Example 11 with SsoSession
use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.
the class OAuthTokenServlet method issueTokenForAuthCode.
protected void issueTokenForAuthCode(HttpServletRequest request, HttpServletResponse response, String scope) throws Exception {
String[] clientIdAndSecret = SsoUtils.getClientIdClientSecret(request);
SsoUtils.validateClientRequest(request, clientIdAndSecret[0], clientIdAndSecret[1], scope, null);
SsoSession ssoSession = handleIssueTokenForAuthCode(request, clientIdAndSecret[0], scope);
log.debug("Sending json response");
SsoUtils.sendJsonData(response, buildResponse(ssoSession));
}
Also used :
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Example 12 with SsoSession
use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.
the class OpenIdAuthorizeServlet method buildSsoSession.
protected SsoSession buildSsoSession(HttpServletRequest request) throws Exception {
SsoSession ssoSession = super.buildSsoSession(request);
ssoSession.setOpenIdScope(true);
ssoSession.setOpenIdNonce(request.getParameter(SsoConstants.HTTP_PARAM_OPENID_NONCE));
ssoSession.setOpenIdPrompt(request.getParameter(SsoConstants.HTTP_PARAM_OPENID_PROMPT));
ssoSession.setOpenIdDisplay(request.getParameter(SsoConstants.HTTP_PARAM_OPENID_DISPLAY));
String maxAgeStr = request.getParameter(SsoConstants.HTTP_PARAM_OPENID_MAX_AGE);
if ("login".equals(ssoSession.getOpenIdPrompt())) {
ssoSession.setStatus(SsoSession.Status.unauthenticated);
} else if (ssoSession.getStatus() == SsoSession.Status.authenticated && StringUtils.isNotEmpty(maxAgeStr)) {
long maxAge = Long.parseLong(maxAgeStr) * 1000;
if (Duration.between(ssoSession.getAuthTime().toInstant(), Instant.now()).toMillis() > maxAge) {
ssoSession.setStatus(SsoSession.Status.unauthenticated);
}
}
return ssoSession;
}
Also used :
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Example 13 with SsoSession
use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.
the class OpenIdTokenServlet method issueTokenForPasswd.
protected void issueTokenForPasswd(HttpServletRequest request, HttpServletResponse response, String scope) throws Exception {
log.debug("Entered issueTokenForPasswd");
Credentials credentials = null;
try {
String[] clientIdAndSecret = SsoUtils.getClientIdClientSecret(request);
SsoUtils.validateClientRequest(request, clientIdAndSecret[0], clientIdAndSecret[1], scope, null);
String clientId = clientIdAndSecret[0];
String clientSecret = clientIdAndSecret[1];
credentials = getCredentials(request);
SsoSession ssoSession = handleIssueTokenForPasswd(request, scope, credentials);
log.debug("Sending json response");
SsoUtils.sendJsonData(response, buildResponse(request, ssoSession, clientId, clientSecret));
} catch (AuthenticationException ex) {
String profile = "N/A";
if (credentials != null) {
profile = credentials.getProfile() == null ? "N/A" : credentials.getProfile();
}
throw new AuthenticationException(String.format(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CANNOT_AUTHENTICATE_USER_IN_DOMAIN, (Locale) request.getAttribute(SsoConstants.LOCALE)), credentials == null ? "N/A" : credentials.getUsername(), profile, ex.getMessage()));
}
}
Also used :
Locale(java.util.Locale)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
Credentials(org.ovirt.engine.core.sso.utils.Credentials)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Example 14 with SsoSession
use of org.ovirt.engine.core.sso.utils.SsoSession in project ovirt-engine by oVirt.
the class OpenIdUserInfoServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
log.debug("Entered OpenIdUserInfoServlet Query String: {}, Parameters : {}", request.getQueryString(), SsoUtils.getRequestParameters(request));
String token = request.getParameter(SsoConstants.HTTP_REQ_ATTR_ACCESS_TOKEN);
if (token == null) {
token = getTokenFromHeader(request);
}
if (token == null) {
throw new OAuthException(SsoConstants.ERROR, SsoConstants.ERR_CODE_INVALID_REQUEST);
}
SsoSession ssoSession = SsoUtils.getSsoSessionFromRequest(request, token);
if (!ssoSession.isActive()) {
throw new OAuthException(SsoConstants.ERR_CODE_INVALID_TOKEN, SsoConstants.ERR_SESSION_EXPIRED_MSG);
}
SsoUtils.sendJsonData(response, buildResponse(request, ssoSession), "application/jwt");
} catch (OAuthException ex) {
SsoUtils.sendJsonDataWithMessage(request, response, ex);
} catch (AuthenticationException ex) {
SsoUtils.sendJsonDataWithMessage(request, response, SsoConstants.ERR_CODE_ACCESS_DENIED, ex);
} catch (Exception ex) {
SsoUtils.sendJsonDataWithMessage(request, response, SsoConstants.ERR_CODE_SERVER_ERROR, ex);
}
}
Also used :
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
ServletException(javax.servlet.ServletException)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
IOException(java.io.IOException)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
Aggregations
SsoSession (org.ovirt.engine.core.sso.utils.SsoSession)14
Locale (java.util.Locale)5
AuthenticationException (org.ovirt.engine.core.sso.utils.AuthenticationException)5
OAuthException (org.ovirt.engine.core.sso.utils.OAuthException)5
IOException (java.io.IOException)4
ServletException (javax.servlet.ServletException)4
Credentials (org.ovirt.engine.core.sso.utils.Credentials)4
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
List (java.util.List)1
TreeSet (java.util.TreeSet)1
Cookie (javax.servlet.http.Cookie)1
AuthResult (org.ovirt.engine.core.sso.utils.AuthResult)1
NonInteractiveAuth (org.ovirt.engine.core.sso.utils.NonInteractiveAuth)1
