Search in sources :

Example 1 with FailNode

use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project ballerina by ballerina-lang.

the class BLangPackageBuilder method addFailStatement.

public void addFailStatement(DiagnosticPos pos, Set<Whitespace> ws) {
    BLangFail failNode = (BLangFail) TreeBuilder.createFailNode();
    failNode.pos = pos;
    failNode.addWS(ws);
    addStmtToCurrentBlock(failNode);
}
Also used : BLangFail(org.wso2.ballerinalang.compiler.tree.statements.BLangFail)

Example 2 with FailNode

use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project carbon-identity-framework by wso2.

the class GraphBasedSequenceHandler method handleAuthenticationStep.

private boolean handleAuthenticationStep(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context, SequenceConfig sequenceConfig, StepConfigGraphNode stepConfigGraphNode) throws FrameworkException {
    StepConfig stepConfig = stepConfigGraphNode.getStepConfig();
    if (stepConfig == null) {
        throw new FrameworkException("StepConfig not found while handling the step. Service Provider : " + context.getServiceProviderName());
    }
    // if the current step is completed
    if (stepConfig.isCompleted()) {
        stepConfig.setCompleted(false);
        stepConfig.setRetrying(false);
        // if the request didn't fail during the step execution
        if (context.isRequestAuthenticated()) {
            if (log.isDebugEnabled()) {
                log.debug("Step " + stepConfig.getOrder() + " is completed. Going to get the next one.");
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Authentication has failed in the Step " + (context.getCurrentStep()));
            }
            // authentication
            if (stepConfig.isMultiOption() && !context.isPassiveAuthenticate()) {
                stepConfig.setRetrying(true);
                context.setRequestAuthenticated(true);
            } else {
                FrameworkUtils.resetAuthenticationContext(context);
            }
        }
        FrameworkUtils.resetAuthenticationContext(context);
    }
    // if the sequence is not completed, we have work to do.
    if (log.isDebugEnabled()) {
        log.debug("Starting Step: " + stepConfig.getOrder());
    }
    AuthenticatorFlowStatus flowStatus = (AuthenticatorFlowStatus) request.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
    int stepNumber = context.getCurrentStep();
    if (!context.isReturning()) {
        if (stepNumber <= 0) {
            stepNumber = 1;
        } else if (flowStatus != FAIL_COMPLETED) {
            stepNumber++;
        }
        context.setCurrentStep(stepNumber);
        context.getSequenceConfig().getStepMap().put(stepNumber, stepConfig);
    }
    FrameworkUtils.getStepHandler().handle(request, response, context);
    flowStatus = (AuthenticatorFlowStatus) request.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
    if (flowStatus != SUCCESS_COMPLETED && flowStatus != INCOMPLETE && !(FAIL_COMPLETED.equals(flowStatus) && context.isRetrying())) {
        stepConfig.setSubjectAttributeStep(false);
        stepConfig.setSubjectIdentifierStep(false);
    }
    if (flowStatus == FAIL_COMPLETED) {
        if (!(stepConfigGraphNode.getNext() instanceof DynamicDecisionNode)) {
            if (context.isRetrying()) {
                StepConfigGraphNode newNextNode = new StepConfigGraphNode(stepConfigGraphNode.getStepConfig());
                newNextNode.setNext(stepConfigGraphNode.getNext());
                AuthGraphNode parentNode = stepConfigGraphNode.getParent();
                if (parentNode == null) {
                    parentNode = sequenceConfig.getAuthenticationGraph().getStartNode();
                }
                newNextNode.setParent(parentNode);
                if (parentNode instanceof DynamicDecisionNode) {
                    ((DynamicDecisionNode) parentNode).setDefaultEdge(newNextNode);
                } else if (parentNode instanceof StepConfigGraphNode) {
                    ((StepConfigGraphNode) parentNode).setNext(newNextNode);
                }
                stepConfigGraphNode.setNext(newNextNode);
            } else {
                stepConfigGraphNode.setNext(new FailNode());
            }
        }
    }
    // if step is not completed, that means step wants to redirect to outside
    if (!stepConfig.isCompleted()) {
        if (log.isDebugEnabled()) {
            log.debug("Step is not complete yet. Redirecting to outside.");
        }
        return true;
    }
    if (context.isPassiveAuthenticate() && !context.isRequestAuthenticated()) {
        return true;
    }
    context.setReturning(false);
    return false;
}
Also used : DynamicDecisionNode(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.DynamicDecisionNode) FailNode(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode) FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) AuthenticatorFlowStatus(org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus) StepConfigGraphNode(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.StepConfigGraphNode) AuthGraphNode(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.AuthGraphNode)

Example 3 with FailNode

use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project carbon-identity-framework by wso2.

the class GraphBasedSequenceHandler method handleAuthFail.

/**
 * Process FailNode.
 * @param request HTTP Servlet request
 * @param response HTTP Servlet Response
 * @param context Authentication Context
 * @param node Fail Node
 * @throws FrameworkException
 */
private void handleAuthFail(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context, SequenceConfig sequenceConfig, FailNode node) throws FrameworkException {
    if (log.isDebugEnabled()) {
        log.debug("Found a Fail Node in conditional authentication");
    }
    if (node.isShowErrorPage()) {
        // Set parameters specific to sendError function to context if isShowErrorPage  is true
        String errorPage = node.getErrorPageUri();
        String redirectURL = null;
        try {
            if (StringUtils.isBlank(errorPage)) {
                // Redirecting to server retry page.
                errorPage = ConfigurationFacade.getInstance().getAuthenticationEndpointRetryURL();
                URIBuilder uriBuilder = new URIBuilder(errorPage);
                // Create error key and add failure data set in the script to AuthenticationError and add to cache.
                String errorKey = UUID.randomUUID().toString();
                uriBuilder.addParameter(FrameworkConstants.REQUEST_PARAM_ERROR_KEY, errorKey);
                Map<String, String> failureData = node.getFailureData();
                failureData.put(FrameworkConstants.REQUEST_PARAM_SP, context.getServiceProviderName());
                AuthenticationError authenticationError = new AuthenticationError(failureData);
                FrameworkUtils.addAuthenticationErrorToCache(errorKey, authenticationError, context.getTenantDomain());
                redirectURL = uriBuilder.toString();
            } else {
                URIBuilder uriBuilder = new URIBuilder(errorPage);
                node.getFailureData().forEach(uriBuilder::addParameter);
                redirectURL = uriBuilder.toString();
            }
            response.sendRedirect(FrameworkUtils.getRedirectURL(redirectURL, request));
        } catch (IOException e) {
            throw new FrameworkException("Error when redirecting user to " + errorPage, e);
        } catch (URISyntaxException e) {
            throw new FrameworkException("Error when redirecting user to " + errorPage + ". Error page is not a valid URL.", e);
        }
        context.setRequestAuthenticated(false);
        context.getSequenceConfig().setCompleted(true);
        request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
        throw new JsFailureException("Error initiated from authentication script. User will be redirected to " + redirectURL);
    } else {
        // If isShowErrorPage is false, set parameters specific to fail function to context.
        setErrorPropertiesToContext(node, context);
    }
}
Also used : AuthenticationError(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationError) FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) IOException(java.io.IOException) URISyntaxException(java.net.URISyntaxException) JsFailureException(org.wso2.carbon.identity.application.authentication.framework.exception.JsFailureException) URIBuilder(org.apache.http.client.utils.URIBuilder)

Example 4 with FailNode

use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project carbon-identity-framework by wso2.

the class GraphBasedSequenceHandler method handleLongWait.

private boolean handleLongWait(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context, SequenceConfig sequenceConfig, LongWaitNode longWaitNode) throws FrameworkException {
    boolean isWaiting;
    LongWaitStatusStoreService longWaitStatusStoreService = FrameworkServiceDataHolder.getInstance().getLongWaitStatusStoreService();
    LongWaitStatus longWaitStatus = longWaitStatusStoreService.getWait(context.getContextIdentifier());
    if (longWaitStatus == null || longWaitStatus.getStatus() == LongWaitStatus.Status.UNKNOWN) {
        // This is a initiation of long wait
        longWaitStatus = new LongWaitStatus();
        int tenantId = IdentityTenantUtil.getTenantId(context.getTenantDomain());
        longWaitStatusStoreService.addWait(tenantId, context.getContextIdentifier(), longWaitStatus);
        isWaiting = callExternalSystem(request, response, context, sequenceConfig, longWaitNode);
        if (promptOnLongWait()) {
            if (isWaiting) {
                displayLongWait(context, request, response);
            }
        }
    } else {
        context.setReturning(false);
        // This is a continuation of long wait
        isWaiting = LongWaitStatus.Status.COMPLETED != longWaitStatus.getStatus();
        longWaitStatusStoreService.removeWait(context.getContextIdentifier());
        String outcomeName = (String) context.getProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_STATUS);
        Map<String, Object> data = (Map<String, Object>) context.getProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_DATA);
        context.removeProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_STATUS);
        context.removeProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_DATA);
        AuthGraphNode nextNode;
        if (outcomeName != null) {
            executeFunction(outcomeName, longWaitNode, context, data);
            nextNode = longWaitNode.getDefaultEdge();
            if (nextNode == null) {
                log.error("Authentication script does not have applicable event handler for outcome " + outcomeName + " from the long wait process : " + context.getContextIdentifier() + ". So ending the authentication flow. Add the correspoding event handler to the script");
                nextNode = new FailNode();
            }
        } else {
            log.error("The outcome from the long wait process " + context.getContextIdentifier() + " is null. Because asyncReturn.accept() has not been used properly in the async process flow" + " of the custom function. So ending the authentication flow. Check the flow in the async" + " process flow of the custom function and add asyncReturn.accept() with the corresponding" + " outcome.");
            nextNode = new FailNode();
        }
        context.setProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE, nextNode);
    }
    return isWaiting;
}
Also used : FailNode(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode) LongWaitStatus(org.wso2.carbon.identity.application.authentication.framework.model.LongWaitStatus) LongWaitStatusStoreService(org.wso2.carbon.identity.application.authentication.framework.store.LongWaitStatusStoreService) Map(java.util.Map) AuthGraphNode(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.AuthGraphNode)

Example 5 with FailNode

use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project carbon-identity-framework by wso2.

the class GraphBasedSequenceHandler method setErrorPropertiesToContext.

/**
 * Sets error properties to Authentication context and fail authentication.
 */
private void setErrorPropertiesToContext(FailNode node, AuthenticationContext context) throws FrameworkException {
    Map<String, String> parameterMap = node.getFailureData();
    // If an error code is provided, set it to the context.
    if (parameterMap.containsKey(FrameworkConstants.ERROR_CODE)) {
        context.setProperty(FrameworkConstants.AUTH_ERROR_CODE, parameterMap.get(FrameworkConstants.ERROR_CODE));
    }
    // If an error description is provided, set it to the context.
    if (parameterMap.containsKey(FrameworkConstants.ERROR_MESSAGE)) {
        context.setProperty(FrameworkConstants.AUTH_ERROR_MSG, parameterMap.get(FrameworkConstants.ERROR_MESSAGE));
    }
    // If an error URL is provided, validate is before proceeding.
    if (parameterMap.containsKey(FrameworkConstants.ERROR_URI)) {
        try {
            new URL(parameterMap.get(FrameworkConstants.ERROR_URI));
        } catch (MalformedURLException e) {
            throw new FrameworkException("Error when validating provided errorURI: " + parameterMap.get(FrameworkConstants.ERROR_URI), e);
        }
        // Set the error URL to the context.
        context.setProperty(FrameworkConstants.AUTH_ERROR_URI, parameterMap.get(FrameworkConstants.ERROR_URI));
    }
    context.setRequestAuthenticated(false);
    context.getSequenceConfig().setCompleted(true);
}
Also used : MalformedURLException(java.net.MalformedURLException) FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) URL(java.net.URL)

Aggregations

AuthGraphNode (org.wso2.carbon.identity.application.authentication.framework.config.model.graph.AuthGraphNode)3 FailNode (org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode)3 FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)3 AuthenticatorFlowStatus (org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus)2 IOException (java.io.IOException)1 MalformedURLException (java.net.MalformedURLException)1 URISyntaxException (java.net.URISyntaxException)1 URL (java.net.URL)1 Map (java.util.Map)1 URIBuilder (org.apache.http.client.utils.URIBuilder)1 BLangFail (org.wso2.ballerinalang.compiler.tree.statements.BLangFail)1 StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)1 DynamicDecisionNode (org.wso2.carbon.identity.application.authentication.framework.config.model.graph.DynamicDecisionNode)1 EndStep (org.wso2.carbon.identity.application.authentication.framework.config.model.graph.EndStep)1 StepConfigGraphNode (org.wso2.carbon.identity.application.authentication.framework.config.model.graph.StepConfigGraphNode)1 JsFailureException (org.wso2.carbon.identity.application.authentication.framework.exception.JsFailureException)1 AuthenticationError (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationError)1 LongWaitStatus (org.wso2.carbon.identity.application.authentication.framework.model.LongWaitStatus)1 LongWaitStatusStoreService (org.wso2.carbon.identity.application.authentication.framework.store.LongWaitStatusStoreService)1