId(org.gluu.oxauth.model.common.SessionId)
CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)
Example 3 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class DeviceAuthorizationAction method initializeSession.
/**
* Reset data in session or create a new one whether there is no session.
*/
public void initializeSession() {
SessionId sessionId = sessionIdService.getSessionId();
Map<String, String> sessionAttributes = new HashMap<>();
if (StringUtils.isNotBlank(userCode)) {
sessionAttributes.put(SESSION_USER_CODE, userCode);
}
if (sessionId == null) {
SessionId deviceAuthzSession = sessionIdService.generateUnauthenticatedSessionId(null, new Date(), SessionIdState.UNAUTHENTICATED, sessionAttributes, false);
sessionIdService.persistSessionId(deviceAuthzSession);
cookieService.createSessionIdCookie(deviceAuthzSession, false);
log.debug("Created session for device authorization grant page, sessionId: {}", deviceAuthzSession.getId());
} else {
if (StringUtils.isNotBlank(sessionId.getSessionAttributes().get(SESSION_LAST_ATTEMPT)) && StringUtils.isNotBlank(sessionId.getSessionAttributes().get(SESSION_ATTEMPTS))) {
lastAttempt = Long.parseLong(sessionId.getSessionAttributes().get(SESSION_LAST_ATTEMPT));
attempts = Byte.parseByte(sessionId.getSessionAttributes().get(SESSION_ATTEMPTS));
}
sessionAttributes.put(SESSION_LAST_ATTEMPT, String.valueOf(lastAttempt));
sessionAttributes.put(SESSION_ATTEMPTS, String.valueOf(attempts));
sessionId.setSessionAttributes(sessionAttributes);
sessionIdService.updateSessionId(sessionId);
}
}Example 4 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class DeviceAuthorizationAction method processUserCodeVerification.
/**
* Processes user code introduced or loaded in the veritification page and redirects whether user code is correct
* or return an error if there is something wrong.
*/
public void processUserCodeVerification() {
SessionId session = sessionIdService.getSessionId();
if (session == null) {
facesMessages.add(FacesMessage.SEVERITY_WARN, languageBean.getMessage("error.errorEncountered"));
return;
}
if (!preventBruteForcing(session)) {
facesMessages.add(FacesMessage.SEVERITY_WARN, languageBean.getMessage("device.authorization.brute.forcing.msg"));
return;
}
String userCode;
if (StringUtils.isBlank(userCodePart1) && StringUtils.isBlank(userCodePart2)) {
userCode = session.getSessionAttributes().get(SESSION_USER_CODE);
} else {
userCode = userCodePart1 + '-' + userCodePart2;
}
userCode = userCode.toUpperCase();
if (!validateFormat(userCode)) {
facesMessages.add(FacesMessage.SEVERITY_WARN, languageBean.getMessage("device.authorization.invalid.user.code"));
return;
}
DeviceAuthorizationCacheControl cacheData = deviceAuthorizationService.getDeviceAuthzByUserCode(userCode);
log.debug("Verifying device authorization cache data: {}", cacheData);
String message = null;
if (cacheData != null) {
if (cacheData.getStatus() == DeviceAuthorizationStatus.PENDING) {
session.getSessionAttributes().put(SESSION_USER_CODE, userCode);
session.getSessionAttributes().remove(SESSION_LAST_ATTEMPT);
session.getSessionAttributes().remove(SESSION_ATTEMPTS);
sessionIdService.updateSessionId(session);
redirectToAuthorization(cacheData);
} else if (cacheData.getStatus() == DeviceAuthorizationStatus.DENIED) {
message = languageBean.getMessage("device.authorization.access.denied.msg");
} else {
message = languageBean.getMessage("device.authorization.expired.code.msg");
}
} else {
message = languageBean.getMessage("device.authorization.invalid.user.code");
}
if (message != null) {
facesMessages.add(FacesMessage.SEVERITY_WARN, message);
}
}
Also used :
DeviceAuthorizationCacheControl(org.gluu.oxauth.model.common.DeviceAuthorizationCacheControl)
SessionId(org.gluu.oxauth.model.common.SessionId)
Example 5 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class LogoutAction method redirect.
public void redirect() {
SessionId sessionId = sessionIdService.getSessionId();
boolean validationResult = validateParameters();
if (!validationResult) {
try {
restoreLogoutParametersFromSession(sessionId);
} catch (IOException ex) {
logoutFailed();
log.debug("Failed to restore logout parameters from session", ex);
}
validationResult = validateParameters();
if (!validationResult) {
missingLogoutParameters();
return;
}
}
ExternalLogoutResult externalLogoutResult = processExternalAuthenticatorLogOut(sessionId);
if (ExternalLogoutResult.FAILURE == externalLogoutResult) {
logoutFailed();
return;
} else if (ExternalLogoutResult.REDIRECT == externalLogoutResult) {
return;
}
StringBuilder sb = new StringBuilder();
// Required parameters
if (idTokenHint != null && !idTokenHint.isEmpty()) {
sb.append(EndSessionRequestParam.ID_TOKEN_HINT + "=").append(idTokenHint);
}
if (sessionId != null && !postLogoutRedirectUri.isEmpty()) {
if (appConfiguration.getSessionIdRequestParameterEnabled()) {
sb.append("&" + EndSessionRequestParam.SESSION_ID + "=").append(sessionId.getId());
}
sb.append("&" + EndSessionRequestParam.SID + "=").append(sessionId.getOutsideSid());
}
if (postLogoutRedirectUri != null && !postLogoutRedirectUri.isEmpty()) {
sb.append("&" + EndSessionRequestParam.POST_LOGOUT_REDIRECT_URI + "=").append(postLogoutRedirectUri);
}
facesService.redirectToExternalURL("restv1/end_session?" + sb.toString());
}
Also used :
IOException(java.io.IOException)
SessionId(org.gluu.oxauth.model.common.SessionId)
Aggregations
SessionId (org.gluu.oxauth.model.common.SessionId)52
CustomScriptConfiguration (org.gluu.model.custom.script.conf.CustomScriptConfiguration)9
HttpServletRequest (javax.servlet.http.HttpServletRequest)8
User (org.gluu.oxauth.model.common.User)7
Date (java.util.Date)6
HttpServletResponse (javax.servlet.http.HttpServletResponse)6
URISyntaxException (java.net.URISyntaxException)4
HashMap (java.util.HashMap)4
WebApplicationException (javax.ws.rs.WebApplicationException)4
AuthorizationGrant (org.gluu.oxauth.model.common.AuthorizationGrant)4
EntryPersistenceException (org.gluu.persist.exception.EntryPersistenceException)4
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
BaseComponentTest (org.gluu.oxauth.BaseComponentTest)3
SimpleUser (org.gluu.oxauth.model.common.SimpleUser)3
AcrChangedException (org.gluu.oxauth.model.exception.AcrChangedException)3
InvalidSessionStateException (org.gluu.oxauth.model.exception.InvalidSessionStateException)3
Client (org.gluu.oxauth.model.registration.Client)3
ConsentGatheringContext (org.gluu.oxauth.service.external.context.ConsentGatheringContext)3
UmaGatherContext (org.gluu.oxauth.uma.authorization.UmaGatherContext)3
Parameters (org.testng.annotations.Parameters)3
