Java Code Examples for org.opensaml.profile.context.ProfileRequestContext#addSubcontext()

The following examples show how to use org.opensaml.profile.context.ProfileRequestContext#addSubcontext() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BuildAuthenticationContextAction.java    From shibboleth-oidc with Apache License 2.0 5 votes vote down vote up
@Nonnull
@Override
protected Event doExecute(@Nonnull final RequestContext springRequestContext,
                          @Nonnull final ProfileRequestContext profileRequestContext) {
    log.debug("{} Building authentication context", getLogPrefix());
    final AuthenticationContext ac = new AuthenticationContext();
    
    final OIDCAuthorizationRequestContext authZContext =
            profileRequestContext.getSubcontext(OIDCAuthorizationRequestContext.class);
    if (authZContext == null) {
        log.warn("No authorization request could be located in the profile request context");
        return Events.Failure.event(this);
    }

    final AuthorizationRequest authorizationRequest = authZContext.getAuthorizationRequest();
    if (authorizationRequest == null || Strings.isNullOrEmpty(authorizationRequest.getClientId())) {
        log.warn("Authorization request could not be loaded from session");
        return Events.Failure.event(this);
    }

    ac.setForceAuthn(authZContext.isForceAuthentication());
    if (ac.isForceAuthn()) {
        log.debug("Authentication context requires force authN for {}",
                authorizationRequest.getClientId());
    } else {
        log.debug("Authentication context does not require force authN for {}",
                authorizationRequest.getClientId());
    }

    final List<Principal> principals = new ArrayList<>();
    processRequestedAcrValuesIfAny(authorizationRequest, principals);
    processAcrValuesBasedOnPrincipalWeightMap(principals);
    addRequestedPrincipalIntoContext(ac, principals);
    
    profileRequestContext.addSubcontext(ac, true);
    profileRequestContext.setBrowserProfile(true);
    return Events.Success.event(this);
}
 
Example 2
Source File: BuildRelyingPartyContextAction.java    From shibboleth-oidc with Apache License 2.0 5 votes vote down vote up
@Nonnull
@Override
protected Event doExecute(@Nonnull final RequestContext springRequestContext,
                          @Nonnull final ProfileRequestContext profileRequestContext) {

    final OIDCAuthorizationRequestContext authZContext = 
            profileRequestContext.getSubcontext(OIDCAuthorizationRequestContext.class);
    if (authZContext == null) {
        log.warn("No authorization request could be located in the profile request context");
        return Events.Failure.event(this);
    }

    final AuthorizationRequest authRequest = authZContext.getAuthorizationRequest();
    if (authRequest == null || Strings.isNullOrEmpty(authRequest.getClientId())) {
        log.warn("Authorization request could not be loaded from session");
        return Events.Failure.event(this);
    }

    final ClientDetailsEntity client = this.clientService.loadClientByClientId(authRequest.getClientId());

    if (client == null) {
        log.warn("Client configuration could not be loaded from session");
        return Events.Failure.event(this);
    }
    final RelyingPartyContext rpc = new RelyingPartyContext();

    rpc.setVerified(true);
    rpc.setRelyingPartyId(client.getClientId());
    log.debug("{} Setting up RP context for verified relying party {}",
            getLogPrefix(), client.getClientId());
    profileRequestContext.addSubcontext(rpc);
    return Events.Success.event(this);
}
 
Example 3
Source File: BuildAuthorizationRequestContextAction.java    From shibboleth-oidc with Apache License 2.0 4 votes vote down vote up
/**
 * Produce final event event.
 *
 * @param profileRequestContext the profile request context
 * @param response              the response
 * @param authorizationRequest  the authorization request
 * @param pairEvent             the pair event
 * @param springRequestContext  the spring request context
 * @param client   the client details entity
 * @return the event
 */
private Event produceFinalEvent(final ProfileRequestContext profileRequestContext,
                                final HttpServletResponse response,
                                final OIDCAuthorizationRequestContext authorizationRequest,
                                final Pair<Events, ? extends Object> pairEvent,
                                final RequestContext springRequestContext, 
                                final ClientDetailsEntity client) {

    try {
        if (pairEvent.getFirst() == null) {
            log.error("Could not determine the final event based on authorization request");
            return Events.BadRequest.event(this);
        }

        switch (pairEvent.getFirst()) {
            case Failure:
                log.error("Failed to process authorization request. Sending back response error");
                response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
                break;
            case Redirect:
                if (pairEvent.getSecond() != null) {
                    log.debug("Authorization request indicated a redirect event to {}", pairEvent.getSecond());
                    final OIDCResponse oidcResponse = new OIDCResponse();
                    oidcResponse.setAuthorizationRequest(authorizationRequest.getAuthorizationRequest());
                    oidcResponse.setRedirectUri(pairEvent.getSecond().toString());
                    oidcResponse.setClient(client);
                    OIDCUtils.putOIDCResponseIntoScope(oidcResponse, springRequestContext.getFlowScope());
                } else {
                    throw new OIDCException("No redirect url could be found based on the request");
                }
                break;
            case Success:
                log.debug("Success. Proceeding with building the authorization context based on the request");
                profileRequestContext.addSubcontext(authorizationRequest, true);
                break;
            default:
                log.debug("Proceeding to final event");
        }
        final Event ev = pairEvent.getFirst().event(this);
        log.debug("Returning final event {}", ev.getId());
        return ev;
    } catch (final Exception e) {
        log.error(e.getMessage(), e);
        throw new OIDCException(e);
    }
}
 
Example 4
Source File: PreAuthorizeUserApprovalAction.java    From shibboleth-oidc with Apache License 2.0 4 votes vote down vote up
@Nonnull
@Override
protected Event doExecute(@Nonnull final RequestContext springRequestContext,
                          @Nonnull final ProfileRequestContext profileRequestContext) {

    final OIDCAuthorizationRequestContext authZContext =
        profileRequestContext.getSubcontext(OIDCAuthorizationRequestContext.class);
    if (authZContext == null) {
        log.warn("No authorization request could be located in the profile request context");
        return Events.Failure.event(this);
    }

    final AuthorizationRequest authRequest = authZContext.getAuthorizationRequest();
    if (authRequest == null || Strings.isNullOrEmpty(authRequest.getClientId())) {
        log.warn("Authorization request could not be loaded from session");
        return Events.Failure.event(this);
    }

    /*
    final String prompt = (String)authRequest.getExtensions().get(ConnectRequestParameters.PROMPT);
    final List<String> prompts = Splitter.on(ConnectRequestParameters.PROMPT_SEPARATOR)
            .splitToList(Strings.nullToEmpty(prompt));
    */

    final ClientDetailsEntity client;

    try {
        client = clientService.loadClientByClientId(authRequest.getClientId());
        if (client == null) {
            log.error("Could not find client {}", authRequest.getClientId());
            return Events.ClientNotFound.event(this);
        }
    } catch (final Exception e) {
        log.error(e.getMessage(), e);
        return Events.BadRequest.event(this);
    }

    /*
    if (prompts.contains(ConnectRequestParameters.PROMPT_NONE)) {
        log.debug("Handling authorization when prompt contains none");
        return handleWhenNoPromptIsPresent(springRequestContext, request, authRequest, client);
    }
    */

    final Authentication authentication =
        SpringSecurityAuthenticationTokenFactory.buildAuthentication(profileRequestContext, client);
    storeSpringSecurityAuthenticationContext(profileRequestContext, springRequestContext, authentication);
    storeAuthenticationTimeIntoAuthorizationRequest(authentication, authRequest);
    final OIDCResponse response = buildOpenIdConnectResponse(authRequest, client);
    final OIDCAuthorizationResponseContext responseContext = new OIDCAuthorizationResponseContext();
    responseContext.setOidcResponse(response);
    profileRequestContext.addSubcontext(responseContext);
    return Events.Proceed.event(this);
}