Example 1 with SsoSession
use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.
the class InteractiveAuthServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
log.debug("Entered InteractiveAuthServlet");
try {
String redirectUrl;
SsoSession ssoSession = SsoUtils.getSsoSession(request);
// clean up the sso session id token
ssoContext.removeSsoSessionById(ssoSession);
if (StringUtils.isEmpty(ssoSession.getClientId())) {
redirectUrl = ssoContext.getEngineUrl();
} else {
Credentials userCredentials = getUserCredentials(request);
try {
if (SsoUtils.isUserAuthenticated(request)) {
log.debug("User is authenticated redirecting to {}", SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI);
redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI;
} else {
redirectUrl = authenticateUser(request, response, userCredentials);
}
} catch (AuthenticationException ex) {
if (userCredentials != null) {
String profile = userCredentials.getProfile() == null ? "N/A" : userCredentials.getProfile();
log.error("Cannot authenticate user '{}@{}' connecting from '{}': {}", userCredentials.getUsername(), profile, ssoSession.getSourceAddr(), ex.getMessage());
log.debug("Exception", ex);
SsoUtils.getSsoSession(request).setLoginMessage(ex.getMessage());
}
log.debug("Redirecting to LoginPage");
ssoSession.setReauthenticate(false);
ssoContext.registerSsoSessionById(SsoUtils.generateIdToken(), ssoSession);
if (StringUtils.isNotEmpty(ssoContext.getSsoDefaultProfile()) && Arrays.stream(request.getCookies()).noneMatch(c -> c.getName().equals("profile"))) {
Cookie cookie = new Cookie("profile", ssoContext.getSsoDefaultProfile());
cookie.setSecure("https".equalsIgnoreCase(request.getScheme()));
response.addCookie(cookie);
}
redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_FORM_URI;
}
}
if (redirectUrl != null) {
response.sendRedirect(redirectUrl);
}
} catch (Exception ex) {
SsoUtils.redirectToErrorPage(request, response, ex);
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Credentials(org.ovirt.engine.core.sso.utils.Credentials)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
Example 2 with SsoSession
use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.
the class OAuthTokenServlet method handleIssueTokenForPasswd.
protected SsoSession handleIssueTokenForPasswd(HttpServletRequest request, String scope, Credentials credentials) throws Exception {
String token = null;
if (credentials != null && SsoUtils.areCredentialsValid(request, credentials)) {
AuthenticationUtils.handleCredentials(ssoContext, request, credentials, false);
token = (String) request.getAttribute(SsoConstants.HTTP_REQ_ATTR_ACCESS_TOKEN);
}
log.debug("Attempting to issueTokenForPasswd for user: {}", Optional.ofNullable(credentials).map(Credentials::getUsername).orElse("null"));
SsoSession ssoSession = SsoUtils.getSsoSessionFromRequest(request, token);
if (ssoSession == null) {
throw new OAuthException(SsoConstants.ERR_CODE_INVALID_GRANT, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHORIZATION_GRANT_EXPIRED_FOR_USERNAME_PASSWORD, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
validateClientAcceptHeader(ssoSession, request);
SsoUtils.validateRequestScope(request, token, scope);
return ssoSession;
}
Also used :
Locale(java.util.Locale)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
Credentials(org.ovirt.engine.core.sso.utils.Credentials)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Example 3 with SsoSession
use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.
the class OpenIdTokenServlet method issueTokenForAuthCode.
@Override
protected void issueTokenForAuthCode(HttpServletRequest request, HttpServletResponse response, String scope) throws Exception {
String[] clientIdAndSecret = SsoUtils.getClientIdClientSecret(request);
SsoUtils.validateClientRequest(request, clientIdAndSecret[0], clientIdAndSecret[1], scope, null);
SsoSession ssoSession = handleIssueTokenForAuthCode(request, clientIdAndSecret[0], scope);
log.debug("Sending json response");
SsoUtils.sendJsonData(response, buildResponse(request, ssoSession, clientIdAndSecret[0], clientIdAndSecret[1]));
}
Also used :
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Example 4 with SsoSession
use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.
the class OAuthTokenInfoServlet method buildResponse.
private Map<String, Object> buildResponse(HttpServletRequest request, String clientId, String scope) throws Exception {
String token = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_TOKEN);
SsoSession ssoSession = SsoUtils.getSsoSession(request, clientId, token, true);
String password = null;
if (SsoUtils.scopeAsList(scope).contains(SsoConstants.PASSWORD_ACCESS_SCOPE)) {
password = ssoSession.getPassword();
}
return buildResponse(ssoSession, password);
}
Also used :
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Example 5 with SsoSession
use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.
the class OAuthAuthorizeServlet method buildSsoSession.
protected SsoSession buildSsoSession(HttpServletRequest request) throws Exception {
String clientId = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_CLIENT_ID);
String scope = SsoUtils.getScopeRequestParameter(request, "");
String state = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_STATE, "");
String appUrl = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_APP_URL, "");
String engineUrl = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_ENGINE_URL, "");
String redirectUri = request.getParameter(SsoConstants.HTTP_PARAM_REDIRECT_URI);
String sourceAddr = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_SOURCE_ADDR, "UNKNOWN");
validateClientRequest(request, clientId, scope, redirectUri);
// Create the session
request.getSession(true);
SsoSession ssoSession = SsoUtils.getSsoSession(request);
ssoSession.setAppUrl(appUrl);
ssoSession.setClientId(clientId);
ssoSession.setSourceAddr(sourceAddr);
ssoSession.setRedirectUri(redirectUri);
ssoSession.setScope(scope);
ssoSession.setState(state);
ssoSession.getHttpSession().setMaxInactiveInterval(-1);
if (StringUtils.isNotEmpty(engineUrl)) {
ssoSession.setEngineUrl(engineUrl);
} else {
ssoSession.setEngineUrl(SsoUtils.getSsoContext(request).getEngineUrl());
}
return ssoSession;
}
Also used :
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Aggregations
SsoSession (org.ovirt.engine.core.sso.utils.SsoSession)14
Locale (java.util.Locale)5
AuthenticationException (org.ovirt.engine.core.sso.utils.AuthenticationException)5
OAuthException (org.ovirt.engine.core.sso.utils.OAuthException)5
IOException (java.io.IOException)4
ServletException (javax.servlet.ServletException)4
Credentials (org.ovirt.engine.core.sso.utils.Credentials)4
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
List (java.util.List)1
TreeSet (java.util.TreeSet)1
Cookie (javax.servlet.http.Cookie)1
AuthResult (org.ovirt.engine.core.sso.utils.AuthResult)1
NonInteractiveAuth (org.ovirt.engine.core.sso.utils.NonInteractiveAuth)1
