/** * Ignores the csrf checking in the http request. */ public static void ignore(Request request) { request.setAttribute(CSRF_IGNORED_KEY, Boolean.TRUE); }
@Override public void setSSOSession(AuthzSSOSession session, Request request, AuthzAuthentication authc) throws Throwable { request.setAttribute(SSO_SESSION_ATTR_NAME,session); }
@Override public void setCurrentSSOLogin(AuthzSSOLogin login, Request request, AuthzAuthentication authc) throws Throwable { request.setAttribute(SSO_LOGIN_ATTR_NAME,login); }
@Override public void setCurrentSSOLogin(AuthzSSOLogin login, Request request, AuthzAuthentication authc) throws Throwable { request.setAttribute(SSO_LOGIN_ATTR_NAME,login); }
@Override public void setSSOSession(AuthzSSOSession session, Request request, AuthzAuthentication authc) throws Throwable { request.setAttribute(SSO_SESSION_ATTR_NAME,session); }
public static void setAccessToken(Request request, AccessToken at) { request.setAttribute(KEY, at); }
protected void exposeViewData(Request request, OAuth2Params params, AuthzClient client, String state) { request.setAttribute(CLIENT_ATTRIBUTE, client); request.setAttribute(PARAMS_ATTRIBUTE, params); request.setAttribute(STATE_ATTRIBUTE, Urls.encode(state)); } }
protected void exposeViewData(Request request, OAuth2Params params, AuthzClient client, String state) { request.setAttribute(CLIENT_ATTRIBUTE, client); request.setAttribute(PARAMS_ATTRIBUTE, params); request.setAttribute(STATE_ATTRIBUTE, Urls.encode(state)); } }
public DefaultSecurityContextHolder(SecurityConfig config, PermissionManager permissionManager, Request request, ActionContext actionContext){ this.config = config; this.permissionManager = permissionManager; this.request = request; this.actionContext = actionContext; this.route = null == actionContext ? null : actionContext.getRoute(); request.setAttribute(CONTEXT_ATTRIBUTE_NAME, this); request.setAttribute(CONTEXT_HOLDER_ATTRIBUTE_NAME, this); }
protected void exposeViewData(Request request, OAuth2Params params, AuthzClient client) { request.setAttribute(CLIENT_ATTRIBUTE, client); request.setAttribute(PARAMS_ATTRIBUTE, params); request.setAttribute(STATE_ATTRIBUTE, Urls.encode(request.getQueryString())); }
protected void exposeViewData(Request request, OAuth2Params params, AuthzClient client) { request.setAttribute(CLIENT_ATTRIBUTE, client); request.setAttribute(PARAMS_ATTRIBUTE, params); request.setAttribute(STATE_ATTRIBUTE, Urls.encode(request.getQueryString())); }
protected void exposeViewAttributes(Request request, Response response, LogoutContext context, OAuth2Params params) throws Throwable { request.setAttribute("redirect_uri", params.getPostLogoutRedirectUri()); request.setAttribute("authentication", context.getAuthentication()); if(config.isSingleLoginEnabled() && config.isSingleLogoutEnabled()) { request.setAttribute("logout_urls",ssom.resolveLogoutUrls(request, response, context)); } }
protected void exposeViewAttributes(Request request, Response response, LogoutContext context, OAuth2Params params) throws Throwable { request.setAttribute("redirect_uri", params.getPostLogoutRedirectUri()); request.setAttribute("authentication", context.getAuthentication()); if(config.isSingleLoginEnabled() && config.isSingleLogoutEnabled()) { request.setAttribute("logout_urls",ssom.resolveLogoutUrls(request, response, context)); } }
protected void goLoginUrl(LoginContext context,Request request,Response response,String loginUrl,String returnUrl) throws Throwable { urlHandler.handleUrl(request, response, loginUrl, (url, info) -> { if(info.isRedirect()) { if(null == context.getLoginUrl() && null != returnUrl) { return Urls.appendQueryParams(url, config.getReturnUrlParameterName(), returnUrl); } }else{ request.setAttribute(context.getSecurityConfig().getReturnUrlParameterName(), returnUrl); } return url; }); }
protected void handleAuthzServerLoginResponse(Request request, Response response) throws Throwable { String logoutParam = request.getParameter("oauth2_logout"); if(!Strings.isEmpty(logoutParam)) { request.setAttribute("oauth2_logout", Boolean.TRUE); lom.logout(request, response); }else{ OAuth2Params params = new RequestOAuth2Params(request); if(params.isError()) { handleOAuth2ServerError(request, response, params); }else{ handleOAuth2ServerSuccess(request, response, params); } } }
@Override public State handleRequest(Request request, Response response) throws Throwable { //Ignore if csrf not enabled. if(!config.isCsrfEnabled()) { return State.CONTINUE; } CsrfToken token = null; String savedToken = manager.loadToken(request); if(null == savedToken) { savedToken = manager.generateToken(request); token = new SaveOnAccessCsrfToken(config, savedToken, request, manager); }else{ token = new SimpleCsrfToken(config, savedToken, false); } //Set attributes CSRF.setGeneratedToken(request, token); request.setAttribute(config.getCsrfParameterName(), token); return State.CONTINUE; }