use of org.owasp.esapi.errors.EncodingException in project OpenAM by OpenRock.
the class ConsumerRequest method postConsumerRegistrations.
/**
* POST method for registering a Service Consumer
* and obtaining corresponding consumer key & secret.
*
* @param formParams {@link String} containing the service
* consumer's description.
* This description takes the form of name=value pairs separated by &.
* The following parameters are supported:
* <OL>
* <LI>name - the service consumer's name.</LI>
* <LI>icon - the service consumer's URI for its icon (MUST be unique).</LI>
* <LI>service - the service consumer's URI for its service</LI>
* <LI>rsapublickey - (optional) the RSA public key of the Service Consumer.</LI>
* </OL>
* <p>
*
* Example of string:
* <pre>
* name=Service XYZ&icon=http://www.example.com/icon.jpg&service=http://www.example.com
* </pre>
*
*
* @return an HTTP response with content of the created resource.
* The location URI is set to the newly created OAuth consumer key.
* The body of the response is of the form:
* <pre>
* consumer_key=http://serviceprovider/0123456762121
* consumer_secret=12345633
* </pre>
* Both values are URL encoded.
*/
@POST
@Consumes("application/x-www-form-urlencoded")
public Response postConsumerRegistrations(MultivaluedMap<String, String> formParams) {
OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
try {
Consumer cons = new Consumer();
String cert = null;
String tmpsecret = null;
Boolean keyed = false;
Set<String> pnames = formParams.keySet();
Iterator<String> iter = pnames.iterator();
Encoder enc = ESAPI.encoder();
Validator validator = ESAPI.validator();
while (iter.hasNext()) {
String key = iter.next();
String val = formParams.getFirst(key);
if (key.equalsIgnoreCase(C_NAME)) {
String consumerName = enc.canonicalize(val);
if (!validator.isValidInput(C_NAME, consumerName, "HTTPParameterValue", 512, true)) {
String resp = "Invalid name entered entered. Please try again.";
return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
}
// Check if a consumer with the same name is already registered,
// if so, will not do the registration again.
Map<String, String> searchMap = new HashMap<String, String>();
searchMap.put(CONSUMER_NAME, consumerName);
List<Consumer> consumers = oauthResMgr.searchConsumers(searchMap);
if ((consumers != null) && (!consumers.isEmpty())) {
String resp = "A consumer is already registered with name " + enc.encodeForHTML(consumerName) + ".";
return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
}
cons.setConsName(consumerName);
} else if (key.equalsIgnoreCase(C_CERT)) {
// The cert is in PEM format (no URL decode needed)
cert = val;
} else if (key.equalsIgnoreCase(C_SECRET)) {
tmpsecret = URLDecoder.decode(val);
} else if (key.equalsIgnoreCase(C_KEY)) {
keyed = true;
String consumerKey = enc.canonicalize(val);
if (!validator.isValidInput(C_KEY, consumerKey, "HTTPParameterValue", 512, true)) {
String resp = "Invalid key entered entered. Please try again.";
return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
}
// Check if a consumer with the same key is already registered,
// if so, will not do the registration again.
cons.setConsKey(consumerKey);
Map<String, String> searchMap = new HashMap<String, String>();
searchMap.put(CONSUMER_KEY, consumerKey);
List<Consumer> consumers = oauthResMgr.searchConsumers(searchMap);
if ((consumers != null) && (!consumers.isEmpty())) {
String resp = "A consumer is already registered with key " + enc.encodeForHTML(consumerKey) + ".";
return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
}
} else {
// anything else is ignored for the time being
}
}
if (cert != null) {
cons.setConsRsakey(cert);
}
if (tmpsecret != null) {
cons.setConsSecret(tmpsecret);
} else {
cons.setConsSecret(new UniqueRandomString().getString());
}
if (!keyed) {
String baseUri = context.getBaseUri().toString();
if (baseUri.endsWith("/"))
baseUri = baseUri.substring(0, baseUri.length() - 1);
URI loc = URI.create(baseUri + PathDefs.CONSUMERS_PATH + "/" + new UniqueRandomString().getString());
String consKey = loc.toString();
cons.setConsKey(consKey);
}
oauthResMgr.createConsumer(null, cons);
String resp = "consumer_key=" + URLEncoder.encode(cons.getConsKey()) + "&consumer_secret=" + URLEncoder.encode(cons.getConsSecret());
return Response.created(URI.create(cons.getConsKey())).entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
} catch (OAuthServiceException e) {
Logger.getLogger(ConsumerRequest.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
} catch (IntrusionException e) {
Logger.getLogger(ConsumerRequest.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
} catch (EncodingException e) {
Logger.getLogger(ConsumerRequest.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
}
}
use of org.owasp.esapi.errors.EncodingException in project OpenAM by OpenRock.
the class SAML2PostAuthenticationPlugin method onLogout.
@Override
public void onLogout(HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
try {
final String ssOutEnabled = ssoToken.getProperty(SAML2Constants.SINGLE_LOGOUT);
if (Boolean.parseBoolean(ssOutEnabled)) {
final XUIState xuiState = InjectorHolder.getInstance(XUIState.class);
final StringBuilder logoutLocation = new StringBuilder();
logoutLocation.append(ssoToken.getProperty(SLO_SESSION_LOCATION));
if (xuiState.isXUIEnabled()) {
logoutLocation.append(ESAPI.encoder().encodeForURL(ssoToken.getProperty(SLO_SESSION_REFERENCE)));
} else {
logoutLocation.append(ssoToken.getProperty(SLO_SESSION_REFERENCE));
}
request.setAttribute(AMPostAuthProcessInterface.POST_PROCESS_LOGOUT_URL, logoutLocation.toString());
}
} catch (EncodingException | SSOException e) {
//debug warning and fall through
DEBUG.warning("Error loading SAML assertion information in memory. SLO failed for this session.", e);
}
}
use of org.owasp.esapi.errors.EncodingException in project OpenAM by OpenRock.
the class XUIFilter method doFilter.
/**
* {@inheritDoc}
*/
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
if (!(servletResponse instanceof HttpServletResponse) || !(servletRequest instanceof HttpServletRequest)) {
chain.doFilter(servletRequest, servletResponse);
return;
}
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
if (xuiState.isXUIEnabled() && request.getRequestURI() != null) {
String query = request.getQueryString();
// prepare query
if (query != null) {
if (!query.startsWith("&")) {
query = "&" + query;
}
} else {
query = "";
}
// redirect to correct location
if (request.getRequestURI().contains("UI/Logout")) {
response.sendRedirect(xuiLogoutPath + query);
} else if (request.getRequestURI().contains("idm/EndUser")) {
response.sendRedirect(profilePage + query);
} else {
String compositeAdvice = (String) request.getParameter(Constants.COMPOSITE_ADVICE);
if (compositeAdvice != null) {
try {
compositeAdvice = ESAPI.encoder().encodeForURL(compositeAdvice);
final String authIndexType = "authIndexType=composite_advice";
final String authIndexValue = "authIndexValue=" + compositeAdvice;
query = removeCompositeAdviceFromRequest(request) + "&" + authIndexType + "&" + authIndexValue;
} catch (EncodingException e) {
DEBUG.error("XUIFilter.doFilter:: failed to encode composite_advice : " + compositeAdvice, e);
}
}
response.sendRedirect(xuiLoginPath + query);
}
} else {
chain.doFilter(servletRequest, servletResponse);
}
}
Aggregations