List of usage examples for org.springframework.web.bind.support SimpleSessionStatus SimpleSessionStatus
SimpleSessionStatus
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = "/confirm_access", method = RequestMethod.GET) public ModelAndView loginGetHandler(HttpServletRequest request, HttpServletResponse response, ModelAndView mav, @RequestParam("client_id") String clientId, @RequestParam("scope") String scope, @RequestParam("redirect_uri") String redirectUri) { OrcidProfile profile = orcidProfileManager.retrieveOrcidProfile(getCurrentUserOrcid(), LoadOptions.BIO_ONLY);//from w ww.j a v a2 s. c o m clientId = (clientId != null) ? clientId.trim() : clientId; scope = (scope != null) ? scope.trim().replaceAll(" +", " ") : scope; redirectUri = (redirectUri != null) ? redirectUri.trim() : redirectUri; Boolean justRegistered = (Boolean) request.getSession().getAttribute(OrcidOauth2Constants.JUST_REGISTERED); if (justRegistered != null) { request.getSession().removeAttribute(OrcidOauth2Constants.JUST_REGISTERED); mav.addObject(OrcidOauth2Constants.JUST_REGISTERED, justRegistered); } String clientName = ""; String clientDescription = ""; String clientGroupName = ""; String clientWebsite = ""; boolean usePersistentTokens = false; ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId); clientName = clientDetails.getClientName() == null ? "" : clientDetails.getClientName(); clientDescription = clientDetails.getClientDescription() == null ? "" : clientDetails.getClientDescription(); clientWebsite = clientDetails.getClientWebsite() == null ? "" : clientDetails.getClientWebsite(); // validate client scopes try { authorizationEndpoint.validateScope(scope, clientDetails); orcidOAuth2RequestValidator.validateClientIsEnabled(clientDetails); } catch (InvalidScopeException ise) { String redirectUriWithParams = redirectUri; redirectUriWithParams += "?error=invalid_scope&error_description=" + ise.getMessage(); RedirectView rView = new RedirectView(redirectUriWithParams); ModelAndView error = new ModelAndView(); error.setView(rView); return error; } catch (LockedException le) { String redirectUriWithParams = redirectUri; redirectUriWithParams += "?error=client_locked&error_description=" + le.getMessage(); RedirectView rView = new RedirectView(redirectUriWithParams); ModelAndView error = new ModelAndView(); error.setView(rView); return error; } // Check if the client has persistent tokens enabled if (clientDetails.isPersistentTokensEnabled()) { usePersistentTokens = true; } if (usePersistentTokens) { boolean tokenAlreadyExists = tokenServices.tokenAlreadyExists(clientId, getEffectiveUserOrcid(), OAuth2Utils.parseParameterList(scope)); if (tokenAlreadyExists) { AuthorizationRequest authorizationRequest = (AuthorizationRequest) request.getSession() .getAttribute("authorizationRequest"); Authentication auth = SecurityContextHolder.getContext().getAuthentication(); Map<String, String> requestParams = new HashMap<String, String>(); copyRequestParameters(request, requestParams); Map<String, String> approvalParams = new HashMap<String, String>(); requestParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); approvalParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); requestParams.put(OrcidOauth2Constants.TOKEN_VERSION, OrcidOauth2Constants.PERSISTENT_TOKEN); // Check if the client have persistent tokens enabled requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "false"); if (hasPersistenTokensEnabled(clientId)) { // Then check if the client granted the persistent token requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "true"); } // Session status SimpleSessionStatus status = new SimpleSessionStatus(); authorizationRequest.setRequestParameters(requestParams); // Authorization request model Map<String, Object> model = new HashMap<String, Object>(); model.put("authorizationRequest", authorizationRequest); // Approve RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth); ModelAndView authCodeView = new ModelAndView(); authCodeView.setView(view); return authCodeView; } } if (clientDetails.getClientType() == null) { clientGroupName = PUBLIC_MEMBER_NAME; } else if (!PojoUtil.isEmpty(clientDetails.getGroupProfileId())) { ProfileEntity groupProfile = profileEntityCacheManager.retrieve(clientDetails.getGroupProfileId()); clientGroupName = groupProfile.getCreditName(); } // If the group name is empty, use the same as the client name, since it // should be a SSO user if (StringUtils.isBlank(clientGroupName)) { clientGroupName = clientName; } mav.addObject("profile", profile); mav.addObject("client_name", clientName); mav.addObject("client_description", clientDescription); mav.addObject("client_group_name", clientGroupName); mav.addObject("client_website", clientWebsite); mav.addObject("scopes", ScopePathType.getScopesFromSpaceSeparatedString(scope)); mav.addObject("scopesString", scope); mav.addObject("hideUserVoiceScript", true); mav.addObject("usePersistentTokens", usePersistentTokens); mav.setViewName("confirm-oauth-access"); return mav; }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = { "/custom/signin.json", "/custom/login.json" }, method = RequestMethod.POST) public @ResponseBody OauthAuthorizeForm authenticateAndAuthorize(HttpServletRequest request, HttpServletResponse response, @RequestBody OauthAuthorizeForm form) { // Clean form errors form.setErrors(new ArrayList<String>()); boolean willBeRedirected = false; if (form.getApproved()) { // Validate name and password validateUserNameAndPassword(form); if (form.getErrors().isEmpty()) { try { // Authenticate user Authentication auth = authenticateUser(request, form); // Create authorization params SimpleSessionStatus status = new SimpleSessionStatus(); Map<String, Object> model = new HashMap<String, Object>(); Map<String, String> params = new HashMap<String, String>(); Map<String, String> approvalParams = new HashMap<String, String>(); // Set params setOauthParams(form, params, approvalParams, false); // Authorize try { authorizationEndpoint.authorize(model, params, status, auth); } catch (RedirectMismatchException rUriError) { String redirectUri = this.getBaseUri() + REDIRECT_URI_ERROR; // Set the client id redirectUri = redirectUri.replace("{0}", form.getClientId().getValue()); // Set the response type if needed if (!PojoUtil.isEmpty(form.getResponseType())) redirectUri += "&response_type=" + form.getResponseType().getValue(); // Set the redirect uri if (!PojoUtil.isEmpty(form.getRedirectUri())) redirectUri += "&redirect_uri=" + form.getRedirectUri().getValue(); // Set the scope param if (!PojoUtil.isEmpty(form.getScope())) redirectUri += "&scope=" + form.getScope().getValue(); // Copy the state param if present if (params != null && params.containsKey("state")) redirectUri += "&state=" + params.get("state"); form.setRedirectUri(Text.valueOf(redirectUri)); LOGGER.info(/*from w w w. jav a2 s . co m*/ "OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + form.getRedirectUri()); return form; } // Approve RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth); form.setRedirectUri(Text.valueOf(view.getUrl())); willBeRedirected = true; } catch (AuthenticationException ae) { form.getErrors().add(getMessage("orcid.frontend.security.bad_credentials")); } } } else { String stateParam = null; if (!PojoUtil.isEmpty(form.getStateParam())) { stateParam = form.getStateParam().getValue(); } form.setRedirectUri(Text.valueOf(buildDenyRedirectUri(form.getRedirectUri().getValue(), stateParam))); willBeRedirected = true; } // If there was an authentication error, dont log since the user will // not be redirected yet if (willBeRedirected) { SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest != null) LOGGER.info("OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl()); LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + form.getRedirectUri()); } return form; }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = "/custom/registerConfirm.json", method = RequestMethod.POST) public @ResponseBody OauthRegistrationForm registerAndAuthorize(HttpServletRequest request, HttpServletResponse response, @RequestBody OauthRegistrationForm form) { if (form.getApproved()) { boolean usedCaptcha = false; // If recatcha wasn't loaded do nothing. This is for countries that // block google. if (form.getGrecaptchaWidgetId().getValue() != null) { // If the captcha verified key is not in the session, redirect // to // the login page if (request.getSession() .getAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME) == null || PojoUtil.isEmpty(form.getGrecaptcha()) || !encryptionManager.encryptForExternalUse(form.getGrecaptcha().getValue()) .equals(request.getSession() .getAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME))) { String redirectUri = this.getBaseUri() + REDIRECT_URI_ERROR; // Set the client id redirectUri = redirectUri.replace("{0}", form.getClientId().getValue()); // Set the response type if needed if (!PojoUtil.isEmpty(form.getResponseType())) redirectUri += "&response_type=" + form.getResponseType().getValue(); // Set the redirect uri if (!PojoUtil.isEmpty(form.getRedirectUri())) redirectUri += "&redirect_uri=" + form.getRedirectUri().getValue(); // Set the scope param if (!PojoUtil.isEmpty(form.getScope())) redirectUri += "&scope=" + form.getScope().getValue(); // Copy the state param if present if (!PojoUtil.isEmpty(request.getParameter("state"))) redirectUri += "&state=" + request.getParameter("state"); form.setRedirectUri(Text.valueOf(redirectUri)); SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest != null) LOGGER.info(//from ww w . j ava 2 s. c o m "OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl()); LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + form.getRedirectUri()); return form; } usedCaptcha = true; } // Remove the session hash if needed if (request.getSession() .getAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME) != null) { request.getSession().removeAttribute(RegistrationController.GRECAPTCHA_SESSION_ATTRIBUTE_NAME); } // Check there are no errors registrationController.validateRegistrationFields(request, form); if (form.getErrors().isEmpty()) { // Register user registrationController.createMinimalRegistration(request, RegistrationController.toProfile(form, request), usedCaptcha); // Authenticate user String email = form.getEmail().getValue(); String password = form.getPassword().getValue(); Authentication auth = authenticateUser(request, email, password); // Create authorization params SimpleSessionStatus status = new SimpleSessionStatus(); Map<String, Object> model = new HashMap<String, Object>(); Map<String, String> params = new HashMap<String, String>(); Map<String, String> approvalParams = new HashMap<String, String>(); // Set params setOauthParams(form, params, approvalParams, true); // Authorize try { authorizationEndpoint.authorize(model, params, status, auth); } catch (RedirectMismatchException rUriError) { String redirectUri = this.getBaseUri() + REDIRECT_URI_ERROR; // Set the client id redirectUri = redirectUri.replace("{0}", form.getClientId().getValue()); // Set the response type if needed if (!PojoUtil.isEmpty(form.getResponseType())) redirectUri += "&response_type=" + form.getResponseType().getValue(); // Set the redirect uri if (!PojoUtil.isEmpty(form.getRedirectUri())) redirectUri += "&redirect_uri=" + form.getRedirectUri().getValue(); // Set the scope param if (!PojoUtil.isEmpty(form.getScope())) redirectUri += "&scope=" + form.getScope().getValue(); // Copy the state param if present if (params != null && params.containsKey("state")) redirectUri += "&state=" + params.get("state"); form.setRedirectUri(Text.valueOf(redirectUri)); LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + form.getRedirectUri()); return form; } // Approve RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth); form.setRedirectUri(Text.valueOf(view.getUrl())); } } else { form.setRedirectUri(Text.valueOf( buildDenyRedirectUri(form.getRedirectUri().getValue(), request.getParameter("state")))); } SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest != null) { if (savedRequest != null) LOGGER.info("OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl()); LOGGER.info("OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl()); } LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + form.getRedirectUri()); return form; }
From source file:org.orcid.frontend.web.controllers.OauthConfirmAccessController.java
@RequestMapping(value = { "/custom/authorize.json" }, method = RequestMethod.POST) public @ResponseBody OauthAuthorizeForm authorize(HttpServletRequest request, HttpServletResponse response, @RequestBody OauthAuthorizeForm form) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); AuthorizationRequest authorizationRequest = (AuthorizationRequest) request.getSession() .getAttribute("authorizationRequest"); Map<String, String> requestParams = new HashMap<String, String>( authorizationRequest.getRequestParameters()); Map<String, String> approvalParams = new HashMap<String, String>(); // Add the persistent token information if (form.getApproved()) { requestParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); approvalParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "true"); } else {//from w w w . j a va2s . c om requestParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "false"); approvalParams.put(OAuth2Utils.USER_OAUTH_APPROVAL, "false"); } requestParams.put(OrcidOauth2Constants.TOKEN_VERSION, OrcidOauth2Constants.PERSISTENT_TOKEN); // Check if the client have persistent tokens enabled requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "false"); if (hasPersistenTokensEnabled(form.getClientId().getValue())) // Then check if the client granted the persistent token if (form.getPersistentTokenEnabled()) requestParams.put(OrcidOauth2Constants.GRANT_PERSISTENT_TOKEN, "true"); // Session status SimpleSessionStatus status = new SimpleSessionStatus(); authorizationRequest.setRequestParameters(requestParams); // Authorization request model Map<String, Object> model = new HashMap<String, Object>(); model.put("authorizationRequest", authorizationRequest); // Approve RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth); form.setRedirectUri(Text.valueOf(view.getUrl())); SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest != null) LOGGER.info("OauthConfirmAccessController original request: " + savedRequest.getRedirectUrl()); LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + form.getRedirectUri()); return form; }