List of usage examples for org.springframework.security.web.savedrequest HttpSessionRequestCache HttpSessionRequestCache
HttpSessionRequestCache
From source file:nl.surfnet.spring.security.opensaml.config.ServiceProviderBeanDefinitionParser.java
@Override protected AbstractBeanDefinition parseInternal(final Element element, final ParserContext parserContext) { final String preAuthFilterRef = element.getAttribute("preauth-filter-ref"); if (StringUtils.isBlank(preAuthFilterRef)) { parserContext.getReaderContext().error("The preauth-filter-ref is mandatory", element); }/* w ww. ja v a 2 s. c o m*/ final String messageHandlerRef = element.getAttribute("message-handler-ref"); if (StringUtils.isBlank(messageHandlerRef)) { parserContext.getReaderContext().error("The message-handler-ref is mandatory", element); } final String certificatestoreRef = element.getAttribute("certificatestore-ref"); if (StringUtils.isBlank(certificatestoreRef)) { parserContext.getReaderContext().error("The certificatestore-ref is mandatory", element); } final String provisionerRef = element.getAttribute("provisioner-ref"); if (StringUtils.isBlank(provisionerRef)) { parserContext.getReaderContext().error("The provisioner-ref is mandatory", element); } final String authenticationManangerRef = element.getAttribute("authentication-manager-ref"); if (StringUtils.isBlank(authenticationManangerRef)) { parserContext.getReaderContext().error("The authentication-manager-ref is mandatory", element); } final String entityID = element.getAttribute("entity-id"); if (StringUtils.isBlank(entityID)) { parserContext.getReaderContext().error("The entity-id is mandatory", element); } final String assertionConsumerURI = element.getAttribute("assertion-consumer-uri"); if (StringUtils.isBlank(assertionConsumerURI)) { parserContext.getReaderContext().error("Missing or empty assertion-consumer-uri.", element); } final String poolSize = element.getAttribute("max-parser-pool-size"); try { poolSizeInt = Integer.parseInt(poolSize); } catch (NumberFormatException nfe) { parserContext.getReaderContext().error("An invalid value for max-parser-pool-size was supplied", element); } final String replayCacheLife = element.getAttribute("replay-cache-life-in-millis"); try { replayCacheDuration = Integer.parseInt(replayCacheLife); } catch (NumberFormatException nfe) { parserContext.getReaderContext().error("An invalid value for replay-cache-life-in-millis was supplied", element); } final String clockSkew = element.getAttribute("issue-instant-check-clock-skew-in-secs"); try { newClockSkew = Integer.parseInt(clockSkew); } catch (NumberFormatException nfe) { parserContext.getReaderContext() .error("An invalid value for issue-instant-check-clock-skew-in-secs was supplied", element); } final String validTime = element.getAttribute("issue-instant-check-valid-time-in-secs"); try { newExpires = Integer.parseInt(validTime); } catch (NumberFormatException nfe) { parserContext.getReaderContext() .error("An invalid value for issue-instant-check-valid-time-in-secs was supplied", element); } BeanDefinitionBuilder bootstrapBean = BeanDefinitionBuilder.genericBeanDefinition(DefaultBootstrap.class); bootstrapBean.setInitMethodName("bootstrap"); parserContext.getRegistry().registerBeanDefinition(BEAN_SAMLINITIALIZER, bootstrapBean.getBeanDefinition()); final BasicParserPool basicParserPool = new BasicParserPool(); basicParserPool.setMaxPoolSize(poolSizeInt); final HTTPPostSimpleSignDecoder httpPostSimpleSignDecoder = new HTTPPostSimpleSignDecoder(basicParserPool); final VelocityEngineFactoryBean velocityEngineFactoryBean = new VelocityEngineFactoryBean(); velocityEngineFactoryBean.setPreferFileSystemAccess(false); Properties velocityEngineProperties = new Properties(); velocityEngineProperties.setProperty("resource.loader", "classpath"); velocityEngineProperties.setProperty("classpath.resource.loader.class", "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); velocityEngineFactoryBean.setVelocityProperties(velocityEngineProperties); VelocityEngine velocityEngine = null; try { velocityEngine = velocityEngineFactoryBean.createVelocityEngine(); } catch (IOException e) { throw new RuntimeException("Unable to create velocity engine instance"); } // Replay cache BeanDefinitionBuilder replayCacheBuilder = BeanDefinitionBuilder.genericBeanDefinition(ReplayCache.class); replayCacheBuilder.addConstructorArgValue(new MapBasedStorageService()); replayCacheBuilder.addConstructorArgValue(replayCacheDuration); parserContext.getRegistry().registerBeanDefinition(BEAN_REPLAYCACHE, replayCacheBuilder.getBeanDefinition()); // Message replay rule BeanDefinitionBuilder messageReplayRuleBuilder = BeanDefinitionBuilder .genericBeanDefinition(MessageReplayRule.class); messageReplayRuleBuilder.addConstructorArgReference(BEAN_REPLAYCACHE); parserContext.getRegistry().registerBeanDefinition("messageReplayRule", messageReplayRuleBuilder.getBeanDefinition()); // Issue instant rule BeanDefinitionBuilder issueInstantBuilder = BeanDefinitionBuilder .genericBeanDefinition(IssueInstantRule.class); issueInstantBuilder.addConstructorArgValue(newClockSkew); issueInstantBuilder.addConstructorArgValue(newExpires); parserContext.getRegistry().registerBeanDefinition("issueInstantRule", issueInstantBuilder.getBeanDefinition()); // KeyStore Credential Resolver BeanDefinitionBuilder keyStoreBuilder = BeanDefinitionBuilder .genericBeanDefinition(KeyStoreCredentialResolverDelegate.class); keyStoreBuilder.addPropertyReference("keyStore", certificatestoreRef); parserContext.getRegistry().registerBeanDefinition(BEAN_KEYSTORECREDENTIALRESOLVER, keyStoreBuilder.getBeanDefinition()); // Signature Rule Builder BeanDefinitionBuilder signatureRuleBuilder = BeanDefinitionBuilder .genericBeanDefinition(SignatureSecurityPolicyRule.class); signatureRuleBuilder.addConstructorArgValue(new SAMLSignatureProfileValidator()); signatureRuleBuilder.addPropertyReference("credentialResolver", BEAN_KEYSTORECREDENTIALRESOLVER); // List of rule beans final ManagedList<BeanMetadataElement> beanMetadataElements = new ManagedList<BeanMetadataElement>(); beanMetadataElements.add(signatureRuleBuilder.getBeanDefinition()); beanMetadataElements.add(issueInstantBuilder.getBeanDefinition()); beanMetadataElements.add(messageReplayRuleBuilder.getBeanDefinition()); // Security Policy BeanDefinitionBuilder securityPolicyDelegateBuilder = BeanDefinitionBuilder .genericBeanDefinition(SecurityPolicyDelegate.class); securityPolicyDelegateBuilder.addConstructorArgValue(beanMetadataElements); parserContext.getRegistry().registerBeanDefinition(BEAN_SECURITYPOLICY, securityPolicyDelegateBuilder.getBeanDefinition()); // Security Policy Resolver BeanDefinitionBuilder securityPolicyResolverBuilder = BeanDefinitionBuilder .genericBeanDefinition(StaticSecurityPolicyResolver.class); securityPolicyResolverBuilder.addConstructorArgReference(BEAN_SECURITYPOLICY); parserContext.getRegistry().registerBeanDefinition(BEAN_SECURITYPOLICYRESOLVER, securityPolicyResolverBuilder.getBeanDefinition()); // Message Handler BeanDefinitionBuilder postBindingAdapter = BeanDefinitionBuilder .rootBeanDefinition(SAMLMessageHandlerImpl.class); postBindingAdapter.addConstructorArgValue(httpPostSimpleSignDecoder); postBindingAdapter.addConstructorArgReference(BEAN_SECURITYPOLICYRESOLVER); postBindingAdapter.addPropertyValue("velocityEngine", velocityEngine); postBindingAdapter.addPropertyValue("entityId", entityID); parserContext.getRegistry().registerBeanDefinition(messageHandlerRef, postBindingAdapter.getBeanDefinition()); // Assertion Consumer Bean BeanDefinitionBuilder assertionComsumerBean = BeanDefinitionBuilder .genericBeanDefinition(AssertionConsumerImpl.class); assertionComsumerBean.addPropertyReference("provisioner", provisionerRef); parserContext.getRegistry().registerBeanDefinition(BEAN_ASSERTIONCONSUMER, assertionComsumerBean.getBeanDefinition()); BeanDefinitionBuilder authenticationProvider = BeanDefinitionBuilder .rootBeanDefinition(SAMLResponseAuthenticationProvider.class); authenticationProvider.addConstructorArgReference(BEAN_ASSERTIONCONSUMER); parserContext.getRegistry().registerBeanDefinition(BEAN_AUTHENTICATIONPROVIDER, authenticationProvider.getBeanDefinition()); // Pre Auth Filter final HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); final AuthenticationFailureHandlerImpl authenticationFailureHandler = new AuthenticationFailureHandlerImpl( requestCache); // Authentication Filter BeanDefinitionBuilder authenticationFilter = BeanDefinitionBuilder .rootBeanDefinition(SAMLResponseAuthenticationProcessingFilter.class); authenticationFilter.addConstructorArgValue(assertionConsumerURI); authenticationFilter.addPropertyReference("SAMLMessageHandler", messageHandlerRef); authenticationFilter.addPropertyReference("authenticationManager", authenticationManangerRef); authenticationFilter.addPropertyValue("authenticationFailureHandler", authenticationFailureHandler); parserContext.getRegistry().registerBeanDefinition(preAuthFilterRef, authenticationFilter.getBeanDefinition()); return authenticationProvider.getBeanDefinition(); }
From source file:org.josso.spring.security.JOSSOAuthenticationFilter.java
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { if (!(servletRequest instanceof HttpServletRequest)) { throw new IllegalArgumentException("Non HTTP request unsupported by this filter"); }/*from www . ja v a 2 s . c om*/ if (!(servletResponse instanceof HttpServletResponse)) { throw new IllegalArgumentException("Non HTTP response unsupported by this filter"); } HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; // We have to provide Authentication information based on JOSSO auth information ... // Obtain a JOSSO security context instance, if none is found is because user has not been authenticated. JOSSOSecurityContext sctx = WebAccessControlUtil.getSecurityContext((HttpServletRequest) request); logger.debug("Current JOSSO Security Context is " + sctx); // This is the authentication information used by ACEGI Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); // If authentication information is present, we only need to validate that it is up to date. if (authentication != null) { if (logger.isDebugEnabled()) { logger.debug("Authentication information already present : '" + SecurityContextHolder.getContext().getAuthentication() + "'"); } // If there is no principal, we may need to logout this user ... TODO detect anonymous principals ? if (sctx == null && authentication.isAuthenticated()) { // If an authenticated Authentication is present, we must issue a logout ! if (logger.isDebugEnabled()) { logger.debug("Logging out user '" + authentication + "'"); } for (int i = 0; i < handlers.length; i++) { handlers[i].logout(request, response, authentication); } } chain.doFilter(request, response); return; } // We have a principal but no Spring Security authentication, propagate identity from JOSSO to Spring Security. if (sctx != null) { // If a saved request is present, we use the saved request to redirect the user to the original resource. SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest != null) logger.debug("Redirecting to original resource " + savedRequest.getRedirectUrl()); UserDetails userDetails = userDetailsService.loadUserByUsername(sctx.getSSOSession()); // String jossoSessionId = (String) request.getAttribute("org.josso.agent.ssoSessionid"); // New authenticated autentication instance. Authentication jossoAuth = new JOSSOAuthenticationToken(sctx.getSSOSession(), userDetails, userDetails.getAuthorities()); // Store to SecurityContextHolder SecurityContextHolder.getContext().setAuthentication(jossoAuth); if (logger.isDebugEnabled()) { logger.debug("SecurityContextHolder populated with JOSSO Authentication Token: '" + SecurityContextHolder.getContext().getAuthentication() + "'"); } // Fire event if (this.eventPublisher != null) { eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent( SecurityContextHolder.getContext().getAuthentication(), this.getClass())); } // We have a saved request, redirect to original URL ... if (savedRequest != null) response.sendRedirect(savedRequest.getRedirectUrl()); } else { if (logger.isDebugEnabled()) logger.debug("No principal found in request !"); } // Move on ... chain.doFilter(request, response); }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = { "/signin", "/login" }, method = RequestMethod.GET)
public ModelAndView loginGetHandler2(HttpServletRequest request, HttpServletResponse response,
ModelAndView mav) {//from w w w .ja v a 2s .c om
// find client name if available
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
String clientName = "";
String clientId = "";
String clientGroupName = "";
String email = "";
String clientDescription = "";
String scope = "";
String redirectUri = "";
String responseType = "";
String orcid = null;
boolean showLogin = false; // default to Reg
boolean usePersistentTokens = false;
if (savedRequest != null) {
String url = savedRequest.getRedirectUrl();
if (url.toLowerCase().contains("show_login=true"))
showLogin = true;
//TODO: We should not load any info in the freemarker ModelAndViewObject, we should move all info we need to the forms
Matcher matcher = clientIdPattern.matcher(url);
if (matcher.find()) {
clientId = matcher.group(1);
if (clientId != null) {
try {
clientId = URLDecoder.decode(clientId, "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
Matcher emailMatcher = RegistrationController.emailPattern.matcher(url);
if (emailMatcher.find()) {
String tempEmail = emailMatcher.group(1);
try {
tempEmail = URLDecoder.decode(tempEmail, "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
if (orcidProfileManager.emailExists(tempEmail))
email = tempEmail;
}
Matcher orcidMatcher = orcidPattern.matcher(url);
if (orcidMatcher.find()) {
String tempOrcid = orcidMatcher.group(2);
try {
tempOrcid = URLDecoder.decode(tempOrcid, "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
if (orcidProfileManager.exists(tempOrcid))
orcid = tempOrcid;
}
Matcher scopeMatcher = scopesPattern.matcher(url);
if (scopeMatcher.find()) {
scope = scopeMatcher.group(1);
try {
scope = URLDecoder.decode(scope, "UTF-8").trim();
scope = scope.replaceAll(" +", " ");
} catch (UnsupportedEncodingException e) {
}
}
Matcher redirectUriMatcher = redirectUriPattern.matcher(url);
if (redirectUriMatcher.find()) {
try {
redirectUri = URLDecoder.decode(redirectUriMatcher.group(1), "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
}
Matcher responseTypeMatcher = responseTypePattern.matcher(url);
if (responseTypeMatcher.find()) {
responseType = responseTypeMatcher.group(1);
try {
responseType = URLDecoder.decode(responseType, "UTF-8").trim();
} catch (UnsupportedEncodingException e) {
}
}
// Get client name
ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId);
// Check if the client has persistent tokens enabled
if (clientDetails.isPersistentTokensEnabled())
usePersistentTokens = true;
// validate client scopes
try {
authorizationEndpoint.validateScope(scope, clientDetails);
orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails);
} catch (InvalidScopeException ise) {
String redirectUriWithParams = redirectUri;
redirectUriWithParams += "?error=invalid_scope&error_description=" + ise.getMessage();
RedirectView rView = new RedirectView(redirectUriWithParams);
ModelAndView error = new ModelAndView();
error.setView(rView);
return error;
} catch (LockedException le) {
String redirectUriWithParams = redirectUri;
redirectUriWithParams += "?error=client_locked&error_description=" + le.getMessage();
RedirectView rView = new RedirectView(redirectUriWithParams);
ModelAndView error = new ModelAndView();
error.setView(rView);
return error;
}
// If client details is ok, continue
clientName = clientDetails.getClientName() == null ? "" : clientDetails.getClientName();
clientDescription = clientDetails.getClientDescription() == null ? ""
: clientDetails.getClientDescription();
// If client type is null it means it is a public client
if (clientDetails.getClientType() == null) {
clientGroupName = PUBLIC_MEMBER_NAME;
} else if (!PojoUtil.isEmpty(clientDetails.getGroupProfileId())) {
ProfileEntity groupProfile = profileEntityCacheManager
.retrieve(clientDetails.getGroupProfileId());
clientGroupName = groupProfile.getCreditName();
}
// If the group name is empty, use the same as the client
// name, since it should be a SSO user
if (StringUtils.isBlank(clientGroupName)) {
clientGroupName = clientName;
}
}
}
}
mav.addObject("scopes", ScopePathType.getScopesFromSpaceSeparatedString(scope));
mav.addObject("scopesString", scope);
mav.addObject("redirect_uri", redirectUri);
mav.addObject("response_type", responseType);
mav.addObject("client_name", clientName);
mav.addObject("client_id", clientId);
mav.addObject("client_group_name", clientGroupName);
mav.addObject("client_description", clientDescription);
mav.addObject("userId", orcid != null ? orcid : email);
mav.addObject("hideUserVoiceScript", true);
mav.addObject("usePersistentTokens", usePersistentTokens);
mav.addObject("showLogin", String.valueOf(showLogin));
mav.setViewName("oauth_login");
return mav;
}
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = { "/custom/signin.json", "/custom/login.json" }, method = RequestMethod.POST)
public @ResponseBody OauthAuthorizeForm authenticateAndAuthorize(HttpServletRequest request,
HttpServletResponse response, @RequestBody OauthAuthorizeForm form) {
// Clean form errors
form.setErrors(new ArrayList<String>());
boolean willBeRedirected = false;
if (form.getApproved()) {
// Validate name and password
validateUserNameAndPassword(form);
if (form.getErrors().isEmpty()) {
try {
// Authenticate user
Authentication auth = authenticateUser(request, form);
// Create authorization params
SimpleSessionStatus status = new SimpleSessionStatus();
Map<String, Object> model = new HashMap<String, Object>();
Map<String, String> params = new HashMap<String, String>();
Map<String, String> approvalParams = new HashMap<String, String>();
// Set params
setOauthParams(form, params, approvalParams, false);
// Authorize
try {
authorizationEndpoint.authorize(model, params, status, auth);
} catch (RedirectMismatchException rUriError) {
String redirectUri = this.getBaseUri() + REDIRECT_URI_ERROR;
// Set the client id
redirectUri = redirectUri.replace("{0}", form.getClientId().getValue());
// Set the response type if needed
if (!PojoUtil.isEmpty(form.getResponseType()))
redirectUri += "&response_type=" + form.getResponseType().getValue();
// Set the redirect uri
if (!PojoUtil.isEmpty(form.getRedirectUri()))
redirectUri += "&redirect_uri=" + form.getRedirectUri().getValue();
// Set the scope param
if (!PojoUtil.isEmpty(form.getScope()))
redirectUri += "&scope=" + form.getScope().getValue();
// Copy the state param if present
if (params != null && params.containsKey("state"))
redirectUri += "&state=" + params.get("state");
form.setRedirectUri(Text.valueOf(redirectUri));
LOGGER.info(/* w ww . ja v a2 s. c om*/
"OauthConfirmAccessController form.getRedirectUri being sent to client browser: "
+ form.getRedirectUri());
return form;
}
// Approve
RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model,
status, auth);
form.setRedirectUri(Text.valueOf(view.getUrl()));
willBeRedirected = true;
} catch (AuthenticationException ae) {
form.getErrors().add(getMessage("orcid.frontend.security.bad_credentials"));
}
}
} else {
String stateParam = null;
if (!PojoUtil.isEmpty(form.getStateParam())) {
stateParam = form.getStateParam().getValue();
}
form.setRedirectUri(Text.valueOf(buildDenyRedirectUri(form.getRedirectUri().getValue(), stateParam)));
willBeRedirected = true;
}
// If there was an authentication error, dont log since the user will
// not be redirected yet
if (willBeRedirected) {
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
if (savedRequest != null)
LOGGER.info("OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl());
LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: "
+ form.getRedirectUri());
}
return form;
}
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
/** * Fill the for with the state param and the client and member names. * // w ww. j a v a 2 s.co m * @param form * @param request * @param response * */ private void fillOauthFormWithRequestInformation(OauthForm form, HttpServletRequest request, HttpServletResponse response) { Map<String, String[]> requestParams = new HashMap<String, String[]>(); SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); //Get the params from the saved request if (savedRequest != null) { requestParams = savedRequest.getParameterMap(); } else { //If there are no saved request, get them from the session AuthorizationRequest authorizationRequest = (AuthorizationRequest) request.getSession() .getAttribute("authorizationRequest"); Map<String, String> authRequestParams = new HashMap<String, String>( authorizationRequest.getRequestParameters()); for (String param : authRequestParams.keySet()) { requestParams.put(param, new String[] { authRequestParams.get(param) }); } } if (requestParams == null || requestParams.isEmpty()) { throw new InvalidRequestException("Unable to find parameters"); } //Save state param if (requestParams.containsKey(OrcidOauth2Constants.STATE_PARAM)) { if (requestParams.get(OrcidOauth2Constants.STATE_PARAM).length > 0) form.setStateParam(Text.valueOf(requestParams.get(OrcidOauth2Constants.STATE_PARAM)[0])); } //Get and set client info if (!requestParams.containsKey(OrcidOauth2Constants.CLIENT_ID_PARAM)) { throw new InvalidRequestException("Empty client id"); } String clientId = requestParams.get(OrcidOauth2Constants.CLIENT_ID_PARAM)[0]; try { clientId = URLDecoder.decode(clientId, "UTF-8").trim(); } catch (UnsupportedEncodingException e) { throw new InvalidRequestException("Unable to parse client id: " + e); } ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId); try { orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails); } catch (LockedException le) { throw new InvalidRequestException("Client " + clientId + " is locked"); } String clientName = clientDetails.getClientName() == null ? "" : clientDetails.getClientName(); String memberName = null; // If it is the if (ClientType.PUBLIC_CLIENT.equals(clientDetails.getClientType())) { memberName = PUBLIC_MEMBER_NAME; } else { ProfileEntity groupProfile = profileEntityCacheManager.retrieve(clientDetails.getGroupProfileId()); memberName = groupProfile.getCreditName(); } form.setClientName(Text.valueOf(clientName)); form.setMemberName(Text.valueOf(memberName)); form.setClientId(Text.valueOf(clientId)); //If it is a new registration, set the referred by flag if (form instanceof OauthRegistrationForm) { ((OauthRegistrationForm) form).setReferredBy(Text.valueOf(clientId)); } }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = "/custom/register.json", method = RequestMethod.POST) public @ResponseBody OauthRegistrationForm checkRegisterForm(HttpServletRequest request, HttpServletResponse response, @RequestBody OauthRegistrationForm form) { form.setErrors(new ArrayList<String>()); if (form.getApproved()) { registrationController.validateRegistrationFields(request, form); registrationController.validateGrcaptcha(request, form); } else {//w ww. j a v a2 s . c o m SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); String stateParam = null; if (savedRequest != null && savedRequest.getParameterMap() != null && savedRequest.getParameterValues("state") != null) { if (savedRequest.getParameterValues("state").length > 0) stateParam = savedRequest.getParameterValues("state")[0]; } form.setRedirectUri(Text.valueOf(buildDenyRedirectUri(form.getRedirectUri().getValue(), stateParam))); } return form; }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = "/custom/registerConfirm.json", method = RequestMethod.POST) public @ResponseBody OauthRegistrationForm registerAndAuthorize(HttpServletRequest request, HttpServletResponse response, @RequestBody OauthRegistrationForm form) { if (form.getApproved()) { boolean usedCaptcha = false; // If recatcha wasn't loaded do nothing. This is for countries that // block google. if (form.getGrecaptchaWidgetId().getValue() != null) { // If the captcha verified key is not in the session, redirect // to // the login page if (request.getSession() .getAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME) == null || PojoUtil.isEmpty(form.getGrecaptcha()) || !encryptionManager.encryptForExternalUse(form.getGrecaptcha().getValue()) .equals(request.getSession() .getAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME))) { String redirectUri = this.getBaseUri() + REDIRECT_URI_ERROR; // Set the client id redirectUri = redirectUri.replace("{0}", form.getClientId().getValue()); // Set the response type if needed if (!PojoUtil.isEmpty(form.getResponseType())) redirectUri += "&response_type=" + form.getResponseType().getValue(); // Set the redirect uri if (!PojoUtil.isEmpty(form.getRedirectUri())) redirectUri += "&redirect_uri=" + form.getRedirectUri().getValue(); // Set the scope param if (!PojoUtil.isEmpty(form.getScope())) redirectUri += "&scope=" + form.getScope().getValue(); // Copy the state param if present if (!PojoUtil.isEmpty(request.getParameter("state"))) redirectUri += "&state=" + request.getParameter("state"); form.setRedirectUri(Text.valueOf(redirectUri)); SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest != null) LOGGER.info(//from ww w . ja v a2 s . co m "OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl()); LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + form.getRedirectUri()); return form; } usedCaptcha = true; } // Remove the session hash if needed if (request.getSession() .getAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME) != null) { request.getSession().removeAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME); } // Check there are no errors registrationController.validateRegistrationFields(request, form); if (form.getErrors().isEmpty()) { // Register user registrationController.createMinimalRegistration(request, RegistrationController.toProfile(form, request), usedCaptcha); // Authenticate user String email = form.getEmail().getValue(); String password = form.getPassword().getValue(); Authentication auth = authenticateUser(request, email, password); // Create authorization params SimpleSessionStatus status = new SimpleSessionStatus(); Map<String, Object> model = new HashMap<String, Object>(); Map<String, String> params = new HashMap<String, String>(); Map<String, String> approvalParams = new HashMap<String, String>(); // Set params setOauthParams(form, params, approvalParams, true); // Authorize try { authorizationEndpoint.authorize(model, params, status, auth); } catch (RedirectMismatchException rUriError) { String redirectUri = this.getBaseUri() + REDIRECT_URI_ERROR; // Set the client id redirectUri = redirectUri.replace("{0}", form.getClientId().getValue()); // Set the response type if needed if (!PojoUtil.isEmpty(form.getResponseType())) redirectUri += "&response_type=" + form.getResponseType().getValue(); // Set the redirect uri if (!PojoUtil.isEmpty(form.getRedirectUri())) redirectUri += "&redirect_uri=" + form.getRedirectUri().getValue(); // Set the scope param if (!PojoUtil.isEmpty(form.getScope())) redirectUri += "&scope=" + form.getScope().getValue(); // Copy the state param if present if (params != null && params.containsKey("state")) redirectUri += "&state=" + params.get("state"); form.setRedirectUri(Text.valueOf(redirectUri)); LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + form.getRedirectUri()); return form; } // Approve RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth); form.setRedirectUri(Text.valueOf(view.getUrl())); } } else { form.setRedirectUri(Text.valueOf( buildDenyRedirectUri(form.getRedirectUri().getValue(), request.getParameter("state")))); } SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest != null) { if (savedRequest != null) LOGGER.info("OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl()); LOGGER.info("OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl()); } LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + form.getRedirectUri()); return form; }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = { "/custom/authorize.json" }, method = RequestMethod.POST)
public @ResponseBody OauthAuthorizeForm authorize(HttpServletRequest request, HttpServletResponse response,
@RequestBody OauthAuthorizeForm form) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
AuthorizationRequest authorizationRequest = (AuthorizationRequest) request.getSession()
.getAttribute("authorizationRequest");
Map<String, String> requestParams = new HashMap<String, String>(
authorizationRequest.getRequestParameters());
Map<String, String> approvalParams = new HashMap<String, String>();
// Add the persistent token information
if (form.getApproved()) {
requestParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true");
approvalParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true");
} else {/* www .ja va 2 s.co m*/
requestParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "false");
approvalParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "false");
}
requestParams.put(OrcidOauth2Constants.TOKEN_VERSION, OrcidOauth2Constants.PERSISTENT_TOKEN);
// Check if the client have persistent tokens enabled
requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "false");
if (hasPersistenTokensEnabled(form.getClientId().getValue()))
// Then check if the client granted the persistent token
if (form.getPersistentTokenEnabled())
requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "true");
// Session status
SimpleSessionStatus status = new SimpleSessionStatus();
authorizationRequest.setRequestParameters(requestParams);
// Authorization request model
Map<String, Object> model = new HashMap<String, Object>();
model.put("authorizationRequest", authorizationRequest);
// Approve
RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth);
form.setRedirectUri(Text.valueOf(view.getUrl()));
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response);
if (savedRequest != null)
LOGGER.info("OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl());
LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: "
+ form.getRedirectUri());
return form;
}
From source file:org.orcid.frontend.web.controllers.RegistrationController.java
@RequestMapping(value = "/register.json", method = RequestMethod.GET) public @ResponseBody Registration getRegister(HttpServletRequest request, HttpServletResponse response) { // Remove the session hash if needed if (request.getSession().getAttribute(GRECAPTCHA_SESSION_ATTRIBUTE_NAME) != null) { request.getSession().removeAttribute(GRECAPTCHA_SESSION_ATTRIBUTE_NAME); }//from ww w.j ava2s . co m Registration reg = new Registration(); reg.getEmail().setRequired(true); reg.getEmailConfirm().setRequired(true); reg.getPassword(); reg.getPasswordConfirm(); reg.getEmail(); reg.getFamilyNames().setRequired(false); reg.getGivenNames().setRequired(true); reg.getSendChangeNotifications().setValue(true); reg.getSendOrcidNews().setValue(true); reg.getSendMemberUpdateRequests().setValue(true); reg.getSendEmailFrequencyDays().setValue(SendEmailFrequency.WEEKLY.value()); reg.getTermsOfUse().setValue(false); setError(reg.getTermsOfUse(), "AssertTrue.registrationForm.acceptTermsAndConditions"); SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest != null) { String url = savedRequest.getRedirectUrl(); Matcher emailMatcher = emailPattern.matcher(url); if (emailMatcher.find()) { String tempEmail = emailMatcher.group(1); try { tempEmail = URLDecoder.decode(tempEmail, "UTF-8"); } catch (UnsupportedEncodingException e) { } if (!orcidProfileManager.emailExists(tempEmail)) { reg.getEmail().setValue(tempEmail); } } Matcher givenNamesMatcher = givenNamesPattern.matcher(url); if (givenNamesMatcher.find()) try { reg.getGivenNames().setValue(URLDecoder.decode(givenNamesMatcher.group(1), "UTF-8")); } catch (UnsupportedEncodingException e) { LOGGER.info("error parsing users family name from oauth url", e); } Matcher familyNamesMatcher = familyNamesPattern.matcher(url); if (familyNamesMatcher.find()) try { reg.getFamilyNames().setValue(URLDecoder.decode(familyNamesMatcher.group(1), "UTF-8")); } catch (UnsupportedEncodingException e) { LOGGER.info("error parsing users family name from oauth url", e); } } long numVal = generateRandomNumForValidation(); reg.setValNumServer(numVal); reg.setValNumClient(0); return reg; }