gluu
公開メンバ関数 | 静的公開メンバ関数 | 限定公開メンバ関数 | 限定公開変数類 | 非公開メンバ関数 | 全メンバ一覧
org.gluu.oxauth.client.validation.OAuthValidationFilter クラス
org.gluu.oxauth.client.validation.OAuthValidationFilter の継承関係図
Inheritance graph
org.gluu.oxauth.client.validation.OAuthValidationFilter 連携図
Collaboration graph

公開メンバ関数

final void init (final FilterConfig filterConfig) throws ServletException
 
final void doFilter (final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException
 
void destroy ()
 

静的公開メンバ関数

static String getParameter (final HttpServletRequest request, final String parameter)
 

限定公開メンバ関数

final boolean preFilter (final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException
 
final String constructRedirectUrl (final HttpServletRequest request)
 
final String getPropertyFromInitParams (final FilterConfig filterConfig, final String propertyName, final String defaultValue)
 

限定公開変数類

final Log log = LogFactory.getLog(getClass())
 

非公開メンバ関数

OAuthData getOAuthData (HttpSession session, HttpServletRequest request, String authorizationCode) throws Exception
 
String getOAuthHost (String oAuthAuthorizeUrl)
 

詳解

Validates grants recieved from OAuth server.

Add OAuth data to servlet session. Add remoteUser/Principal to servlet request for IDP.

著者
Yuriy Movchan

関数詳解

◆ constructRedirectUrl()

final String org.gluu.oxauth.client.session.AbstractOAuthFilter.constructRedirectUrl ( final HttpServletRequest  request)
inlineprotectedinherited
21  {
22  int serverPort = request.getServerPort();
23 
24  String redirectUrl;
25  if ((serverPort == 80) || (serverPort == 443)) {
26  redirectUrl = String.format("%s://%s%s%s", request.getScheme(), request.getServerName(), request.getContextPath(), "/auth-code.jsp");
27  } else {
28  redirectUrl = String.format("%s://%s:%s%s%s", request.getScheme(), request.getServerName(), request.getServerPort(), request.getContextPath(), "/auth-code.jsp");
29  }
30 
31  return redirectUrl.toLowerCase();
32  }

◆ destroy()

void org.gluu.oxauth.client.validation.OAuthValidationFilter.destroy ( )
inline
227  {
228  }

◆ doFilter()

final void org.gluu.oxauth.client.validation.OAuthValidationFilter.doFilter ( final ServletRequest  servletRequest,
final ServletResponse  servletResponse,
final FilterChain  filterChain 
) throws IOException, ServletException
inline
54  {
55 
56  log.debug("Attempting to validate grants");
57  final HttpServletRequest request = (HttpServletRequest) servletRequest;
58  final HttpServletResponse response = (HttpServletResponse) servletResponse;
59 
60  String conversation = request.getHeader(ExternalAuthentication.CONVERSATION_KEY);
61 
62  final HttpSession session = request.getSession(false);
63  if (session != null && (conversation == null || conversation.isEmpty())) {
64 
65  conversation = (String)session.getAttribute(AuthenticationFilter.SESSION_CONVERSATION_KEY);
66  if (conversation == null || conversation.isEmpty()) {
67  throw new ServletException("IDP v3 conversation param is null or empty");
68  }
69 
70  log.debug("########## SESSION conversation = " + conversation);
71 
72  } else {
73  log.error("Session not created yet");
74  }
75 
76  CustomHttpServletRequest customRequest = new CustomHttpServletRequest(request);
77  customRequest.addCustomParameter(ExternalAuthentication.CONVERSATION_KEY, conversation);
78 
79  if (!preFilter(servletRequest, servletResponse, filterChain)) {
80  // unauthorized way
81  filterChain.doFilter(customRequest, response);
82  return;
83  }
84 
85  // authorized way
86  final String code = getParameter(request, Configuration.OAUTH_CODE);
87 
88  log.debug("Attempting to validate code: " + code);
89  try {
90  OAuthData oAuthData = getOAuthData(session, request, code);
91  session.setAttribute(Configuration.SESSION_OAUTH_DATA, oAuthData);
92 
93  customRequest.setRemoteUser(oAuthData.getUserUid());
94  } catch (Exception ex) {
95  response.setStatus(HttpServletResponse.SC_FORBIDDEN);
96  log.warn("Failed to validate code and id_token", ex);
97 
98  throw new ServletException(ex);
99  }
100 
101  filterChain.doFilter(customRequest, response);
102  }
org.gluu.oxauth.client.validation.OAuthValidationFilter.preFilter
final boolean preFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain)
Definition: OAuthValidationFilter.java:107
org.gluu.oxauth.client.util.AbstractConfigurationFilter.log
final Log log
Definition: AbstractConfigurationFilter.java:24
org.gluu.oxauth.client.session.AbstractOAuthFilter.getParameter
static String getParameter(final HttpServletRequest request, final String parameter)
Definition: AbstractOAuthFilter.java:42
org.gluu.oxauth.client.validation.OAuthValidationFilter.getOAuthData
OAuthData getOAuthData(HttpSession session, HttpServletRequest request, String authorizationCode)
Definition: OAuthValidationFilter.java:123

◆ getOAuthData()

OAuthData org.gluu.oxauth.client.validation.OAuthValidationFilter.getOAuthData ( HttpSession  session,
HttpServletRequest  request,
String  authorizationCode 
) throws Exception
inlineprivate
123  {
124  // Check state
125  String authorizationState = request.getParameter(Configuration.OAUTH_STATE);
126  final String stateSession = session != null ? (String) session.getAttribute(Configuration.SESSION_AUTH_STATE) : null;
127  if (!StringHelper.equals(stateSession, authorizationState)) {
128  log.error("Login failed, oxTrust wasn't allowed to access user data");
129  return null;
130  }
131 
132  String oAuthAuthorizeUrl = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_AUTHORIZE_URL, null);
133  String oAuthHost = getOAuthHost(oAuthAuthorizeUrl);
134 
135  String oAuthTokenUrl = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_TOKEN_URL, null);
136  String oAuthUserInfoUrl = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_USERINFO_URL, null);
137 
138  String oAuthClientId = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_ID, null);
139  String oAuthClientPassword = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, null);
140  if (oAuthClientPassword != null) {
141  try {
142  oAuthClientPassword = StringEncrypter.defaultInstance().decrypt(oAuthClientPassword, Configuration.instance().getCryptoPropertyValue());
143  } catch (EncryptionException ex) {
144  log.error("Failed to decrypt property: " + Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, ex);
145  }
146  }
147 
148  String scopes = getParameter(request, Configuration.OAUTH_SCOPE);
149  log.trace("scopes : " + scopes);
150 
151  // 1. Request access token using the authorization code
152  log.trace("Getting access token");
153  TokenClient tokenClient1 = new TokenClient(oAuthTokenUrl);
154 
155  String redirectURL = constructRedirectUrl(request);
156  TokenResponse tokenResponse = tokenClient1.execAuthorizationCode(authorizationCode, redirectURL, oAuthClientId, oAuthClientPassword);
157  if (tokenResponse == null) {
158  log.error("Get empty token response. User can't log into application");
159  return null;
160  }
161 
162  log.trace("tokenResponse : " + tokenResponse);
163  log.trace("tokenResponse.getErrorType() : " + tokenResponse.getErrorType());
164 
165  String accessToken = tokenResponse.getAccessToken();
166  String idToken = tokenResponse.getIdToken();
167  log.trace("accessToken : " + accessToken);
168  log.trace("idToken : " + idToken);
169 
170  // Parse JWT
171  Jwt jwt;
172  try {
173  jwt = Jwt.parse(idToken);
174  } catch (InvalidJwtException ex) {
175  log.error("Failed to parse id_token");
176  return null;
177  }
178 
179  // Check nonce
180  String nonceResponse = (String) jwt.getClaims().getClaim(JwtClaimName.NONCE);
181  final String nonceSession = session != null ? (String) session.getAttribute(Configuration.SESSION_AUTH_NONCE) : null;
182  if (!StringHelper.equals(nonceSession, nonceResponse)) {
183  log.error("User info response : nonce is not matching.");
184  return null;
185  }
186 
187  log.info("Session validation successful. User is logged in");
188  UserInfoClient userInfoClient = new UserInfoClient(oAuthUserInfoUrl);
189 
190  UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
191  if (userInfoResponse == null) {
192  log.error("Get empty user info response. User can't log into application");
193  return null;
194  }
195 
196  OAuthData oAuthData = new OAuthData();
197  oAuthData.setHost(oAuthHost);
198  // Determine uid
199  List<String> uidValues = userInfoResponse.getClaims().get(JwtClaimName.USER_NAME);
200  if ((uidValues == null) || (uidValues.size() == 0)) {
201  log.error("User infor response doesn't contains uid claim");
202  return null;
203  }
204 
205  oAuthData.setUserUid(uidValues.get(0));
206  oAuthData.setAccessToken(accessToken);
207  oAuthData.setAccessTokenExpirationInSeconds(tokenResponse.getExpiresIn());
208  oAuthData.setScopes(scopes);
209  oAuthData.setIdToken(idToken);
210 
211  log.trace("User uid: " + oAuthData.getUserUid());
212  return oAuthData;
213  }
org.gluu.oxauth.client.session.AbstractOAuthFilter.constructRedirectUrl
final String constructRedirectUrl(final HttpServletRequest request)
Definition: AbstractOAuthFilter.java:21
org.gluu.oxauth.client.util.AbstractConfigurationFilter.log
final Log log
Definition: AbstractConfigurationFilter.java:24
org.gluu.oxauth.client.session.AbstractOAuthFilter.getParameter
static String getParameter(final HttpServletRequest request, final String parameter)
Definition: AbstractOAuthFilter.java:42
org.gluu.oxauth.client.validation.OAuthValidationFilter.getOAuthHost
String getOAuthHost(String oAuthAuthorizeUrl)
Definition: OAuthValidationFilter.java:215
org.gluu.oxauth.client.util.AbstractConfigurationFilter.getPropertyFromInitParams
final String getPropertyFromInitParams(final FilterConfig filterConfig, final String propertyName, final String defaultValue)
Definition: AbstractConfigurationFilter.java:35

◆ getOAuthHost()

String org.gluu.oxauth.client.validation.OAuthValidationFilter.getOAuthHost ( String  oAuthAuthorizeUrl)
inlineprivate
215  {
216  try {
217  URL url = new URL(oAuthAuthorizeUrl);
218  return String.format("%s://%s:%s", url.getProtocol(), url.getHost(), url.getPort());
219  } catch (MalformedURLException ex) {
220  log.error("Invalid oAuth authorization URI: " + oAuthAuthorizeUrl, ex);
221  }
222 
223  return null;
224  }
org.gluu.oxauth.client.util.AbstractConfigurationFilter.log
final Log log
Definition: AbstractConfigurationFilter.java:24

◆ getParameter()

static String org.gluu.oxauth.client.session.AbstractOAuthFilter.getParameter ( final HttpServletRequest  request,
final String  parameter 
)
inlinestaticinherited

Method for retrieving a parameter from the request without disrupting the reader UNLESS the parameter actually exists in the query string.

引数
requestthe request to check.
parameterthe parameter to look for.
戻り値
the value of the parameter.
42  {
43  return request.getQueryString() == null || request.getQueryString().indexOf(parameter) == -1 ? null : request.getParameter(parameter);
44  }

◆ getPropertyFromInitParams()

final String org.gluu.oxauth.client.util.AbstractConfigurationFilter.getPropertyFromInitParams ( final FilterConfig  filterConfig,
final String  propertyName,
final String  defaultValue 
)
inlineprotectedinherited

Retrieves the property from the FilterConfig. First it checks the FilterConfig's initParameters to see if it has a value. If it does, it returns that, otherwise it retrieves the ServletContext's initParameters and returns that value if any.

引数
filterConfigthe Filter Configuration.
propertyNamethe property to retrieve.
defaultValuethe default value if the property is not found.
戻り値
the property value, following the above conventions. It will always return the more specific value (i.e. filter vs. context).
35  {
36 // final String value = filterConfig.getInitParameter(propertyName);
37 //
38 // if (StringHelper.isNotEmpty(value)) {
39 // log.info("Property [" + propertyName + "] loaded from FilterConfig.getInitParameter with value [" + value + "]");
40 // return value;
41 // }
42 //
43 // final String value2 = filterConfig.getServletContext().getInitParameter(propertyName);
44 // if (StringHelper.isNotEmpty(value2)) {
45 // log.info("Property [" + propertyName + "] loaded from ServletContext.getInitParameter with value [" + value2 + "]");
46 // return value2;
47 // }
48 
49  final String value3 = Configuration.instance().getPropertyValue(propertyName);
50  if (StringHelper.isNotEmpty(value3)) {
51  log.info("Property [" + propertyName + "] loaded from oxTrust.properties");
52  return value3;
53  }
54 
55  log.info("Property [" + propertyName + "] not found. Using default value [" + defaultValue + "]");
56  return defaultValue;
57  }
org.gluu.oxauth.client.util.AbstractConfigurationFilter.log
final Log log
Definition: AbstractConfigurationFilter.java:24

◆ init()

final void org.gluu.oxauth.client.validation.OAuthValidationFilter.init ( final FilterConfig  filterConfig) throws ServletException
inline
50  {
51  }

◆ preFilter()

final boolean org.gluu.oxauth.client.validation.OAuthValidationFilter.preFilter ( final ServletRequest  servletRequest,
final ServletResponse  servletResponse,
final FilterChain  filterChain 
) throws IOException, ServletException
inlineprotected

Determine filter execution conditions

108  {
109  final HttpServletRequest request = (HttpServletRequest) servletRequest;
110  final HttpSession session = request.getSession(false);
111  if (session == null) {
112  return false;
113  }
114 
115  final String code = getParameter(request, Configuration.OAUTH_CODE);
116  if (StringHelper.isNotEmpty(code)) {
117  return true;
118  }
119 
120  return false;
121  }
org.gluu.oxauth.client.session.AbstractOAuthFilter.getParameter
static String getParameter(final HttpServletRequest request, final String parameter)
Definition: AbstractOAuthFilter.java:42

メンバ詳解

◆ log

final Log org.gluu.oxauth.client.util.AbstractConfigurationFilter.log = LogFactory.getLog(getClass())
protectedinherited
このクラス詳解は次のファイルから抽出されました:
2018年09月30日(日) 14時45分12秒作成 - gluu / 構成:   doxygen 1.8.13