org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration > クラステンプレート

org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration > の継承関係図

org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration > 連携図

公開メンバ関数
	OpenIdClient (final Configuration< C, L > configuration)
void	init ()
String	getName ()
String	getRedirectionUrl (final WebContext context)
boolean	isAuthorizationResponse (final WebContext context)
boolean	isValidRequestState (final WebContext context)
final OpenIdCredentials	getCredentials (final WebContext context)
UserProfile	getUserProfile (final OpenIdCredentials credential, final WebContext context)
C	getAppConfiguration ()
OpenIdConfigurationResponse	getOpenIdConfiguration ()

限定公開メンバ関数
void	initInternal ()
CommonProfile	retrieveUserProfileFromUserInfoResponse (final WebContext context, final UserInfoResponse userInfoResponse)
String	getFirstClaim (final UserInfoResponse userInfoResponse, final String claimName)

非公開メンバ関数
void	loadOpenIdConfiguration ()
void	initClient ()
boolean	isValidClient (final long now)
RegisterResponse	registerOpenIdClient ()
String	getAccessToken (final OpenIdCredentials credential)
UserInfoResponse	getUserInfo (final String accessToken)

非公開変数類
final Logger	logger = LoggerFactory.getLogger(OpenIdClient.class)
final ReentrantLock	clientLock = new ReentrantLock()
C	appConfiguration
String	clientId
String	clientSecret
long	clientExpiration
boolean	preRegisteredClient
OpenIdConfigurationResponse	openIdConfiguration
Configuration< C, L >	configuration

静的非公開変数類
static final String	STATE_PARAMETER = "#state_parameter"
static final String	NONCE_PARAMETER = "#nonce_parameter"
static final long	NEW_CLIENT_EXPIRATION_OVERLAP = 60 * 1000

詳解

This class is the oxAuth client to authenticate users and retrieve user profile

著者

Yuriy Movchan 11/02/2015

構築子と解体子

OpenIdClient()

org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.OpenIdClient ( final Configuration< C, L >  configuration )

inline

                                                                     {
                this.configuration = configuration;
                this.appConfiguration = configuration.getAppConfiguration();
        }

関数詳解

getAccessToken()

String org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.getAccessToken ( final OpenIdCredentials  credential )

inlineprivate

                                                                          {
                // Request access token using the authorization code
                logger.debug("Getting access token");

                final TokenClient tokenClient = new TokenClient(this.openIdConfiguration.getTokenEndpoint());

                final TokenResponse tokenResponse = tokenClient.execAuthorizationCode(credential.getAuthorizationCode(), this.appConfiguration.getOpenIdRedirectUrl(), this.clientId, this.clientSecret);
                logger.trace("tokenResponse.getStatus(): '{}'", tokenResponse.getStatus());
                logger.trace("tokenResponse.getErrorType(): '{}'", tokenResponse.getErrorType());

                final String accessToken = tokenResponse.getAccessToken();
                logger.trace("accessToken : " + accessToken);

                return accessToken;
        }

getAppConfiguration()

C org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.getAppConfiguration ( )

inline

                                       {
                return appConfiguration;
        }

getCredentials()

final OpenIdCredentials org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.getCredentials ( final WebContext  context )

inline

{}

                                                                                {
                final String authorizationCode = context.getRequestParameter(ResponseType.CODE.getValue());

                final OpenIdCredentials clientCredential = new OpenIdCredentials(authorizationCode);
                clientCredential.setClientName(getName());
                logger.debug("Client credential: '{}'", clientCredential);

                return clientCredential;
        }

getFirstClaim()

String org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.getFirstClaim ( final UserInfoResponse  userInfoResponse, final String  claimName  )

inlineprotected

                                                                                                        {
                final List<String> claims = userInfoResponse.getClaim(claimName);

                if ((claims == null) || claims.isEmpty()) {
                        return null;
                }

                return claims.get(0);
        }

getName()

String org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.getName ( )

inline

{}

                                {
                return this.getClass().getSimpleName();
        }

getOpenIdConfiguration()

OpenIdConfigurationResponse org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.getOpenIdConfiguration ( )

inline

                                                                    {
                return openIdConfiguration;
        }

getRedirectionUrl()

String org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.getRedirectionUrl ( final WebContext  context )

inline

{}

                                                                  {
                init();

                final String state = RandomStringUtils.randomAlphanumeric(10);
                final String nonce = RandomStringUtils.randomAlphanumeric(10);

                final AuthorizationRequest authorizationRequest = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), this.clientId, this.appConfiguration.getOpenIdScopes(),
                                this.appConfiguration.getOpenIdRedirectUrl(), null);

                authorizationRequest.setState(state);
                authorizationRequest.setNonce(nonce);

                context.setSessionAttribute(getName() + STATE_PARAMETER, state);
        context.setSessionAttribute(getName() + NONCE_PARAMETER, nonce);

                final String redirectionUrl = this.openIdConfiguration.getAuthorizationEndpoint() + "?" + authorizationRequest.getQueryString();
                logger.debug("oxAuth redirection Url: '{}'", redirectionUrl);

                return redirectionUrl;
        }

getUserInfo()

UserInfoResponse org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.getUserInfo ( final String  accessToken )

inlineprivate

                                                                       {
                logger.debug("Session validation successful. Getting user information");

                final UserInfoClient userInfoClient = new UserInfoClient(this.openIdConfiguration.getUserInfoEndpoint());
                final UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);

                logger.trace("userInfoResponse.getStatus(): '{}'", userInfoResponse.getStatus());
                logger.trace("userInfoResponse.getErrorType(): '{}'", userInfoResponse.getErrorType());
                logger.debug("userInfoResponse.getClaims(): '{}'", userInfoResponse.getClaims());

                return userInfoResponse;
        }

getUserProfile()

UserProfile org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.getUserProfile ( final OpenIdCredentials  credential, final WebContext  context  )

inline

{}

                                                                                                        {
                init();

                try {
                        final String accessToken = getAccessToken(credential);
                        final UserInfoResponse userInfoResponse = getUserInfo(accessToken);

                        final UserProfile profile = retrieveUserProfileFromUserInfoResponse(context, userInfoResponse);
                        logger.debug("User profile: '{}'", profile);

                        return profile;
                } catch (final Exception ex) {
                        throw new CommunicationException(ex);
                }
        }

init()

void org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.init ( )

inline

                           {
                super.init();
                initClient();
        }

initClient()

void org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.initClient ( )

inlineprivate

                                  {
                if (this.preRegisteredClient) {
                        return;
                }

                long now = System.currentTimeMillis();

                // Register new client if the previous one is missing or expired
                if (!isValidClient(now)) {
                        clientLock.lock();
                        try {
                                now = System.currentTimeMillis();
                                if (!isValidClient(now)) {
                                        RegisterResponse clientRegisterResponse = registerOpenIdClient();

                                        this.clientId = clientRegisterResponse.getClientId();
                                        this.clientSecret = clientRegisterResponse.getClientSecret();
                                        this.clientExpiration = clientRegisterResponse.getClientSecretExpiresAt().getTime();
                                }
                        } finally {
                                clientLock.unlock();
                        }
                }
        }

initInternal()

void org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.initInternal ( )

inlineprotected

                                      {
                this.clientId = appConfiguration.getOpenIdClientId();
                this.clientSecret = appConfiguration.getOpenIdClientPassword();
                
                if (StringHelper.isNotEmpty(this.clientSecret)) {
                        try {
                                StringEncrypter stringEncrypter = StringEncrypter.instance(this.configuration.getCryptoConfigurationSalt());
                                this.clientSecret = stringEncrypter.decrypt(this.clientSecret);
                        } catch (EncryptionException ex) {
                                logger.warn("Assuming that client password is not encrypted!");
                        }
                }

                this.preRegisteredClient = StringHelper.isNotEmpty(this.clientId) && StringHelper.isNotEmpty(this.clientSecret);

                loadOpenIdConfiguration();
        }

isAuthorizationResponse()

boolean org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.isAuthorizationResponse ( final WebContext  context )

inline

{}

                                                                         {
                final String authorizationCode = context.getRequestParameter(ResponseType.CODE.getValue());
                logger.debug("oxAuth authorization code: '{}'", authorizationCode);

                final boolean result = StringHelper.isNotEmpty(authorizationCode);
                logger.debug("Is authorization request: '{}'", result);

                return result;
        }

isValidClient()

boolean org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.isValidClient ( final long  now )

inlineprivate

                                                      {
                if (StringHelper.isEmpty(this.clientId) || StringHelper.isEmpty(this.clientSecret) || (this.clientExpiration - NEW_CLIENT_EXPIRATION_OVERLAP <= now)) {
                        return false;
                }

                return true;
        }

isValidRequestState()

boolean org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.isValidRequestState ( final WebContext  context )

inline

{}

                                                                     {
                final String state = context.getRequestParameter("state");
                logger.debug("oxAuth request state: '{}'", state);

                final Object sessionState = context.getSessionAttribute(getName() + STATE_PARAMETER);
                logger.debug("Session context state: '{}'", sessionState);

                final boolean emptySessionState = StringHelper.isEmptyString(sessionState);
                if (emptySessionState) {
                        return false;
                }

                final boolean result = StringHelper.equals(state, (String) sessionState);
                logger.debug("Is valid state: '{}'", result);

                return result;
        }

loadOpenIdConfiguration()

void org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.loadOpenIdConfiguration ( )

inlineprivate

                                               {
                String openIdProvider = appConfiguration.getOpenIdProviderUrl();
                if (StringHelper.isEmpty(openIdProvider)) {
                        throw new ConfigurationException("OpenIdProvider Url is invalid");
                }

                final OpenIdConfigurationClient openIdConfigurationClient = new OpenIdConfigurationClient(openIdProvider);
                final OpenIdConfigurationResponse response = openIdConfigurationClient.execOpenIdConfiguration();
                if ((response == null) || (response.getStatus() != 200)) {
                        throw new ConfigurationException("Failed to load oxAuth configuration");
                }

                logger.info("Successfully loaded oxAuth configuration");

                this.openIdConfiguration = response;
        }

registerOpenIdClient()

RegisterResponse org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.registerOpenIdClient ( )

inlineprivate

                                                        {
                logger.info("Registering OpenId client");

                String clientName = this.appConfiguration.getApplicationName() + " client";
                RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, clientName, Arrays.asList(this.appConfiguration.getOpenIdRedirectUrl()));
                registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS256);
                registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);

                RegisterClient registerClient = new RegisterClient(openIdConfiguration.getRegistrationEndpoint());
                registerClient.setRequest(registerRequest);
                RegisterResponse response = registerClient.exec();

                if ((response == null) || (response.getStatus() != 200)) {
                        throw new ConfigurationException("Failed to register new client");
                }

                return response;
        }

retrieveUserProfileFromUserInfoResponse()

CommonProfile org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.retrieveUserProfileFromUserInfoResponse ( final WebContext  context, final UserInfoResponse  userInfoResponse  )

inlineprotected

                                                                                                                                           {
                final CommonProfile profile = new CommonProfile();

                String nonceResponse = getFirstClaim(userInfoResponse, JwtClaimName.NONCE);
        final String nonceSession = (String) context.getSessionAttribute(getName() + NONCE_PARAMETER);
        logger.debug("Session nonce: '{}'", nonceSession);
        if (!StringHelper.equals(nonceSession, nonceResponse)) {
            logger.error("User info response:  nonce is not matching.");
            throw new CommunicationException("Nonce is not match");
        }

                String id = getFirstClaim(userInfoResponse, JwtClaimName.USER_NAME);
                if (StringHelper.isEmpty(id)) {
                        id = getFirstClaim(userInfoResponse, JwtClaimName.SUBJECT_IDENTIFIER);
                }
                profile.setId(id);

                List<ClaimToAttributeMapping> claimMappings = this.appConfiguration.getOpenIdClaimMapping();
                if ((claimMappings == null) || (claimMappings.size() == 0)) {
                        logger.info("Using default claims to attributes mapping");
                        profile.setUserName(id);
                        profile.setEmail(getFirstClaim(userInfoResponse, JwtClaimName.EMAIL));
        
                        profile.setDisplayName(getFirstClaim(userInfoResponse, JwtClaimName.NAME));
                        profile.setFirstName(getFirstClaim(userInfoResponse, JwtClaimName.GIVEN_NAME));
                        profile.setFamilyName(getFirstClaim(userInfoResponse, JwtClaimName.FAMILY_NAME));
                        profile.setZone(getFirstClaim(userInfoResponse, JwtClaimName.ZONEINFO));
                        profile.setLocale(getFirstClaim(userInfoResponse, JwtClaimName.LOCALE));
                } else {
                        for (ClaimToAttributeMapping mapping : claimMappings) {
                                String attribute = mapping.getAttribute();
                                String value = getFirstClaim(userInfoResponse, mapping.getClaim());
                                profile.addAttribute(attribute, value);
                                logger.trace("Adding attribute '{}' with value '{}'", attribute, value);
                        }
                }

                return profile;
        }

メンバ詳解

appConfiguration

C org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.appConfiguration

private

clientExpiration

long org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.clientExpiration

private

clientId

String org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.clientId

private

clientLock

final ReentrantLock org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.clientLock = new ReentrantLock()

private

clientSecret

String org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.clientSecret

private

configuration

Configuration<C, L> org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.configuration

private

logger

final Logger org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.logger = LoggerFactory.getLogger(OpenIdClient.class)

private

NEW_CLIENT_EXPIRATION_OVERLAP

final long org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.NEW_CLIENT_EXPIRATION_OVERLAP = 60 * 1000

staticprivate

NONCE_PARAMETER

final String org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.NONCE_PARAMETER = "#nonce_parameter"

staticprivate

openIdConfiguration

OpenIdConfigurationResponse org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.openIdConfiguration

private

preRegisteredClient

boolean org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.preRegisteredClient

private

STATE_PARAMETER

final String org.gluu.oxauth.client.OpenIdClient< C extends AppConfiguration, L extends LdapAppConfiguration >.STATE_PARAMETER = "#state_parameter"

staticprivate

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxTrust/openid-auth-client/src/main/java/org/gluu/oxauth/client/OpenIdClient.java