context.setAuthentication(authc); return State.INTERCEPTED; } catch (OAuth2ResponseException e) { if(null != context.getSecuredPath() && context.getSecuredPath().isAllowAnonymous()){ log.warn("Got oauth2 server error, ignore for anonymous allowed at '{}'", context.getSecuredPath()); return State.CONTINUE;
@Override public State preResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { if(!securityConfig.isAuthenticationTokenEnabled()) { return State.CONTINUE; } String token = getToken(request); if(getLogoutToken().equals(token)){ sessionManager.removeAuthentication(request); } context.setAuthenticationToken(token); return State.CONTINUE; }
@Override public boolean resolveCredentials(AuthenticationContext context, RequestBase request, Out<Credentials> out) throws ServletException, IOException { if(request.isMethod(Method.POST) && request.hasParameter(usernameParameter)){ //Validates username String username = request.getParameter(usernameParameter); if(context.validation() .required(usernameParameter, username) .errors().contains(usernameParameter)){ return true; } context.setIdentity(username); //Validates password if necessary String password = request.getParameter(passwordParameter); if(passwordRequired && context.validation().required(passwordParameter, password) .errors().contains(passwordParameter)){ return true; } log.debug("Resolved 'UsernamePasswordCredentials' : [username={}]",username); out.set(new SimpleUsernamePasswordCredentials(username, password)); return true; } return false; } }
@Override public State handleAuthenticationResolved(Request request, Response response, AuthenticationContext context) throws Throwable { Authentication authc = context.getAuthentication(); if(null != authc) { AccessToken at; if(authc instanceof OAuth2LoginAuthentication) { at = ((OAuth2LoginAuthentication) authc).getAccessToken(); if(null != at) { accessTokenStore.saveAccessToken(request, context, at); } }else{ at = accessTokenStore.loadAccessToken(request, context); } if(null != at) { if(at.isExpired()) { log.info("AT '{}' expired, refresh it", at.getToken()); at = accessTokenStore.refreshAndSaveAccessToken(request, context, at); } TokenContext.setAccessToken(request, at); } } return State.CONTINUE; }
context.setAuthentication(authc);
String token = context.getAuthenticationToken(); if(Strings.isEmpty(token)) { return Result.empty();
@Override public State postResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { if(!request.getPath().equals(config.getAuthzEndpointPath())) { return State.CONTINUE; } OAuth2Params params = new RequestOAuth2Params(request); ResponseTypeHandler handler = getResponseTypeHandler(request, response, params); if(null == handler) { return State.INTERCEPTED; } Result<AuthzClient> result = handler.validateRequest(request, response, params); if(result.isIntercepted()) { return State.INTERCEPTED; } AuthzClient client = result.get(); //If user not authenticated, redirect to login url. Authentication authc = context.getAuthentication(); //todo: if(null == authc || !authc.isAuthenticated() || (authc instanceof ResAuthentication)) { if(null == authc || !authc.isAuthenticated()) { //Expose view data. exposeViewData(request, params, client); return State.CONTINUE; } //Handle authentication. handleAuthenticated(request, response, new SimpleAuthzAuthentication(params, client, um.getUserDetails(authc.getUser()), authc), handler); //Intercepted. return State.INTERCEPTED; }
@Override public State postResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { if(!request.getPath().equals(config.getAuthzEndpointPath())) { return State.CONTINUE; } OAuth2Params params = new RequestOAuth2Params(request); ResponseTypeHandler handler = getResponseTypeHandler(request, response, params); if(null == handler) { return State.INTERCEPTED; } Result<AuthzClient> result = handler.validateRequest(request, response, params); if(result.isIntercepted()) { return State.INTERCEPTED; } AuthzClient client = result.get(); //If user not authenticated, redirect to login url. Authentication authc = context.getAuthentication(); if(null == authc || !authc.isAuthenticated() || (authc instanceof ResAuthentication)) { //Expose view data. exposeViewData(request, params, client); return State.CONTINUE; } //Handle authentication. handleAuthenticated(request, response, new SimpleAuthzAuthentication(params, client, um.getUserDetails(authc.getUser()), authc), handler); //Intercepted. return State.INTERCEPTED; }
authc = context.getAuthentication();