Examples with SessionId org.gluu.oxauth.model.common.SessionId used on opensource projects

Example 46 with SessionId

use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.

the class ValidationService method isValidSessionId.

public boolean isValidSessionId(String userName, String sessionId) {
    if (sessionId == null) {
        log.error("In two step authentication workflow session_id is mandatory");
        return false;
    }
    SessionId ldapSessionId = sessionIdService.getSessionId(sessionId);
    if (ldapSessionId == null) {
        log.error("Specified session_id '{}' is invalid", sessionId);
        return false;
    }
    String sessionIdUser = ldapSessionId.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
    if (!StringHelper.equalsIgnoreCase(userName, sessionIdUser)) {
        log.error("Username '{}' and session_id '{}' don't match", userName, sessionId);
        return false;
    }
    return true;
}

Example 47 with SessionId

use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.

the class UserSessionIdService method updateUserSessionIdOnFinishRequest.

public void updateUserSessionIdOnFinishRequest(String sessionId, String userInum, DeviceRegistrationResult deviceRegistrationResult, boolean enroll, boolean oneStep) {
    SessionId ldapSessionId = getLdapSessionId(sessionId);
    if (ldapSessionId == null) {
        return;
    }
    Map<String, String> sessionAttributes = ldapSessionId.getSessionAttributes();
    if (DeviceRegistrationResult.Status.APPROVED == deviceRegistrationResult.getStatus()) {
        sessionAttributes.put("session_custom_state", "approved");
    } else {
        sessionAttributes.put("session_custom_state", "declined");
    }
    sessionAttributes.put("oxpush2_u2f_device_id", deviceRegistrationResult.getDeviceRegistration().getId());
    sessionAttributes.put("oxpush2_u2f_device_user_inum", userInum);
    sessionAttributes.put("oxpush2_u2f_device_enroll", Boolean.toString(enroll));
    sessionAttributes.put("oxpush2_u2f_device_one_step", Boolean.toString(oneStep));
    sessionIdService.updateSessionId(ldapSessionId, true);
}

Example 48 with SessionId

use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.

the class UmaSessionService method getUserDn.

public String getUserDn(HttpServletRequest httpRequest) {
    SessionId connectSession = getConnectSession(httpRequest);
    if (connectSession != null) {
        return connectSession.getUserDn();
    }
    log.trace("No logged in user.");
    return null;
}

Example 49 with SessionId

use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.

the class UmaGatherer method prepareForStep.

public String prepareForStep() {
    try {
        final HttpServletRequest httpRequest = (HttpServletRequest) externalContext.getRequest();
        final HttpServletResponse httpResponse = (HttpServletResponse) externalContext.getResponse();
        final SessionId session = umaSessionService.getSession(httpRequest, httpResponse);
        if (session == null || session.getSessionAttributes().isEmpty()) {
            log.error("Invalid session.");
            return result(Constants.RESULT_EXPIRED);
        }
        CustomScriptConfiguration script = getScript(session);
        UmaGatherContext context = new UmaGatherContext(script.getConfigurationAttributes(), httpRequest, session, umaSessionService, umaPermissionService, umaPctService, pageClaims, userService, facesService, appConfiguration);
        int step = umaSessionService.getStep(session);
        if (step < 1) {
            log.error("Invalid step: {}", step);
            return result(Constants.RESULT_INVALID_STEP);
        }
        if (script == null) {
            log.error("Failed to load script, step: '{}'", step);
            return result(Constants.RESULT_FAILURE);
        }
        if (!umaSessionService.isPassedPreviousSteps(session, step)) {
            log.error("There are claims-gathering steps not marked as passed. scriptName: '{}', step: '{}'", script.getName(), step);
            return result(Constants.RESULT_FAILURE);
        }
        boolean result = external.prepareForStep(script, step, context);
        if (result) {
            context.persist();
            return result(Constants.RESULT_SUCCESS);
        } else {
            String redirectToExternalUrl = context.getRedirectToExternalUrl();
            if (StringUtils.isNotBlank(redirectToExternalUrl)) {
                log.debug("Redirect to : " + redirectToExternalUrl);
                facesService.redirectToExternalURL(redirectToExternalUrl);
                return redirectToExternalUrl;
            }
        }
    } catch (Exception e) {
        log.error("Failed to prepareForStep()", e);
    }
    return result(Constants.RESULT_FAILURE);
}

Example 50 with SessionId

use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.

the class UmaGatherer method gather.

public boolean gather() {
    try {
        final HttpServletRequest httpRequest = (HttpServletRequest) externalContext.getRequest();
        final HttpServletResponse httpResponse = (HttpServletResponse) externalContext.getResponse();
        final SessionId session = umaSessionService.getSession(httpRequest, httpResponse);
        CustomScriptConfiguration script = getScript(session);
        UmaGatherContext context = new UmaGatherContext(script.getConfigurationAttributes(), httpRequest, session, umaSessionService, umaPermissionService, umaPctService, pageClaims, userService, facesService, appConfiguration);
        int step = umaSessionService.getStep(session);
        if (!umaSessionService.isPassedPreviousSteps(session, step)) {
            log.error("There are claims-gathering steps not marked as passed. scriptName: '{}', step: '{}'", script.getName(), step);
            return false;
        }
        boolean gatheredResult = external.gather(script, step, context);
        log.debug("Claims-gathering result for script '{}', step: '{}', gatheredResult: '{}'", script.getName(), step, gatheredResult);
        int overridenNextStep = external.getNextStep(script, step, context);
        if (!gatheredResult && overridenNextStep == -1) {
            return false;
        }
        if (overridenNextStep != -1) {
            umaSessionService.resetToStep(session, overridenNextStep, step);
            step = overridenNextStep;
        }
        int stepsCount = external.getStepsCount(script, context);
        if (step < stepsCount || overridenNextStep != -1) {
            int nextStep;
            if (overridenNextStep != -1) {
                nextStep = overridenNextStep;
            } else {
                nextStep = step + 1;
                umaSessionService.markStep(session, step, true);
            }
            umaSessionService.setStep(nextStep, session);
            context.persist();
            String page = external.getPageForStep(script, nextStep, context);
            log.trace("Redirecting to page: '{}'", page);
            facesService.redirect(page);
            return true;
        }
        if (step == stepsCount) {
            context.persist();
            onSuccess(session, context);
            return true;
        }
    } catch (Exception e) {
        log.error("Exception during gather() method call.", e);
    }
    log.error("Failed to perform gather() method successfully.");
    return false;
}