use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project ballerina by ballerina-lang.
the class BLangPackageBuilder method addFailStatement.
public void addFailStatement(DiagnosticPos pos, Set<Whitespace> ws) {
BLangFail failNode = (BLangFail) TreeBuilder.createFailNode();
failNode.pos = pos;
failNode.addWS(ws);
addStmtToCurrentBlock(failNode);
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project carbon-identity-framework by wso2.
the class GraphBasedSequenceHandler method handleAuthenticationStep.
private boolean handleAuthenticationStep(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context, SequenceConfig sequenceConfig, StepConfigGraphNode stepConfigGraphNode) throws FrameworkException {
StepConfig stepConfig = stepConfigGraphNode.getStepConfig();
if (stepConfig == null) {
throw new FrameworkException("StepConfig not found while handling the step. Service Provider : " + context.getServiceProviderName());
}
// if the current step is completed
if (stepConfig.isCompleted()) {
stepConfig.setCompleted(false);
stepConfig.setRetrying(false);
// if the request didn't fail during the step execution
if (context.isRequestAuthenticated()) {
if (log.isDebugEnabled()) {
log.debug("Step " + stepConfig.getOrder() + " is completed. Going to get the next one.");
}
} else {
if (log.isDebugEnabled()) {
log.debug("Authentication has failed in the Step " + (context.getCurrentStep()));
}
// authentication
if (stepConfig.isMultiOption() && !context.isPassiveAuthenticate()) {
stepConfig.setRetrying(true);
context.setRequestAuthenticated(true);
} else {
FrameworkUtils.resetAuthenticationContext(context);
}
}
FrameworkUtils.resetAuthenticationContext(context);
}
// if the sequence is not completed, we have work to do.
if (log.isDebugEnabled()) {
log.debug("Starting Step: " + stepConfig.getOrder());
}
AuthenticatorFlowStatus flowStatus = (AuthenticatorFlowStatus) request.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
int stepNumber = context.getCurrentStep();
if (!context.isReturning()) {
if (stepNumber <= 0) {
stepNumber = 1;
} else if (flowStatus != FAIL_COMPLETED) {
stepNumber++;
}
context.setCurrentStep(stepNumber);
context.getSequenceConfig().getStepMap().put(stepNumber, stepConfig);
}
FrameworkUtils.getStepHandler().handle(request, response, context);
flowStatus = (AuthenticatorFlowStatus) request.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
if (flowStatus != SUCCESS_COMPLETED && flowStatus != INCOMPLETE && !(FAIL_COMPLETED.equals(flowStatus) && context.isRetrying())) {
stepConfig.setSubjectAttributeStep(false);
stepConfig.setSubjectIdentifierStep(false);
}
if (flowStatus == FAIL_COMPLETED) {
if (!(stepConfigGraphNode.getNext() instanceof DynamicDecisionNode)) {
if (context.isRetrying()) {
StepConfigGraphNode newNextNode = new StepConfigGraphNode(stepConfigGraphNode.getStepConfig());
newNextNode.setNext(stepConfigGraphNode.getNext());
AuthGraphNode parentNode = stepConfigGraphNode.getParent();
if (parentNode == null) {
parentNode = sequenceConfig.getAuthenticationGraph().getStartNode();
}
newNextNode.setParent(parentNode);
if (parentNode instanceof DynamicDecisionNode) {
((DynamicDecisionNode) parentNode).setDefaultEdge(newNextNode);
} else if (parentNode instanceof StepConfigGraphNode) {
((StepConfigGraphNode) parentNode).setNext(newNextNode);
}
stepConfigGraphNode.setNext(newNextNode);
} else {
stepConfigGraphNode.setNext(new FailNode());
}
}
}
// if step is not completed, that means step wants to redirect to outside
if (!stepConfig.isCompleted()) {
if (log.isDebugEnabled()) {
log.debug("Step is not complete yet. Redirecting to outside.");
}
return true;
}
if (context.isPassiveAuthenticate() && !context.isRequestAuthenticated()) {
return true;
}
context.setReturning(false);
return false;
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project carbon-identity-framework by wso2.
the class GraphBasedSequenceHandler method handleAuthFail.
/**
* Process FailNode.
* @param request HTTP Servlet request
* @param response HTTP Servlet Response
* @param context Authentication Context
* @param node Fail Node
* @throws FrameworkException
*/
private void handleAuthFail(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context, SequenceConfig sequenceConfig, FailNode node) throws FrameworkException {
if (log.isDebugEnabled()) {
log.debug("Found a Fail Node in conditional authentication");
}
if (node.isShowErrorPage()) {
// Set parameters specific to sendError function to context if isShowErrorPage is true
String errorPage = node.getErrorPageUri();
String redirectURL = null;
try {
if (StringUtils.isBlank(errorPage)) {
// Redirecting to server retry page.
errorPage = ConfigurationFacade.getInstance().getAuthenticationEndpointRetryURL();
URIBuilder uriBuilder = new URIBuilder(errorPage);
// Create error key and add failure data set in the script to AuthenticationError and add to cache.
String errorKey = UUID.randomUUID().toString();
uriBuilder.addParameter(FrameworkConstants.REQUEST_PARAM_ERROR_KEY, errorKey);
Map<String, String> failureData = node.getFailureData();
failureData.put(FrameworkConstants.REQUEST_PARAM_SP, context.getServiceProviderName());
AuthenticationError authenticationError = new AuthenticationError(failureData);
FrameworkUtils.addAuthenticationErrorToCache(errorKey, authenticationError, context.getTenantDomain());
redirectURL = uriBuilder.toString();
} else {
URIBuilder uriBuilder = new URIBuilder(errorPage);
node.getFailureData().forEach(uriBuilder::addParameter);
redirectURL = uriBuilder.toString();
}
response.sendRedirect(FrameworkUtils.getRedirectURL(redirectURL, request));
} catch (IOException e) {
throw new FrameworkException("Error when redirecting user to " + errorPage, e);
} catch (URISyntaxException e) {
throw new FrameworkException("Error when redirecting user to " + errorPage + ". Error page is not a valid URL.", e);
}
context.setRequestAuthenticated(false);
context.getSequenceConfig().setCompleted(true);
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
throw new JsFailureException("Error initiated from authentication script. User will be redirected to " + redirectURL);
} else {
// If isShowErrorPage is false, set parameters specific to fail function to context.
setErrorPropertiesToContext(node, context);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project carbon-identity-framework by wso2.
the class GraphBasedSequenceHandler method handleLongWait.
private boolean handleLongWait(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context, SequenceConfig sequenceConfig, LongWaitNode longWaitNode) throws FrameworkException {
boolean isWaiting;
LongWaitStatusStoreService longWaitStatusStoreService = FrameworkServiceDataHolder.getInstance().getLongWaitStatusStoreService();
LongWaitStatus longWaitStatus = longWaitStatusStoreService.getWait(context.getContextIdentifier());
if (longWaitStatus == null || longWaitStatus.getStatus() == LongWaitStatus.Status.UNKNOWN) {
// This is a initiation of long wait
longWaitStatus = new LongWaitStatus();
int tenantId = IdentityTenantUtil.getTenantId(context.getTenantDomain());
longWaitStatusStoreService.addWait(tenantId, context.getContextIdentifier(), longWaitStatus);
isWaiting = callExternalSystem(request, response, context, sequenceConfig, longWaitNode);
if (promptOnLongWait()) {
if (isWaiting) {
displayLongWait(context, request, response);
}
}
} else {
context.setReturning(false);
// This is a continuation of long wait
isWaiting = LongWaitStatus.Status.COMPLETED != longWaitStatus.getStatus();
longWaitStatusStoreService.removeWait(context.getContextIdentifier());
String outcomeName = (String) context.getProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_STATUS);
Map<String, Object> data = (Map<String, Object>) context.getProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_DATA);
context.removeProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_STATUS);
context.removeProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_DATA);
AuthGraphNode nextNode;
if (outcomeName != null) {
executeFunction(outcomeName, longWaitNode, context, data);
nextNode = longWaitNode.getDefaultEdge();
if (nextNode == null) {
log.error("Authentication script does not have applicable event handler for outcome " + outcomeName + " from the long wait process : " + context.getContextIdentifier() + ". So ending the authentication flow. Add the correspoding event handler to the script");
nextNode = new FailNode();
}
} else {
log.error("The outcome from the long wait process " + context.getContextIdentifier() + " is null. Because asyncReturn.accept() has not been used properly in the async process flow" + " of the custom function. So ending the authentication flow. Check the flow in the async" + " process flow of the custom function and add asyncReturn.accept() with the corresponding" + " outcome.");
nextNode = new FailNode();
}
context.setProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE, nextNode);
}
return isWaiting;
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode in project carbon-identity-framework by wso2.
the class GraphBasedSequenceHandler method setErrorPropertiesToContext.
/**
* Sets error properties to Authentication context and fail authentication.
*/
private void setErrorPropertiesToContext(FailNode node, AuthenticationContext context) throws FrameworkException {
Map<String, String> parameterMap = node.getFailureData();
// If an error code is provided, set it to the context.
if (parameterMap.containsKey(FrameworkConstants.ERROR_CODE)) {
context.setProperty(FrameworkConstants.AUTH_ERROR_CODE, parameterMap.get(FrameworkConstants.ERROR_CODE));
}
// If an error description is provided, set it to the context.
if (parameterMap.containsKey(FrameworkConstants.ERROR_MESSAGE)) {
context.setProperty(FrameworkConstants.AUTH_ERROR_MSG, parameterMap.get(FrameworkConstants.ERROR_MESSAGE));
}
// If an error URL is provided, validate is before proceeding.
if (parameterMap.containsKey(FrameworkConstants.ERROR_URI)) {
try {
new URL(parameterMap.get(FrameworkConstants.ERROR_URI));
} catch (MalformedURLException e) {
throw new FrameworkException("Error when validating provided errorURI: " + parameterMap.get(FrameworkConstants.ERROR_URI), e);
}
// Set the error URL to the context.
context.setProperty(FrameworkConstants.AUTH_ERROR_URI, parameterMap.get(FrameworkConstants.ERROR_URI));
}
context.setRequestAuthenticated(false);
context.getSequenceConfig().setCompleted(true);
}
Aggregations