/** * Equivalent to {@code URLEncoder.encode(uri.toASCIIString(), "UTF-8")} */ public static String utf8Encode(final URI uri) { return utf8Encode(uri.toASCIIString()); }
private String addUsernameToUrl(String url) { if (url.contains("?")) { return new StringBuilder().append(url).append("&").append(XOAUTH_REQUESTOR_ID).append("=").append(utf8Encode(username)).toString(); } else { return new StringBuilder().append(url).append("?").append(XOAUTH_REQUESTOR_ID).append("=").append(utf8Encode(username)).toString(); } } }
private String createRedirectUrl(final HttpServletRequest req, final boolean success, final String message) { String callbackUrl = getRequiredParameter(req, CALLBACK_PARAM); if (callbackUrl.indexOf("?") == -1) { callbackUrl += "?"; } String redirectUrl = String.format("%s&" + SUCCESS_PARAM + "=%s", callbackUrl, success); if (!StringUtils.isBlank(message)) { redirectUrl += "&" + MESSAGE_PARAM + "=" + URIUtil.utf8Encode(message); } return redirectUrl; }
private String createRedirectUrl(final HttpServletRequest req, final boolean success, final String message) { String callbackUrl = getRequiredParameter(req, CALLBACK_PARAM); if (callbackUrl.indexOf("?") == -1) { callbackUrl += "?"; } String redirectUrl = String.format("%s&" + OUTGOING_2LO_SUCCESS_PARAM + "=%s", callbackUrl, success); if (!StringUtils.isBlank(message)) { redirectUrl += "&" + MESSAGE_PARAM + "=" + URIUtil.utf8Encode(message); } return redirectUrl; } }
@HtmlSafe public URI getAuthorisationURI(final URI callback) { return URIUtil.uncheckedToUri(getAuthorisationURI().toString() + "&redirectUrl=" + utf8Encode(Preconditions.checkNotNull(callback))); }
private String createRedirectURL(final HttpServletRequest request, final ApplicationLink link) throws IOException { final URI remoteDisplayUrl = (!StringUtils.isEmpty(request.getParameter(HOST_URL_PARAM))) ? URI.create(request.getParameter(HOST_URL_PARAM)) : link.getDisplayUrl(); // URL pointing back to ourselves. The peer will append: "&action=[ENABLE|DISABLE]&result=[success|failure][&message=ErrorDescription] final String callbackUrl = URIUtil.uncheckedConcatenate(RequestUtil.getBaseURLFromRequest(request, internalHostApplication.getBaseUrl()), request.getServletPath(), request.getPathInfo()) + "?" + HOST_URL_PARAM + "=" + URIUtil.utf8Encode(remoteDisplayUrl); final URI targetBase = URIUtil.uncheckedConcatenate( remoteDisplayUrl, TrustedAppsAuthenticationProviderPluginModule.CONSUMER_SERVLET_LOCATION_UAL + internalHostApplication.getId()); return String.format("%s?callbackUrl=%s&action=%s", targetBase.toString(), URIUtil.utf8Encode(callbackUrl), getAction(request).name()); }
private void updateIncomingOAuthConfig(HttpServletRequest request, HttpServletResponse response) throws IOException { final ApplicationLink applicationLink = getRequiredApplicationLink(request); final boolean enabled = Boolean.parseBoolean(request.getParameter(OAUTH_INCOMING_ENABLED)); final Map<String, String> fieldErrorMessages = new HashMap<String, String>(); addOrRemoveConsumer(applicationLink, enabled, fieldErrorMessages); final String uiPosition = request.getParameter(UI_POSITION); if (fieldErrorMessages.isEmpty()) { final String message = enabled ? i18nResolver.getText("auth.oauth.config.serviceprovider.consumer.enabled") : i18nResolver.getText("auth.oauth.config.serviceprovider.consumer.disabled"); response.sendRedirect("./" + applicationLink.getId() + "?" + MESSAGE_PARAM + "=" + URIUtil.utf8Encode(message) + "&uiposition=" + uiPosition); } else { final RendererContextBuilder builder = createContextBuilder(applicationLink); builder.put(FIELD_ERROR_MESSAGES_CONTEXT_PARAM, fieldErrorMessages); builder.put(UI_POSITION, uiPosition); render(INCOMING_APPLINKS_TEMPLATE, builder.build(), request, response, applicationLink); } }
/** * @return the URL for the remote application to redirect to after the operation. */ private String getCallbackUrl(final ApplicationLink applicationLink, final String uiPosition, final HttpServletRequest request) { final URI remoteDisplayUrl = getRemoteDisplayUrl(applicationLink, request); String callbackUrl = RequestUtil.getBaseURLFromRequest(request, internalHostApplication.getBaseUrl()) + ServletPathConstants.APPLINKS_CONFIG_SERVLET_PATH + "/oauth/add-consumer-by-url/" + applicationLink.getId() + "/" + AuthenticationDirection.INBOUND.name() + "?" + OAUTH_INCOMING_ENABLED + "=" + ENABLE_DISABLE_OAUTH_PARAM + "&" + UI_POSITION + "=" + uiPosition + "&" + HOST_URL_PARAM + "=" + URIUtil.utf8Encode(remoteDisplayUrl); // this parameter is present only if the other side is AppLinks 3.10.0 or newer so it tells us whether // the outgoing 2LO option should be made visible. We have to make sure that we never introduce this new // parameter during this complex configuration redirection process if the original url does not contain it. final String outgoing2LOParam = request.getParameter(OUTGOING_2LO_ENABLED_CONTEXT_PARAM); if (outgoing2LOParam != null) { callbackUrl += "&" + OUTGOING_2LO_ENABLED_CONTEXT_PARAM + "=" + ENABLE_DISABLE_OUTGOING_TWO_LEGGED_OAUTH_PARAM; } final String outgoing2LOiParam = request.getParameter(OUTGOING_2LOI_ENABLED_CONTEXT_PARAM); if (outgoing2LOiParam != null) { callbackUrl += "&" + OUTGOING_2LOI_ENABLED_CONTEXT_PARAM + "=" + ENABLE_DISABLE_OUTGOING_TWO_LEGGED_I_OAUTH_PARAM; } return callbackUrl; }
private String get2LOConfigRemoteURL(final ApplicationLink applicationLink, final String uiPosition, final HttpServletRequest request, final String callbackUrl, final String actionParamValue, final String actionParamValue2) { try { final Manifest manifest = manifestRetriever.getManifest(applicationLink.getRpcUrl(), applicationLink.getType()); if (manifest.getAppLinksVersion() != null) { final URI remoteDisplayUrl = getRemoteDisplayUrl(applicationLink, request); final String encodedCallbackUrl = URIUtil.utf8Encode(callbackUrl); return ConfigureOutgoingTwoLeggedOAuthReciprocalServlet.getReciprocalServletUrl(remoteDisplayUrl, internalHostApplication.getId(), encodedCallbackUrl, actionParamValue, actionParamValue2); } } catch (Exception e) { LOG.warn("An Error occurred when building the URL to the '" + ConfigureOutgoingTwoLeggedOAuthReciprocalServlet.class + "' servlet of the remote application.", e); } return null; }
if (!StringUtils.isEmpty(executeAsUser) && userManager.resolve(executeAsUser) == null) { foundError = true; targetUrl += "&" + TWO_LO_ERROR_MESSAGE + "=" + URIUtil.utf8Encode(i18nResolver.getText( "auth.oauth.config.2lo.username.error")); targetUrl += "&" + TWO_LO_ENABLED_ERROR_VALUE + "=" + Boolean.parseBoolean(request.getParameter(TWO_LO_ENABLED)); targetUrl += "&" + TWO_LO_EXECUTE_AS_ERROR_VALUE + "=" + URIUtil.utf8Encode(executeAsUser); targetUrl += "&" + TWO_LO_IMPERSONATION_ENABLED_ERROR_VALUE + "=" + Boolean.parseBoolean(request.getParameter(TWO_LO_IMPERSONATION_ENABLED)); } else if (userManager.isSystemAdmin(executeAsUser)) { foundError = true; targetUrl += "&" + TWO_LO_ERROR_MESSAGE + "=" + URIUtil.utf8Encode(i18nResolver.getText("auth.oauth.config.2lo.username.cannot.be.sysadmin")); targetUrl += "&" + TWO_LO_ENABLED_ERROR_VALUE + "=" + Boolean.parseBoolean(request.getParameter(TWO_LO_ENABLED)); targetUrl += "&" + TWO_LO_EXECUTE_AS_ERROR_VALUE + "=" + URIUtil.utf8Encode(executeAsUser); targetUrl += "&" + TWO_LO_IMPERSONATION_ENABLED_ERROR_VALUE + "=" + Boolean.parseBoolean(request.getParameter(TWO_LO_IMPERSONATION_ENABLED)); } else if (!isSysadmin() && Boolean.parseBoolean(request.getParameter(TWO_LO_IMPERSONATION_ENABLED))) { targetUrl += "&" + TWO_LO_SUCCESS_MESSAGE + "=" + URIUtil.utf8Encode(i18nResolver.getText("auth.oauth.config.2lo.update.success"));
private String getOAuthConfigRemoteURL(final ApplicationLink applicationLink, final String uiPosition, final HttpServletRequest request) { try { final Manifest manifest = manifestRetriever.getManifest(applicationLink.getRpcUrl(), applicationLink.getType()); if (manifest.getAppLinksVersion() != null) { final URI remoteDisplayUrl = getRemoteDisplayUrl(applicationLink, request); final String encodedCallbackUrl = URIUtil.utf8Encode(getCallbackUrl(applicationLink, uiPosition, request)); return AddConsumerReciprocalServlet.getReciprocalServletUrl(remoteDisplayUrl, internalHostApplication.getId(), encodedCallbackUrl, ENABLE_DISABLE_OAUTH_PARAM); } } catch (Exception e) { LOG.warn("An Error occurred when building the URL to the '" + AddConsumerReciprocalServlet.class + "' servlet of the remote application.", e); } return null; }
private boolean isRpcUrlValid(final URI url, final URI rpcUrl, final String username, final String password) throws ResponseException { // We send the rpcUrl parameter in a query parameter. For pre-3.4 versions of the REST resource, we also // send it in the path. // TODO If we know the server is using applinks 3.4, the rpcUrl path parameter can be empty String pathUrl = getUrlFor(URIUtil.uncheckedConcatenate(url, RestUtil.REST_APPLINKS_URL), AuthenticationResource.class).rpcUrlIsReachable(internalHostApplication.getId().get(), rpcUrl, null).toString(); String urlWithQuery = pathUrl + "?url=" + URIUtil.utf8Encode(rpcUrl); final Request request = requestFactory.createRequest(Request.MethodType.GET, urlWithQuery); request.addBasicAuthentication(url.getHost(), username, password); final Holder<Boolean> rpcUrlValid = new Holder<Boolean>(false); request.execute(new ResponseHandler<Response>() { public void handle(final Response restResponse) throws ResponseException { if (restResponse.isSuccessful()) { rpcUrlValid.set(true); } } }); return rpcUrlValid.get(); } }
@HtmlSafe public URI getAuthorisationURI() { final HttpServletRequest request = CurrentContext.getHttpServletRequest(); URI baseUrl; if (request != null) { baseUrl = RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()); } else { baseUrl = hostApplication.getBaseUrl(); } return URIUtil.uncheckedConcatenate(baseUrl, "/plugins/servlet/applinks/oauth/login-dance/authorize?applicationLinkID=" + utf8Encode(applicationLink.getId().get())); }
@Override protected void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException { try { // Enable web sudo protection if needed and if the app we are running in supports it webSudoManager.willExecuteWebSudoRequest(request); final ApplicationLink applicationLink = getRequiredApplicationLink(request); final Map<String, String> fieldErrorMessages = new HashMap<String, String>(); final boolean enabled = Boolean.parseBoolean(checkRequiredFormParameter(request, OAUTH_INCOMING_ENABLED, fieldErrorMessages, "auth.oauth.config.error.enable")); addOrRemoveConsumer(request, applicationLink, fieldErrorMessages, enabled); if (fieldErrorMessages.isEmpty()) { final String message = enabled ? i18nResolver.getText("auth.oauth.config.serviceprovider.consumer.enabled") : i18nResolver.getText("auth.oauth.config.serviceprovider.consumer.disabled"); response.sendRedirect("./" + applicationLink.getId() + "?" + MESSAGE_PARAM + "=" + URIUtil.utf8Encode(message)); } else { final FormFields formFields = new FormFields(request); final RendererContextBuilder builder = createContextBuilder(applicationLink); builder.put("contextPath", request.getContextPath()); builder.put(CONSUMER, formFields); builder.put(PUBLIC_KEY, formFields.getPublicKey()); builder.put("fieldErrorMessages", fieldErrorMessages); builder.put(IS_SYSADMIN, isSysadmin()); render(INCOMING_NON_APPLINKS_TEMPLATE, builder.build(), request, response, applicationLink); } } catch (WebSudoSessionException wse) { webSudoManager.enforceWebSudoProtection(request, response); } }
return URIUtil.uncheckedConcatenate(link.getDisplayUrl(), PROVIDER_SERVLET_LOCATION_UAL + hostApplication.getId().toString()) + "?" + AbstractAdminOnlyAuthServlet.HOST_URL_PARAM + "=" + URIUtil.utf8Encode(RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl())); } else { return URIUtil.uncheckedConcatenate(RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl()),
message = i18nResolver.getText("auth.oauth.config.consumer.serviceprovider.deleted"); response.sendRedirect("./" + applicationLink.getId() + "?" + MESSAGE_PARAM + "=" + URIUtil.utf8Encode(message));
ADD_CONSUMER_BY_URL_SERVLET_LOCATION + hostApplication.getId() + "?" + AddConsumerByUrlServlet.UI_POSITION + "=remote" + "&" + AbstractAdminOnlyAuthServlet.HOST_URL_PARAM + "=" + URIUtil.utf8Encode(RequestUtil.getBaseURLFromRequest(request, hostApplication.getBaseUrl())).toString()