Examples with SsoSession org.ovirt.engine.core.sso.utils.SsoSession used on opensource projects

Example 6 with SsoSession

use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.

the class OAuthRevokeServlet method service.

@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    log.debug("Entered OAuthRevokeServlet QueryString: {}, Parameters : {}", request.getQueryString(), SsoUtils.getRequestParameters(request));
    try {
        String token = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_TOKEN);
        String scope = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_SCOPE, "");
        SsoUtils.validateClientAcceptHeader(request);
        String[] clientIdAndSecret = SsoUtils.getClientIdClientSecret(request);
        SsoUtils.validateClientRequest(request, clientIdAndSecret[0], clientIdAndSecret[1], scope, null);
        SsoSession ssoSession = ssoContext.getSsoSession(token);
        if (ssoSession != null) {
            Set<String> associatedClientIds = new TreeSet<>(ssoSession.getAssociatedClientIds());
            boolean revokeAllScope = SsoUtils.scopeAsList(scope).contains("ovirt-ext=revoke:revoke-all");
            if (revokeAllScope) {
                SsoUtils.validateRequestScope(request, token, scope);
            } else {
                ssoSession.getAssociatedClientIds().remove(clientIdAndSecret[0]);
            }
            if (revokeAllScope || ssoSession.getAssociatedClientIds().isEmpty()) {
                log.info("User {}@{} successfully logged out", SsoUtils.getUserId(ssoSession.getPrincipalRecord()), ssoSession.getProfile());
                TokenCleanupUtility.cleanupSsoSession(ssoContext, ssoSession, associatedClientIds);
            }
        }
        SsoUtils.sendJsonData(response, new HashMap<>());
    } catch (OAuthException ex) {
        SsoUtils.sendJsonDataWithMessage(request, response, ex);
    } catch (Exception ex) {
        SsoUtils.sendJsonDataWithMessage(request, response, SsoConstants.ERR_CODE_SERVER_ERROR, ex);
    }
}

Example 7 with SsoSession

use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.

the class OAuthTokenServlet method issueTokenForPasswd.

protected void issueTokenForPasswd(HttpServletRequest request, HttpServletResponse response, String scope) throws Exception {
    log.debug("Entered issueTokenForPasswd");
    Credentials credentials = null;
    try {
        credentials = getCredentials(request);
        SsoSession ssoSession = handleIssueTokenForPasswd(request, scope, credentials);
        log.debug("Sending json response");
        SsoUtils.sendJsonData(response, buildResponse(ssoSession));
    } catch (AuthenticationException ex) {
        String profile = "N/A";
        if (credentials != null) {
            profile = credentials.getProfile() == null ? "N/A" : credentials.getProfile();
        }
        throw new AuthenticationException(String.format(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CANNOT_AUTHENTICATE_USER_IN_DOMAIN, (Locale) request.getAttribute(SsoConstants.LOCALE)), credentials == null ? "N/A" : credentials.getUsername(), profile, ex.getMessage()));
    }
}

Example 8 with SsoSession

use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.

the class OAuthTokenServlet method issueTokenUsingHttpHeaders.

private void issueTokenUsingHttpHeaders(HttpServletRequest request, HttpServletResponse response) throws Exception {
    log.debug("Entered issueTokenUsingHttpHeaders");
    try {
        AuthResult authResult = null;
        for (NonInteractiveAuth auth : getAuthSeq()) {
            authResult = auth.doAuth(request, response);
            if (authResult.getStatus() == Authn.AuthResult.SUCCESS || authResult.getStatus() == Authn.AuthResult.NEGOTIATION_INCOMPLETE) {
                break;
            }
        }
        if (authResult != null && authResult.getStatus() != Authn.AuthResult.SUCCESS) {
            log.debug("Authentication failed using http headers");
            List<String> schemes = (List<String>) request.getAttribute(NegotiateAuthUtils.REQUEST_SCHEMES_KEY);
            for (String scheme : new HashSet<>(schemes == null ? Collections.emptyList() : schemes)) {
                response.setHeader("WWW-Authenticate", scheme);
            }
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        } else if (authResult != null && StringUtils.isNotEmpty(authResult.getToken())) {
            SsoSession ssoSession = SsoUtils.getSsoSessionFromRequest(request, authResult.getToken());
            if (ssoSession == null) {
                throw new OAuthException(SsoConstants.ERR_CODE_INVALID_GRANT, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHORIZATION_GRANT_EXPIRED, (Locale) request.getAttribute(SsoConstants.LOCALE)));
            }
            validateClientAcceptHeader(ssoSession, request);
            log.debug("Sending json response");
            SsoUtils.sendJsonData(response, buildResponse(ssoSession));
        } else {
            throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHENTICATION_FAILED, (Locale) request.getAttribute(SsoConstants.LOCALE)));
        }
    } catch (Exception ex) {
        throw new AuthenticationException(String.format(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CANNOT_AUTHENTICATE_USER, (Locale) request.getAttribute(SsoConstants.LOCALE)), ex.getMessage()));
    }
}

Example 9 with SsoSession

use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.

the class OAuthTokenServlet method issueTokenForLoginOnBehalf.

private void issueTokenForLoginOnBehalf(HttpServletRequest request, HttpServletResponse response, String scope) throws Exception {
    log.debug("Entered issueTokenForLoginOnBehalf");
    String[] clientIdAndSecret = SsoUtils.getClientIdClientSecret(request);
    String username = SsoUtils.getRequestParameter(request, "username");
    log.debug("Attempting to issueTokenForLoginOnBehalf for client: {}, user: {}", clientIdAndSecret[0], username);
    AuthenticationUtils.loginOnBehalf(ssoContext, request, username);
    String token = (String) request.getAttribute(SsoConstants.HTTP_REQ_ATTR_ACCESS_TOKEN);
    SsoUtils.validateRequestScope(request, token, scope);
    SsoSession ssoSession = SsoUtils.getSsoSession(request, token, true);
    if (ssoSession == null) {
        throw new OAuthException(SsoConstants.ERR_CODE_INVALID_GRANT, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHORIZATION_GRANT_EXPIRED_FOR_USERNAME_PASSWORD, (Locale) request.getAttribute(SsoConstants.LOCALE)));
    }
    validateClientAcceptHeader(ssoSession, request);
    log.debug("Sending json response");
    SsoUtils.sendJsonData(response, buildResponse(ssoSession));
}

Example 10 with SsoSession

use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.

the class OAuthTokenServlet method handleIssueTokenForAuthCode.

protected SsoSession handleIssueTokenForAuthCode(HttpServletRequest request, String clientId, String scope) throws Exception {
    log.debug("Entered issueTokenForAuthCode");
    String authCode = SsoUtils.getRequestParameter(request, SsoConstants.HTTP_PARAM_AUTHORIZATION_CODE, SsoConstants.HTTP_PARAM_AUTHORIZATION_CODE);
    String accessToken = getTokenForAuthCode(authCode);
    SsoUtils.validateRequestScope(request, accessToken, scope);
    SsoSession ssoSession = SsoUtils.getSsoSession(request, clientId, accessToken, true);
    validateClientAcceptHeader(ssoSession, request);
    return ssoSession;
}