Commit 38725882 authored by michael.simon's avatar michael.simon
Browse files

parsing first callback from oidc op

parent c15bd58a
package edu.kit.scc.webreg.service.oidc.client;
import java.io.Serializable;
import edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException;
public interface OidcClientCallbackService extends Serializable {
void callback(String uri) throws OidcAuthenticationException;
}
package edu.kit.scc.webreg.service.oidc.client;
import java.net.URI;
import java.net.URISyntaxException;
import javax.ejb.Stateless;
import javax.inject.Inject;
import org.slf4j.Logger;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationResponse;
import com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse;
import com.nimbusds.oauth2.sdk.ParseException;
import edu.kit.scc.webreg.dao.oidc.OidcRpConfigurationDao;
import edu.kit.scc.webreg.dao.oidc.OidcRpFlowStateDao;
import edu.kit.scc.webreg.entity.oidc.OidcRpFlowStateEntity;
import edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException;
@Stateless
public class OidcClientCallbackServiceImpl implements OidcClientCallbackService {
private static final long serialVersionUID = 1L;
@Inject
private Logger logger;
@Inject
private OidcRpConfigurationDao rpConfigDao;
@Inject
private OidcRpFlowStateDao rpFlowStateDao;
@Override
public void callback(String uri) throws OidcAuthenticationException {
try {
AuthorizationResponse response = AuthorizationResponse.parse(new URI(uri));
if (! response.indicatesSuccess()) {
throw new OidcAuthenticationException("No success indicated with uri parsing");
}
AuthorizationSuccessResponse successResponse = (AuthorizationSuccessResponse)response;
OidcRpFlowStateEntity flowState = rpFlowStateDao.findByState(successResponse.getState().getValue());
// The returned state parameter must match the one send with the request
if (flowState == null) {
throw new OidcAuthenticationException("State is wrong or expired");
}
AuthorizationCode code = successResponse.getAuthorizationCode();
flowState.setCode(code.getValue());
} catch (ParseException | URISyntaxException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.sec;
import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import edu.kit.scc.webreg.service.oidc.client.OidcClientCallbackService;
import edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException;
import edu.kit.scc.webreg.session.SessionManager;
@Named
@WebServlet(urlPatterns = { "/rpoidc/callback" })
public class OidcClientCallbackHandlerServlet implements Servlet {
@Inject
private Logger logger;
@Inject
private SessionManager session;
@Inject
private OidcClientCallbackService callbackService;
@Override
public void init(ServletConfig config) throws ServletException {
}
@Override
public void service(ServletRequest servletRequest, ServletResponse servletResponse)
throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (session == null) {
logger.debug("Client session from {} not established. Sending client back to welcome page",
request.getRemoteAddr());
response.sendRedirect("/welcome/index.xhtml");
return;
}
StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
String queryString = request.getQueryString();
if (queryString != null) {
requestURL.append('?').append(queryString).toString();
}
try {
callbackService.callback(requestURL.toString());
} catch (OidcAuthenticationException e) {
throw new ServletException("Problems encountered");
}
}
@Override
public ServletConfig getServletConfig() {
return null;
}
@Override
public String getServletInfo() {
return null;
}
@Override
public void destroy() {
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment