All Downloads are FREE. Search and download functionalities are using the official Maven repository.

leap.oauth2.server.sso.DefaultAuthzSSOManager Maven / Gradle / Ivy

There is a newer version: 0.7.13b
Show newest version
/*
 *
 *  * Copyright 2013 the original author or authors.
 *  *
 *  * Licensed under the Apache License, Version 2.0 (the "License");
 *  * you may not use this file except in compliance with the License.
 *  * You may obtain a copy of the License at
 *  *
 *  *      http://www.apache.org/licenses/LICENSE-2.0
 *  *
 *  * Unless required by applicable law or agreed to in writing, software
 *  * distributed under the License is distributed on an "AS IS" BASIS,
 *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  * See the License for the specific language governing permissions and
 *  * limitations under the License.
 *
 */
package leap.oauth2.server.sso;

import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.core.ioc.PostCreateBean;
import leap.core.security.Authentication;
import leap.core.security.UserPrincipal;
import leap.core.security.token.jwt.JWT;
import leap.core.security.token.jwt.JwtVerifier;
import leap.core.security.token.jwt.MacSigner;
import leap.lang.Arrays2;
import leap.lang.Strings;
import leap.oauth2.server.OAuth2AuthzServerConfig;
import leap.oauth2.server.authc.AuthzAuthentication;
import leap.oauth2.server.client.AuthzClient;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.SecurityConfig;
import leap.web.security.logout.LogoutContext;
import leap.web.security.user.JwtTokenAuthenticator;

public class DefaultAuthzSSOManager implements AuthzSSOManager,PostCreateBean {
    
    public static final String SSO_SESSION_ATTR_NAME = DefaultAuthzSSOManager.class.getName()+"$"+AuthzSSOSession.class.getName();
    public static final String SSO_LOGIN_ATTR_NAME = SSO_SESSION_ATTR_NAME+"$"+AuthzSSOLogin.class.getName();
    
    protected @Inject SecurityConfig sc;
    protected @Inject OAuth2AuthzServerConfig config;
    protected JwtVerifier verifier;
    
    @Override
    public void onOAuth2LoginSuccess(Request request, Response response, AuthzAuthentication authc) throws Throwable {
        if(!config.isSingleLoginEnabled()) {
            return;
        }

        Authentication secAuthc = authc.getAuthentication();
        String token = secAuthc.getToken();
        if(null == token) {
            throw new IllegalStateException("The authentication token must be exists");
        }

        AuthzSSOStore ss = config.getSSOStore();

        AuthzSSOSession session = ss.loadSessionByToken(authc.getUserDetails().getLoginName(), token);
        if(null == session) {
            //Creates a new sso session and save it.
            session = newSession(request, response, authc);
            AuthzSSOLogin login = newLogin(request, response, authc, session, true);
            
            ss.saveSession(session, login);
            setCurrentSSOLogin(login,request,authc);
        }else{
            //Creates a new login and save it in session.
            AuthzSSOLogin login = newLogin(request, response, authc, session, false);
            ss.saveLogin(session, login);
            setCurrentSSOLogin(login,request,authc);
        }
        setSSOSession(session,request,authc);
    }

    @Override
    public void setSSOSession(AuthzSSOSession session, Request request, AuthzAuthentication authc) throws Throwable {
        request.setAttribute(SSO_SESSION_ATTR_NAME,session);
    }

    @Override
    public void setCurrentSSOLogin(AuthzSSOLogin login, Request request, AuthzAuthentication authc) throws Throwable {
        request.setAttribute(SSO_LOGIN_ATTR_NAME,login);
    }

    @Override
    public AuthzSSOSession getSSOSession(Request request, Response response,
                                         AuthzAuthentication authc) throws Throwable {
        return (AuthzSSOSession)request.getAttribute(SSO_SESSION_ATTR_NAME);
    }

    @Override
    public AuthzSSOLogin getCurrentSSOLogin(Request request, Response response,
                                              AuthzAuthentication authc) throws Throwable {
        return (AuthzSSOLogin)request.getAttribute(SSO_LOGIN_ATTR_NAME);
    }

    @Override
    public String[] resolveLogoutUrls(Request request, Response response, LogoutContext context) throws Throwable {
        Authentication authc = context.getAuthentication();
        if(null == authc) {
            return Arrays2.EMPTY_STRING_ARRAY;
        }

        String token = context.getAuthenticationToken();
        if(Strings.isEmpty(token)) {
            throw new IllegalStateException("The authentication token must be exists.");
        }

        AuthzSSOStore ss = config.getSSOStore();
        AuthzSSOSession session = ss.loadSessionByToken(authc.getUser().getLoginName(), token);
        if(null == session) {
            return Arrays2.EMPTY_STRING_ARRAY;
        }

        List logins = ss.loadLoginsInSession(session);

        Set urls = new HashSet<>();
        for(AuthzSSOLogin login : logins){
            if(!Strings.isEmpty(login.getLogoutUri())) {
                urls.add(login.getLogoutUri());
            }
        }
        return urls.toArray(new String[urls.size()]);
    }

    @Override
    public void postCreate(BeanFactory factory) throws Throwable {
        if(null == verifier) {
            verifier = new MacSigner(sc.getSecret(), sc.getDefaultAuthenticationExpires());
        }
    }

    protected AuthzSSOSession newSession(Request request, Response response, AuthzAuthentication authc) {
        SimpleAuthzSSOSession session = new SimpleAuthzSSOSession();

        UserPrincipal user = authc.getAuthentication().getUser();
        String token = authc.getAuthentication().getToken();
        Map claims = verifier.verify(token);
        
        session.setId((String) claims.get(JWT.CLAIM_JWT_ID));
        session.setUserId(user.getIdAsString());
        session.setUsername(user.getLoginName());
        session.setToken(authc.getAuthentication().getToken());
        session.setExpiresIn(config.getDefaultLoginSessionExpires());
        session.setCreated(System.currentTimeMillis());

        return session;
    }

    protected AuthzSSOLogin newLogin(Request request, Response response, AuthzAuthentication authc, AuthzSSOSession session, boolean initial) {

        SimpleAuthzSSOLogin login = new SimpleAuthzSSOLogin();

        login.setInitial(initial);
        login.setLoginTime(System.currentTimeMillis());
        login.setLogoutUri(authc.getParams().getLogoutUri());

        AuthzClient client = authc.getClientDetails();
        if(null != client) {
            login.setClientId(client.getId());

            if(Strings.isEmpty(login.getLogoutUri())) {
                login.setLogoutUri(client.getLogoutUri());
            }
        }

        return login;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy