Refine search
@Override protected void internalInit() { CommonHelper.assertNotNull("secret", secret); CommonHelper.assertNotNull("algorithm", algorithm); CommonHelper.assertNotNull("method", method); if (!supports(this.algorithm, this.method)) { throw new TechnicalException("Only the direct and AES algorithms are supported with the appropriate encryption method"); } }
@Override public String toString() { return CommonHelper.toNiceString(this.getClass(), "value", value); } }
@Override protected void internalInit() { CommonHelper.assertNotBlank("key", this.key); CommonHelper.assertNotBlank("secret", this.secret); CommonHelper.assertNotNull("api", api); CommonHelper.assertNotNull("hasBeenCancelledFactory", hasBeenCancelledFactory); CommonHelper.assertNotNull("profileDefinition", profileDefinition); }
@Override public String getAuthorizationUrl(String responseType, String apiKey, String callback, String scope, String state, Map<String, String> additionalParams) { CommonHelper.assertNotBlank("callback", callback, "Must provide a valid url as callback. PayPal does not support OOB"); if (additionalParams == null) { additionalParams = new HashMap<>(); } final String nonce = System.currentTimeMillis() + CommonHelper.randomString(10); additionalParams.put("nonce", nonce); return super.getAuthorizationUrl(responseType, apiKey, callback, scope, state, additionalParams); }
public ShiroAesDataEncrypter(final String key) { CommonHelper.assertNotNull("key", key); logger.info("Using key: {}", key); this.key = key.getBytes(StandardCharsets.UTF_8); }
@Override protected UsernamePasswordCredentials retrieveCredentials(final WebContext context) { CommonHelper.assertNotNull("credentialsExtractor", getCredentialsExtractor()); CommonHelper.assertNotNull("authenticator", getAuthenticator()); final String username = context.getRequestParameter(this.usernameParameter); UsernamePasswordCredentials credentials; try { // retrieve credentials credentials = getCredentialsExtractor().extract(context); logger.debug("usernamePasswordCredentials: {}", credentials); if (credentials == null) { throw handleInvalidCredentials(context, username, "Username and password cannot be blank -> return to the form with error", MISSING_FIELD_ERROR); } // validate credentials getAuthenticator().validate(credentials, context); } catch (final CredentialsException e) { throw handleInvalidCredentials(context, username, "Credentials validation fails -> return to the form with error", computeErrorMessage(e)); } return credentials; }
protected void checkForbiddenParameter(final FilterConfig filterConfig, final String name) { final String parameter = getStringParam(filterConfig, name, null); if (CommonHelper.isNotBlank(parameter)) { final String message = "the " + name + " servlet parameter is no longer supported"; logger.error(message); throw new TechnicalException(message); } }
@Override public RedirectAction getLogoutAction(final WebContext context, final U currentProfile, final String targetUrl) { final String logoutUrl = configuration.getLogoutUrl(); if (CommonHelper.isNotBlank(logoutUrl)) { try { final URI endSessionEndpoint = new URI(logoutUrl); final JWT idToken = currentProfile.getIdToken(); LogoutRequest logoutRequest; if (CommonHelper.isNotBlank(targetUrl)) { logoutRequest = new LogoutRequest(endSessionEndpoint, idToken, new URI(targetUrl), null); } else { logoutRequest = new LogoutRequest(endSessionEndpoint, idToken); } if (ajaxRequestResolver.isAjax(context)) { context.getSessionStore().set(context, Pac4jConstants.REQUESTED_URL, ""); context.setResponseHeader(HttpConstants.LOCATION_HEADER, logoutRequest.toURI().toString()); throw HttpAction.status(403, context); } return RedirectAction.redirect(logoutRequest.toURI().toString()); } catch (final URISyntaxException e) { throw new TechnicalException(e); } } return null; }
public String getAccessTokenFromRefreshToken(AzureAdProfile azureAdProfile) { CommonHelper.assertTrue(CommonHelper.isNotBlank(getConfiguration().getTenant()), "Tenant must be defined. Update your config."); HttpURLConnection connection = null; throw new TechnicalException("request for access token failed: " + HttpUtils.buildHttpErrorMessage(connection)); return (String)res.get("access_token"); } catch (final IOException e) { throw new TechnicalException(e); } finally { HttpUtils.closeConnection(connection);
public Result callback() { final PlayWebContext context = new PlayWebContext(ctx(), config.getSessionStore()); CommonHelper.assertNotNull("config", config); CommonHelper.assertNotNull("config.httpActionAdapter", config.getHttpActionAdapter()); final Clients clients = config.getClients(); CommonHelper.assertNotNull("clients", clients); final Client client = clients.findClient(context); logger.debug("client: {}", client); CommonHelper.assertNotNull("client", client); CommonHelper.assertTrue(client instanceof IndirectClient, "only indirect clients are allowed on the callback url"); final Credentials credentials; try { credentials = client.getCredentials(context); } catch (final RequiresHttpAction e) { return (Result) config.getHttpActionAdapter().adapt(e.getCode(), context); } logger.debug("credentials: {}", credentials); final UserProfile profile = client.getUserProfile(credentials, context); logger.debug("profile: {}", profile); saveUserProfile(context, profile); return redirectToOriginallyRequestedUrl(context); }
@Override protected UsernamePasswordCredentials retrieveCredentials(final WebContext context) { assertNotNull("credentialsExtractor", getCredentialsExtractor()); assertNotNull("authenticator", getAuthenticator()); // set the www-authenticate in case of error context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Basic realm=\"" + realmName + "\""); final UsernamePasswordCredentials credentials; try { // retrieve credentials credentials = getCredentialsExtractor().extract(context); logger.debug("credentials : {}", credentials); if (credentials == null) { throw HttpAction.unauthorized(context); } // validate credentials getAuthenticator().validate(credentials, context); } catch (final CredentialsException e) { throw HttpAction.unauthorized(context); } return credentials; }
@Override protected void internalInit() { CommonHelper.assertTrue(this.timeout >= 0, "timeout must be greater than zero"); if (this.cache == null && this.cacheProvider == null) { throw new TechnicalException("The cache and the cacheProvider must not be both null"); } }
/** * The code in this method is based on this blog post: * https://www.sammyk.me/the-single-most-important-way-to-make-your-facebook-app-more-secure * and this answer: https://stackoverflow.com/questions/7124735/hmac-sha256-algorithm-for-signature-calculation * * @param url the URL to which we're adding the proof * @param token the application token we pass back and forth * @param configuration the current configuration * @return URL with the appsecret_proof parameter added */ public String computeAppSecretProof(final String url, final OAuth2AccessToken token, final FacebookConfiguration configuration) { try { Mac sha256_HMAC = Mac.getInstance("HmacSHA256"); SecretKeySpec secret_key = new SecretKeySpec(configuration.getSecret().getBytes(StandardCharsets.UTF_8), "HmacSHA256"); sha256_HMAC.init(secret_key); String proof = org.apache.commons.codec.binary.Hex.encodeHexString(sha256_HMAC.doFinal(token.getAccessToken() .getBytes(StandardCharsets.UTF_8))); final String computedUrl = CommonHelper.addParameter(url, APPSECRET_PARAMETER, proof); return computedUrl; } catch (final InvalidKeyException | NoSuchAlgorithmException e) { throw new TechnicalException("Unable to compute appsecret_proof", e); } }
@Override public String getAuthorizationUrl(String responseType, String apiKey, String callback, String scope, String state, Map<String, String> additionalParams) { CommonHelper.assertNotBlank("callback", callback, "Must provide a valid callback url."); if (additionalParams == null) { additionalParams = new HashMap<>(); } additionalParams.put("approval_prompt=", this.approvalPrompt); return super.getAuthorizationUrl(responseType, apiKey, callback, scope, state, additionalParams); }
protected boolean hasDbAuthenticator() { for (int i = 0; i <= MAX_NUM_AUTHENTICATORS; i++) { final String className = getProperty(DB_DATASOURCE_CLASS_NAME, i); final String jdbcUrl = getProperty(DB_JDBC_URL, i); if (isNotBlank(className) || isNotBlank(jdbcUrl)) { return true; } } return false; }
@Override public boolean isAuthorized(final WebContext context, final List<CommonProfile> profile) { CommonHelper.assertNotNull("pattern", pattern); final String ip = context.getRemoteAddr(); return this.pattern.matcher(ip).matches(); }
@Override protected void clientInit() { CommonHelper.assertNotBlank("scope", getConfiguration().getScope()); CommonHelper.assertNotBlank("fields", getConfiguration().getFields()); configuration.setApi(LinkedInApi20.instance()); configuration.setProfileDefinition(new LinkedIn2ProfileDefinition()); configuration.setWithState(true); configuration.setHasBeenCancelledFactory(ctx -> { final String error = ctx.getRequestParameter(OAuthCredentialsException.ERROR); final String errorDescription = ctx.getRequestParameter(OAuthCredentialsException.ERROR_DESCRIPTION); // user has denied permissions if ("access_denied".equals(error) && ("the+user+denied+your+request".equals(errorDescription) || "the user denied your request" .equals(errorDescription))) { return true; } else { return false; } }); defaultLogoutActionBuilder((ctx, profile, targetUrl) -> RedirectAction.redirect("https://www.linkedin.com/uas/logout")); super.clientInit(); }
if (configuration.isWithState()) { final String stateParameter = context.getRequestParameter(OAuth20Configuration.STATE_REQUEST_PARAMETER); if (CommonHelper.isNotBlank(stateParameter)) { final String stateSessionAttributeName = this.configuration.getStateSessionAttributeName(client.getName()); final String sessionState = (String) context.getSessionStore().get(context, stateSessionAttributeName); context.getSessionStore().set(context, stateSessionAttributeName, null); logger.debug("sessionState: {} / stateParameter: {}", sessionState, stateParameter); if (!stateParameter.equals(sessionState)) {
CommonHelper.assertTrue(CommonHelper.isNotEmpty(metadataAlgorithms), "There must at least one JWS algorithm supported on the OpenID Connect provider side"); List<JWSAlgorithm> jwsAlgorithms = new ArrayList<>(); if (jwsAlgorithm == null) { idTokenValidator = new IDTokenValidator(configuration.findProviderMetadata().getIssuer(), _clientID); } else if (CommonHelper.isNotBlank(configuration.getSecret()) && (JWSAlgorithm.HS256.equals(jwsAlgorithm) || JWSAlgorithm.HS384.equals(jwsAlgorithm) || JWSAlgorithm.HS512.equals(jwsAlgorithm))) { idTokenValidator = createHMACTokenValidator(configuration, jwsAlgorithm, _clientID, _secret);
protected byte[] getBase64DecodedMessage() throws MessageDecodingException { String encodedMessage = null; for (final String parameter : SAML_PARAMETERS) { encodedMessage = this.context.getRequestParameter(parameter); if (CommonHelper.isNotBlank(encodedMessage)) { break; } } if (Strings.isNullOrEmpty(encodedMessage)) { encodedMessage = this.context.getRequestContent(); } if (Strings.isNullOrEmpty(encodedMessage)) { throw new MessageDecodingException("Request did not contain either a SAMLRequest parameter, a SAMLResponse parameter, " + "a logoutRequest parameter or a body content"); } else { if (encodedMessage.contains("<")) { logger.trace("Raw SAML message:\n{}", encodedMessage); return encodedMessage.getBytes(StandardCharsets.UTF_8); } else { final byte[] decodedBytes = Base64Support.decode(encodedMessage); logger.trace("Decoded SAML message:\n{}", new String(decodedBytes, StandardCharsets.UTF_8)); return decodedBytes; } } }