Java Code Examples for org.gluu.util.Pair#getFirst()
The following examples show how to use
org.gluu.util.Pair#getFirst() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: EndSessionRestWebServiceImpl.java From oxAuth with MIT License | 6 votes |
private Response httpBased(Set<String> frontchannelUris, String postLogoutRedirectUri, String state, Pair<SessionId, AuthorizationGrant> pair, HttpServletRequest httpRequest) { try { final EndSessionContext context = new EndSessionContext(httpRequest, frontchannelUris, postLogoutRedirectUri, pair.getFirst()); final String htmlFromScript = externalEndSessionService.getFrontchannelHtml(context); if (StringUtils.isNotBlank(htmlFromScript)) { log.debug("HTML from `getFrontchannelHtml` external script: " + htmlFromScript); return okResponse(htmlFromScript); } } catch (Exception e) { log.error(e.getMessage(), e); } // default handling final String html = EndSessionUtils.createFronthannelHtml(frontchannelUris, postLogoutRedirectUri, state); log.debug("Constructed html logout page: " + html); return okResponse(html); }
Example 2
Source File: EndSessionRestWebServiceImpl.java From oxAuth with MIT License | 6 votes |
private Set<Client> getSsoClients(Pair<SessionId, AuthorizationGrant> pair) { SessionId sessionId = pair.getFirst(); AuthorizationGrant authorizationGrant = pair.getSecond(); if (sessionId == null) { log.error("session_id is not passed to endpoint (as cookie or manually). Therefore unable to match clients for session_id."); return Sets.newHashSet(); } final Set<Client> clients = sessionId.getPermissionGrantedMap() != null ? clientService.getClient(sessionId.getPermissionGrantedMap().getClientIds(true), true) : Sets.newHashSet(); if (authorizationGrant != null) { clients.add(authorizationGrant.getClient()); } return clients; }
Example 3
Source File: EndSessionRestWebServiceImpl.java From oxAuth with MIT License | 6 votes |
private void auditLogging(HttpServletRequest request, Pair<SessionId, AuthorizationGrant> pair) { SessionId sessionId = pair.getFirst(); AuthorizationGrant authorizationGrant = pair.getSecond(); OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(request), Action.SESSION_DESTROYED); oAuth2AuditLog.setSuccess(true); if (authorizationGrant != null) { oAuth2AuditLog.setClientId(authorizationGrant.getClientId()); oAuth2AuditLog.setScope(StringUtils.join(authorizationGrant.getScopes(), " ")); oAuth2AuditLog.setUsername(authorizationGrant.getUserId()); } else if (sessionId != null) { oAuth2AuditLog.setClientId(sessionId.getPermissionGrantedMap().getClientIds(true).toString()); oAuth2AuditLog.setScope(sessionId.getSessionAttributes().get(AuthorizeRequestParam.SCOPE)); oAuth2AuditLog.setUsername(sessionId.getUserDn()); } applicationAuditLogger.sendMessage(oAuth2AuditLog); }
Example 4
Source File: BaseUmaProtectionService.java From oxTrust with MIT License | 5 votes |
Response processUmaAuthorization(String authorization, ResourceInfo resourceInfo) throws Exception { List<String> scopes = getRequestedScopes(resourceInfo); Token patToken = null; try { patToken = getPatToken(); } catch (UmaProtectionException ex) { return getErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Failed to obtain PAT token"); } Pair<Boolean, Response> rptTokenValidationResult; if (!scopes.isEmpty()) { rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), scopes); } else { rptTokenValidationResult = umaPermissionService.validateRptToken(patToken, authorization, getUmaResourceId(), getUmaScope()); } if (rptTokenValidationResult.getFirst()) { if (rptTokenValidationResult.getSecond() != null) { return rptTokenValidationResult.getSecond(); } } else { return getErrorResponse(Response.Status.UNAUTHORIZED, "Invalid GAT/RPT token"); } return null; }
Example 5
Source File: EndSessionRestWebServiceImpl.java From oxAuth with MIT License | 5 votes |
private String validatePostLogoutRedirectUri(String postLogoutRedirectUri, Pair<SessionId, AuthorizationGrant> pair) { try { if (StringUtils.isBlank(postLogoutRedirectUri)) { return ""; } if (appConfiguration.getAllowPostLogoutRedirectWithoutValidation()) { log.trace("Skipped post_logout_redirect_uri validation (because allowPostLogoutRedirectWithoutValidation=true)"); return postLogoutRedirectUri; } final String result; if (pair.getSecond() == null) { result = redirectionUriService.validatePostLogoutRedirectUri(pair.getFirst(), postLogoutRedirectUri); } else { result = redirectionUriService.validatePostLogoutRedirectUri(pair.getSecond().getClient().getClientId(), postLogoutRedirectUri); } if (StringUtils.isBlank(result)) { log.trace("Failed to validate post_logout_redirect_uri."); throw new WebApplicationException(createErrorResponse(postLogoutRedirectUri, EndSessionErrorResponseType.POST_LOGOUT_URI_NOT_ASSOCIATED_WITH_CLIENT, "")); } if (StringUtils.isNotBlank(result)) { return result; } log.trace("Unable to validate post_logout_redirect_uri."); throw new WebApplicationException(createErrorResponse(postLogoutRedirectUri, EndSessionErrorResponseType.POST_LOGOUT_URI_NOT_ASSOCIATED_WITH_CLIENT, "")); } catch (WebApplicationException e) { if (pair.getFirst() != null) { log.error(e.getMessage(), e); throw new WebApplicationException(createErrorResponse(postLogoutRedirectUri, EndSessionErrorResponseType.POST_LOGOUT_URI_NOT_ASSOCIATED_WITH_CLIENT, "")); } else { throw e; } } }
Example 6
Source File: RequestParameterService.java From oxAuth with MIT License | 5 votes |
public String getParameterValue(String p_name) { Pair<String, String> valueWithType = getParameterValueWithType(p_name); if (valueWithType == null) { return null; } return valueWithType.getFirst(); }
Example 7
Source File: AuthenticationService.java From oxAuth with MIT License | 5 votes |
public void updateExtraParameters(Map<String, String> sessionIdAttributes, List<String> extraParameters) { // Load extra parameters set Map<String, String> authExternalAttributes = getExternalScriptExtraParameters(sessionIdAttributes); if (extraParameters != null) { log.trace("Attempting to store extraParameters: {}", extraParameters); for (String extraParameter : extraParameters) { if (isParameterExists(extraParameter)) { Pair<String, String> extraParameterValueWithType = requestParameterService .getParameterValueWithType(extraParameter); String extraParameterValue = extraParameterValueWithType.getFirst(); String extraParameterType = extraParameterValueWithType.getSecond(); // Store parameter name and value sessionIdAttributes.put(extraParameter, extraParameterValue); // Store parameter name and type authExternalAttributes.put(extraParameter, extraParameterType); } } } // Store identity working parameters in session setExternalScriptExtraParameters(sessionIdAttributes, authExternalAttributes); log.trace("Storing sessionIdAttributes: {}", sessionIdAttributes); log.trace("Storing authExternalAttributes: {}", authExternalAttributes); }
Example 8
Source File: AuthenticationService.java From oxAuth with MIT License | 4 votes |
/** * Authenticate user. * * @param nameValue * The name value to find user * @param password * The user's password. * @param nameAttributes * List of attribute to search. * @return <code>true</code> if success, otherwise <code>false</code>. */ public boolean authenticate(String nameValue, String password, String ... nameAttributes) { log.debug("Authenticating user with LDAP: nameValue: '{}', nameAttributes: '{}', credentials: '{}'", nameValue, ArrayHelper.toString(nameAttributes), System.identityHashCode(credentials)); Pair<Boolean, User> authenticatedPair = null; boolean authenticated = false; boolean protectionServiceEnabled = authenticationProtectionService.isEnabled(); com.codahale.metrics.Timer.Context timerContext = metricService .getTimer(MetricType.OXAUTH_USER_AUTHENTICATION_RATE).time(); try { authenticatedPair = localAuthenticate(nameValue, password, nameAttributes); } finally { timerContext.stop(); } String userId = null; if ((authenticatedPair != null) && (authenticatedPair.getSecond() != null)) { authenticated = authenticatedPair.getFirst(); userId = authenticatedPair.getSecond().getUserId(); } setAuthenticatedUserSessionAttribute(userId, authenticated); MetricType metricType; if (authenticated) { metricType = MetricType.OXAUTH_USER_AUTHENTICATION_SUCCESS; } else { metricType = MetricType.OXAUTH_USER_AUTHENTICATION_FAILURES; } metricService.incCounter(metricType); if (protectionServiceEnabled) { authenticationProtectionService.storeAttempt(userId, authenticated); authenticationProtectionService.doDelayIfNeeded(userId); } return authenticated; }
Example 9
Source File: IntrospectionWebService.java From oxAuth with MIT License | 4 votes |
private Response introspect(String p_authorization, String p_token, String tokenTypeHint, String responseAsJwt, HttpServletRequest httpRequest, HttpServletResponse httpResponse) { try { log.trace("Introspect token, authorization: {}, token to introsppect: {}, tokenTypeHint:", p_authorization, p_token, tokenTypeHint); if (StringUtils.isBlank(p_authorization) || StringUtils.isBlank(p_token)) { log.trace("Bad request: Authorization header or token is blank."); return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST, "")).build(); } final Pair<AuthorizationGrant, Boolean> pair = getAuthorizationGrant(p_authorization, p_token); final AuthorizationGrant authorizationGrant = pair.getFirst(); if (authorizationGrant == null) { log.error("Authorization grant is null."); return Response.status(Response.Status.UNAUTHORIZED).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED, "Authorization grant is null.")).build(); } final AbstractToken authorizationAccessToken = authorizationGrant.getAccessToken(tokenService.getToken(p_authorization)); if ((authorizationAccessToken == null || !authorizationAccessToken.isValid()) && !pair.getSecond()) { log.error("Access token is not valid. Valid: " + (authorizationAccessToken != null && authorizationAccessToken.isValid()) + ", basicClientAuthentication: " + pair.getSecond()); return Response.status(Response.Status.UNAUTHORIZED).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED, "Access token is not valid")).build(); } if (ServerUtil.isTrue(appConfiguration.getIntrospectionAccessTokenMustHaveUmaProtectionScope()) && !authorizationGrant.getScopesAsString().contains(UmaScopeType.PROTECTION.getValue())) { // #562 - make uma_protection optional final String reason = "access_token used to access introspection endpoint does not have uma_protection scope, however in oxauth configuration `checkUmaProtectionScopePresenceDuringIntrospection` is true"; log.trace(reason); return Response.status(Response.Status.UNAUTHORIZED).entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED, reason)).type(MediaType.APPLICATION_JSON_TYPE).build(); } final IntrospectionResponse response = new IntrospectionResponse(false); final AuthorizationGrant grantOfIntrospectionToken = authorizationGrantList.getAuthorizationGrantByAccessToken(p_token); AbstractToken tokenToIntrospect = null; if (grantOfIntrospectionToken != null) { tokenToIntrospect = grantOfIntrospectionToken.getAccessToken(p_token); response.setActive(tokenToIntrospect.isValid()); response.setExpiresAt(ServerUtil.dateToSeconds(tokenToIntrospect.getExpirationDate())); response.setIssuedAt(ServerUtil.dateToSeconds(tokenToIntrospect.getCreationDate())); response.setAcrValues(grantOfIntrospectionToken.getAcrValues()); response.setScope(grantOfIntrospectionToken.getScopes() != null ? grantOfIntrospectionToken.getScopes() : Lists.newArrayList()); // #433 response.setClientId(grantOfIntrospectionToken.getClientId()); response.setSub(grantOfIntrospectionToken.getSub()); response.setUsername(grantOfIntrospectionToken.getUserId()); response.setIssuer(appConfiguration.getIssuer()); response.setAudience(grantOfIntrospectionToken.getClientId()); if (tokenToIntrospect instanceof AccessToken) { AccessToken accessToken = (AccessToken) tokenToIntrospect; response.setTokenType(accessToken.getTokenType() != null ? accessToken.getTokenType().getName() : TokenType.BEARER.getName()); } } else { log.debug("Failed to find grant for access_token: " + p_token + ". Return 200 with active=false."); } JSONObject responseAsJsonObject = createResponseAsJsonObject(response, tokenToIntrospect); ExternalIntrospectionContext context = new ExternalIntrospectionContext(authorizationGrant, httpRequest, httpResponse, appConfiguration, attributeService); context.setGrantOfIntrospectionToken(grantOfIntrospectionToken); if (externalIntrospectionService.executeExternalModifyResponse(responseAsJsonObject, context)) { log.trace("Successfully run extenal introspection scripts."); } else { responseAsJsonObject = createResponseAsJsonObject(response, tokenToIntrospect); log.trace("Canceled changes made by external introspection script since method returned `false`."); } if (Boolean.TRUE.toString().equalsIgnoreCase(responseAsJwt)) { return Response.status(Response.Status.OK).entity(createResponseAsJwt(responseAsJsonObject, authorizationGrant)).build(); } return Response.status(Response.Status.OK).entity(responseAsJsonObject.toString()).type(MediaType.APPLICATION_JSON_TYPE).build(); } catch (Exception e) { log.error(e.getMessage(), e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build(); } }