org.xdi.oxauth.authorize.ws.rs.AuthorizeAction 連携図
非公開メンバ関数 | |
| SessionId | handleAcrChange (SessionId session, List< Prompt > prompts) |
| SessionId | getSession () |
| void | authenticationFailedSessionInvalid () |
| boolean | containsParameter (String url, String parameterName) |
| String | encode (Object value) |
| boolean | hasOnlyOpenidScope () |
詳解
- バージョン
- August 29, 2018
関数詳解
◆ authenticationFailedSessionInvalid()
|
inlineprivate |
FacesService facesService
Definition: AuthorizeAction.java:110
FacesMessages facesMessages
Definition: AuthorizeAction.java:113
◆ checkPermissionGranted()
|
inline |
213 session = sessionIdService.assertAuthenticatedSessionCorrespondsToNewRequest(session, acrValues);
215 log.debug("There is already existing session which has another acr then {}, session: {}", acrValues, session.getId());
225 if (session == null || StringUtils.isBlank(session.getUserDn()) || SessionIdState.AUTHENTICATED != session.getState()) {
227 Map<String, String> requestParameterMap = requestParameterService.getAllowedParameters(parameterMap);
231 boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
238 CustomScriptConfiguration defaultExternalAuthenticator = externalAuthenticationService.getDefaultExternalAuthenticator(AuthenticationScriptUsageType.INTERACTIVE);
246 CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, acrValuesList);
249 log.error("Failed to get CustomScriptConfiguration. auth_step: {}, acr_values: {}", 1, this.acrValues);
259 String tmpRedirectTo = externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, 1);
271 SessionId unauthenticatedSession = sessionIdService.generateUnauthenticatedSessionId(null, new Date(), SessionIdState.UNAUTHENTICATED, requestParameterMap, false);
274 boolean persisted = sessionIdService.persistSessionId(unauthenticatedSession, !prompts.contains(Prompt.NONE)); // always persist is prompt is not none
280 sessionIdService.createSessionIdCookie(this.sessionId, unauthenticatedSession.getSessionState(), false);
297 externalContext.getResponseOutputWriter().write(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST_REDIRECT_URI, state));
305 if (appConfiguration.getTrustedClientEnabled() && client.getTrustedClient() && !prompts.contains(Prompt.CONSENT)) {
309 } else if (ServerUtil.isTrue(appConfiguration.getSkipAuthorizationForOpenIdScopeAndPairwiseId())
311 // If a client has only openid scope and pairwise id, person should not have to authorize. oxAuth-743
316 ClientAuthorizations clientAuthorizations = clientAuthorizationsService.findClientAuthorizations(
String sessionId
Definition: AuthorizeAction.java:158
AUTHENTICATED
Definition: SessionIdState.java:16
String getErrorAsJson(IErrorType p_type)
Definition: ErrorResponseFactory.java:86
static Prompt fromString(String param)
Definition: Prompt.java:57
void addPermission(String clientId, Boolean granted)
Definition: SessionId.java:188
FacesService facesService
Definition: AuthorizeAction.java:110
UNAUTHENTICATED
Definition: SessionIdState.java:16
void permissionDenied()
Definition: AuthorizeAction.java:723
Definition: AcrChangedException.java:8
Definition: SessionId.java:33
SessionIdState getState()
Definition: SessionId.java:120
static String implode(String[] inputArray, String glueString)
Definition: StringUtils.java:56
SessionIdService sessionIdService
Definition: AuthorizeAction.java:80
CustomScriptConfiguration getDefaultExternalAuthenticator(AuthenticationScriptUsageType usageType)
Definition: ExternalAuthenticationService.java:386
static boolean isTrue(Boolean booleanObject)
Definition: ServerUtil.java:66
Boolean getSkipAuthorizationForOpenIdScopeAndPairwiseId()
Definition: AppConfiguration.java:920
String allowedScope
Definition: AuthorizeAction.java:160
boolean persistSessionId(final SessionId sessionId)
Definition: SessionIdService.java:510
String getSessionState()
Definition: SessionId.java:128
String LOGIN_HINT
Definition: AuthorizeRequestParam.java:29
ScopeChecker scopeChecker
Definition: AuthorizeAction.java:131
NetworkService networkService
Definition: AuthorizeAction.java:104
SessionId assertAuthenticatedSessionCorrespondsToNewRequest(SessionId session, String acrValuesStr)
Definition: SessionIdService.java:126
String redirectUri
Definition: AuthorizeAction.java:137
ExternalContext externalContext
Definition: AuthorizeAction.java:119
Definition: Base64Util.java:7
Definition: ClientAuthorizations.java:14
ConsentGathererService consentGatherer
Definition: AuthorizeAction.java:122
Definition: JwtClaimName.java:13
RedirectionUriService redirectionUriService
Definition: AuthorizeAction.java:86
FacesContext facesContext
Definition: AuthorizeAction.java:116
Map< String, String > getAllowedParameters(@Nonnull final Map< String, String > requestParameterMap)
Definition: RequestParameterService.java:81
ClientAuthorizationsService clientAuthorizationsService
Definition: AuthorizeAction.java:89
String state
Definition: AuthorizeAction.java:138
Definition: SubjectType.java:12
boolean isForceReAuthentication()
Definition: AcrChangedException.java:32
String acrValues
Definition: AuthorizeAction.java:149
Object getAttribute(String userAttribute, boolean optional)
Definition: SimpleUser.java:23
boolean getPersistClientAuthorizations()
Definition: Client.java:1074
void permissionGranted()
Definition: AuthorizeAction.java:713
static final String AUTHENTICATION_CONTEXT_CLASS_REFERENCE
Definition: JwtClaimName.java:80
ClientService clientService
Definition: AuthorizeAction.java:74
static final String REMOTE_IP
Definition: Constants.java:30
Definition: AuthorizeRequestParam.java:13
String clientId
Definition: AuthorizeAction.java:136
void invalidRequest()
Definition: AuthorizeAction.java:733
Boolean getTrustedClientEnabled()
Definition: AppConfiguration.java:912
String prompt
Definition: AuthorizeAction.java:144
void setSessionAttributes(Map< String, String > sessionAttributes)
Definition: SessionId.java:203
boolean isConsentGathered()
Definition: ConsentGathererService.java:269
INVALID_REQUEST_REDIRECT_URI
Definition: AuthorizeErrorResponseType.java:68
static boolean noNonePrompt(List< Prompt > prompts)
Definition: AuthorizeParamsValidator.java:56
Definition: StringUtils.java:24
SessionId handleAcrChange(SessionId session, List< Prompt > prompts)
Definition: AuthorizeAction.java:351
Definition: AuthorizeParamsValidator.java:25
AuthenticationMode defaultAuthenticationMode
Definition: AuthorizeAction.java:98
ExternalAuthenticationService externalAuthenticationService
Definition: AuthorizeAction.java:92
Definition: ServerUtil.java:50
Definition: SessionIdState.java:14
String [] getScopes()
Definition: ClientAuthorizations.java:52
Definition: Prompt.java:18
boolean configure(String userDn, String clientId, String state)
Definition: ConsentGathererService.java:74
void createSessionIdCookie(String sessionId, String sessionState, HttpServletResponse httpResponse, String cookieName)
Definition: SessionIdService.java:284
AppConfiguration appConfiguration
Definition: AuthorizeAction.java:107
Definition: User.java:23
Set< Client > getClient(Collection< String > clientIds, boolean silent)
Definition: ClientService.java:123
RequestParameterService requestParameterService
Definition: AuthorizeAction.java:128
String getSubjectType()
Definition: Client.java:699
static List< String > spaceSeparatedToList(String spaceSeparatedString)
Definition: StringUtils.java:115
Definition: AuthorizeErrorResponseType.java:16
Definition: Client.java:37
boolean hasOnlyOpenidScope()
Definition: AuthorizeAction.java:833
String executeExternalGetPageForStep(CustomScriptConfiguration customScriptConfiguration, int step)
Definition: ExternalAuthenticationService.java:253
SessionId generateUnauthenticatedSessionId(String userDn)
Definition: SessionIdService.java:405
SessionId getSession()
Definition: AuthorizeAction.java:372
User getUserByDn(String dn, String... returnAttributes)
Definition: UserService.java:66
Definition: Constants.java:14
UserService userService
Definition: AuthorizeAction.java:83
boolean getTrustedClient()
Definition: Client.java:1050
boolean isEnabled(AuthenticationScriptUsageType usageType)
Definition: ExternalAuthenticationService.java:280
String validateRedirectionUri(String clientIdentifier, String redirectionUri)
Definition: RedirectionUriService.java:50
String scope
Definition: AuthorizeAction.java:134
Set< String > checkScopesPolicy(Client client, String scope)
Definition: ScopeChecker.java:39
CustomScriptConfiguration determineCustomScriptConfiguration(AuthenticationScriptUsageType usageType, int authStep, String acr)
Definition: ExternalAuthenticationService.java:301
List< String > acrValuesList(String acrValues)
Definition: SessionIdService.java:759
ExternalConsentGatheringService externalConsentGatheringService
Definition: AuthorizeAction.java:95
ErrorResponseFactory errorResponseFactory
Definition: AuthorizeAction.java:77
String getName()
Definition: AuthenticationMode.java:24
ClientAuthorizations findClientAuthorizations(String userInum, String clientId, boolean persistInLdap)
Definition: ClientAuthorizationsService.java:68
◆ checkUiLocales()
|
inline |
168 for (Iterator<Locale> it = facesContext.getApplication().getSupportedLocales(); it.hasNext(); ) {
static List< String > splittedStringAsList(String p_string, String p_delimiter)
Definition: Util.java:178
void setLocaleCode(String localeCode)
Definition: LanguageBean.java:46
FacesContext facesContext
Definition: AuthorizeAction.java:116
LanguageBean languageBean
Definition: AuthorizeAction.java:101
String uiLocales
Definition: AuthorizeAction.java:146
Definition: Util.java:40
◆ consentRequired()
|
inline |
758 sb.append(errorResponseFactory.getErrorAsQueryString(AuthorizeErrorResponseType.CONSENT_REQUIRED, getState()));
FacesService facesService
Definition: AuthorizeAction.java:110
CONSENT_REQUIRED
Definition: AuthorizeErrorResponseType.java:98
String getErrorAsQueryString(IErrorType p_type, String p_state)
Definition: ErrorResponseFactory.java:126
String redirectUri
Definition: AuthorizeAction.java:137
String getState()
Definition: AuthorizeAction.java:532
Definition: AuthorizeErrorResponseType.java:16
ErrorResponseFactory errorResponseFactory
Definition: AuthorizeAction.java:77
◆ containsParameter()
|
inlineprivate |
◆ encode()
|
inlineprivate |
◆ encodeParameters()
|
inline |
boolean containsParameter(String url, String parameterName)
Definition: AuthorizeAction.java:820
String encode(Object value)
Definition: AuthorizeAction.java:825
◆ getAcrValues()
|
inline |
String acrValues
Definition: AuthorizeAction.java:149
◆ getAmrValues()
|
inline |
String amrValues
Definition: AuthorizeAction.java:150
◆ getClaims()
|
inline |
String claims
Definition: AuthorizeAction.java:155
◆ getClientId()
|
inline |
Returns the client identifier.
- 戻り値
- The client identifier.
String clientId
Definition: AuthorizeAction.java:136
◆ getCodeChallenge()
|
inline |
String codeChallenge
Definition: AuthorizeAction.java:153
◆ getCodeChallengeMethod()
|
inline |
String codeChallengeMethod
Definition: AuthorizeAction.java:154
◆ getDisplay()
|
inline |
Returns an ASCII string value that specifies how the Authorization Server displays the authentication page to the End-User.
- 戻り値
- The display value.
String display
Definition: AuthorizeAction.java:143
◆ getIdTokenHint()
|
inline |
String idTokenHint
Definition: AuthorizeAction.java:147
◆ getLoginHint()
|
inline |
String loginHint
Definition: AuthorizeAction.java:148
◆ getMaxAge()
|
inline |
Integer maxAge
Definition: AuthorizeAction.java:145
◆ getNonce()
|
inline |
Return a string value used to associate a user agent session with an ID Token, and to mitigate replay attacks.
- 戻り値
- The nonce value.
String nonce
Definition: AuthorizeAction.java:142
◆ getPrompt()
|
inline |
Returns a space delimited list of ASCII strings that can contain the values login, consent, select_account, and none.
- 戻り値
- A list of prompt options.
String prompt
Definition: AuthorizeAction.java:144
◆ getRedirectUri()
|
inline |
Returns the redirection URI.
- 戻り値
- The redirection URI.
String redirectUri
Definition: AuthorizeAction.java:137
◆ getRequest()
|
inline |
◆ getRequestedClaims()
|
inline |
426 JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(appConfiguration, request, client);
List< Claim > getClaims()
Definition: UserInfoMember.java:61
Definition: Claim.java:12
UserInfoMember getUserInfoMember()
Definition: JwtAuthorizationRequest.java:420
List< Claim > getClaims()
Definition: IdTokenMember.java:58
Definition: JwtUtil.java:38
Definition: JwtAuthorizationRequest.java:48
String request
Definition: AuthorizeAction.java:151
String requestUri
Definition: AuthorizeAction.java:152
ClientService clientService
Definition: AuthorizeAction.java:74
String clientId
Definition: AuthorizeAction.java:136
IdTokenMember getIdTokenMember()
Definition: JwtAuthorizationRequest.java:428
Definition: Base64Util.java:19
static byte [] getMessageDigestSHA256(String data)
Definition: JwtUtil.java:69
Definition: InvalidJwtException.java:12
AppConfiguration appConfiguration
Definition: AuthorizeAction.java:107
static String base64urlencode(byte[] arg)
Definition: Base64Util.java:23
Set< Client > getClient(Collection< String > clientIds, boolean silent)
Definition: ClientService.java:123
Definition: Client.java:37
Definition: InvalidJweException.java:12
◆ getRequestUri()
|
inline |
◆ getResponseMode()
|
inline |
Returns the mechanism to be used for returning parameters from the Authorization Endpoint.
- 戻り値
- The response mode.
String responseMode
Definition: AuthorizeAction.java:141
◆ getResponseType()
|
inline |
Returns the response type: code for requesting an authorization code (authorization code grant) or token for requesting an access token (implicit grant).
- 戻り値
- The response type.
String responseType
Definition: AuthorizeAction.java:135
◆ getScope()
|
inline |
Returns the scope of the access request.
- 戻り値
- The scope of the access request.
String scope
Definition: AuthorizeAction.java:134
◆ getScopes()
|
inline |
String allowedScope
Definition: AuthorizeAction.java:160
AuthorizeService authorizeService
Definition: AuthorizeAction.java:125
List< org.xdi.oxauth.model.common.Scope > getScopes()
Definition: AuthorizeService.java:213
◆ getSession()
|
inlineprivate |
String sessionId
Definition: AuthorizeAction.java:158
SessionId getSession()
Definition: AuthorizeService.java:116
AuthorizeService authorizeService
Definition: AuthorizeAction.java:125
◆ getSessionId()
|
inline |
String sessionId
Definition: AuthorizeAction.java:158
◆ getState()
|
inline |
Returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter should be used for preventing cross-site request forgery.
- 戻り値
- The state between the request and callback.
String state
Definition: AuthorizeAction.java:138
◆ getUiLocales()
|
inline |
String uiLocales
Definition: AuthorizeAction.java:146
◆ handleAcrChange()
|
inlineprivate |
358 session.getSessionAttributes().put("prompt", org.xdi.oxauth.model.util.StringUtils.implode(prompts, " "));
Map< String, String > getSessionAttributes()
Definition: SessionId.java:196
AUTHENTICATED
Definition: SessionIdState.java:16
UNAUTHENTICATED
Definition: SessionIdState.java:16
SessionIdState getState()
Definition: SessionId.java:120
static String implode(String[] inputArray, String glueString)
Definition: StringUtils.java:56
SessionIdService sessionIdService
Definition: AuthorizeAction.java:80
void reinitLogin(SessionId session, boolean force)
Definition: SessionIdService.java:169
NetworkService networkService
Definition: AuthorizeAction.java:104
Definition: Base64Util.java:7
static final String REMOTE_IP
Definition: Constants.java:30
Definition: StringUtils.java:24
Definition: SessionIdState.java:14
Definition: Prompt.java:18
boolean updateSessionId(final SessionId sessionId)
Definition: SessionIdService.java:534
void setState(SessionIdState state)
Definition: SessionId.java:124
Definition: Constants.java:14
◆ hasOnlyOpenidScope()
|
inlineprivate |
◆ invalidRequest()
|
inline |
743 sb.append(errorResponseFactory.getErrorAsQueryString(AuthorizeErrorResponseType.INVALID_REQUEST,
FacesService facesService
Definition: AuthorizeAction.java:110
String getErrorAsQueryString(IErrorType p_type, String p_state)
Definition: ErrorResponseFactory.java:126
String redirectUri
Definition: AuthorizeAction.java:137
String getState()
Definition: AuthorizeAction.java:532
Definition: AuthorizeErrorResponseType.java:16
INVALID_REQUEST
Definition: AuthorizeErrorResponseType.java:23
ErrorResponseFactory errorResponseFactory
Definition: AuthorizeAction.java:77
◆ permissionDenied()
|
inline |
void permissionDenied(final SessionId session)
Definition: AuthorizeService.java:185
Definition: SessionId.java:33
AuthorizeService authorizeService
Definition: AuthorizeAction.java:125
SessionId getSession()
Definition: AuthorizeAction.java:372
◆ permissionGranted() [1/2]
|
inline |
Definition: SessionId.java:33
void permissionGranted()
Definition: AuthorizeAction.java:713
SessionId getSession()
Definition: AuthorizeAction.java:372
◆ permissionGranted() [2/2]
|
inline |
ExternalContext externalContext
Definition: AuthorizeAction.java:119
void permissionGranted(HttpServletRequest httpRequest, final SessionId session)
Definition: AuthorizeService.java:140
AuthorizeService authorizeService
Definition: AuthorizeAction.java:125
◆ setAcrValues()
|
inline |
String acrValues
Definition: AuthorizeAction.java:149
◆ setAmrValues()
|
inline |
String amrValues
Definition: AuthorizeAction.java:150
◆ setClaims()
|
inline |
String claims
Definition: AuthorizeAction.java:155
◆ setClientId()
|
inline |
Sets the client identifier.
- 引数
-
clientId The client identifier.
String clientId
Definition: AuthorizeAction.java:136
◆ setCodeChallenge()
|
inline |
String codeChallenge
Definition: AuthorizeAction.java:153
◆ setCodeChallengeMethod()
|
inline |
String codeChallengeMethod
Definition: AuthorizeAction.java:154
◆ setDisplay()
|
inline |
Sets an ASCII string value that specifies how the Authorization Server displays the authentication page to the End-User.
- 引数
-
display The display value
String display
Definition: AuthorizeAction.java:143
◆ setIdTokenHint()
|
inline |
String idTokenHint
Definition: AuthorizeAction.java:147
◆ setLoginHint()
|
inline |
String loginHint
Definition: AuthorizeAction.java:148
◆ setMaxAge()
|
inline |
Integer maxAge
Definition: AuthorizeAction.java:145
◆ setNonce()
|
inline |
Sets a string value used to associate a user agent session with an ID Token, and to mitigate replay attacks.
- 引数
-
nonce The nonce value.
String nonce
Definition: AuthorizeAction.java:142
◆ setPrompt()
|
inline |
Sets a space delimited list of ASCII strings that can contain the values login, consent, select_account, and none.
- 引数
-
prompt A list of prompt options.
String prompt
Definition: AuthorizeAction.java:144
◆ setRedirectUri()
|
inline |
Sets the redirection URI.
- 引数
-
redirectUri The redirection URI.
String redirectUri
Definition: AuthorizeAction.java:137
◆ setRequest()
|
inline |
◆ setRequestUri()
|
inline |
◆ setResponseMode()
|
inline |
Sets the mechanism to be used for returning parameters from the Authorization Endpoint.
- 引数
-
responseMode The response mode.
String responseMode
Definition: AuthorizeAction.java:141
◆ setResponseType()
|
inline |
Sets the response type.
- 引数
-
responseType The response type.
String responseType
Definition: AuthorizeAction.java:135
◆ setScope()
|
inline |
Sets the scope of the access request.
- 引数
-
scope The scope of the access request.
String scope
Definition: AuthorizeAction.java:134
◆ setSessionId()
|
inline |
String sessionId
Definition: AuthorizeAction.java:158
◆ setState()
|
inline |
Sets the state between the request and callback.
- 引数
-
state The state between the request and callback.
String state
Definition: AuthorizeAction.java:138
◆ setUiLocales()
|
inline |
String uiLocales
Definition: AuthorizeAction.java:146
メンバ詳解
◆ acrValues
|
private |
◆ allowedScope
|
private |
◆ amrValues
|
private |
◆ appConfiguration
|
private |
◆ authorizeService
|
private |
◆ claims
|
private |
◆ clientAuthorizationsService
|
private |
◆ clientId
|
private |
◆ clientService
|
private |
◆ codeChallenge
|
private |
◆ codeChallengeMethod
|
private |
◆ consentGatherer
|
private |
◆ defaultAuthenticationMode
|
private |
◆ display
|
private |
◆ errorResponseFactory
|
private |
◆ externalAuthenticationService
|
private |
◆ externalConsentGatheringService
|
private |
◆ externalContext
|
private |
◆ facesContext
|
private |
◆ facesMessages
|
private |
◆ facesService
|
private |
◆ idTokenHint
|
private |
◆ languageBean
|
private |
◆ log
|
private |
◆ loginHint
|
private |
◆ maxAge
|
private |
◆ networkService
|
private |
◆ nonce
|
private |
◆ prompt
|
private |
◆ redirectionUriService
|
private |
◆ redirectUri
|
private |
◆ request
|
private |
◆ requestParameterService
|
private |
◆ requestUri
|
private |
◆ responseMode
|
private |
◆ responseType
|
private |
◆ scope
|
private |
◆ scopeChecker
|
private |
◆ sessionId
|
private |
◆ sessionIdService
|
private |
◆ state
|
private |
◆ uiLocales
|
private |
◆ userService
|
private |
このクラス詳解は次のファイルから抽出されました:
- D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeAction.java
