org.cloudfoundry.identity.uaa.oauth.DisableIdTokenResponseTypeFilter.java Source code

Introduction

Here is the source code for org.cloudfoundry.identity.uaa.oauth.DisableIdTokenResponseTypeFilter.java

Source

/*
 * *****************************************************************************
 *      Cloud Foundry
 *      Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved.
 *      This product is licensed to you under the Apache License, Version 2.0 (the "License").
 *      You may not use this product except in compliance with the License.
 *
 *      This product includes a number of subcomponents with
 *      separate copyright notices and license terms. Your use of these
 *      subcomponents is subject to the terms and conditions of the
 *      subcomponent's license, as noted in the LICENSE file.
 * *****************************************************************************
 */

package org.cloudfoundry.identity.uaa.oauth;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import static org.springframework.security.oauth2.common.util.OAuth2Utils.RESPONSE_TYPE;

public class DisableIdTokenResponseTypeFilter extends OncePerRequestFilter {

    public static final String CONFIG = "oauth.id_token.disable";
    public static final String ID_TOKEN = "id_token";

    protected static Log logger = LogFactory.getLog(DisableIdTokenResponseTypeFilter.class);

    private boolean active;
    private final List<String> paths;

    public DisableIdTokenResponseTypeFilter(boolean active, List<String> paths) {
        this.paths = paths;
        this.active = active;
    }

    public boolean isIdTokenDisabled() {
        return active;
    }

    public void setIdTokenDisabled(boolean disabled) {
        this.active = disabled;
    }

    protected boolean applyPath(String path) {
        if (paths == null || paths.size() == 0 || path == null) {
            return false;
        }
        AntPathMatcher matcher = new AntPathMatcher();
        for (String pattern : paths) {
            if (matcher.isPattern(pattern)) {
                if (matcher.match(pattern, path)) {
                    return true;
                }
            } else { //exact match
                if (pattern.equals(path)) {
                    return true;
                }
            }
        }
        return false;
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
            FilterChain filterChain) throws ServletException, IOException {
        logger.debug("Processing id_token disable filter");

        HttpServletRequest requestWrapper = request;
        logger.debug(String.format("pre id_token disable:%s pathinfo:%s request_uri:%s response_type:%s",
                isIdTokenDisabled(), requestWrapper.getPathInfo(), request.getRequestURI(),
                requestWrapper.getParameter(RESPONSE_TYPE)));
        if (isIdTokenDisabled() && (applyPath(request.getPathInfo()) || applyPath(request.getRequestURI()))) {
            requestWrapper = new RemoveIdTokenParameterValueWrapper(request);
        }
        logger.debug(String.format("post id_token disable:%s pathinfo:%s request_uri:%s response_type:%s",
                isIdTokenDisabled(), requestWrapper.getPathInfo(), request.getRequestURI(),
                requestWrapper.getParameter(RESPONSE_TYPE)));
        filterChain.doFilter(requestWrapper, response);
    }

    public class RemoveIdTokenParameterValueWrapper extends HttpServletRequestWrapper {

        public RemoveIdTokenParameterValueWrapper(HttpServletRequest request) {
            super(request);
        }

        @Override
        public String getParameter(String name) {
            if (RESPONSE_TYPE.equals(name)) {
                return removeIdTokenValue(super.getParameter(name));
            } else {
                return super.getParameter(name);
            }
        }

        @Override
        public Map<String, String[]> getParameterMap() {
            Map<String, String[]> map = super.getParameterMap();
            if (map.containsKey(RESPONSE_TYPE)) {
                HashMap<String, String[]> result = new HashMap<>(map);
                result.put(RESPONSE_TYPE, getParameterValues(RESPONSE_TYPE));
                map = result;
            }
            return map;
        }

        @Override
        public String[] getParameterValues(String name) {
            String[] values = super.getParameterValues(name);
            if (RESPONSE_TYPE.equals(name)) {
                for (int i = 0; values != null && i < values.length; i++) {
                    values[i] = removeIdTokenValue(values[i]);
                }
            }
            return values;
        }

        private String removeIdTokenValue(String value) {
            if (StringUtils.hasText(value) && value.contains(ID_TOKEN)) {
                return value.replace(ID_TOKEN, "").trim();
            } else {
                return value;
            }
        }
    }
}