• Home
• org.membrane-soa
• service-proxy-core
• 4.7.3
• source code
• EmptyEndpointProcessor.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.predic8.membrane.core.interceptor.oauth2.processors.EmptyEndpointProcessor Maven / Gradle / Ivy

/*
 * Copyright 2016 predic8 GmbH, www.predic8.com
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *    http://www.apache.org/licenses/LICENSE-2.0
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

package com.predic8.membrane.core.interceptor.oauth2.processors;

import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.oauth2.*;
import com.predic8.membrane.core.interceptor.oauth2.flows.CodeFlow;
import com.predic8.membrane.core.interceptor.oauth2.flows.IdTokenTokenFlow;
import com.predic8.membrane.core.interceptor.oauth2.flows.TokenFlow;
import com.predic8.membrane.core.interceptor.oauth2.parameter.ClaimsParameter;
import com.predic8.membrane.core.util.functionalInterfaces.Function;

import java.io.UnsupportedEncodingException;
import java.util.HashSet;

public class EmptyEndpointProcessor extends EndpointProcessor {

    public EmptyEndpointProcessor(OAuth2AuthorizationServerInterceptor authServer) {
        super(authServer);
    }

    @Override
    public boolean isResponsible(Exchange exc) {
        SessionManager.Session s = authServer.getSessionManager().getSession(exc);
        return (exc.getRequestURI().equals("/") || exc.getRequestURI().startsWith("/?")) && s != null && (s.isPreAuthorized() || s.isAuthorized() );
    }

    @Override
    public Outcome process(Exchange exc) throws Exception {
        SessionManager.Session s = authServer.getSessionManager().getOrCreateSession(exc);
        synchronized (s) {
            if (!OAuth2Util.isOpenIdScope(s.getUserAttributes().get(ParamNames.SCOPE)))
                s.getUserAttributes().put("consent", "true");
            if (!s.getUserAttributes().containsKey("consent")) {
                addConsentPageDataToSession(s);
                return redirectToConsentPage(exc);
            }
            if (s.getUserAttributes().get("consent").equals("true")) {
                s.authorize();
                return startOAuth2Flow(exc, s);
            }
        }
        exc.setResponse(OAuth2Util.createParameterizedJsonErrorResponse(exc,jsonGen, "error", "consent_required"));
        return Outcome.RETURN;
    }

    private Outcome startOAuth2Flow(Exchange exc, SessionManager.Session s) throws Exception {
        if (getResponseType(s).equals("code"))
            return new CodeFlow(authServer, exc, s).getResponse();
        if (getResponseType(s).equals("token")) {
            authServer.getStatistics().implicitFlow();
            return new TokenFlow(authServer, exc, s).getResponse();
        }
        if(getResponseType(s).equals("id_token token"))
            return new IdTokenTokenFlow(authServer,exc,s).getResponse();
        exc.setResponse(OAuth2Util.createParameterizedJsonErrorResponse(exc,jsonGen, "error", "unsupported_response_type"));
        return Outcome.RETURN;
    }

    private void addConsentPageDataToSession(SessionManager.Session s) throws UnsupportedEncodingException {
        s.getUserAttributes().put(ConsentPageFile.PRODUCT_NAME, authServer.getConsentPageFile().getProductName());
        s.getUserAttributes().put(ConsentPageFile.LOGO_URL,authServer.getConsentPageFile().getLogoUrl());
        s.getUserAttributes().put(ConsentPageFile.SCOPE_DESCRIPTIONS, getScopeDescriptions(s.getUserAttributes().get(ParamNames.SCOPE).split(" ")));
        s.getUserAttributes().put(ConsentPageFile.CLAIM_DESCRIPTIONS, getClaimDescriptions(processClaimsParameterToClaimsString(s.getUserAttributes().get(ParamNames.CLAIMS))));
    }

    private String[] processClaimsParameterToClaimsString(String claimsParam) {
        ClaimsParameter cp = new ClaimsParameter(authServer.getClaimList().getSupportedClaims(),claimsParam);
        StringBuilder builder = new StringBuilder();

        HashSet userinfo = cp.getUserinfoClaims();
        for(String claim : userinfo)
            builder.append(" ").append(claim);

        HashSet idToken = cp.getIdTokenClaims();
        for(String claim : idToken)
            builder.append(" ").append(claim);

        return builder.toString().trim().split(" ");
    }

    private String getClaimDescriptions(String[] claims) throws UnsupportedEncodingException {
        return createDescription(claims, new Function() {
            @Override
            public String call(String param) {
                return ClaimRenamer.convert(param);
            }
        },new Function() {
            @Override
            public String call(String claimParam) {
                return authServer.getConsentPageFile().convertClaim(ClaimRenamer.convert(claimParam));
            }
        });
    }

    private String getScopeDescriptions(String[] scopes) throws UnsupportedEncodingException {
        return createDescription(scopes, new Function() {
            @Override
            public String call(String param) {
                if(param.equals("openid"))
                    return "";
                return param;
            }
        },new Function() {
            @Override
            public String call(String scopeParam) {
                return authServer.getConsentPageFile().convertScope(scopeParam);
            }
        });
    }

    private String createDescription(String[] params, Function paramNameConverter, Function paramValueConverter) throws UnsupportedEncodingException {
        StringBuilder builder = new StringBuilder();
        HashSet alreadyAddedParams = new HashSet();
        for(String param : params) {
            String correctedParamName = paramNameConverter.call(param);
            if(!correctedParamName.isEmpty() && !alreadyAddedParams.contains(correctedParamName)){
                alreadyAddedParams.add(correctedParamName);
                builder.append(" ").append(correctedParamName).append(" ").append(OAuth2Util.urlencode(paramValueConverter.call(param)));
            }
        }
        return builder.toString().trim();
    }


    private Outcome redirectToConsentPage(Exchange exc) {
        exc.setResponse(Response.redirect("/login/consent",false).dontCache().bodyEmpty().build());
        return Outcome.RETURN;
    }

    protected static String getResponseType(SessionManager.Session s) {
        synchronized(s) {
            return s.getUserAttributes().get("response_type");
        }
    }










}