Search in sources :

Example 1 with ConsentGatheringContext

use of org.gluu.oxauth.service.external.context.ConsentGatheringContext in project oxAuth by GluuFederation.

the class ConsentGathererService method prepareForStep.

public String prepareForStep() {
    try {
        final HttpServletRequest httpRequest = (HttpServletRequest) externalContext.getRequest();
        final HttpServletResponse httpResponse = (HttpServletResponse) externalContext.getResponse();
        final SessionId session = sessionService.getConsentSession(httpRequest, httpResponse, null, false);
        if (session == null || session.getSessionAttributes().isEmpty()) {
            log.error("Failed to restore claim-gathering session state");
            return result(Constants.RESULT_EXPIRED);
        }
        CustomScriptConfiguration script = getScript(session);
        if (script == null) {
            log.error("Failed to find script '{}' in session:", sessionService.getScriptName(session));
            return result(Constants.RESULT_FAILURE);
        }
        int step = sessionService.getStep(session);
        if (step < 1) {
            log.error("Invalid step: {}", step);
            return result(Constants.RESULT_INVALID_STEP);
        }
        if (!sessionService.isPassedPreviousSteps(session, step)) {
            log.error("There are consent-gathering steps not marked as passed. scriptName: '{}', step: '{}'", script.getName(), step);
            return result(Constants.RESULT_FAILURE);
        }
        this.context = new ConsentGatheringContext(script.getConfigurationAttributes(), httpRequest, httpResponse, session, pageAttributes, sessionService, userService, facesService, appConfiguration);
        boolean result = external.prepareForStep(script, step, context);
        log.debug("Consent-gathering prepare for step result for script '{}', step: '{}', gatheredResult: '{}'", script.getName(), step, result);
        if (result) {
            context.persist();
            return result(Constants.RESULT_SUCCESS);
        }
    } catch (Exception ex) {
        log.error("Failed to prepareForStep()", ex);
    }
    return result(Constants.RESULT_FAILURE);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ConsentGatheringContext(org.gluu.oxauth.service.external.context.ConsentGatheringContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) SessionId(org.gluu.oxauth.model.common.SessionId) CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)

Example 2 with ConsentGatheringContext

use of org.gluu.oxauth.service.external.context.ConsentGatheringContext in project oxAuth by GluuFederation.

the class ConsentGathererService method configure.

public boolean configure(String userDn, String clientId, String state) {
    final HttpServletRequest httpRequest = (HttpServletRequest) externalContext.getRequest();
    final HttpServletResponse httpResponse = (HttpServletResponse) externalContext.getResponse();
    final SessionId session = sessionService.getConsentSession(httpRequest, httpResponse, userDn, true);
    CustomScriptConfiguration script = determineConsentScript(clientId);
    if (script == null) {
        log.error("Failed to determine consent-gathering script");
        return false;
    }
    sessionService.configure(session, script.getName(), clientId, state);
    this.context = new ConsentGatheringContext(script.getConfigurationAttributes(), httpRequest, httpResponse, session, pageAttributes, sessionService, userService, facesService, appConfiguration);
    log.debug("Configuring consent-gathering script '{}'", script.getName());
    int step = sessionService.getStep(session);
    String redirectTo = external.getPageForStep(script, step, context);
    if (StringHelper.isEmpty(redirectTo)) {
        log.error("Failed to determine page for consent-gathering script");
        return false;
    }
    context.persist();
    log.trace("Redirecting to page: '{}'", redirectTo);
    facesService.redirectWithExternal(redirectTo, null);
    return true;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ConsentGatheringContext(org.gluu.oxauth.service.external.context.ConsentGatheringContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) SessionId(org.gluu.oxauth.model.common.SessionId) CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)

Example 3 with ConsentGatheringContext

use of org.gluu.oxauth.service.external.context.ConsentGatheringContext in project oxAuth by GluuFederation.

the class ConsentGathererService method authorize.

public boolean authorize() {
    try {
        final HttpServletRequest httpRequest = (HttpServletRequest) externalContext.getRequest();
        final HttpServletResponse httpResponse = (HttpServletResponse) externalContext.getResponse();
        final SessionId session = sessionService.getConsentSession(httpRequest, httpResponse, null, false);
        if (session == null) {
            log.error("Failed to restore claim-gathering session state");
            errorPage("consent.gather.invalid.session");
            return false;
        }
        CustomScriptConfiguration script = getScript(session);
        if (script == null) {
            log.error("Failed to find script '{}' in session:", sessionService.getScriptName(session));
            errorPage("consent.gather.failed");
            return false;
        }
        int step = sessionService.getStep(session);
        if (!sessionService.isPassedPreviousSteps(session, step)) {
            log.error("There are consent-gathering steps not marked as passed. scriptName: '{}', step: '{}'", script.getName(), step);
            errorPage("consent.gather.invalid.step");
            return false;
        }
        this.context = new ConsentGatheringContext(script.getConfigurationAttributes(), httpRequest, httpResponse, session, pageAttributes, sessionService, userService, facesService, appConfiguration);
        boolean authorizeResult = external.authorize(script, step, context);
        log.debug("Consent-gathering result for script '{}', step: '{}', gatheredResult: '{}'", script.getName(), step, authorizeResult);
        int overridenNextStep = external.getNextStep(script, step, context);
        if (!authorizeResult && overridenNextStep == -1) {
            SessionId connectSession = sessionService.getConnectSession(httpRequest);
            authorizeService.permissionDenied(connectSession);
            return false;
        }
        if (overridenNextStep != -1) {
            sessionService.resetToStep(session, overridenNextStep, step);
            step = overridenNextStep;
        }
        int stepsCount = external.getStepsCount(script, context);
        if (step < stepsCount || overridenNextStep != -1) {
            int nextStep;
            if (overridenNextStep != -1) {
                nextStep = overridenNextStep;
            } else {
                nextStep = step + 1;
                sessionService.markStep(session, step, true);
            }
            sessionService.setStep(nextStep, session);
            String redirectTo = external.getPageForStep(script, nextStep, context);
            context.persist();
            log.trace("Redirecting to page: '{}'", redirectTo);
            facesService.redirectWithExternal(redirectTo, null);
            return true;
        }
        if (step == stepsCount) {
            context.persist();
            onSuccess(httpRequest, session, context);
            return true;
        }
    } catch (Exception e) {
        log.error("Exception during gather() method call.", e);
    }
    log.error("Failed to perform gather() method successfully.");
    errorPage("consent.gather.failed");
    return false;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ConsentGatheringContext(org.gluu.oxauth.service.external.context.ConsentGatheringContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) SessionId(org.gluu.oxauth.model.common.SessionId) CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)

Aggregations

HttpServletRequest (javax.servlet.http.HttpServletRequest)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 CustomScriptConfiguration (org.gluu.model.custom.script.conf.CustomScriptConfiguration)3 SessionId (org.gluu.oxauth.model.common.SessionId)3 ConsentGatheringContext (org.gluu.oxauth.service.external.context.ConsentGatheringContext)3