private String createRedirectURL(final HttpServletRequest request, final ApplicationLink link) throws IOException { final URI remoteDisplayUrl = (!StringUtils.isEmpty(request.getParameter(HOST_URL_PARAM))) ? URI.create(request.getParameter(HOST_URL_PARAM)) : link.getDisplayUrl(); // URL pointing back to ourselves. The peer will append: "&action=[ENABLE|DISABLE]&result=[success|failure][&message=ErrorDescription] final String callbackUrl = URIUtil.uncheckedConcatenate(RequestUtil.getBaseURLFromRequest(request, internalHostApplication.getBaseUrl()), request.getServletPath(), request.getPathInfo()) + "?" + HOST_URL_PARAM + "=" + URIUtil.utf8Encode(remoteDisplayUrl); final URI targetBase = URIUtil.uncheckedConcatenate( remoteDisplayUrl, TrustedAppsAuthenticationProviderPluginModule.CONSUMER_SERVLET_LOCATION_UAL + internalHostApplication.getId()); return String.format("%s?callbackUrl=%s&action=%s", targetBase.toString(), URIUtil.utf8Encode(callbackUrl), getAction(request).name()); }
/** * @return the URL for the remote application to redirect to after the operation. */ private String getCallbackUrl(final ApplicationLink applicationLink, final String uiPosition, final HttpServletRequest request) { final URI remoteDisplayUrl = getRemoteDisplayUrl(applicationLink, request); String callbackUrl = RequestUtil.getBaseURLFromRequest(request, internalHostApplication.getBaseUrl()) + ServletPathConstants.APPLINKS_CONFIG_SERVLET_PATH + "/oauth/add-consumer-by-url/" + applicationLink.getId() + "/" + AuthenticationDirection.INBOUND.name() + "?" + OAUTH_INCOMING_ENABLED + "=" + ENABLE_DISABLE_OAUTH_PARAM + "&" + UI_POSITION + "=" + uiPosition + "&" + HOST_URL_PARAM + "=" + URIUtil.utf8Encode(remoteDisplayUrl); // this parameter is present only if the other side is AppLinks 3.10.0 or newer so it tells us whether // the outgoing 2LO option should be made visible. We have to make sure that we never introduce this new // parameter during this complex configuration redirection process if the original url does not contain it. final String outgoing2LOParam = request.getParameter(OUTGOING_2LO_ENABLED_CONTEXT_PARAM); if (outgoing2LOParam != null) { callbackUrl += "&" + OUTGOING_2LO_ENABLED_CONTEXT_PARAM + "=" + ENABLE_DISABLE_OUTGOING_TWO_LEGGED_OAUTH_PARAM; } final String outgoing2LOiParam = request.getParameter(OUTGOING_2LOI_ENABLED_CONTEXT_PARAM); if (outgoing2LOiParam != null) { callbackUrl += "&" + OUTGOING_2LOI_ENABLED_CONTEXT_PARAM + "=" + ENABLE_DISABLE_OUTGOING_TWO_LEGGED_I_OAUTH_PARAM; } return callbackUrl; }
public String getConfigUrl(ApplicationLink link, Version applicationLinksVersion, AuthenticationDirection direction, HttpServletRequest request) { final boolean supportsAppLinks = applicationLinksVersion != null; //If the application is has the OAuth Plugin installed, we can use the same screen as for applications that have UAL installed. final boolean oAuthPluginInstalled = OAuthHelper.isOAuthPluginInstalled(link); if (direction == AuthenticationDirection.INBOUND) { if (supportsAppLinks || oAuthPluginInstalled) { return RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()) + OAuthAuthenticatorProviderPluginModule.ADD_CONSUMER_BY_URL_SERVLET_LOCATION + link.getId().toString() + "?" + AddConsumerByUrlServlet.UI_POSITION + "=local"; } else { return RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()) + OAuthAuthenticatorProviderPluginModule.ADD_CONSUMER_MANUALLY_SERVLET_LOCATION + link.getId().toString(); } } return null; }
private void obtainAndAuthorizeRequestToken(final ApplicationLink applicationLink, final HttpServletResponse resp, final HttpServletRequest req) throws ResponseException, IOException { final Map<String, String> config = authenticationConfigurationManager.getConfiguration(applicationLink.getId(), OAuthAuthenticationProvider.class); final ServiceProvider serviceProvider = ServiceProviderUtil.getServiceProvider(config, applicationLink); final String consumerKey = getConsumerKey(applicationLink); final String redirectUrl = getRedirectUrl(req); URI baseUrl = RequestUtil.getBaseURLFromRequest(req, internalHostApplication.getBaseUrl()); final String redirectToMeUrl = baseUrl + ServletPathConstants.APPLINKS_SERVLETS_PATH + "/oauth/login-dance/" + ACCESS_PATH + "?" + APPLICATION_LINK_ID_PARAM + "=" + applicationLink.getId() + (redirectUrl != null ? "&" + REDIRECT_URL_PARAM + "=" + URLEncoder.encode(redirectUrl, "UTF-8") : ""); final ConsumerToken requestToken = oAuthTokenRetriever.getRequestToken(serviceProvider, consumerKey, redirectToMeUrl); consumerTokenStoreService.addConsumerToken(applicationLink, getRemoteUsername(req), requestToken); Map<String, String> parameters = new HashMap<String, String>(); parameters.put(OAuth.OAUTH_TOKEN, requestToken.getToken()); parameters.put(OAuth.OAUTH_CALLBACK, redirectToMeUrl); resp.sendRedirect(serviceProvider.getAuthorizeUri() + "?" + OAuth.formEncode(parameters.entrySet())); }
public String getConfigUrl(final ApplicationLink link, final Version applicationLinksVersion, AuthenticationDirection direction, final HttpServletRequest request) { final String configUri; final boolean supportsAppLinks = applicationLinksVersion != null; // TODO: maybe safer to check for < 3.0 //If the application is has the OAuth Plugin installed, we can use the same screen as for applications that have UAL installed. final boolean oAuthPluginInstalled = OAuthHelper.isOAuthPluginInstalled(link); if (direction == AuthenticationDirection.OUTBOUND) { // This servlet takes care of redirecting to the appropriate url. This is required because the query string // passed to the remote {@link AddConsumerByUrlServlet} needs to be updated over time while this url here // won't be reloaded by {@link AuthenticatorContainerServlet). configUri = RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()) + OUTBOUND_ATLASSIAN_REDIRECT_LOCATION + link.getId().toString() + "?" + OutboundRedirectServlet.SUPPORT_APPLINK_PARAM + "=" + supportsAppLinks; } else { if (supportsAppLinks || oAuthPluginInstalled) { configUri = RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()) + ADD_CONSUMER_BY_URL_SERVLET_LOCATION + link.getId().toString() + "?" + AddConsumerByUrlServlet.UI_POSITION + "=local"; } else { configUri = RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()) + ADD_CONSUMER_MANUALLY_SERVLET_LOCATION + link.getId().toString(); } } return configUri; }
.uncheckedConcatenate(RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()), (peerHasUAL ? PROVIDER_SERVLET_LOCATION_UAL : PROVIDER_SERVLET_LOCATION_LEGACY) + link.getId().toString()) return URIUtil.uncheckedConcatenate(link.getDisplayUrl(), PROVIDER_SERVLET_LOCATION_UAL + hostApplication.getId().toString()) + "?" + AbstractAdminOnlyAuthServlet.HOST_URL_PARAM + "=" + URIUtil.utf8Encode(RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl())); } else { return URIUtil.uncheckedConcatenate(RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()), CONSUMER_SERVLET_LOCATION_LEGACY + link.getId().toString())
/** * For {@link AuthenticationDirection#INBOUND inbound} configuration, returns the URL to access the * {@link CorsAuthServlet} on the local application. Fpr {@link AuthenticationDirection#OUTBOUND outbound} * configuration, returns the URL to access the {@link CorsAuthServlet} on the remote application if the * remote application supports the required version of AppLinks. * * @param link the Application Link to retrieve the configuration URL for * @param version the version of AppLinks supported by the remote system * @param direction the authentication direction (inbound or outbound) * @param request the incoming request * @return the local configuration servlet URL for inbound; the remote configuration servlet URL for outbound if * the remote application supports AppLinks 3.7 or higher; or {@code null} */ public String getConfigUrl(ApplicationLink link, Version version, AuthenticationDirection direction, HttpServletRequest request) { String url = null; if (AuthenticationDirection.INBOUND == direction) { url = RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()) + SERVLET_LOCATION + link.getId(); } else if (isCorsSupportedOn(version)) { url = link.getDisplayUrl() + SERVLET_LOCATION + hostApplication.getId(); } return url; }
ADD_CONSUMER_BY_URL_SERVLET_LOCATION + hostApplication.getId() + "?" + AddConsumerByUrlServlet.UI_POSITION + "=remote" + "&" + AbstractAdminOnlyAuthServlet.HOST_URL_PARAM + "=" + URIUtil.utf8Encode(RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl())).toString() + "&" + AddConsumerByUrlServlet.OAUTH_OUTGOING_ENABLED + "=" + authenticationConfigurationManager.isConfigured(link.getId(), OAuthAuthenticationProvider.class); } else if (oAuthPluginInstalled) { configUri = RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()) + OUTBOUND_ATLASSIAN_SERVLET_LOCATION + link.getId().toString(); } else { configUri = RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()) + OUTBOUND_NON_APPLINKS_SERVLET_LOCATION + link.getId().toString();
targetUrl = RequestUtil.getBaseURLFromRequest(request, internalHostApplication.getBaseUrl()) + ServletPathConstants.APPLINKS_CONFIG_SERVLET_PATH + "/oauth/add-consumer-by-url/" + targetUrl;
@HtmlSafe public URI getAuthorisationURI() { final HttpServletRequest request = CurrentContext.getHttpServletRequest(); URI baseUrl; if (request != null) { baseUrl = RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()); } else { baseUrl = hostApplication.getBaseUrl(); } return URIUtil.uncheckedConcatenate(baseUrl, "/plugins/servlet/applinks/oauth/login-dance/authorize?applicationLinkID=" + utf8Encode(applicationLink.getId().get())); }