Example 1 with OAuthException
use of org.ovirt.engine.core.sso.utils.OAuthException in project ovirt-engine by oVirt.
the class OAuthTokenServlet method handleIssueTokenForPasswd.
protected SsoSession handleIssueTokenForPasswd(HttpServletRequest request, String scope, Credentials credentials) throws Exception {
String token = null;
if (credentials != null && SsoUtils.areCredentialsValid(request, credentials)) {
AuthenticationUtils.handleCredentials(ssoContext, request, credentials, false);
token = (String) request.getAttribute(SsoConstants.HTTP_REQ_ATTR_ACCESS_TOKEN);
}
log.debug("Attempting to issueTokenForPasswd for user: {}", Optional.ofNullable(credentials).map(Credentials::getUsername).orElse("null"));
SsoSession ssoSession = SsoUtils.getSsoSessionFromRequest(request, token);
if (ssoSession == null) {
throw new OAuthException(SsoConstants.ERR_CODE_INVALID_GRANT, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHORIZATION_GRANT_EXPIRED_FOR_USERNAME_PASSWORD, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
validateClientAcceptHeader(ssoSession, request);
SsoUtils.validateRequestScope(request, token, scope);
return ssoSession;
}
Also used :
Locale(java.util.Locale)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
Credentials(org.ovirt.engine.core.sso.utils.Credentials)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Example 2 with OAuthException
use of org.ovirt.engine.core.sso.utils.OAuthException in project ovirt-engine by oVirt.
the class InteractiveNextAuthServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Stack<InteractiveAuth> authStack = SsoUtils.getSsoSession(request).getAuthStack();
if (authStack == null || authStack.isEmpty()) {
SsoUtils.redirectToErrorPage(request, response, new OAuthException(SsoUtils.getSsoSession(request).isOpenIdScope() ? SsoConstants.ERR_CODE_OPENID_LOGIN_REQUIRED : SsoConstants.ERR_CODE_UNAUTHORIZED_CLIENT, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHENTICATION_REQUIRED, (Locale) request.getAttribute(SsoConstants.LOCALE))));
} else {
SsoUtils.getSsoSession(request).setStatus(SsoSession.Status.inprogress);
response.sendRedirect(authStack.pop().getAuthUrl(request, response));
}
}
Also used :
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
InteractiveAuth(org.ovirt.engine.core.sso.utils.InteractiveAuth)
Example 3 with OAuthException
use of org.ovirt.engine.core.sso.utils.OAuthException in project ovirt-engine by oVirt.
the class OAuthAuthorizeServlet method login.
protected void login(HttpServletRequest request, HttpServletResponse response, SsoSession ssoSession) throws Exception {
log.debug("Entered login queryString: {}", request.getQueryString());
String redirectUrl;
if (SsoUtils.isUserAuthenticated(request)) {
log.debug("User is authenticated redirecting to interactive-redirect-to-module");
redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI;
} else if (SsoUtils.scopeAsList(SsoUtils.getScopeRequestParameter(request, "")).contains("ovirt-ext=auth:identity")) {
redirectUrl = new URLBuilder(SsoUtils.getRedirectUrl(request)).addParameter(SsoConstants.ERROR, SsoConstants.ERR_OVIRT_CODE_NOT_AUTHENTICATED).addParameter(SsoConstants.ERROR_DESCRIPTION, SsoConstants.ERR_CODE_NOT_AUTHENTICATED_MSG).build();
} else {
ssoSession.setAuthStack(getAuthSeq(ssoSession));
if (ssoSession.getAuthStack().isEmpty()) {
throw new OAuthException(SsoConstants.ERR_CODE_ACCESS_DENIED, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_NO_VALID_AUTHENTICATION_MECHANISM_FOUND, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI;
}
log.debug("Redirecting to url: {}", redirectUrl);
response.sendRedirect(redirectUrl);
}
Also used :
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
URLBuilder(org.ovirt.engine.core.uutils.net.URLBuilder)
Example 4 with OAuthException
use of org.ovirt.engine.core.sso.utils.OAuthException in project ovirt-engine by oVirt.
the class OAuthRevokeServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
log.debug("Entered OAuthRevokeServlet QueryString: {}, Parameters : {}", request.getQueryString(), SsoUtils.getRequestParameters(request));
try {
String token = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_TOKEN);
String scope = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_SCOPE, "");
SsoUtils.validateClientAcceptHeader(request);
String[] clientIdAndSecret = SsoUtils.getClientIdClientSecret(request);
SsoUtils.validateClientRequest(request, clientIdAndSecret[0], clientIdAndSecret[1], scope, null);
SsoSession ssoSession = ssoContext.getSsoSession(token);
if (ssoSession != null) {
Set<String> associatedClientIds = new TreeSet<>(ssoSession.getAssociatedClientIds());
boolean revokeAllScope = SsoUtils.scopeAsList(scope).contains("ovirt-ext=revoke:revoke-all");
if (revokeAllScope) {
SsoUtils.validateRequestScope(request, token, scope);
} else {
ssoSession.getAssociatedClientIds().remove(clientIdAndSecret[0]);
}
if (revokeAllScope || ssoSession.getAssociatedClientIds().isEmpty()) {
log.info("User {}@{} successfully logged out", SsoUtils.getUserId(ssoSession.getPrincipalRecord()), ssoSession.getProfile());
TokenCleanupUtility.cleanupSsoSession(ssoContext, ssoSession, associatedClientIds);
}
}
SsoUtils.sendJsonData(response, new HashMap<>());
} catch (OAuthException ex) {
SsoUtils.sendJsonDataWithMessage(request, response, ex);
} catch (Exception ex) {
SsoUtils.sendJsonDataWithMessage(request, response, SsoConstants.ERR_CODE_SERVER_ERROR, ex);
}
}
Also used :
TreeSet(java.util.TreeSet)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
Example 5 with OAuthException
use of org.ovirt.engine.core.sso.utils.OAuthException in project ovirt-engine by oVirt.
the class OAuthTokenServlet method issueTokenUsingHttpHeaders.
private void issueTokenUsingHttpHeaders(HttpServletRequest request, HttpServletResponse response) throws Exception {
log.debug("Entered issueTokenUsingHttpHeaders");
try {
AuthResult authResult = null;
for (NonInteractiveAuth auth : getAuthSeq()) {
authResult = auth.doAuth(request, response);
if (authResult.getStatus() == Authn.AuthResult.SUCCESS || authResult.getStatus() == Authn.AuthResult.NEGOTIATION_INCOMPLETE) {
break;
}
}
if (authResult != null && authResult.getStatus() != Authn.AuthResult.SUCCESS) {
log.debug("Authentication failed using http headers");
List<String> schemes = (List<String>) request.getAttribute(NegotiateAuthUtils.REQUEST_SCHEMES_KEY);
for (String scheme : new HashSet<>(schemes == null ? Collections.emptyList() : schemes)) {
response.setHeader("WWW-Authenticate", scheme);
}
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} else if (authResult != null && StringUtils.isNotEmpty(authResult.getToken())) {
SsoSession ssoSession = SsoUtils.getSsoSessionFromRequest(request, authResult.getToken());
if (ssoSession == null) {
throw new OAuthException(SsoConstants.ERR_CODE_INVALID_GRANT, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHORIZATION_GRANT_EXPIRED, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
validateClientAcceptHeader(ssoSession, request);
log.debug("Sending json response");
SsoUtils.sendJsonData(response, buildResponse(ssoSession));
} else {
throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHENTICATION_FAILED, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
} catch (Exception ex) {
throw new AuthenticationException(String.format(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CANNOT_AUTHENTICATE_USER, (Locale) request.getAttribute(SsoConstants.LOCALE)), ex.getMessage()));
}
}
Also used :
Locale(java.util.Locale)
NonInteractiveAuth(org.ovirt.engine.core.sso.utils.NonInteractiveAuth)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
AuthResult(org.ovirt.engine.core.sso.utils.AuthResult)
ArrayList(java.util.ArrayList)
List(java.util.List)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
ServletException(javax.servlet.ServletException)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
IOException(java.io.IOException)
HashSet(java.util.HashSet)
Aggregations
OAuthException (org.ovirt.engine.core.sso.utils.OAuthException)7
SsoSession (org.ovirt.engine.core.sso.utils.SsoSession)5
IOException (java.io.IOException)3
Locale (java.util.Locale)3
ServletException (javax.servlet.ServletException)3
AuthenticationException (org.ovirt.engine.core.sso.utils.AuthenticationException)2
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
List (java.util.List)1
TreeSet (java.util.TreeSet)1
AuthResult (org.ovirt.engine.core.sso.utils.AuthResult)1
Credentials (org.ovirt.engine.core.sso.utils.Credentials)1
InteractiveAuth (org.ovirt.engine.core.sso.utils.InteractiveAuth)1
NonInteractiveAuth (org.ovirt.engine.core.sso.utils.NonInteractiveAuth)1
URLBuilder (org.ovirt.engine.core.uutils.net.URLBuilder)1
