org.xdi.oxauth.auth.Authenticator クラス

org.xdi.oxauth.auth.Authenticator 連携図

公開メンバ関数
boolean	authenticate ()
String	authenticateWithOutcome ()
boolean	authenticateWebService (HttpServletRequest servletRequest, boolean skipPassword)
boolean	authenticateWebService (HttpServletRequest servletRequest)
boolean	authenticateImpl (HttpServletRequest servletRequest, boolean interactive, boolean skipPassword)
boolean	clientAuthentication (Credentials credentials, boolean interactive, boolean skipPassword)
String	prepareAuthenticationForStep ()
boolean	authenticateBySessionId (String p_sessionId)
boolean	authenticateBySessionId (SessionId sessionId)
void	configureSessionClient (Client client)
void	addMessage (Severity severity, String summary)
String	getMaskMobilenumber (String mobile_number)

非公開メンバ関数
void	showClientAuthenticationLog (Client client)
boolean	userAuthenticationInteractive ()
boolean	updateSession (SessionId sessionId, Map< String, String > sessionIdAttributes)
boolean	userAuthenticationService ()
void	updateExtraParameters (CustomScriptConfiguration customScriptConfiguration, final int step, Map< String, String > sessionIdAttributes)
Map< String, String >	getExternalScriptExtraParameters (Map< String, String > sessionIdAttributes)
void	setExternalScriptExtraParameters (Map< String, String > sessionIdAttributes, Map< String, String > authExternalAttributes)
void	clearExternalScriptExtraParameters (Map< String, String > sessionIdAttributes)
void	setIdentityWorkingParameters (Map< String, String > sessionIdAttributes)
String	prepareAuthenticationForStepImpl ()
void	initCustomAuthenticatorVariables (Map< String, String > sessionIdAttributes)
boolean	authenticationFailed ()
void	authenticationFailedSessionInvalid ()
void	authenticationSessionExpired ()
void	markAuthStepAsPassed (Map< String, String > sessionIdAttributes, Integer authStep)
boolean	isAuthStepPassed (Map< String, String > sessionIdAttributes, Integer authStep)
boolean	isPassedPreviousAuthSteps (Map< String, String > sessionIdAttributes, Integer authStep)

非公開変数類
Logger	logger
Identity	identity
Credentials	credentials
ClientService	clientService
SessionIdService	sessionIdService
AuthenticationService	authenticationService
ExternalAuthenticationService	externalAuthenticationService
AppConfiguration	appConfiguration
FacesContext	facesContext
ExternalContext	externalContext
FacesService	facesService
FacesMessages	facesMessages
LanguageBean	languageBean
RequestParameterService	requestParameterService
String	authAcr
Integer	authStep
boolean	addedErrorMessage

静的非公開変数類
static final String	INVALID_SESSION_MESSAGE = "login.errorSessionInvalidMessage"
static final String	AUTH_EXTERNAL_ATTRIBUTES = "auth_external_attributes"

詳解

Authenticator component

著者

Javier Rojas Blum

Yuriy Movchan

バージョン

August 23, 2018

関数詳解

addMessage()

void org.xdi.oxauth.auth.Authenticator.addMessage ( Severity  severity, String  summary  )

inline

                                                              {
        String msg = languageBean.getMessage(summary);
        FacesMessage message = new FacesMessage(severity, msg, null);
        facesContext.addMessage(null, message);
    }

authenticate()

boolean org.xdi.oxauth.auth.Authenticator.authenticate ( )

inline

Tries to authenticate an user, returns true if the authentication succeed

戻り値

Returns true if the authentication succeed

                                  {
        HttpServletRequest servletRequest = (HttpServletRequest) facesContext.getExternalContext().getRequest();
        if (!authenticateImpl(servletRequest, true, false)) {
            return authenticationFailed();
        } else {
            return true;
        }
    }

authenticateBySessionId() [1/2]

boolean org.xdi.oxauth.auth.Authenticator.authenticateBySessionId ( String  p_sessionId )

inline

                                                               {
        if (StringUtils.isNotBlank(p_sessionId) && appConfiguration.getSessionIdEnabled()) {
            try {
                SessionId sessionId = sessionIdService.getSessionId(p_sessionId);
                return authenticateBySessionId(sessionId);
            } catch (Exception e) {
                logger.trace(e.getMessage(), e);
            }
        }

        return false;
    }

authenticateBySessionId() [2/2]

boolean org.xdi.oxauth.auth.Authenticator.authenticateBySessionId ( SessionId  sessionId )

inline

                                                                {
        if (sessionId == null) {
            return false;
        }
        String p_sessionId = sessionId.getId();

        logger.trace("authenticateBySessionId, sessionId = '{}', session = '{}', state= '{}'", p_sessionId, sessionId,
                sessionId.getState());
        // IMPORTANT : authenticate by session id only if state of session is
        // authenticated!
        if (SessionIdState.AUTHENTICATED == sessionId.getState()) {
            final User user = authenticationService.getUserOrRemoveSession(sessionId);
            if (user != null) {
                try {
                    authenticationService.quietLogin(user.getUserId());

                    authenticationService.configureEventUser(sessionId);
                } catch (Exception e) {
                    logger.trace(e.getMessage(), e);
                }

                return true;
            }
        }

        return false;
    }

authenticateImpl()

boolean org.xdi.oxauth.auth.Authenticator.authenticateImpl ( HttpServletRequest  servletRequest, boolean  interactive, boolean  skipPassword  )

inline

                                                                                                                  {
        boolean authenticated = false;
        try {
            logger.trace("Authenticating ... (interactive: " + interactive + ", skipPassword: " + skipPassword
                    + ", credentials.username: " + credentials.getUsername() + ")");
            if (StringHelper.isNotEmpty(credentials.getUsername())
                    && (skipPassword || StringHelper.isNotEmpty(credentials.getPassword()))
                    && servletRequest != null && servletRequest.getRequestURI().endsWith("/token")) {
                authenticated = clientAuthentication(credentials, interactive, skipPassword);
            } else {
                if (interactive) {
                    authenticated = userAuthenticationInteractive();
                } else {
                    authenticated = userAuthenticationService();
                }
            }
        } catch (Exception ex) {
            logger.error(ex.getMessage(), ex);
        }

        if (authenticated) {
            logger.trace("Authentication successfully for '{}'", credentials.getUsername());
            return true;
        }

        logger.info("Authentication failed for '{}'", credentials.getUsername());
        return false;
    }

authenticateWebService() [1/2]

boolean org.xdi.oxauth.auth.Authenticator.authenticateWebService ( HttpServletRequest  servletRequest, boolean  skipPassword  )

inline

                                                                                                   {
        return authenticateImpl(servletRequest, false, skipPassword);
    }

authenticateWebService() [2/2]

boolean org.xdi.oxauth.auth.Authenticator.authenticateWebService ( HttpServletRequest  servletRequest )

inline

                                                                             {
        return authenticateImpl(servletRequest, false, false);
    }

authenticateWithOutcome()

String org.xdi.oxauth.auth.Authenticator.authenticateWithOutcome ( )

inline

                                            {
        HttpServletRequest servletRequest = (HttpServletRequest) facesContext.getExternalContext().getRequest();
        boolean result = authenticateImpl(servletRequest, true, false);
        if (result) {
            return Constants.RESULT_SUCCESS;
        } else {
            addMessage(FacesMessage.SEVERITY_ERROR, "login.failedToAuthenticate");
            return Constants.RESULT_FAILURE;
        }

    }

authenticationFailed()

boolean org.xdi.oxauth.auth.Authenticator.authenticationFailed ( )

inlineprivate

                                           {
        if (!this.addedErrorMessage) {
            addMessage(FacesMessage.SEVERITY_ERROR, "login.errorMessage");
        }
        return false;
    }

authenticationFailedSessionInvalid()

void org.xdi.oxauth.auth.Authenticator.authenticationFailedSessionInvalid ( )

inlineprivate

                                                      {
        this.addedErrorMessage = true;
        addMessage(FacesMessage.SEVERITY_ERROR, INVALID_SESSION_MESSAGE);
        facesService.redirect("/error.xhtml");
    }

authenticationSessionExpired()

void org.xdi.oxauth.auth.Authenticator.authenticationSessionExpired ( )

inlineprivate

                                                {
        this.addedErrorMessage = true;
        facesService.redirect("/expiredSession.xhtml");
    }

clearExternalScriptExtraParameters()

void org.xdi.oxauth.auth.Authenticator.clearExternalScriptExtraParameters ( Map< String, String >  sessionIdAttributes )

inlineprivate

                                                                                             {
        Map<String, String> authExternalAttributes = getExternalScriptExtraParameters(sessionIdAttributes);

        for (String authExternalAttribute : authExternalAttributes.keySet()) {
            sessionIdAttributes.remove(authExternalAttribute);
        }

        sessionIdAttributes.remove(AUTH_EXTERNAL_ATTRIBUTES);
    }

clientAuthentication()

boolean org.xdi.oxauth.auth.Authenticator.clientAuthentication ( Credentials  credentials, boolean  interactive, boolean  skipPassword  )

inline

                                                                                                            {
        boolean isServiceUsesExternalAuthenticator = !interactive
                && externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE);
        if (isServiceUsesExternalAuthenticator) {
            CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService
                    .determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);

            if (customScriptConfiguration == null) {
                logger.error("Failed to get CustomScriptConfiguration. acr: '{}'", this.authAcr);
            } else {
                this.authAcr = customScriptConfiguration.getCustomScript().getName();

                boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration,
                        null, 1);
                logger.info("Authentication result for user '{}', result: '{}'", credentials.getUsername(), result);

                if (result) {
                    Client client = authenticationService.configureSessionClient();
                    showClientAuthenticationLog(client);
                    return true;
                }
            }
        }

        boolean loggedIn = skipPassword;
        if (!loggedIn) {
            loggedIn = clientService.authenticate(credentials.getUsername(), credentials.getPassword());
        }
        if (loggedIn) {
            Client client = authenticationService.configureSessionClient();
            showClientAuthenticationLog(client);
            return true;
        }

        return false;
    }

configureSessionClient()

void org.xdi.oxauth.auth.Authenticator.configureSessionClient ( Client  client )

inline

                                                      {
        authenticationService.configureSessionClient(client);
    }

getExternalScriptExtraParameters()

Map<String, String> org.xdi.oxauth.auth.Authenticator.getExternalScriptExtraParameters ( Map< String, String >  sessionIdAttributes )

inlineprivate

                                                                                                          {
        String authExternalAttributesString = sessionIdAttributes.get(AUTH_EXTERNAL_ATTRIBUTES);
        Map<String, String> authExternalAttributes = new HashMap<String, String>();
        try {
            authExternalAttributes = Util.jsonObjectArrayStringAsMap(authExternalAttributesString);
        } catch (JSONException ex) {
            logger.error("Failed to convert JSON array of auth_external_attributes to Map<String, String>");
        }

        return authExternalAttributes;
    }

getMaskMobilenumber()

String org.xdi.oxauth.auth.Authenticator.getMaskMobilenumber ( String  mobile_number )

inline

                                                            {
        final String s = mobile_number.replaceAll("\\D", "");

        final int start = 0;
        final int end = s.length() - 4;
        final String overlay = StringUtils.repeat("*", end - start);

        return StringUtils.overlay(s, overlay, start, end);
    }

initCustomAuthenticatorVariables()

void org.xdi.oxauth.auth.Authenticator.initCustomAuthenticatorVariables ( Map< String, String >  sessionIdAttributes )

inlineprivate

                                                                                           {
        if (sessionIdAttributes == null) {
            logger.error("Failed to restore attributes from session attributes");
            return;
        }

        this.authStep = StringHelper.toInteger(sessionIdAttributes.get("auth_step"), null);
        this.authAcr = sessionIdAttributes.get(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE);
    }

isAuthStepPassed()

boolean org.xdi.oxauth.auth.Authenticator.isAuthStepPassed ( Map< String, String >  sessionIdAttributes, Integer  authStep  )

inlineprivate

                                                                                                {
        String key = String.format("auth_step_passed_%d", authStep);
        if (sessionIdAttributes.containsKey(key) && Boolean.parseBoolean(sessionIdAttributes.get(key))) {
            return true;
        }

        return false;
    }

isPassedPreviousAuthSteps()

boolean org.xdi.oxauth.auth.Authenticator.isPassedPreviousAuthSteps ( Map< String, String >  sessionIdAttributes, Integer  authStep  )

inlineprivate

                                                                                                         {
        for (int i = 1; i < authStep; i++) {
            boolean isAuthStepPassed = isAuthStepPassed(sessionIdAttributes, i);
            if (!isAuthStepPassed) {
                return false;
            }
        }

        return true;
    }

markAuthStepAsPassed()

void org.xdi.oxauth.auth.Authenticator.markAuthStepAsPassed ( Map< String, String >  sessionIdAttributes, Integer  authStep  )

inlineprivate

                                                                                                 {
        String key = String.format("auth_step_passed_%d", authStep);
        sessionIdAttributes.put(key, Boolean.TRUE.toString());
    }

prepareAuthenticationForStep()

String org.xdi.oxauth.auth.Authenticator.prepareAuthenticationForStep ( )

inline

                                                 {
        String result = prepareAuthenticationForStepImpl();

        if (Constants.RESULT_SUCCESS.equals(result)) {
        } else if (Constants.RESULT_FAILURE.equals(result)) {
            addMessage(FacesMessage.SEVERITY_ERROR, "login.failedToAuthenticate");
        } else if (Constants.RESULT_NO_PERMISSIONS.equals(result)) {
            addMessage(FacesMessage.SEVERITY_ERROR, "login.youDontHavePermission");
        } else if (Constants.RESULT_EXPIRED.equals(result)) {
            addMessage(FacesMessage.SEVERITY_ERROR, INVALID_SESSION_MESSAGE);
        }

        return result;
    }

prepareAuthenticationForStepImpl()

String org.xdi.oxauth.auth.Authenticator.prepareAuthenticationForStepImpl ( )

inlineprivate

                                                      {
        SessionId sessionId = sessionIdService.getSessionId();
        Map<String, String> sessionIdAttributes = sessionIdService.getSessionAttributes(sessionId);
        if (sessionIdAttributes == null) {
            logger.error("Failed to get attributes from session");
            return Constants.RESULT_EXPIRED;
        }

        // Set current state into identity to allow use in login form and
        // authentication scripts
        identity.setSessionId(sessionId);

        if (!externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE)) {
            return Constants.RESULT_SUCCESS;
        }

        initCustomAuthenticatorVariables(sessionIdAttributes);
        if (StringHelper.isEmpty(this.authAcr)) {
            return Constants.RESULT_SUCCESS;
        }

        if ((this.authStep == null) || (this.authStep < 1)) {
            return Constants.RESULT_NO_PERMISSIONS;
        }

        CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService
                .getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
        if (customScriptConfiguration == null) {
            logger.error("Failed to get CustomScriptConfiguration. auth_step: '{}', acr: '{}'", this.authStep,
                    this.authAcr);
            return Constants.RESULT_FAILURE;
        }

        String currentauthAcr = customScriptConfiguration.getName();

        customScriptConfiguration = externalAuthenticationService.determineExternalAuthenticatorForWorkflow(
                AuthenticationScriptUsageType.INTERACTIVE, customScriptConfiguration);
        if (customScriptConfiguration == null) {
            return Constants.RESULT_FAILURE;
        } else {
            String determinedauthAcr = customScriptConfiguration.getName();
            if (!StringHelper.equalsIgnoreCase(currentauthAcr, determinedauthAcr)) {
                // Redirect user to alternative login workflow
                String redirectTo = externalAuthenticationService
                        .executeExternalGetPageForStep(customScriptConfiguration, this.authStep);

                if (StringHelper.isEmpty(redirectTo)) {
                    redirectTo = "/login.xhtml";
                }

                CustomScriptConfiguration determinedCustomScriptConfiguration = externalAuthenticationService
                        .getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, determinedauthAcr);
                if (determinedCustomScriptConfiguration == null) {
                    logger.error("Failed to get determined CustomScriptConfiguration. auth_step: '{}', acr: '{}'",
                            this.authStep, this.authAcr);
                    return Constants.RESULT_FAILURE;
                }

                logger.debug("Redirect to page: '{}'. Force to use acr: '{}'", redirectTo, determinedauthAcr);

                determinedauthAcr = determinedCustomScriptConfiguration.getName();
                String determinedAuthLevel = Integer.toString(determinedCustomScriptConfiguration.getLevel());

                sessionIdAttributes.put("acr", determinedauthAcr);
                sessionIdAttributes.put("auth_level", determinedAuthLevel);
                sessionIdAttributes.put("auth_step", Integer.toString(1));

                // Remove old session parameters from session
                clearExternalScriptExtraParameters(sessionIdAttributes);

                if (sessionId != null) {
                    boolean updateResult = updateSession(sessionId, sessionIdAttributes);
                    if (!updateResult) {
                        return Constants.RESULT_EXPIRED;
                    }
                }

                facesService.redirectWithExternal(redirectTo, null);

                return Constants.RESULT_SUCCESS;
            }
        }

        // Check if all previous steps had passed
        boolean passedPreviousSteps = isPassedPreviousAuthSteps(sessionIdAttributes, this.authStep);
        if (!passedPreviousSteps) {
            logger.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'", this.authAcr,
                    this.authStep);
            return Constants.RESULT_FAILURE;
        }

        // Restore identity working parameters from session
        setIdentityWorkingParameters(sessionIdAttributes);

        Boolean result = externalAuthenticationService.executeExternalPrepareForStep(customScriptConfiguration,
                externalContext.getRequestParameterValuesMap(), this.authStep);
        if ((result != null) && result) {
            // Store/Update extra parameters in session attributes map
            updateExtraParameters(customScriptConfiguration, this.authStep, sessionIdAttributes);

            if (sessionId != null) {
                boolean updateResult = updateSession(sessionId, sessionIdAttributes);
                if (!updateResult) {
                    return Constants.RESULT_FAILURE;
                }
            }

            return Constants.RESULT_SUCCESS;
        } else {
            return Constants.RESULT_FAILURE;
        }
    }

setExternalScriptExtraParameters()

void org.xdi.oxauth.auth.Authenticator.setExternalScriptExtraParameters ( Map< String, String >  sessionIdAttributes, Map< String, String >  authExternalAttributes  )

inlineprivate

                                                                                              {
        String authExternalAttributesString = null;
        try {
            authExternalAttributesString = Util.mapAsString(authExternalAttributes);
        } catch (JSONException ex) {
            logger.error("Failed to convert Map<String, String> of auth_external_attributes to JSON array");
        }

        sessionIdAttributes.put(AUTH_EXTERNAL_ATTRIBUTES, authExternalAttributesString);
    }

setIdentityWorkingParameters()

void org.xdi.oxauth.auth.Authenticator.setIdentityWorkingParameters ( Map< String, String >  sessionIdAttributes )

inlineprivate

                                                                                       {
        Map<String, String> authExternalAttributes = getExternalScriptExtraParameters(sessionIdAttributes);

        HashMap<String, Object> workingParameters = identity.getWorkingParameters();
        for (Entry<String, String> authExternalAttributeEntry : authExternalAttributes.entrySet()) {
            String authExternalAttributeName = authExternalAttributeEntry.getKey();
            String authExternalAttributeType = authExternalAttributeEntry.getValue();

            if (sessionIdAttributes.containsKey(authExternalAttributeName)) {
                String authExternalAttributeValue = sessionIdAttributes.get(authExternalAttributeName);
                Object typedValue = requestParameterService.getTypedValue(authExternalAttributeValue, authExternalAttributeType);

                workingParameters.put(authExternalAttributeName, typedValue);
            }
        }
    }

showClientAuthenticationLog()

void org.xdi.oxauth.auth.Authenticator.showClientAuthenticationLog ( Client  client )

inlineprivate

                                                            {
        StringBuilder sb = new StringBuilder("Authentication success for Client");
        if (StringHelper.toBoolean(appConfiguration.getLogClientIdOnClientAuthentication(), false)
                || StringHelper.toBoolean(appConfiguration.getLogClientNameOnClientAuthentication(), false)) {
            sb.append(":");
            if (appConfiguration.getLogClientIdOnClientAuthentication()) {
                sb.append(" ").append("'").append(client.getClientId()).append("'");
            }
            if (appConfiguration.getLogClientNameOnClientAuthentication()) {
                sb.append(" ").append("('").append(client.getClientName()).append("')");
            }
        }
        logger.info(sb.toString());
    }

updateExtraParameters()

void org.xdi.oxauth.auth.Authenticator.updateExtraParameters ( CustomScriptConfiguration  customScriptConfiguration, final int  step, Map< String, String >  sessionIdAttributes  )

inlineprivate

                                                                                {
        List<String> extraParameters = externalAuthenticationService
                .executeExternalGetExtraParametersForStep(customScriptConfiguration, step);

        // Load extra parameters set
        Map<String, String> authExternalAttributes = getExternalScriptExtraParameters(sessionIdAttributes);

        if (extraParameters != null) {
            for (String extraParameter : extraParameters) {
                if (authenticationService.isParameterExists(extraParameter)) {
                    Pair<String, String> extraParameterValueWithType = requestParameterService.getParameterValueWithType(extraParameter);
                    String extraParameterValue = extraParameterValueWithType.getFirst();
                    String extraParameterType = extraParameterValueWithType.getSecond();

                    // Store parameter name and value
                    sessionIdAttributes.put(extraParameter, extraParameterValue);

                    // Store parameter name and type
                    authExternalAttributes.put(extraParameter, extraParameterType);
                }
            }
        }

        // Store identity working parameters in session
        setExternalScriptExtraParameters(sessionIdAttributes, authExternalAttributes);
    }

updateSession()

boolean org.xdi.oxauth.auth.Authenticator.updateSession ( SessionId  sessionId, Map< String, String >  sessionIdAttributes  )

inlineprivate

                                                                                                {
        sessionId.setSessionAttributes(sessionIdAttributes);
        boolean updateResult = sessionIdService.updateSessionId(sessionId, true, true, true);
        if (!updateResult) {
            logger.debug("Failed to update session entry: '{}'", sessionId.getId());
            return false;
        }

        return true;
    }

userAuthenticationInteractive()

boolean org.xdi.oxauth.auth.Authenticator.userAuthenticationInteractive ( )

inlineprivate

                                                    {
        SessionId sessionId = sessionIdService.getSessionId();
        Map<String, String> sessionIdAttributes = sessionIdService.getSessionAttributes(sessionId);
        if (sessionIdAttributes == null) {
            logger.error("Failed to get session attributes");
            authenticationSessionExpired();
            return false;
        }

        // Set current state into identity to allow use in login form and
        // authentication scripts
        identity.setSessionId(sessionId);

        initCustomAuthenticatorVariables(sessionIdAttributes);
        boolean useExternalAuthenticator = externalAuthenticationService
                .isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
        if (useExternalAuthenticator && !StringHelper.isEmpty(this.authAcr)) {
            initCustomAuthenticatorVariables(sessionIdAttributes);
            if ((this.authStep == null) || StringHelper.isEmpty(this.authAcr)) {
                logger.error("Failed to determine authentication mode");
                authenticationFailedSessionInvalid();
                return false;
            }

            CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService
                    .getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
            if (customScriptConfiguration == null) {
                logger.error("Failed to get CustomScriptConfiguration for acr: '{}', auth_step: '{}'", this.authAcr,
                        this.authStep);
                return false;
            }

            // Check if all previous steps had passed
            boolean passedPreviousSteps = isPassedPreviousAuthSteps(sessionIdAttributes, this.authStep);
            if (!passedPreviousSteps) {
                logger.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'",
                        this.authAcr, this.authStep);
                return false;
            }

            // Restore identity working parameters from session
            setIdentityWorkingParameters(sessionIdAttributes);

            boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration,
                    externalContext.getRequestParameterValuesMap(), this.authStep);
            logger.debug("Authentication result for user '{}'. auth_step: '{}', result: '{}', credentials: '{}'",
                    credentials.getUsername(), this.authStep, result, System.identityHashCode(credentials));

            int overridenNextStep = -1;

            int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
            if (apiVersion > 1) {
                logger.trace("According to API version script supports steps overriding");
                overridenNextStep = externalAuthenticationService.getNextStep(customScriptConfiguration,
                        externalContext.getRequestParameterValuesMap(), this.authStep);
                logger.debug("Get next step from script: '{}'", overridenNextStep);
            }

            if (!result && (overridenNextStep == -1)) {
                // Force session lastUsedAt update if authentication attempt is failed
                sessionIdService.updateSessionId(sessionId);
                return false;
            }

            boolean overrideCurrentStep = false;
            if (overridenNextStep > -1) {
                overrideCurrentStep = true;
                // Reload session id
                sessionId = sessionIdService.getSessionId();

                // Reset to specified step
                sessionIdService.resetToStep(sessionId, overridenNextStep);

                this.authStep = overridenNextStep;
                logger.info("Authentication reset to step : '{}'", this.authStep);
            }

            // Update parameters map to allow access it from count
            // authentication steps method
            updateExtraParameters(customScriptConfiguration, this.authStep + 1, sessionIdAttributes);

            // Determine count authentication methods
            int countAuthenticationSteps = externalAuthenticationService
                    .executeExternalGetCountAuthenticationSteps(customScriptConfiguration);

            // Reload from LDAP to make sure that we are updating latest session
            // attributes
            sessionId = sessionIdService.getSessionId();
            sessionIdAttributes = sessionIdService.getSessionAttributes(sessionId);

            // Prepare for next step
            if ((this.authStep < countAuthenticationSteps) || overrideCurrentStep) {
                int nextStep;
                if (overrideCurrentStep) {
                    nextStep = overridenNextStep;
                } else {
                    nextStep = this.authStep + 1;
                }

                String redirectTo = externalAuthenticationService
                        .executeExternalGetPageForStep(customScriptConfiguration, nextStep);
                if (StringHelper.isEmpty(redirectTo) || redirectTo == null) {
                    redirectTo = "/error.xhtml";
                }

                // Store/Update extra parameters in session attributes map
                updateExtraParameters(customScriptConfiguration, nextStep, sessionIdAttributes);

                if (!overrideCurrentStep) {
                    // Update auth_step
                    sessionIdAttributes.put("auth_step", Integer.toString(nextStep));

                    // Mark step as passed
                    markAuthStepAsPassed(sessionIdAttributes, this.authStep);
                }

                if (sessionId != null) {
                    boolean updateResult = updateSession(sessionId, sessionIdAttributes);
                    if (!updateResult) {
                        return false;
                    }
                }

                logger.trace("Redirect to page: '{}'", redirectTo);
                facesService.redirectWithExternal(redirectTo, null);

                return true;
            }

            if (this.authStep == countAuthenticationSteps) {
                SessionId eventSessionId = authenticationService.configureSessionUser(sessionId, sessionIdAttributes);

                authenticationService.quietLogin(credentials.getUsername());

                // Redirect to authorization workflow
                logger.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
                authenticationService.onSuccessfulLogin(eventSessionId);

                logger.info("Authentication success for User: '{}'", credentials.getUsername());
                return true;
            }
        } else {
            if (StringHelper.isNotEmpty(credentials.getUsername())) {
                boolean authenticated = authenticationService.authenticate(credentials.getUsername(),
                        credentials.getPassword());
                if (authenticated) {
                    SessionId eventSessionId = authenticationService.configureSessionUser(sessionId,
                            sessionIdAttributes);

                    // Redirect to authorization workflow
                    logger.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
                    authenticationService.onSuccessfulLogin(eventSessionId);
                } else {
                    // Force session lastUsedAt update if authentication attempt is failed
                    sessionIdService.updateSessionId(sessionId);
                }

                logger.info("Authentication success for User: '{}'", credentials.getUsername());
                return true;
            }
        }

        return false;
    }

userAuthenticationService()

boolean org.xdi.oxauth.auth.Authenticator.userAuthenticationService ( )

inlineprivate

                                                {
        if (externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE)) {
            CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService
                    .determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);

            if (customScriptConfiguration == null) {
                logger.error("Failed to get CustomScriptConfiguration. auth_step: '{}', acr: '{}'", this.authStep,
                        this.authAcr);
            } else {
                this.authAcr = customScriptConfiguration.getName();

                boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration,
                        null, 1);
                logger.info("Authentication result for '{}'. auth_step: '{}', result: '{}'", credentials.getUsername(),
                        this.authStep, result);

                if (result) {
                    authenticationService.configureEventUser();

                    logger.info("Authentication success for User: '{}'", credentials.getUsername());
                    return true;
                }
                logger.info("Authentication failed for User: '{}'", credentials.getUsername());
            }
        }

        if (StringHelper.isNotEmpty(credentials.getUsername())) {
            boolean authenticated = authenticationService.authenticate(credentials.getUsername(),
                    credentials.getPassword());
            if (authenticated) {
                authenticationService.configureEventUser();

                logger.info("Authentication success for User: '{}'", credentials.getUsername());
                return true;
            }
            logger.info("Authentication failed for User: '{}'", credentials.getUsername());
        }

        return false;
    }

メンバ詳解

addedErrorMessage

boolean org.xdi.oxauth.auth.Authenticator.addedErrorMessage

private

appConfiguration

AppConfiguration org.xdi.oxauth.auth.Authenticator.appConfiguration

private

AUTH_EXTERNAL_ATTRIBUTES

final String org.xdi.oxauth.auth.Authenticator.AUTH_EXTERNAL_ATTRIBUTES = "auth_external_attributes"

staticprivate

authAcr

String org.xdi.oxauth.auth.Authenticator.authAcr

private

authenticationService

AuthenticationService org.xdi.oxauth.auth.Authenticator.authenticationService

private

authStep

Integer org.xdi.oxauth.auth.Authenticator.authStep

private

clientService

ClientService org.xdi.oxauth.auth.Authenticator.clientService

private

credentials

Credentials org.xdi.oxauth.auth.Authenticator.credentials

private

externalAuthenticationService

ExternalAuthenticationService org.xdi.oxauth.auth.Authenticator.externalAuthenticationService

private

externalContext

ExternalContext org.xdi.oxauth.auth.Authenticator.externalContext

private

facesContext

FacesContext org.xdi.oxauth.auth.Authenticator.facesContext

private

facesMessages

FacesMessages org.xdi.oxauth.auth.Authenticator.facesMessages

private

facesService

FacesService org.xdi.oxauth.auth.Authenticator.facesService

private

identity

Identity org.xdi.oxauth.auth.Authenticator.identity

private

INVALID_SESSION_MESSAGE

final String org.xdi.oxauth.auth.Authenticator.INVALID_SESSION_MESSAGE = "login.errorSessionInvalidMessage"

staticprivate

languageBean

LanguageBean org.xdi.oxauth.auth.Authenticator.languageBean

private

logger

Logger org.xdi.oxauth.auth.Authenticator.logger

private

requestParameterService

RequestParameterService org.xdi.oxauth.auth.Authenticator.requestParameterService

private

sessionIdService

SessionIdService org.xdi.oxauth.auth.Authenticator.sessionIdService

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/auth/Authenticator.java