mitreid-connect
公開メンバ関数 | 静的公開変数類 | 非公開メンバ関数 | 非公開変数類 | 静的非公開変数類 | 全メンバ一覧
org.mitre.openid.connect.filter.AuthorizationRequestFilter クラス
org.mitre.openid.connect.filter.AuthorizationRequestFilter の継承関係図
Inheritance graph
org.mitre.openid.connect.filter.AuthorizationRequestFilter 連携図
Collaboration graph

公開メンバ関数

void doFilter (ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException
 
RequestMatcher getRequestMatcher ()
 
void setRequestMatcher (RequestMatcher requestMatcher)
 

静的公開変数類

static final String PROMPTED = "PROMPT_FILTER_PROMPTED"
 
static final String PROMPT_REQUESTED = "PROMPT_FILTER_REQUESTED"
 

非公開メンバ関数

Map< String, String > createRequestMap (Map< String, String[]> parameterMap)
 

非公開変数類

OAuth2RequestFactory authRequestFactory
 
ClientDetailsEntityService clientService
 
RedirectResolver redirectResolver
 
LoginHintExtracter loginHintExtracter = new RemoveLoginHintsWithHTTP()
 
RequestMatcher requestMatcher = new AntPathRequestMatcher("/authorize")
 

静的非公開変数類

static final Logger logger = LoggerFactory.getLogger(AuthorizationRequestFilter.class)
 

詳解

著者
jricher

関数詳解

◆ createRequestMap()

Map<String, String> org.mitre.openid.connect.filter.AuthorizationRequestFilter.createRequestMap ( Map< String, String[]>  parameterMap)
inlineprivate
引数
parameterMap
戻り値
249  {
250  Map<String, String> requestMap = new HashMap<>();
251  for (String key : parameterMap.keySet()) {
252  String[] val = parameterMap.get(key);
253  if (val != null && val.length > 0) {
254  requestMap.put(key, val[0]); // add the first value only (which is what Spring seems to do)
255  }
256  }
257 
258  return requestMap;
259  }

◆ doFilter()

void org.mitre.openid.connect.filter.AuthorizationRequestFilter.doFilter ( ServletRequest  req,
ServletResponse  res,
FilterChain  chain 
) throws IOException, ServletException
inline
104  {
105 
106  HttpServletRequest request = (HttpServletRequest) req;
107  HttpServletResponse response = (HttpServletResponse) res;
108  HttpSession session = request.getSession();
109 
110  // skip everything that's not an authorize URL
111  if (!requestMatcher.matches(request)) {
112  chain.doFilter(req, res);
113  return;
114  }
115 
116  try {
117  // we have to create our own auth request in order to get at all the parmeters appropriately
118  AuthorizationRequest authRequest = null;
119 
120  ClientDetailsEntity client = null;
121 
122  authRequest = authRequestFactory.createAuthorizationRequest(createRequestMap(request.getParameterMap()));
123  if (!Strings.isNullOrEmpty(authRequest.getClientId())) {
124  client = clientService.loadClientByClientId(authRequest.getClientId());
125  }
126 
127  // save the login hint to the session
128  // but first check to see if the login hint makes any sense
129  String loginHint = loginHintExtracter.extractHint((String) authRequest.getExtensions().get(LOGIN_HINT));
130  if (!Strings.isNullOrEmpty(loginHint)) {
131  session.setAttribute(LOGIN_HINT, loginHint);
132  } else {
133  session.removeAttribute(LOGIN_HINT);
134  }
135 
136  if (authRequest.getExtensions().get(PROMPT) != null) {
137  // we have a "prompt" parameter
138  String prompt = (String)authRequest.getExtensions().get(PROMPT);
139  List<String> prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt));
140 
141  if (prompts.contains(PROMPT_NONE)) {
142  // see if the user's logged in
143  Authentication auth = SecurityContextHolder.getContext().getAuthentication();
144 
145  if (auth != null) {
146  // user's been logged in already (by session management)
147  // we're OK, continue without prompting
148  chain.doFilter(req, res);
149  } else {
150  logger.info("Client requested no prompt");
151  // user hasn't been logged in, we need to "return an error"
152  if (client != null && authRequest.getRedirectUri() != null) {
153 
154  // if we've got a redirect URI then we'll send it
155 
156  String url = redirectResolver.resolveRedirect(authRequest.getRedirectUri(), client);
157 
158  try {
159  URIBuilder uriBuilder = new URIBuilder(url);
160 
161  uriBuilder.addParameter(ERROR, LOGIN_REQUIRED);
162  if (!Strings.isNullOrEmpty(authRequest.getState())) {
163  uriBuilder.addParameter(STATE, authRequest.getState()); // copy the state parameter if one was given
164  }
165 
166  response.sendRedirect(uriBuilder.toString());
167  return;
168 
169  } catch (URISyntaxException e) {
170  logger.error("Can't build redirect URI for prompt=none, sending error instead", e);
171  response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
172  return;
173  }
174  }
175 
176  response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
177  return;
178  }
179  } else if (prompts.contains(PROMPT_LOGIN)) {
180 
181  // first see if the user's already been prompted in this session
182  if (session.getAttribute(PROMPTED) == null) {
183  // user hasn't been PROMPTED yet, we need to check
184 
185  session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE);
186 
187  // see if the user's logged in
188  Authentication auth = SecurityContextHolder.getContext().getAuthentication();
189  if (auth != null) {
190  // user's been logged in already (by session management)
191  // log them out and continue
192  SecurityContextHolder.getContext().setAuthentication(null);
193  chain.doFilter(req, res);
194  } else {
195  // user hasn't been logged in yet, we can keep going since we'll get there
196  chain.doFilter(req, res);
197  }
198  } else {
199  // user has been PROMPTED, we're fine
200 
201  // but first, undo the prompt tag
202  session.removeAttribute(PROMPTED);
203  chain.doFilter(req, res);
204  }
205  } else {
206  // prompt parameter is a value we don't care about, not our business
207  chain.doFilter(req, res);
208  }
209 
210  } else if (authRequest.getExtensions().get(MAX_AGE) != null ||
211  (client != null && client.getDefaultMaxAge() != null)) {
212 
213  // default to the client's stored value, check the string parameter
214  Integer max = (client != null ? client.getDefaultMaxAge() : null);
215  String maxAge = (String) authRequest.getExtensions().get(MAX_AGE);
216  if (maxAge != null) {
217  max = Integer.parseInt(maxAge);
218  }
219 
220  if (max != null) {
221 
222  Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP);
223 
224  Date now = new Date();
225  if (authTime != null) {
226  long seconds = (now.getTime() - authTime.getTime()) / 1000;
227  if (seconds > max) {
228  // session is too old, log the user out and continue
229  SecurityContextHolder.getContext().setAuthentication(null);
230  }
231  }
232  }
233  chain.doFilter(req, res);
234  } else {
235  // no prompt parameter, not our business
236  chain.doFilter(req, res);
237  }
238 
239  } catch (InvalidClientException e) {
240  // we couldn't find the client, move on and let the rest of the system catch the error
241  chain.doFilter(req, res);
242  }
243  }
org.mitre.openid.connect.filter.AuthorizationRequestFilter.redirectResolver
RedirectResolver redirectResolver
Definition: AuthorizationRequestFilter.java:93
org.mitre.openid.connect.filter.AuthorizationRequestFilter.createRequestMap
Map< String, String > createRequestMap(Map< String, String[]> parameterMap)
Definition: AuthorizationRequestFilter.java:249
org.mitre.openid.connect.filter.AuthorizationRequestFilter.logger
static final Logger logger
Definition: AuthorizationRequestFilter.java:81
org.mitre.openid.connect.filter.AuthorizationRequestFilter.PROMPT_REQUESTED
static final String PROMPT_REQUESTED
Definition: AuthorizationRequestFilter.java:84
org.mitre.openid.connect.filter.AuthorizationRequestFilter.PROMPTED
static final String PROMPTED
Definition: AuthorizationRequestFilter.java:83
org.mitre.openid.connect.filter.AuthorizationRequestFilter.requestMatcher
RequestMatcher requestMatcher
Definition: AuthorizationRequestFilter.java:98
org.mitre.openid.connect.filter.AuthorizationRequestFilter.loginHintExtracter
LoginHintExtracter loginHintExtracter
Definition: AuthorizationRequestFilter.java:96
org.mitre.oauth2.service.ClientDetailsEntityService.loadClientByClientId
ClientDetailsEntity loadClientByClientId(String clientId)
org.mitre.openid.connect.filter.AuthorizationRequestFilter.clientService
ClientDetailsEntityService clientService
Definition: AuthorizationRequestFilter.java:90
org.mitre.openid.connect.filter.AuthorizationRequestFilter.authRequestFactory
OAuth2RequestFactory authRequestFactory
Definition: AuthorizationRequestFilter.java:87

◆ getRequestMatcher()

RequestMatcher org.mitre.openid.connect.filter.AuthorizationRequestFilter.getRequestMatcher ( )
inline
戻り値
the requestMatcher
264  {
265  return requestMatcher;
266  }
org.mitre.openid.connect.filter.AuthorizationRequestFilter.requestMatcher
RequestMatcher requestMatcher
Definition: AuthorizationRequestFilter.java:98

◆ setRequestMatcher()

void org.mitre.openid.connect.filter.AuthorizationRequestFilter.setRequestMatcher ( RequestMatcher  requestMatcher)
inline
引数
requestMatcherthe requestMatcher to set
271  {
272  this.requestMatcher = requestMatcher;
273  }
org.mitre.openid.connect.filter.AuthorizationRequestFilter.requestMatcher
RequestMatcher requestMatcher
Definition: AuthorizationRequestFilter.java:98

メンバ詳解

◆ authRequestFactory

OAuth2RequestFactory org.mitre.openid.connect.filter.AuthorizationRequestFilter.authRequestFactory
private

◆ clientService

ClientDetailsEntityService org.mitre.openid.connect.filter.AuthorizationRequestFilter.clientService
private

◆ logger

final Logger org.mitre.openid.connect.filter.AuthorizationRequestFilter.logger = LoggerFactory.getLogger(AuthorizationRequestFilter.class)
staticprivate

Logger for this class

◆ loginHintExtracter

LoginHintExtracter org.mitre.openid.connect.filter.AuthorizationRequestFilter.loginHintExtracter = new RemoveLoginHintsWithHTTP()
private

◆ PROMPT_REQUESTED

final String org.mitre.openid.connect.filter.AuthorizationRequestFilter.PROMPT_REQUESTED = "PROMPT_FILTER_REQUESTED"
static

◆ PROMPTED

final String org.mitre.openid.connect.filter.AuthorizationRequestFilter.PROMPTED = "PROMPT_FILTER_PROMPTED"
static

◆ redirectResolver

RedirectResolver org.mitre.openid.connect.filter.AuthorizationRequestFilter.redirectResolver
private

◆ requestMatcher

RequestMatcher org.mitre.openid.connect.filter.AuthorizationRequestFilter.requestMatcher = new AntPathRequestMatcher("/authorize")
private
このクラス詳解は次のファイルから抽出されました:
2018年09月27日(木) 21時26分35秒作成 - mitreid-connect / 構成:   doxygen 1.8.13