org.xdi.oxauth.service.AuthorizeService 連携図

公開メンバ関数
SessionId	getSession ()

SessionId	getSession (String sessionId)

void	permissionGranted (HttpServletRequest httpRequest, final SessionId session)

void	permissionDenied (final SessionId session)

List< org.xdi.oxauth.model.common.Scope >	getScopes ()

List< Scope >	getScopes (String scopes)

静的公開変数類
static final List< String >	ALLOWED_PARAMETER

非公開メンバ関数
void	authenticationFailedSessionInvalid ()

非公開変数類
Logger	log

ClientService	clientService

ErrorResponseFactory	errorResponseFactory

SessionIdService	sessionIdService

UserService	userService

ClientAuthorizationsService	clientAuthorizationsService

Identity	identity

Authenticator	authenticator

FacesService	facesService

FacesMessages	facesMessages

AppConfiguration	appConfiguration

ScopeService	scopeService

RequestParameterService	requestParameterService

詳解

著者: Yuriy Movchan; Javier Rojas Blum

バージョン: January 17, 2018

関数詳解

◆ authenticationFailedSessionInvalid()

void org.xdi.oxauth.service.AuthorizeService.authenticationFailedSessionInvalid ( )

inlineprivate

                                                       {
         facesMessages.add(FacesMessage.SEVERITY_ERROR, "login.errorSessionInvalidMessage");
         facesService.redirect("/error.xhtml");
     }

◆ getScopes() [1/2]

List<org.xdi.oxauth.model.common.Scope> org.xdi.oxauth.service.AuthorizeService.getScopes ( )

inline

                                                                {
         SessionId session = getSession();
         String scope = session.getSessionAttributes().get("scope");
 
         return getScopes(scope);
 
     }

◆ getScopes() [2/2]

List<Scope> org.xdi.oxauth.service.AuthorizeService.getScopes ( String scopes )

inline

                                                 {
         List<org.xdi.oxauth.model.common.Scope> result = new ArrayList<org.xdi.oxauth.model.common.Scope>();
 
         if (scopes != null && !scopes.isEmpty()) {
             String[] scopesName = scopes.split(" ");
             for (String scopeName : scopesName) {
                 org.xdi.oxauth.model.common.Scope s = scopeService.getScopeByDisplayName(scopeName);
                 if (s != null && s.getDescription() != null) {
                     result.add(s);
                 }
             }
         }
 
         return result;
     }

◆ getSession() [1/2]

SessionId org.xdi.oxauth.service.AuthorizeService.getSession ( )

inline

                                   {
         return getSession(null);
     }

◆ getSession() [2/2]

SessionId org.xdi.oxauth.service.AuthorizeService.getSession ( String sessionId )

inline

                                                   {
         if (StringUtils.isBlank(sessionId)) {
             sessionId = sessionIdService.getSessionIdFromCookie();
             if (StringUtils.isBlank(sessionId)) {
                 return null;
             }
         }
 
         if (!identity.isLoggedIn()) {
             authenticator.authenticateBySessionId(sessionId);
         }
 
         SessionId ldapSessionId = sessionIdService.getSessionId(sessionId);
         if (ldapSessionId == null) {
             identity.logout();
         }
 
         return ldapSessionId;
     }

◆ permissionDenied()

void org.xdi.oxauth.service.AuthorizeService.permissionDenied ( final SessionId session )

inline

                                                           {
         log.trace("permissionDenied");
 
         if (session == null) {
             authenticationFailedSessionInvalid();
             return;
         }
 
         StringBuilder sb = new StringBuilder();
         String redirectUri = session.getSessionAttributes().get(AuthorizeRequestParam.REDIRECT_URI);
         String state = session.getSessionAttributes().get(AuthorizeRequestParam.STATE);
 
         sb.append(redirectUri);
         if (redirectUri != null && redirectUri.contains("?")) {
             sb.append("&");
         } else {
             sb.append("?");
         }
         sb.append(errorResponseFactory.getErrorAsQueryString(AuthorizeErrorResponseType.ACCESS_DENIED, state));
 
         facesService.redirectToExternalURL(sb.toString());
     }

◆ permissionGranted()

void org.xdi.oxauth.service.AuthorizeService.permissionGranted	(	HttpServletRequest	httpRequest,
		final SessionId	session
	)

inline

                                                                                            {
         log.trace("permissionGranted");
         try {
             final User user = userService.getUserByDn(session.getUserDn());
             if (user == null) {
                 log.error("Permission denied. Failed to find session user: userDn = " + session.getUserDn() + ".");
                 permissionDenied(session);
                 return;
             }
 
             String clientId = session.getSessionAttributes().get(AuthorizeRequestParam.CLIENT_ID);
             final Client client = clientService.getClient(clientId);
 
             String scope = session.getSessionAttributes().get(AuthorizeRequestParam.SCOPE);
             String responseType = session.getSessionAttributes().get(AuthorizeRequestParam.RESPONSE_TYPE);
 
             boolean persistDuringImplicitFlow = ServerUtil.isFalse(appConfiguration.getUseCacheForAllImplicitFlowObjects()) || !ResponseType.isImplicitFlow(responseType);
             if (!client.getTrustedClient() && persistDuringImplicitFlow) {
                 final Set<String> scopes = Sets.newHashSet(org.xdi.oxauth.model.util.StringUtils.spaceSeparatedToList(scope));
                 clientAuthorizationsService.add(user.getAttribute("inum"), client.getClientId(), scopes, client.getPersistClientAuthorizations());
             }
             session.addPermission(clientId, true);
             sessionIdService.updateSessionId(session);
 
             // OXAUTH-297 - set session_id cookie
             sessionIdService.createSessionIdCookie(session.getId(), session.getSessionState(), false);
 
             Map<String, String> sessionAttribute = requestParameterService.getAllowedParameters(session.getSessionAttributes());
 
             if (sessionAttribute.containsKey(AuthorizeRequestParam.PROMPT)) {
                 List<Prompt> prompts = Prompt.fromString(sessionAttribute.get(AuthorizeRequestParam.PROMPT), " ");
                 prompts.remove(Prompt.CONSENT);
                 sessionAttribute.put(AuthorizeRequestParam.PROMPT, org.xdi.oxauth.model.util.StringUtils.implodeEnum(prompts, " "));
             }
 
             final String parametersAsString = requestParameterService.parametersAsString(sessionAttribute);
             final String uri = httpRequest.getContextPath() + "/restv1/authorize?" + parametersAsString;
             log.trace("permissionGranted, redirectTo: {}", uri);
 
             facesService.redirectToExternalURL(uri);
         } catch (UnsupportedEncodingException e) {
             log.trace(e.getMessage(), e);
         }
     }

メンバ詳解

◆ ALLOWED_PARAMETER

final List<String> org.xdi.oxauth.service.AuthorizeService.ALLOWED_PARAMETER

static

初期値:

= Collections.unmodifiableList(Arrays.asList(
            AuthorizeRequestParam.SCOPE,
            AuthorizeRequestParam.RESPONSE_TYPE,
            AuthorizeRequestParam.CLIENT_ID,
            AuthorizeRequestParam.REDIRECT_URI,
            AuthorizeRequestParam.STATE,
            AuthorizeRequestParam.RESPONSE_MODE,
            AuthorizeRequestParam.NONCE,
            AuthorizeRequestParam.DISPLAY,
            AuthorizeRequestParam.PROMPT,
            AuthorizeRequestParam.MAX_AGE,
            AuthorizeRequestParam.UI_LOCALES,
            AuthorizeRequestParam.ID_TOKEN_HINT,
            AuthorizeRequestParam.LOGIN_HINT,
            AuthorizeRequestParam.ACR_VALUES,
            AuthorizeRequestParam.SESSION_ID,
            AuthorizeRequestParam.REQUEST,
            AuthorizeRequestParam.REQUEST_URI,
            AuthorizeRequestParam.ORIGIN_HEADERS,
            AuthorizeRequestParam.CODE_CHALLENGE,
            AuthorizeRequestParam.CODE_CHALLENGE_METHOD,
            AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS,
            AuthorizeRequestParam.CLAIMS))

◆ appConfiguration

AppConfiguration org.xdi.oxauth.service.AuthorizeService.appConfiguration

private

◆ authenticator

Authenticator org.xdi.oxauth.service.AuthorizeService.authenticator

private

◆ clientAuthorizationsService

ClientAuthorizationsService org.xdi.oxauth.service.AuthorizeService.clientAuthorizationsService

private

◆ clientService

ClientService org.xdi.oxauth.service.AuthorizeService.clientService

private

◆ errorResponseFactory

ErrorResponseFactory org.xdi.oxauth.service.AuthorizeService.errorResponseFactory

private

◆ facesMessages

FacesMessages org.xdi.oxauth.service.AuthorizeService.facesMessages

private

◆ facesService

FacesService org.xdi.oxauth.service.AuthorizeService.facesService

private

◆ identity

Identity org.xdi.oxauth.service.AuthorizeService.identity

private

◆ log

Logger org.xdi.oxauth.service.AuthorizeService.log

private

◆ requestParameterService

RequestParameterService org.xdi.oxauth.service.AuthorizeService.requestParameterService

private

◆ scopeService

ScopeService org.xdi.oxauth.service.AuthorizeService.scopeService

private

◆ sessionIdService

SessionIdService org.xdi.oxauth.service.AuthorizeService.sessionIdService

private

◆ userService

UserService org.xdi.oxauth.service.AuthorizeService.userService

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/service/AuthorizeService.java

公開メンバ関数

静的公開変数類

非公開メンバ関数

非公開変数類

詳解

関数詳解

◆ authenticationFailedSessionInvalid()

◆ getScopes() [1/2]

◆ getScopes() [2/2]

◆ getSession() [1/2]

◆ getSession() [2/2]

◆ permissionDenied()

◆ permissionGranted()

メンバ詳解

◆ ALLOWED_PARAMETER

◆ appConfiguration

◆ authenticator

◆ clientAuthorizationsService

◆ clientService

◆ errorResponseFactory

◆ facesMessages

◆ facesService

◆ identity

◆ log

◆ requestParameterService

◆ scopeService

◆ sessionIdService

◆ userService