Example 21 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class SessionIdService method getSessionId.
public SessionId getSessionId(String sessionId, boolean silently) {
if (StringHelper.isEmpty(sessionId)) {
return null;
}
try {
final SessionId entity = getSessionById(sessionId, silently);
log.trace("Try to get session by id: {} ...", sessionId);
if (entity != null) {
log.trace("Session dn: {}", entity.getDn());
if (isSessionValid(entity)) {
return entity;
}
}
} catch (Exception ex) {
if (!silently) {
log.trace(ex.getMessage(), ex);
}
}
log.trace("Failed to get session by id: {}", sessionId);
return null;
}
Also used :
SessionId(org.gluu.oxauth.model.common.SessionId)
URISyntaxException(java.net.URISyntaxException)
JSONException(org.json.JSONException)
InvalidSessionStateException(org.gluu.oxauth.model.exception.InvalidSessionStateException)
EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
AcrChangedException(org.gluu.oxauth.model.exception.AcrChangedException)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 22 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class SessionIdService method getSessionByDn.
@Nullable
public SessionId getSessionByDn(@Nullable String dn, boolean silently) {
if (StringUtils.isBlank(dn)) {
return null;
}
final Object localCopy = localCacheService.get(dn);
if (localCopy instanceof SessionId) {
if (isSessionValid((SessionId) localCopy)) {
return (SessionId) localCopy;
} else {
localCacheService.remove(dn);
}
}
try {
final SessionId sessionId;
if (appConfiguration.getSessionIdPersistInCache()) {
sessionId = (SessionId) cacheService.get(dn);
} else {
sessionId = persistenceEntryManager.find(SessionId.class, dn);
}
localCacheService.put(DEFAULT_LOCAL_CACHE_EXPIRATION, sessionId.getDn(), sessionId);
return sessionId;
} catch (Exception e) {
if (!silently) {
log.error("Failed to get session by dn: " + dn, e);
}
}
return null;
}
Also used :
JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject)
SessionId(org.gluu.oxauth.model.common.SessionId)
URISyntaxException(java.net.URISyntaxException)
JSONException(org.json.JSONException)
InvalidSessionStateException(org.gluu.oxauth.model.exception.InvalidSessionStateException)
EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
AcrChangedException(org.gluu.oxauth.model.exception.AcrChangedException)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
NoSuchProviderException(java.security.NoSuchProviderException)
Nullable(org.jetbrains.annotations.Nullable)
Example 23 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class ExpirationNotificatorTimer method fillSessions.
private void fillSessions(Date future) {
final String baseDn = staticConfiguration.getBaseDn().getSessions();
final Filter filter = Filter.createANDFilter(Filter.createEqualityFilter("del", true), Filter.createLessOrEqualFilter("exp", persistenceEntryManager.encodeTime(baseDn, future)));
final List<SessionId> sessions = persistenceEntryManager.findEntries(baseDn, SessionId.class, filter);
if (sessions == null || sessions.isEmpty()) {
return;
}
long now = new Date().getTime();
for (SessionId session : sessions) {
final long duration = session.getExpirationDate().getTime() - now;
if (duration <= 0) {
remove(session);
continue;
}
expiringMap.put(new ExpId(session.getId(), ExpType.SESSION), session, duration, TimeUnit.MILLISECONDS);
}
}Example 24 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class AuthenticationService method configureEventUser.
public SessionId configureEventUser() {
User user = getAuthenticatedUser();
if (user == null) {
return null;
}
log.debug("ConfigureEventUser: username: '{}', credentials: '{}'", user.getUserId(), System.identityHashCode(credentials));
SessionId sessionId = sessionIdService.generateAuthenticatedSessionId(getHttpRequest(), user.getDn());
identity.setSessionId(sessionId);
return sessionId;
}
Also used :
SimpleUser(org.gluu.oxauth.model.common.SimpleUser)
User(org.gluu.oxauth.model.common.User)
SessionId(org.gluu.oxauth.model.common.SessionId)
Example 25 with SessionId
use of org.gluu.oxauth.model.common.SessionId in project oxAuth by GluuFederation.
the class AuthorizeAction method checkPermissionGranted.
public void checkPermissionGranted() throws IOException {
if ((clientId == null) || clientId.isEmpty()) {
log.debug("Permission denied. client_id should be not empty.");
permissionDenied();
return;
}
Client client = null;
try {
client = clientService.getClient(clientId);
} catch (EntryPersistenceException ex) {
log.debug("Permission denied. Failed to find client by inum '{}' in LDAP.", clientId, ex);
permissionDenied();
return;
}
if (client == null) {
log.debug("Permission denied. Failed to find client_id '{}' in LDAP.", clientId);
permissionDenied();
return;
}
// Fix the list of scopes in the authorization page. oxAuth #739
Set<String> grantedScopes = scopeChecker.checkScopesPolicy(client, scope);
allowedScope = org.gluu.oxauth.model.util.StringUtils.implode(grantedScopes, " ");
SessionId session = getSession();
List<Prompt> prompts = Prompt.fromString(prompt, " ");
try {
redirectUri = authorizeRestWebServiceValidator.validateRedirectUri(client, redirectUri, state, session != null ? session.getSessionAttributes().get(SESSION_USER_CODE) : null, (HttpServletRequest) externalContext.getRequest());
} catch (WebApplicationException e) {
log.error(e.getMessage(), e);
permissionDenied();
return;
}
try {
session = sessionIdService.assertAuthenticatedSessionCorrespondsToNewRequest(session, acrValues);
} catch (AcrChangedException e) {
log.debug("There is already existing session which has another acr then {}, session: {}", acrValues, session.getId());
if (e.isForceReAuthentication()) {
session = handleAcrChange(session, prompts);
} else {
log.error("ACR is changed, please provide a supported and enabled acr value");
permissionDenied();
return;
}
}
if (session == null || StringUtils.isBlank(session.getUserDn()) || SessionIdState.AUTHENTICATED != session.getState()) {
Map<String, String> parameterMap = externalContext.getRequestParameterMap();
Map<String, String> requestParameterMap = requestParameterService.getAllowedParameters(parameterMap);
String redirectTo = "/login.xhtml";
boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
if (useExternalAuthenticator) {
List<String> acrValuesList = sessionIdService.acrValuesList(this.acrValues);
if (acrValuesList.isEmpty()) {
acrValuesList = Arrays.asList(defaultAuthenticationMode.getName());
}
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, acrValuesList);
if (customScriptConfiguration == null) {
log.error("Failed to get CustomScriptConfiguration. auth_step: {}, acr_values: {}", 1, this.acrValues);
permissionDenied();
return;
}
String acr = customScriptConfiguration.getName();
requestParameterMap.put(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, acr);
requestParameterMap.put("auth_step", Integer.toString(1));
String tmpRedirectTo = externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, 1);
if (StringHelper.isNotEmpty(tmpRedirectTo)) {
log.trace("Redirect to person authentication login page: {}", tmpRedirectTo);
redirectTo = tmpRedirectTo;
}
}
// Store Remote IP
requestParameterMap.put(Constants.REMOTE_IP, getRemoteIp());
// User Code used in Device Authz flow
if (session != null && session.getSessionAttributes().containsKey(SESSION_USER_CODE)) {
String userCode = session.getSessionAttributes().get(SESSION_USER_CODE);
requestParameterMap.put(SESSION_USER_CODE, userCode);
}
// Create unauthenticated session
SessionId unauthenticatedSession = sessionIdService.generateUnauthenticatedSessionId(null, new Date(), SessionIdState.UNAUTHENTICATED, requestParameterMap, false);
unauthenticatedSession.setSessionAttributes(requestParameterMap);
unauthenticatedSession.addPermission(clientId, false);
// Copy ACR script parameters
if (appConfiguration.getKeepAuthenticatorAttributesOnAcrChange()) {
authenticationService.copyAuthenticatorExternalAttributes(session, unauthenticatedSession);
}
// #1030, fix for flow 4 - transfer previous session permissions to new session
if (session != null && session.getPermissionGrantedMap() != null && session.getPermissionGrantedMap().getPermissionGranted() != null) {
for (Map.Entry<String, Boolean> entity : session.getPermissionGrantedMap().getPermissionGranted().entrySet()) {
unauthenticatedSession.addPermission(entity.getKey(), entity.getValue());
}
// #1030, remove previous session
sessionIdService.remove(session);
}
// always persist is prompt is not none
boolean persisted = sessionIdService.persistSessionId(unauthenticatedSession, !prompts.contains(Prompt.NONE));
if (persisted && log.isTraceEnabled()) {
log.trace("Session '{}' persisted to LDAP", unauthenticatedSession.getId());
}
this.sessionId = unauthenticatedSession.getId();
cookieService.createSessionIdCookie(unauthenticatedSession, false);
cookieService.creatRpOriginIdCookie(redirectUri);
identity.setSessionId(unauthenticatedSession);
Map<String, Object> loginParameters = new HashMap<String, Object>();
if (requestParameterMap.containsKey(AuthorizeRequestParam.LOGIN_HINT)) {
loginParameters.put(AuthorizeRequestParam.LOGIN_HINT, requestParameterMap.get(AuthorizeRequestParam.LOGIN_HINT));
}
boolean enableRedirect = StringHelper.toBoolean(System.getProperty("gluu.enable-redirect", "false"), false);
if (!enableRedirect && redirectTo.toLowerCase().endsWith("xhtml")) {
if (redirectTo.toLowerCase().endsWith("postlogin.xhtml")) {
authenticator.authenticateWithOutcome();
} else {
authenticator.prepareAuthenticationForStep(unauthenticatedSession);
facesService.renderView(redirectTo);
}
} else {
facesService.redirectWithExternal(redirectTo, loginParameters);
}
return;
}
String userCode = session.getSessionAttributes().get(SESSION_USER_CODE);
if (StringUtils.isBlank(userCode) && StringUtils.isBlank(redirectionUriService.validateRedirectionUri(clientId, redirectUri))) {
ExternalContext externalContext = facesContext.getExternalContext();
externalContext.setResponseStatus(HttpServletResponse.SC_BAD_REQUEST);
externalContext.setResponseContentType(MediaType.APPLICATION_JSON);
externalContext.getResponseOutputWriter().write(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST_REDIRECT_URI, state, ""));
facesContext.responseComplete();
}
if (log.isTraceEnabled()) {
log.trace("checkPermissionGranted, userDn = " + session.getUserDn());
}
if (prompts.contains(Prompt.SELECT_ACCOUNT)) {
Map requestParameterMap = requestParameterService.getAllowedParameters(externalContext.getRequestParameterMap());
facesService.redirect("/selectAccount.xhtml", requestParameterMap);
return;
}
if (prompts.contains(Prompt.NONE) && prompts.size() > 1) {
invalidRequest();
return;
}
ExternalPostAuthnContext postAuthnContext = new ExternalPostAuthnContext(client, session, (HttpServletRequest) externalContext.getRequest(), (HttpServletResponse) externalContext.getResponse());
final boolean forceAuthorization = externalPostAuthnService.externalForceAuthorization(client, postAuthnContext);
final boolean hasConsentPrompt = prompts.contains(Prompt.CONSENT);
if (!hasConsentPrompt && !forceAuthorization) {
if (appConfiguration.getTrustedClientEnabled() && client.getTrustedClient()) {
// if trusted client = true, then skip authorization page and grant access directly
permissionGranted(session);
return;
} else if (ServerUtil.isTrue(appConfiguration.getSkipAuthorizationForOpenIdScopeAndPairwiseId()) && SubjectType.PAIRWISE.toString().equals(client.getSubjectType()) && hasOnlyOpenidScope()) {
// If a client has only openid scope and pairwise id, person should not have to authorize. oxAuth-743
permissionGranted(session);
return;
}
final User user = sessionIdService.getUser(session);
ClientAuthorization clientAuthorization = clientAuthorizationsService.find(user.getAttribute("inum"), client.getClientId());
if (clientAuthorization != null && clientAuthorization.getScopes() != null && Arrays.asList(clientAuthorization.getScopes()).containsAll(org.gluu.oxauth.model.util.StringUtils.spaceSeparatedToList(scope))) {
permissionGranted(session);
return;
}
}
if (externalConsentGatheringService.isEnabled()) {
if (consentGatherer.isConsentGathered()) {
log.trace("Consent-gathered flow passed successfully");
permissionGranted(session);
return;
}
log.trace("Starting external consent-gathering flow");
boolean result = consentGatherer.configure(session.getUserDn(), clientId, state);
if (!result) {
log.error("Failed to initialize external consent-gathering flow.");
permissionDenied();
return;
}
}
}
Also used :
User(org.gluu.oxauth.model.common.User)
WebApplicationException(javax.ws.rs.WebApplicationException)
HashMap(java.util.HashMap)
EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AcrChangedException(org.gluu.oxauth.model.exception.AcrChangedException)
ExternalContext(javax.faces.context.ExternalContext)
Client(org.gluu.oxauth.model.registration.Client)
SessionId(org.gluu.oxauth.model.common.SessionId)
ClientAuthorization(org.gluu.oxauth.model.ldap.ClientAuthorization)
ExternalPostAuthnContext(org.gluu.oxauth.service.external.context.ExternalPostAuthnContext)
Date(java.util.Date)
Prompt(org.gluu.oxauth.model.common.Prompt)
CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
SessionId (org.gluu.oxauth.model.common.SessionId)52
CustomScriptConfiguration (org.gluu.model.custom.script.conf.CustomScriptConfiguration)9
HttpServletRequest (javax.servlet.http.HttpServletRequest)8
User (org.gluu.oxauth.model.common.User)7
Date (java.util.Date)6
HttpServletResponse (javax.servlet.http.HttpServletResponse)6
URISyntaxException (java.net.URISyntaxException)4
HashMap (java.util.HashMap)4
WebApplicationException (javax.ws.rs.WebApplicationException)4
AuthorizationGrant (org.gluu.oxauth.model.common.AuthorizationGrant)4
EntryPersistenceException (org.gluu.persist.exception.EntryPersistenceException)4
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
BaseComponentTest (org.gluu.oxauth.BaseComponentTest)3
SimpleUser (org.gluu.oxauth.model.common.SimpleUser)3
AcrChangedException (org.gluu.oxauth.model.exception.AcrChangedException)3
InvalidSessionStateException (org.gluu.oxauth.model.exception.InvalidSessionStateException)3
Client (org.gluu.oxauth.model.registration.Client)3
ConsentGatheringContext (org.gluu.oxauth.service.external.context.ConsentGatheringContext)3
UmaGatherContext (org.gluu.oxauth.uma.authorization.UmaGatherContext)3
Parameters (org.testng.annotations.Parameters)3
