org.gluu.oxauth.client.authentication.AuthenticationFilter クラス

org.gluu.oxauth.client.authentication.AuthenticationFilter の継承関係図

org.gluu.oxauth.client.authentication.AuthenticationFilter 連携図

公開メンバ関数
final void	init (final FilterConfig filterConfig) throws ServletException
final void	destroy ()
final void	doFilter (final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException
String	getOAuthRedirectUrl (final HttpServletRequest request, final HttpServletResponse response) throws Exception

静的公開メンバ関数
static String	getParameter (final HttpServletRequest request, final String parameter)

静的公開変数類
static final String	SESSION_CONVERSATION_KEY = "saml_idp_conversation_key"

限定公開メンバ関数
final boolean	preFilter (final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException
final String	constructRedirectUrl (final HttpServletRequest request)
final String	getPropertyFromInitParams (final FilterConfig filterConfig, final String propertyName, final String defaultValue)

限定公開変数類
final Log	log = LogFactory.getLog(getClass())

非公開メンバ関数
Cookie	getCurrentShibstateCookie (HttpServletRequest request)
void	updateShibstateCookie (HttpServletResponse response, Cookie shibstateCookie, String requestUri, String acrPathParam)
Cookie	cloneCokie (Cookie sourceCookie, String newValue, int maxAge)
String	decodeCookieValue (String cookieValue)
String	encodeCookieValue (String cookieValue)
String	determineAuthenticationMode (String requestUri)
String	determineAuthenticationParameter (String requestUri, Pattern pattern)

非公開変数類
final Pattern	authModePattern = Pattern.compile(".+/acr_values/([\\d\\w]+)$")

詳解

Filter implementation to intercept all requests and attempt to authorize the client by redirecting them to OAuth (unless the client has get authorization code).

This filter allows you to specify the following parameters (at either the context-level or the filter-level):

• oAuthServerAuthorizeUrl - the url to authorize OAuth client, i.e. https://localhost/oxauth/authorize

Please see AbstractOAuthFilter for additional properties

著者

Yuriy Movchan

関数詳解

cloneCokie()

Cookie org.gluu.oxauth.client.authentication.AuthenticationFilter.cloneCokie ( Cookie  sourceCookie, String  newValue, int  maxAge  )

inlineprivate

                                                                                {
        Cookie resultCookie = new Cookie(sourceCookie.getName(), newValue);

        resultCookie.setPath("/");
        resultCookie.setMaxAge(maxAge);
        resultCookie.setVersion(1);
        resultCookie.setSecure(true);

        return resultCookie;
    }

constructRedirectUrl()

final String org.gluu.oxauth.client.session.AbstractOAuthFilter.constructRedirectUrl ( final HttpServletRequest  request )

inlineprotectedinherited

                                                                                  {
        int serverPort = request.getServerPort();

        String redirectUrl;
        if ((serverPort == 80) || (serverPort == 443)) {
                redirectUrl = String.format("%s://%s%s%s", request.getScheme(), request.getServerName(), request.getContextPath(), "/auth-code.jsp");
        } else {
                redirectUrl = String.format("%s://%s:%s%s%s", request.getScheme(), request.getServerName(), request.getServerPort(), request.getContextPath(), "/auth-code.jsp");
        }
        
        return redirectUrl.toLowerCase();
    }

decodeCookieValue()

String org.gluu.oxauth.client.authentication.AuthenticationFilter.decodeCookieValue ( String  cookieValue )

inlineprivate

                                                         {
        if (StringHelper.isEmpty(cookieValue)) {
            return null;
        }

        return URLDecoder.decode(cookieValue);
    }

destroy()

final void org.gluu.oxauth.client.authentication.AuthenticationFilter.destroy ( )

inline

                                {
    }

determineAuthenticationMode()

String org.gluu.oxauth.client.authentication.AuthenticationFilter.determineAuthenticationMode ( String  requestUri )

inlineprivate

                                                                  {
        return determineAuthenticationParameter(requestUri, authModePattern);
    }

determineAuthenticationParameter()

String org.gluu.oxauth.client.authentication.AuthenticationFilter.determineAuthenticationParameter ( String  requestUri, Pattern  pattern  )

inlineprivate

                                                                                        {
        Matcher matcher = pattern.matcher(requestUri);
        if (matcher.find()) {
            return matcher.group(1);
        }

        return null;
    }

doFilter()

final void org.gluu.oxauth.client.authentication.AuthenticationFilter.doFilter ( final ServletRequest  servletRequest, final ServletResponse  servletResponse, final FilterChain  filterChain  ) throws IOException, ServletException

inline

                                                 {

        if (!preFilter(servletRequest, servletResponse, filterChain)) {
            log.debug("Execute validation filter");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }

        log.debug("No code and no OAuth data found");

        final HttpServletRequest request = (HttpServletRequest) servletRequest;
        final HttpServletResponse response = (HttpServletResponse) servletResponse;

        String urlToRedirectTo;
        try {
            urlToRedirectTo = getOAuthRedirectUrl(request, response);
        } catch (Exception ex) {
            log.error("Failed to preapre request to OAuth server", ex);
            return;
        }

        log.debug("Redirecting to \"" + urlToRedirectTo + "\"");

        response.sendRedirect(urlToRedirectTo);
    }

encodeCookieValue()

String org.gluu.oxauth.client.authentication.AuthenticationFilter.encodeCookieValue ( String  cookieValue )

inlineprivate

                                                         {
        if (StringHelper.isEmpty(cookieValue)) {
            return null;
        }

        return URLEncoder.encode(cookieValue);
    }

getCurrentShibstateCookie()

Cookie org.gluu.oxauth.client.authentication.AuthenticationFilter.getCurrentShibstateCookie ( HttpServletRequest  request )

inlineprivate

                                                                         {
        Cookie[] cookies = request.getCookies();
        if (ArrayHelper.isEmpty(cookies)) {
            return null;
        }

        Cookie resultCookie = null;
        for (Cookie cookie : cookies) {
            String cookieName = cookie.getName();
            if (cookieName.startsWith("_shibstate_")) {
                if (resultCookie == null) {
                    resultCookie = cookie;
                } else {
                    if (cookieName.compareTo(resultCookie.getName()) > 0) {
                        resultCookie = cookie;
                    }
                }
            }
        }

        if (resultCookie == null) {
            return null;
        }
        return resultCookie;
    }

getOAuthRedirectUrl()

String org.gluu.oxauth.client.authentication.AuthenticationFilter.getOAuthRedirectUrl ( final HttpServletRequest  request, final HttpServletResponse  response  ) throws Exception

inline

                                                                                                                             {
        String authorizeUrl = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_AUTHORIZE_URL, null);
        String clientScopes = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_SCOPE, null);

        String clientId = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_ID, null);
        String clientSecret = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, null);
        if (clientSecret != null) {
            try {
                clientSecret = StringEncrypter.defaultInstance().decrypt(clientSecret, Configuration.instance().getCryptoPropertyValue());
            } catch (EncryptionException ex) {
                log.error("Failed to decrypt property: " + Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, ex);
            }
        }

        String redirectUri = constructRedirectUrl(request);

        List<String> scopes = Arrays.asList(clientScopes.split(StringUtils.SPACE));
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);

        String nonce = UUID.randomUUID().toString();
        String rfp = UUID.randomUUID().toString();
        String jti = UUID.randomUUID().toString();

        // Lookup for relying party ID
        final String key = request.getParameter(ExternalAuthentication.CONVERSATION_KEY);
        request.getSession().setAttribute(SESSION_CONVERSATION_KEY, key);
        ProfileRequestContext prc = ExternalAuthentication.getProfileRequestContext(key, request);

        String relyingPartyId = "";
        final RelyingPartyContext relyingPartyCtx = prc.getSubcontext(RelyingPartyContext.class);
        if (relyingPartyCtx != null) {
            relyingPartyId = relyingPartyCtx.getRelyingPartyId();
            log.info("relyingPartyId found: " + relyingPartyId);
        } else
            log.warn("No RelyingPartyContext was available");

        // JWT
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
        JwtState jwtState = new JwtState(SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
        jwtState.setRfp(rfp);
        jwtState.setJti(jti);
        if (relyingPartyId != null && !"".equals(relyingPartyId)) {
            String additionalClaims = String.format("{relyingPartyId: '%s'}", relyingPartyId);
            jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
        } else
            log.warn("No relyingPartyId was available");
        String encodedState = jwtState.getEncodedJwt();

        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        authorizationRequest.setState(encodedState);

        Cookie currentShibstateCookie = getCurrentShibstateCookie(request);
        if (currentShibstateCookie != null) {
            String requestUri = decodeCookieValue(currentShibstateCookie.getValue());
            log.debug("requestUri = \"" + requestUri + "\"");

            String authenticationMode = determineAuthenticationMode(requestUri);

            if (StringHelper.isNotEmpty(authenticationMode)) {
                log.debug("acr_values = \"" + authenticationMode + "\"");
                authorizationRequest.setAcrValues(Arrays.asList(authenticationMode));
                updateShibstateCookie(response, currentShibstateCookie, requestUri, "/" + Configuration.OXAUTH_ACR_VALUES + "/" + authenticationMode);
            }
        }

        // Store for validation in session
        final HttpSession session = request.getSession(false);
        session.setAttribute(Configuration.SESSION_AUTH_STATE, encodedState);
        session.setAttribute(Configuration.SESSION_AUTH_NONCE, nonce);

        return authorizeUrl + "?" + authorizationRequest.getQueryString();
    }

getParameter()

static String org.gluu.oxauth.client.session.AbstractOAuthFilter.getParameter ( final HttpServletRequest  request, final String  parameter  )

inlinestaticinherited

Method for retrieving a parameter from the request without disrupting the reader UNLESS the parameter actually exists in the query string.

引数

request	the request to check.
parameter	the parameter to look for.

戻り値

the value of the parameter.

                                                                                                {
        return request.getQueryString() == null || request.getQueryString().indexOf(parameter) == -1 ? null : request.getParameter(parameter);       
    }

getPropertyFromInitParams()

final String org.gluu.oxauth.client.util.AbstractConfigurationFilter.getPropertyFromInitParams ( final FilterConfig  filterConfig, final String  propertyName, final String  defaultValue  )

inlineprotectedinherited

Retrieves the property from the FilterConfig. First it checks the FilterConfig's initParameters to see if it has a value. If it does, it returns that, otherwise it retrieves the ServletContext's initParameters and returns that value if any.

引数

filterConfig	the Filter Configuration.
propertyName	the property to retrieve.
defaultValue	the default value if the property is not found.

戻り値

the property value, following the above conventions. It will always return the more specific value (i.e. filter vs. context).

                                                                                                                                             {
//        final String value = filterConfig.getInitParameter(propertyName);
//
//        if (StringHelper.isNotEmpty(value)) {
//            log.info("Property [" + propertyName + "] loaded from FilterConfig.getInitParameter with value [" + value + "]");
//            return value;
//        }
//
//        final String value2 = filterConfig.getServletContext().getInitParameter(propertyName);
//        if (StringHelper.isNotEmpty(value2)) {
//            log.info("Property [" + propertyName + "] loaded from ServletContext.getInitParameter with value [" + value2 + "]");
//            return value2;
//        }

        final String value3 = Configuration.instance().getPropertyValue(propertyName);
        if (StringHelper.isNotEmpty(value3)) {
            log.info("Property [" + propertyName + "] loaded from oxTrust.properties");
            return value3;
        }

        log.info("Property [" + propertyName + "] not found.  Using default value [" + defaultValue + "]");
        return defaultValue;
    }

init()

final void org.gluu.oxauth.client.authentication.AuthenticationFilter.init ( final FilterConfig  filterConfig ) throws ServletException

inline

                                                                                    {
    }

preFilter()

final boolean org.gluu.oxauth.client.authentication.AuthenticationFilter.preFilter ( final ServletRequest  servletRequest, final ServletResponse  servletResponse, final FilterChain  filterChain  ) throws IOException, ServletException

inlineprotected

Determine filter execution conditions

                                                 {

        final HttpServletRequest request = (HttpServletRequest) servletRequest;

        final HttpSession session = request.getSession(false);

        final OAuthData oAuthData = session != null ? (OAuthData) session.getAttribute(Configuration.SESSION_OAUTH_DATA) : null;
        if (oAuthData != null) {
            return false;
        }

        final String code = getParameter(request, Configuration.OAUTH_CODE);
        log.trace("code value: " + code);
        if (StringHelper.isNotEmpty(code)) {
            return false;
        }

        return true;
    }

updateShibstateCookie()

void org.gluu.oxauth.client.authentication.AuthenticationFilter.updateShibstateCookie ( HttpServletResponse  response, Cookie  shibstateCookie, String  requestUri, String  acrPathParam  )

inlineprivate

                                                                                                                                     {
        // Check if parameter exists
        if (!requestUri.contains(acrPathParam)) {
            return;
        }

        String newRequestUri = requestUri.replace(acrPathParam, "");

        // Set new cookie
        Cookie updateShibstateCookie = cloneCokie(shibstateCookie, encodeCookieValue(newRequestUri), shibstateCookie.getMaxAge());
        response.addCookie(updateShibstateCookie);
    }

メンバ詳解

authModePattern

final Pattern org.gluu.oxauth.client.authentication.AuthenticationFilter.authModePattern = Pattern.compile(".+/acr_values/([\\d\\w]+)$")

private

The URL to the OAuth Server authorization services

log

final Log org.gluu.oxauth.client.util.AbstractConfigurationFilter.log = LogFactory.getLog(getClass())

protectedinherited

SESSION_CONVERSATION_KEY

final String org.gluu.oxauth.client.authentication.AuthenticationFilter.SESSION_CONVERSATION_KEY = "saml_idp_conversation_key"

static

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxTrust/saml-openid-auth-client/src/main/java/org/gluu/oxauth/client/authentication/AuthenticationFilter.java