@Override public State postResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { return handler.handleAuthenticationResolved(request, response, context); }
@Override public State preResolveAuthentication(Request request, Response response, AuthenticationContext context) throws Throwable { if(config.isEnabled() && config.isLogin()) { if(isRedirectBackFromServer(request)) { return handler.handleServerRedirectRequest(request, response, context); } } return State.CONTINUE; }
@Override public State handleServerRedirectRequest( Request request, Response response, AuthenticationContext context) throws Throwable{ OAuth2Params params = new OAuth2RequestParams(request); if(params.isError()) { return handleOAuth2ServerError(request, response, params); }else{ return handleOAuth2ServerSuccess(request, response, params); } }
protected State handleOAuth2ServerSuccess(Request request, Response response, OAuth2Params params) throws Throwable { AccessToken at = null; if(config.isLoginWithAccessToken()) { String code = params.getCode(); if(Strings.isEmpty(code)) { return error(request, response, "illegal_state", "code required from oauth2 server"); } at = codeVerifier.verifyCode(code); if(null == at) { return error(request, response, "illegal_state", "invalid authorization code"); } } String idToken = params.getIdToken(); if(Strings.isEmpty(idToken)) { return error(request, response, "illegal_state", "id_token required from oauth2 server"); } try{ IdToken credentials = idTokenVerifier.verifyIdToken(params, idToken); Authentication authc = authenticate(params, credentials, at); login(request, response, authc); return State.CONTINUE; }catch (TokenVerifyException e) { return error(request, response, e.getErrorCode().name(), e.getMessage()); } }
protected Authentication authenticate(OAuth2Params params, IdToken idtoken, AccessToken at) { String clientId = idtoken.getClientId(); String userId = idtoken.getUserId(); UserPrincipal user = idtoken.getUserInfo(); ClientPrincipal client = idtoken.getClientInfo(); if(config.isForceLookupUserInfo() && null != at) { user = userInfoLookup.lookupUserInfo(at.getToken(), userId); } if(null != userDetailsLookup && !Strings.isEmpty(userId)) { user = userDetailsLookup.lookupUserDetails(at.getToken(), userId); } if(null == client && !Strings.isEmpty(clientId)) { client = new OAuth2Client(clientId, idtoken.getClaims()); } OAuth2LoginAuthentication authc = new OAuth2LoginAuthentication(user, idtoken); if(null != client) { authc.setClientPrincipal(client); } if(null != at) { authc.setAccessToken(at); } return authc; }
@Override public State prePromoteLogin(Request request, Response response, LoginContext context) throws Throwable { if(config.isEnabled() && config.isLogin()) { if(!isRedirectBackFromServer(request)) { context.setLoginUrl(buildLoginUrl(request)); } } return State.CONTINUE; }
protected String buildLoginUrl(Request request) { QueryStringBuilder qs = new QueryStringBuilder(); String responseType = config.isLoginWithAccessToken() ? "code id_token" : "id_token"; qs.add(OAuth2Params.RESPONSE_TYPE, responseType); qs.add(OAuth2Params.CLIENT_ID, config.getClientId()); qs.add(OAuth2Params.REDIRECT_URI, buildClientRedirectUri(request)); qs.add(OAuth2Params.LOGOUT_URI, buildClientLogoutUri(request)); return "redirect:" + Urls.appendQueryString(config.getAuthorizeUrl(), qs.build()); }
protected State handleOAuth2ServerError(Request request, Response response, OAuth2Params params) throws Throwable { if(Strings.isEmpty(config.getErrorView())) { View view = request.getView(config.getErrorView()); //todo : handle null view if(null != view) { view.render(request, response); } return State.INTERCEPTED; } return error(request, response, params.getError(), params.getErrorDescription()); }
@Override public State handleAuthenticationResolved(Request request, Response response, AuthenticationContext context) throws Throwable { Authentication authc = context.getAuthentication(); if(null != authc) { AccessToken at; if(authc instanceof OAuth2LoginAuthentication) { at = ((OAuth2LoginAuthentication) authc).getAccessToken(); if(null != at) { accessTokenStore.saveAccessToken(request, context, at); } }else{ at = accessTokenStore.loadAccessToken(request, context); } if(null != at) { if(at.isExpired()) { log.info("AT '{}' expired, refresh it", at.getToken()); at = accessTokenStore.refreshAndSaveAccessToken(request, context, at); } TokenContext.setAccessToken(request, at); } } return State.CONTINUE; }