Java Code Examples for io.vertx.reactivex.ext.web.RoutingContext#next()

The following examples show how to use io.vertx.reactivex.ext.web.RoutingContext#next() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AuthorizationRequestParseParametersHandler.java    From graviteeio-access-management with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    // proceed prompt parameter
    parsePromptParameter(context);

    // proceed pkce parameter
    parsePKCEParameter(context);

    // proceed max_age parameter
    parseMaxAgeParameter(context);

    // proceed claims parameter
    parseClaimsParameter(context);

    context.next();
}
 
Example 2
Source File: LoginErrorHandler.java    From graviteeio-access-management with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    final HttpServerRequest request = context.request();
    final String error = request.getParam(ERROR_PARAM);
    final String errorCode = request.getParam(ERROR_CODE_PARAM);
    final String errorDescription = request.getParam(ERROR_DESCRIPTION_PARAM);

    // no error to handle, continue
    if (error == null) {
        context.next();
        return;
    }

    // put error data in context
    Map<String, Object> errorContext = new HashMap<>();
    errorContext.put(ERROR_CODE_CONTEXT_KEY, errorCode);
    errorContext.put(ERROR_DESCRIPTION_CONTEXT_KEY, errorDescription);
    context.put(ERROR_CONTEXT_KEY, errorContext);
    context.next();
}
 
Example 3
Source File: AuthorizationRequestValidateParametersHandler.java    From graviteeio-access-management with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    final String redirectUri = context.request().getParam(Parameters.REDIRECT_URI);
    final String responseType = context.request().getParam(Parameters.RESPONSE_TYPE);

    Client client = context.get(CLIENT_CONTEXT_KEY);

    // Additional check
    try {
        checkGrantTypes(client);
        checkResponseType(responseType, client);
        checkRedirectUri(redirectUri, client);

        context.next();
    } catch (Exception ex) {
        context.fail(ex);
    }
}
 
Example 4
Source File: AuthorizationRequestParseRequiredParametersHandler.java    From graviteeio-access-management with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    // proceed request parameters
    parseRequestParameters(context);

    // proceed response type parameter
    parseResponseTypeParameter(context);

    // proceed response mode parameter
    parseResponseModeParameter(context);

    // proceed client_id parameter
    parseClientIdParameter(context);

    // proceed nonce parameter
    parseNonceParameter(context);

    context.next();
}
 
Example 5
Source File: DynamicClientAccessTokenHandler.java    From graviteeio-access-management with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    final JWT token = context.get(OAuth2AuthHandler.TOKEN_CONTEXT_KEY);
    final Client client = context.get(OAuth2AuthHandler.CLIENT_CONTEXT_KEY);

    if (token.hasScope(Scope.DCR_ADMIN.getKey())) {
        context.next();
        return;
    }

    // if not dcr admin, access token must match client registration token
    final String rawToken = context.get(OAuth2AuthHandler.RAW_TOKEN_CONTEXT_KEY);
    if (rawToken == null || !rawToken.equals(client.getRegistrationAccessToken())) {
        context.fail(new ClientRegistrationForbiddenException("Non matching registration_access_token"));
        return;
    }

    // registration token sub must match the client_id parameter
    final String clientIdPathParameter = context.request().getParam(Parameters.CLIENT_ID);
    if (!isRequestPathClientIdMatching(token, clientIdPathParameter)) {
        context.fail(new ClientRegistrationForbiddenException("Not allowed to access to : " + clientIdPathParameter));
        return;
    }

    context.next();
}
 
Example 6
Source File: PasswordPolicyRequestParseHandler.java    From graviteeio-access-management with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    if (!passwordValidator.validate(context.request().getParam(PASSWORD_PARAM))) {
        Map<String, String> parameters = new HashMap<>();
        if (context.request().getParam(CLIENT_ID_PARAM) != null) {
            parameters.put(CLIENT_ID_PARAM, context.request().getParam(CLIENT_ID_PARAM));
        }
        if (context.request().getParam(TOKEN_PARAM) != null) {
            parameters.put(TOKEN_PARAM, context.request().getParam(TOKEN_PARAM));
        }
        parameters.put(WARNING_PARAM, "invalid_password_value");
        redirectToPage(context, parameters);
    } else {
        context.next();
    }
}
 
Example 7
Source File: SSOSessionHandler.java    From graviteeio-access-management with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    // if no user in context, continue
    if (context.user() == null) {
        context.next();
        return;
    }

    authorizeUser(context, h -> {
        if (h.failed()) {
            Throwable cause = h.cause();
            LOGGER.debug("An error occurs while checking SSO Session upon the current user : {}", context.user().principal(), cause);
            if (cause instanceof AccountDisabledException) {
                // user has been disabled, invalidate session
                context.clearUser();
                context.session().destroy();
            } else if (cause instanceof InvalidRequestException) {
                context.fail(new HttpStatusException(403, "Invalid request for the current SSO context"));
                return;
            }
        }
        context.next();
    });

}
 
Example 8
Source File: DynamicClientRegistrationHandler.java    From graviteeio-access-management with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(RoutingContext context) {

    //Do not apply security check if open dynamic client registration is enabled.
    if(domain.isOpenDynamicClientRegistrationEnabled()) {
        LOGGER.debug("Open Dynamic client registration is enabled - no security will be performed.");
        context.next();
        return;
    }

    //1st check if dynamic client registration is enabled.
    if(!domain.isDynamicClientRegistrationEnabled()) {
        LOGGER.debug("Dynamic client registration is disabled");
        context.fail(new ClientRegistrationForbiddenException());
        return;
    }

    this.oAuth2AuthHandler.handle(context);
}
 
Example 9
Source File: PublicApiVerticle.java    From vertx-in-action with MIT License 5 votes vote down vote up
private void checkUser(RoutingContext ctx) {
  String subject = ctx.user().principal().getString("sub");
  if (!ctx.pathParam("username").equals(subject)) {
    sendStatusCode(ctx, 403);
  } else {
    ctx.next();
  }
}
 
Example 10
Source File: TokenRequestParseHandler.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    // proceed request parameters
    parseRequestParameters(context);

    // proceed grant_type parameter
    parseGrantTypeParameter(context);

    context.next();
}
 
Example 11
Source File: DynamicClientAccessHandler.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    //1st check if dynamic client registration is enabled.
    if(!domain.isDynamicClientRegistrationEnabled()) {
        context.fail(new ClientRegistrationForbiddenException());
        return;
    }

    context.next();
}
 
Example 12
Source File: DynamicClientRegistrationTemplateHandler.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    //Only allow access if dcr & template are enabled
    if(domain.isDynamicClientRegistrationEnabled() && domain.isDynamicClientRegistrationTemplateEnabled()) {
        context.next();
        return;
    }
    //Else fail...
    context.fail(new ClientRegistrationForbiddenException());
}
 
Example 13
Source File: TransactionHandler.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    String transactionId = context.request().headers().get(transactionHeader);

    if (transactionId == null) {
        transactionId = UUID.toString(UUID.random());
        context.request().headers().set(transactionHeader, transactionId);
    }
    context.response().headers().set(transactionHeader,transactionId);

    context.next();
}
 
Example 14
Source File: UserBodyRequestParseHandler.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    HttpServerRequest req = context.request();
    if (req.method() != HttpMethod.POST) {
        context.fail(405); // Must be a POST
    } else {
        if (!req.isExpectMultipart()) {
            throw new IllegalStateException("Form body not parsed - do you forget to include a BodyHandler?");
        }
        // check required parameters
        MultiMap params = req.formAttributes();
        Optional<String> missingParameter = requiredParams.stream().filter(param -> {
            String paramValue = params.get(param);
            if (paramValue == null) {
                logger.warn("No {} provided in form - did you forget to include a BodyHandler?", param);
                return true;
            }
            return false;
        }).findFirst();

        if (missingParameter.isPresent()) {
            redirectToPage(context, Collections.singletonMap(ERROR_PARAM, "missing_required_parameters"));
        } else {
            context.next();
        }
    }

}
 
Example 15
Source File: LoginRequestParseHandler.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    Session session = context.session();
    if (session == null || session.get(RedirectAuthHandler.DEFAULT_RETURN_URL_PARAM) == null) {
        throw new InvalidRequestException("User cannot log in directly from the login page");
    }

    context.next();
}
 
Example 16
Source File: LoginCallbackOpenIDConnectFlowHandler.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    final String providerId = context.request().getParam(PROVIDER_PARAMETER);
    final AuthenticationProvider authenticationProvider = context.get(PROVIDER_PARAMETER);

    // identity provider type is not OpenID Connect or the implicit flow is not used, continue
    if (!canHandle(authenticationProvider)) {
        context.next();
        return;
    }

    // if method is post, the OpenID Connect implicit flow response hash url must be present, add it to the execution context
    if (context.request().method().equals(HttpMethod.POST)) {
        final String hashValue = context.request().getParam(HASH_VALUE_PARAMETER);
        if (hashValue == null) {
            context.fail(new InternalAuthenticationServiceException("No URL hash value found"));
            return;
        }
        // decode hash value and put data in the execution context
        Map<String, String> hashValues = getParams(hashValue.substring(1)); // remove # symbol
        hashValues.forEach((k, v) -> context.put(k, v));
        context.next();
        return;
    }

    // implicit flow, we need to retrieve hash url from the browser to get access_token, id_token, ...
    engine.render(Collections.singletonMap("providerId", providerId), "login_callback", res -> {
        if (res.succeeded()) {
            context.response().putHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_HTML);
            context.response().end(res.result());
        } else {
            logger.error("Unable to render login callback page", res.cause());
            context.fail(res.cause());
        }
    });
}
 
Example 17
Source File: UserProfileApiVerticle.java    From vertx-in-action with MIT License 5 votes vote down vote up
private void validateRegistration(RoutingContext ctx) {
  JsonObject body = jsonBody(ctx);
  if (anyRegistrationFieldIsMissing(body) || anyRegistrationFieldIsWrong(body)) {
    ctx.fail(400);
  } else {
    ctx.next();
  }
}
 
Example 18
Source File: AuthorizationRequestParseRequestObjectHandler.java    From graviteeio-access-management with Apache License 2.0 4 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    // Even if a scope parameter is present in the Request Object value, a scope parameter MUST always be passed
    // using the OAuth 2.0 request syntax containing the openid scope value to indicate to the underlying OAuth 2.0
    // logic that this is an OpenID Connect request.
    String scope = context.request().getParam(io.gravitee.am.common.oauth2.Parameters.SCOPE);
    HashSet<String> scopes = scope != null && !scope.isEmpty() ? new HashSet<>(Arrays.asList(scope.split("\\s+"))) : null;
    if (scopes == null || !scopes.contains(Scope.OPENID.getKey())) {
        context.next();
        return;
    }

    // if there is no request or request_uri parameters, continue
    if ((context.request().getParam(Parameters.REQUEST) == null || context.request().getParam(Parameters.REQUEST).isEmpty())
            && ((context.request().getParam(Parameters.REQUEST_URI) == null || context.request().getParam(Parameters.REQUEST_URI).isEmpty()))) {
        context.next();
        return;
    }

    // check request object parameters
    checkRequestObjectParameters(context);

    // Proceed request and request_uri parameters
    Maybe<JWT> requestObject = null;

    if (context.request().getParam(Parameters.REQUEST) != null) {
        requestObject = handleRequestObjectValue(context);
    } else if (context.request().getParam(Parameters.REQUEST_URI) != null) {
        requestObject = handleRequestObjectURI(context);
    }

    requestObject
            .subscribe(
                    jwt -> {
                        try {
                            // Check OAuth2 parameters
                            checkOAuthParameters(context, jwt);
                            overrideRequestParameters(context, jwt);
                            context.next();
                        } catch (Exception ex) {
                            context.fail(ex);
                        }
                    },
                    context::fail,
                    () -> context.next());
}
 
Example 19
Source File: UserTokenRequestParseHandler.java    From graviteeio-access-management with Apache License 2.0 4 votes vote down vote up
@Override
public void handle(RoutingContext context) {
    String token = context.request().getParam(TOKEN_PARAM);
    String error = context.request().getParam(ERROR_PARAM);
    String success = context.request().getParam(SUCCESS_PARAM);
    String warning = context.request().getParam(WARNING_PARAM);

    // user action completed, continue
    if (success != null) {
        context.next();
        return;
    }

    // user has been redirected due to warning, continue
    if (warning != null && token == null) {
        context.next();
        return;
    }

    // user has been redirected due to errors, continue
    if (error != null) {
        context.next();
        return;
    }

    // missing required token param
    // redirect user error message
    if (token == null) {
        redirectToPage(context, Collections.singletonMap("error","token_missing"));
        return;
    }

    parseToken(token, handler -> {
        if (handler.failed()) {
            redirectToPage(context, Collections.singletonMap("error","invalid_token"));
            return;
        }

        // put user and client in context
        UserToken userToken = handler.result();
        context.put("user", userToken.getUser());
        context.put("client", userToken.getClient());
        context.next();
    });
}
 
Example 20
Source File: AuthorizationRequestEndUserConsentHandler.java    From graviteeio-access-management with Apache License 2.0 4 votes vote down vote up
@Override
public void handle(RoutingContext routingContext) {
    final Session session = routingContext.session();
    final HttpServerRequest request = routingContext.request();
    final Client client = routingContext.get(CLIENT_CONTEXT_KEY);
    final io.gravitee.am.model.User user = routingContext.user() != null ? ((User) routingContext.user().getDelegate()).getUser() : null;
    final AuthorizationRequest authorizationRequest = session.get(OAuth2Constants.AUTHORIZATION_REQUEST);
    final Set<String> requestedConsent = authorizationRequest.getScopes();
    // no consent to check, continue
    if (requestedConsent == null || requestedConsent.isEmpty()) {
        routingContext.next();
        return;
    }
    // check if user is already set its consent
    if (session.get(USER_CONSENT_COMPLETED_CONTEXT_KEY) != null && session.get(USER_CONSENT_COMPLETED_CONTEXT_KEY).equals(true)) {
        if (authorizationRequest.isApproved()) {
            routingContext.next();
            return;
        }
        // if prompt=none and the Client does not have pre-configured consent for the requested Claims, throw interaction_required exception
        // https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
        String prompt = request.params().get(Parameters.PROMPT);
        if (prompt != null && Arrays.asList(prompt.split("\\s+")).contains("none")) {
            routingContext.fail(new InteractionRequiredException("Interaction required"));
        } else {
            routingContext.fail(new AccessDeniedException("User denied access"));
        }
        return;
    }
    // application has forced to prompt consent screen to the user
    // go to the user consent page
    if (request.params().contains(Parameters.PROMPT)
            && request.params().get(Parameters.PROMPT).contains("consent")) {
        session.put(REQUESTED_CONSENT_CONTEXT_KEY, requestedConsent);
        redirectToConsentPage(request);
        return;
    }
    // check if application has enabled skip consent option
    if (skipConsent(requestedConsent, client)) {
        authorizationRequest.setApproved(true);
        routingContext.next();
        return;
    }
    // check user consent
    checkUserConsent(client, user, h -> {
        if (h.failed()) {
            routingContext.fail(h.cause());
            return;
        }
        Set<String> approvedConsent = h.result();
        // user approved consent, continue
        if (approvedConsent.containsAll(requestedConsent)) {
            authorizationRequest.setApproved(true);
            routingContext.next();
            return;
        }
        // else go to the user consent page
        Set<String> requiredConsent = requestedConsent.stream().filter(requestedScope -> !approvedConsent.contains(requestedScope)).collect(Collectors.toSet());
        session.put(REQUESTED_CONSENT_CONTEXT_KEY, requiredConsent);
        redirectToConsentPage(request);
    });
}