diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml
index e369125cc..babcb8f80 100644
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml
@@ -489,7 +489,7 @@
<bean id="oidcTokenService" class="cz.muni.ics.oidc.server.PerunOIDCTokenService" primary="true"/>
- <bean id="callPerunFiltersFilter" class="cz.muni.ics.oidc.server.filters.CallPerunFiltersFilter"/>
+ <bean id="authProcFilters" class="cz.muni.ics.oidc.server.filters.AuthProcFiltersContainer"/>
<bean id="htmlClasses" class="cz.muni.ics.oidc.web.WebHtmlClasses">
<constructor-arg name="perunOidcConfig" ref="perunOidcConfig"/>
diff --git a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/web-context.xml b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/web-context.xml
index ea927b36c..39d6253a2 100644
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/web-context.xml
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/web-context.xml
@@ -251,7 +251,7 @@
<security:custom-filter ref="clearSessionFilter" after="CHANNEL_FILTER"/>
<security:custom-filter ref="samlFilter" before="CSRF_FILTER"/>
<security:custom-filter ref="samlFilter" after="BASIC_AUTH_FILTER"/>
- <security:custom-filter ref="callPerunFiltersFilter" before="LAST"/>
+ <security:custom-filter ref="authProcFilters" before="LAST"/>
<security:logout logout-url="/saml/logout"/>
</security:http>
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/PerunRequestFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFilter.java
similarity index 65%
rename from perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/PerunRequestFilter.java
rename to perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFilter.java
index 3d5503c97..f7266b3a1 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/PerunRequestFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFilter.java
@@ -1,20 +1,14 @@
package cz.muni.ics.oidc.server.filters;
-import static cz.muni.ics.oidc.server.filters.PerunFilterConstants.AUTHORIZE_REQ_PATTERN;
-import static cz.muni.ics.oidc.server.filters.PerunFilterConstants.DEVICE_APPROVE_REQ_PATTERN;
-import static cz.muni.ics.oidc.server.filters.PerunFilterConstants.DEVICE_CHECK_CODE_REQ_PATTERN;
-
import java.io.IOException;
+import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import lombok.extern.slf4j.Slf4j;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.security.web.util.matcher.OrRequestMatcher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
/**
* Abstract class for Perun filters. All filters called in CallPerunFiltersFilter has to extend this.
@@ -39,7 +33,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Slf4j
-public abstract class PerunRequestFilter {
+public abstract class AuthProcFilter {
private static final String DELIMITER = ",";
private static final String CLIENT_IDS = "clientIds";
@@ -49,7 +43,7 @@ public abstract class PerunRequestFilter {
private Set<String> clientIds = new HashSet<>();
private Set<String> subs = new HashSet<>();
- public PerunRequestFilter(PerunRequestFilterParams params) {
+ public AuthProcFilter(PerunRequestFilterParams params) {
filterName = params.getFilterName();
if (params.hasProperty(CLIENT_IDS)) {
@@ -65,6 +59,8 @@ public abstract class PerunRequestFilter {
log.debug("{} - skip execution for clients with CLIENT_ID in: {}", filterName, clientIds);
}
+ protected abstract String getSessionAppliedParamName();
+
/**
* In this method is done whole logic of filer
*
@@ -73,31 +69,51 @@ public abstract class PerunRequestFilter {
* @return boolean if filter was successfully done
* @throws IOException this exception could be thrown because of failed or interrupted I/O operation
*/
- protected abstract boolean process(ServletRequest request, ServletResponse response, FilterParams params)
+ protected abstract boolean process(HttpServletRequest request, HttpServletResponse response, FilterParams params)
throws IOException;
- public boolean doFilter(ServletRequest req, ServletResponse res, FilterParams params) throws IOException {
- HttpServletRequest request = (HttpServletRequest) req;
- if (!skip(request)) {
+ public boolean doFilter(HttpServletRequest req, HttpServletResponse res, FilterParams params) throws IOException {
+ if (!skip(req)) {
log.trace("{} - executing filter", filterName);
- return this.process(req, res, params);
+ return process(req, res, params);
} else {
return true;
}
}
private boolean skip(HttpServletRequest request) {
- String sub = (request.getUserPrincipal() != null) ? request.getUserPrincipal().getName() : null;
- String clientId = request.getParameter(PerunFilterConstants.PARAM_CLIENT_ID);
+ if (hasBeenApplied(request.getSession(true))) {
+ return true;
+ }
+ log.debug("{} - marking filter as applied", filterName);
+ request.getSession(true).setAttribute(getSessionAppliedParamName(), true);
+ return skipForSub(request.getUserPrincipal())
+ || skipForClientId(request.getParameter(PerunFilterConstants.PARAM_CLIENT_ID));
+ }
+ private boolean hasBeenApplied(HttpSession sess) {
+ String sessionParamName = getSessionAppliedParamName();
+ if (sess.getAttribute(sessionParamName) != null) {
+ log.debug("{} - skip filter execution: filter has been already applied", filterName);
+ return true;
+ }
+ return false;
+ }
+
+ private boolean skipForSub(Principal p) {
+ String sub = (p != null) ? p.getName() : null;
if (sub != null && subs.contains(sub)) {
log.debug("{} - skip filter execution: matched one of the ignored SUBS ({})", filterName, sub);
return true;
- } else if (clientId != null && clientIds.contains(clientId)){
+ }
+ return false;
+ }
+
+ private boolean skipForClientId(String clientId) {
+ if (clientId != null && clientIds.contains(clientId)){
log.debug("{} - skip filter execution: matched one of the ignored CLIENT_IDS ({})", filterName, clientId);
return true;
}
-
return false;
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/CallPerunFiltersFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFiltersContainer.java
similarity index 81%
rename from perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/CallPerunFiltersFilter.java
rename to perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFiltersContainer.java
index a4ce091d9..2faea8d35 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/CallPerunFiltersFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/AuthProcFiltersContainer.java
@@ -16,10 +16,12 @@ import java.util.List;
import java.util.Properties;
import javax.annotation.PostConstruct;
import javax.servlet.FilterChain;
+import javax.servlet.GenericFilter;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
@@ -36,7 +38,7 @@ import org.springframework.web.filter.GenericFilterBean;
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Slf4j
-public class CallPerunFiltersFilter extends GenericFilterBean {
+public class AuthProcFiltersContainer extends GenericFilterBean {
private static final RequestMatcher AUTHORIZE_MATCHER = new AntPathRequestMatcher(AUTHORIZE_REQ_PATTERN);
private static final RequestMatcher AUTHORIZE_ALL_MATCHER = new AntPathRequestMatcher(AUTHORIZE_REQ_PATTERN + "/**");
@@ -74,13 +76,15 @@ public class CallPerunFiltersFilter extends GenericFilterBean {
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException
{
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- if (!MATCHER.matches(request)) {
- log.debug("Custom filters have been skipped, did not match '/authorize' nor '/device/code' request");
+ HttpServletRequest req = (HttpServletRequest) servletRequest;
+ HttpServletResponse res = (HttpServletResponse) servletResponse;
+ if (!MATCHER.matches(req)) {
+ log.debug("Custom filters have been skipped, did not match '{}' nor '{}' request", AUTHORIZE_MATCHER,
+ AUTHORIZE_REQ_PATTERN);
} else {
- List<PerunRequestFilter> filters = perunFiltersContext.getFilters();
+ List<AuthProcFilter> filters = perunFiltersContext.getFilters();
if (filters != null && !filters.isEmpty()) {
- ClientDetailsEntity client = FiltersUtils.extractClientFromRequest(request, authRequestFactory,
+ ClientDetailsEntity client = FiltersUtils.extractClientFromRequest(req, authRequestFactory,
clientDetailsEntityService);
Facility facility = null;
if (client != null && StringUtils.hasText(client.getClientId())) {
@@ -88,20 +92,20 @@ public class CallPerunFiltersFilter extends GenericFilterBean {
facility = perunAdapter.getFacilityByClientId(client.getClientId());
} catch (Exception e) {
log.warn("{} - could not fetch facility for client_id '{}'",
- CallPerunFiltersFilter.class.getSimpleName(), client.getClientId(), e);
+ AuthProcFiltersContainer.class.getSimpleName(), client.getClientId(), e);
}
}
- PerunUser user = FiltersUtils.getPerunUser(request, perunAdapter,
+ PerunUser user = FiltersUtils.getPerunUser(req, perunAdapter,
samlProperties.getUserIdentifierAttribute());
FilterParams params = new FilterParams(client, facility, user);
- for (PerunRequestFilter filter : filters) {
- if (!filter.doFilter(servletRequest, servletResponse, params)) {
+ for (AuthProcFilter filter : filters) {
+ if (!filter.doFilter(req, res, params)) {
return;
}
}
}
}
- filterChain.doFilter(servletRequest, servletResponse);
+ filterChain.doFilter(req, res);
}
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/PerunFiltersContext.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/PerunFiltersContext.java
index 411b1ec97..04a9b5082 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/PerunFiltersContext.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/PerunFiltersContext.java
@@ -16,7 +16,7 @@ import org.springframework.util.StringUtils;
* Filters are configured from configuration file in following way:
* filter.names=filterName1,filterName2,...
*
- * @see PerunRequestFilter for configuration of filter
+ * @see AuthProcFilter for configuration of filter
*
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@@ -27,7 +27,7 @@ public class PerunFiltersContext {
private static final String FILTER_CLASS = ".class";
private static final String PREFIX = "filter.";
- private final List<PerunRequestFilter> filters;
+ private final List<AuthProcFilter> filters;
private final Properties properties;
private final BeanUtil beanUtil;
@@ -41,17 +41,17 @@ public class PerunFiltersContext {
log.debug("--------------------------------");
for (String filterName: filterNames.split(",")) {
- PerunRequestFilter requestFilter = loadFilter(filterName);
+ AuthProcFilter requestFilter = loadFilter(filterName);
filters.add(requestFilter);
log.debug("--------------------------------");
}
}
- public List<PerunRequestFilter> getFilters() {
+ public List<AuthProcFilter> getFilters() {
return filters;
}
- private PerunRequestFilter loadFilter(String filterName) {
+ private AuthProcFilter loadFilter(String filterName) {
String propPrefix = PerunFiltersContext.PREFIX + filterName;
String filterClass = properties.getProperty(propPrefix + FILTER_CLASS, null);
if (!StringUtils.hasText(filterClass)) {
@@ -62,14 +62,14 @@ public class PerunFiltersContext {
try {
Class<?> rawClazz = Class.forName(filterClass);
- if (!PerunRequestFilter.class.isAssignableFrom(rawClazz)) {
+ if (!AuthProcFilter.class.isAssignableFrom(rawClazz)) {
log.warn("{} - failed to initialized filter: class '{}' does not extend PerunRequestFilter",
filterName, filterClass);
return null;
}
- @SuppressWarnings("unchecked") Class<PerunRequestFilter> clazz = (Class<PerunRequestFilter>) rawClazz;
- Constructor<PerunRequestFilter> constructor = clazz.getConstructor(PerunRequestFilterParams.class);
+ @SuppressWarnings("unchecked") Class<AuthProcFilter> clazz = (Class<AuthProcFilter>) rawClazz;
+ Constructor<AuthProcFilter> constructor = clazz.getConstructor(PerunRequestFilterParams.class);
PerunRequestFilterParams params = new PerunRequestFilterParams(filterName, propPrefix, properties, beanUtil);
return constructor.newInstance(params);
} catch (ClassNotFoundException e) {
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunAuthorizationFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunAuthorizationFilter.java
index f5679b096..35fef0e17 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunAuthorizationFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunAuthorizationFilter.java
@@ -9,7 +9,7 @@ import cz.muni.ics.oidc.server.configurations.FacilityAttrsConfig;
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
import cz.muni.ics.oidc.server.filters.FilterParams;
import cz.muni.ics.oidc.server.filters.FiltersUtils;
-import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
+import cz.muni.ics.oidc.server.filters.AuthProcFilter;
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
import java.util.Map;
@@ -31,7 +31,9 @@ import lombok.extern.slf4j.Slf4j;
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Slf4j
-public class PerunAuthorizationFilter extends PerunRequestFilter {
+public class PerunAuthorizationFilter extends AuthProcFilter {
+
+ public static final String APPLIED = "APPLIED_" + PerunAuthorizationFilter.class.getSimpleName();
private final PerunAdapter perunAdapter;
private final FacilityAttrsConfig facilityAttrsConfig;
@@ -48,10 +50,12 @@ public class PerunAuthorizationFilter extends PerunRequestFilter {
}
@Override
- protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) {
- HttpServletRequest request = (HttpServletRequest) req;
- HttpServletResponse response = (HttpServletResponse) res;
+ protected String getSessionAppliedParamName() {
+ return APPLIED;
+ }
+ @Override
+ protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
Facility facility = params.getFacility();
if (facility == null || facility.getId() == null) {
log.debug("{} - skip filter execution: no facility provided", filterName);
@@ -64,7 +68,7 @@ public class PerunAuthorizationFilter extends PerunRequestFilter {
return true;
}
- return this.decideAccess(facility, user, request, response, params.getClientIdentifier(),
+ return this.decideAccess(facility, user, req, res, params.getClientIdentifier(),
perunAdapter, facilityAttrsConfig);
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunEnsureVoMember.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunEnsureVoMember.java
index e3467b0ef..dfae70056 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunEnsureVoMember.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunEnsureVoMember.java
@@ -7,7 +7,7 @@ import cz.muni.ics.oidc.server.adapters.PerunAdapter;
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
import cz.muni.ics.oidc.server.filters.FilterParams;
import cz.muni.ics.oidc.server.filters.FiltersUtils;
-import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
+import cz.muni.ics.oidc.server.filters.AuthProcFilter;
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
@@ -21,6 +21,7 @@ import java.util.Map;
import java.util.Set;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.apache.http.HttpHeaders;
@@ -39,7 +40,9 @@ import org.springframework.util.StringUtils;
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Slf4j
-public class PerunEnsureVoMember extends PerunRequestFilter {
+public class PerunEnsureVoMember extends AuthProcFilter {
+
+ public static final String APPLIED = "APPLIED_" + PerunEnsureVoMember.class.getSimpleName();
private static final String TRIGGER_ATTR = "triggerAttr";
private static final String VO_DEFS_ATTR = "voDefsAttr";
@@ -68,9 +71,12 @@ public class PerunEnsureVoMember extends PerunRequestFilter {
}
@Override
- protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) throws IOException {
- HttpServletResponse response = (HttpServletResponse) res;
+ protected String getSessionAppliedParamName() {
+ return APPLIED;
+ }
+ @Override
+ protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
Facility facility = params.getFacility();
if (facility == null || facility.getId() == null) {
log.debug("{} - skip execution: no facility provided", filterName);
@@ -100,7 +106,7 @@ public class PerunEnsureVoMember extends PerunRequestFilter {
log.debug("{} - user allowed to continue", filterName);
return true;
} else {
- redirect(response, getLoginUrl(facility.getId()), voShortName);
+ redirect(res, getLoginUrl(facility.getId()), voShortName);
return false;
}
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunForceAupFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunForceAupFilter.java
index 25d630e81..62c912d9b 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunForceAupFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunForceAupFilter.java
@@ -14,7 +14,7 @@ import cz.muni.ics.oidc.server.adapters.PerunAdapter;
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
import cz.muni.ics.oidc.server.filters.FilterParams;
import cz.muni.ics.oidc.server.filters.FiltersUtils;
-import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
+import cz.muni.ics.oidc.server.filters.AuthProcFilter;
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
import cz.muni.ics.oidc.web.controllers.AupController;
import java.io.IOException;
@@ -52,7 +52,9 @@ import org.springframework.util.StringUtils;
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Slf4j
-public class PerunForceAupFilter extends PerunRequestFilter {
+public class PerunForceAupFilter extends AuthProcFilter {
+
+ public static final String APPLIED = "APPLIED_" + PerunForceAupFilter.class.getSimpleName();
private static final String DATE_FORMAT = "yyyy-MM-dd";
@@ -93,18 +95,20 @@ public class PerunForceAupFilter extends PerunRequestFilter {
}
@Override
- protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) throws IOException {
- HttpServletRequest request = (HttpServletRequest) req;
- HttpServletResponse response = (HttpServletResponse) res;
+ protected String getSessionAppliedParamName() {
+ return APPLIED;
+ }
- if (request.getSession() != null && request.getSession().getAttribute(APPROVED) != null) {
- request.getSession().removeAttribute(APPROVED);
+ @Override
+ protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) throws IOException {
+ if (req.getSession() != null && req.getSession().getAttribute(APPROVED) != null) {
+ req.getSession().removeAttribute(APPROVED);
log.debug("{} - skip filter execution: aups are already approved, check at next access to the service due" +
" to a delayed propagation to LDAP", filterName);
return true;
}
- PerunUser user = FiltersUtils.getPerunUser(request, perunAdapter, samlProperties.getUserIdentifierAttribute());
+ PerunUser user = FiltersUtils.getPerunUser(req, perunAdapter, samlProperties.getUserIdentifierAttribute());
if (user == null || user.getId() == null) {
log.debug("{} - skip filter execution: no user provider", filterName);
return true;
@@ -147,13 +151,13 @@ public class PerunForceAupFilter extends PerunRequestFilter {
log.trace("{} - AUPS to be approved: '{}'", filterName, newAups);
String newAupsString = mapper.writeValueAsString(newAups);
- request.getSession().setAttribute(AupController.RETURN_URL, request.getRequestURI()
- .replace(request.getContextPath(), "") + '?' + request.getQueryString());
- request.getSession().setAttribute(AupController.NEW_AUPS, newAupsString);
- request.getSession().setAttribute(AupController.USER_ATTR, perunUserAupsAttrName);
+ req.getSession().setAttribute(AupController.RETURN_URL, req.getRequestURI()
+ .replace(req.getContextPath(), "") + '?' + req.getQueryString());
+ req.getSession().setAttribute(AupController.NEW_AUPS, newAupsString);
+ req.getSession().setAttribute(AupController.USER_ATTR, perunUserAupsAttrName);
log.debug("{} - redirecting user '{}' to AUPs approval page", filterName, user);
- response.sendRedirect(request.getContextPath() + '/' + AupController.URL);
+ res.sendRedirect(req.getContextPath() + '/' + AupController.URL);
return false;
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunIsCesnetEligibleFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunIsCesnetEligibleFilter.java
index a51236965..6076b4ca4 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunIsCesnetEligibleFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunIsCesnetEligibleFilter.java
@@ -14,8 +14,7 @@ import cz.muni.ics.oidc.server.adapters.PerunAdapter;
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
import cz.muni.ics.oidc.server.filters.FilterParams;
import cz.muni.ics.oidc.server.filters.FiltersUtils;
-import cz.muni.ics.oidc.server.filters.PerunFilterConstants;
-import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
+import cz.muni.ics.oidc.server.filters.AuthProcFilter;
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
@@ -46,7 +45,9 @@ import org.apache.http.HttpHeaders;
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Slf4j
-public class PerunIsCesnetEligibleFilter extends PerunRequestFilter {
+public class PerunIsCesnetEligibleFilter extends AuthProcFilter {
+
+ public static final String APPLIED = "APPLIED_" + PerunIsCesnetEligibleFilter.class.getSimpleName();
/* CONFIGURATION PROPERTIES */
private static final String IS_CESNET_ELIGIBLE_ATTR_NAME = "isCesnetEligibleAttr";
@@ -84,11 +85,13 @@ public class PerunIsCesnetEligibleFilter extends PerunRequestFilter {
}
@Override
- protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) {
- HttpServletRequest request = (HttpServletRequest) req;
- HttpServletResponse response = (HttpServletResponse) res;
+ protected String getSessionAppliedParamName() {
+ return APPLIED;
+ }
- if (!FiltersUtils.isScopePresent(request.getParameter(PARAM_SCOPE), triggerScope)) {
+ @Override
+ protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
+ if (!FiltersUtils.isScopePresent(req.getParameter(PARAM_SCOPE), triggerScope)) {
log.debug("{} - skip execution: scope '{}' is not present in request", filterName, triggerScope);
return true;
}
@@ -124,7 +127,7 @@ public class PerunIsCesnetEligibleFilter extends PerunRequestFilter {
}
log.debug("{} - attribute '{}' value is invalid, stop user at this point", filterName, attrValue);
- this.redirect(request, response, reason);
+ this.redirect(req, res, reason);
return false;
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunIsTestSpFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunIsTestSpFilter.java
index d027eed43..2001378c9 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunIsTestSpFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/PerunIsTestSpFilter.java
@@ -10,8 +10,7 @@ import cz.muni.ics.oidc.server.adapters.PerunAdapter;
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
import cz.muni.ics.oidc.server.filters.FilterParams;
import cz.muni.ics.oidc.server.filters.FiltersUtils;
-import cz.muni.ics.oidc.server.filters.PerunFilterConstants;
-import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
+import cz.muni.ics.oidc.server.filters.AuthProcFilter;
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
import cz.muni.ics.oidc.web.controllers.IsTestSpController;
@@ -37,7 +36,9 @@ import org.apache.http.HttpHeaders;
* @author Pavol Pluta <500348@mail.muni.cz>
*/
@Slf4j
-public class PerunIsTestSpFilter extends PerunRequestFilter {
+public class PerunIsTestSpFilter extends AuthProcFilter {
+
+ public static final String APPLIED = "APPLIED_" + PerunIsTestSpFilter.class.getSimpleName();
private static final String IS_TEST_SP_ATTR_NAME = "isTestSpAttr";
@@ -56,14 +57,17 @@ public class PerunIsTestSpFilter extends PerunRequestFilter {
}
@Override
- protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) throws IOException {
- HttpServletRequest request = (HttpServletRequest) req;
- HttpServletResponse response = (HttpServletResponse) res;
+ protected String getSessionAppliedParamName() {
+ return APPLIED;
+ }
+
+ @Override
+ protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) throws IOException {
Facility facility = params.getFacility();
if (facility == null || facility.getId() == null) {
log.debug("{} - skip execution: no facility provided", filterName);
return true;
- } else if (testSpWarningApproved(request)){
+ } else if (testSpWarningApproved(req)){
log.debug("{} - skip execution: warning already approved", filterName);
return true;
}
@@ -74,7 +78,7 @@ public class PerunIsTestSpFilter extends PerunRequestFilter {
return true;
} else if (attrValue.valueAsBoolean()) {
log.debug("{} - redirecting user to test SP warning page", filterName);
- this.redirect(request, response);
+ this.redirect(req, res);
return false;
}
log.debug("{} - service is not testing, let user access it", filterName);
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ProxyStatisticsFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ProxyStatisticsFilter.java
index 6a9f90326..771ca3e3d 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ProxyStatisticsFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ProxyStatisticsFilter.java
@@ -8,7 +8,7 @@ import cz.muni.ics.oidc.BeanUtil;
import cz.muni.ics.oidc.saml.SamlProperties;
import cz.muni.ics.oidc.server.filters.FilterParams;
import cz.muni.ics.oidc.server.filters.FiltersUtils;
-import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
+import cz.muni.ics.oidc.server.filters.AuthProcFilter;
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
import java.sql.Connection;
import java.sql.Date;
@@ -17,10 +17,10 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.time.LocalDate;
import java.util.Objects;
-import java.util.Properties;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.saml.SAMLCredential;
@@ -51,7 +51,9 @@ import org.springframework.util.StringUtils;
*/
@SuppressWarnings("SqlResolve")
@Slf4j
-public class ProxyStatisticsFilter extends PerunRequestFilter {
+public class ProxyStatisticsFilter extends AuthProcFilter {
+
+ public static final String APPLIED = "APPLIED_" + ProxyStatisticsFilter.class.getSimpleName();
/* CONFIGURATION OPTIONS */
private static final String IDP_NAME_ATTRIBUTE_NAME = "idpNameAttributeName";
@@ -97,9 +99,12 @@ public class ProxyStatisticsFilter extends PerunRequestFilter {
}
@Override
- protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) {
- HttpServletRequest request = (HttpServletRequest) req;
+ protected String getSessionAppliedParamName() {
+ return APPLIED;
+ }
+ @Override
+ protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
ClientDetailsEntity client = params.getClient();
if (client == null) {
log.warn("{} - skip execution: no client provided", filterName);
@@ -112,7 +117,7 @@ public class ProxyStatisticsFilter extends PerunRequestFilter {
return true;
}
- SAMLCredential samlCredential = FiltersUtils.getSamlCredential(request);
+ SAMLCredential samlCredential = FiltersUtils.getSamlCredential(req);
if (samlCredential == null) {
log.warn("{} - skip execution: no authN object available, cannot extract user identifier and idp identifier",
filterName);
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ValidUserFilter.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ValidUserFilter.java
index bf05d8c69..07b948f48 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ValidUserFilter.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/impl/ValidUserFilter.java
@@ -9,7 +9,7 @@ import cz.muni.ics.oidc.server.configurations.FacilityAttrsConfig;
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
import cz.muni.ics.oidc.server.filters.FilterParams;
import cz.muni.ics.oidc.server.filters.FiltersUtils;
-import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
+import cz.muni.ics.oidc.server.filters.AuthProcFilter;
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
import java.util.HashSet;
@@ -46,7 +46,9 @@ import org.springframework.util.StringUtils;
*/
@SuppressWarnings("SqlResolve")
@Slf4j
-public class ValidUserFilter extends PerunRequestFilter {
+public class ValidUserFilter extends AuthProcFilter {
+
+ public static final String APPLIED = "APPLIED_" + ValidUserFilter.class.getSimpleName();
/* CONFIGURATION OPTIONS */
private static final String ALL_ENV_GROUPS = "allEnvGroups";
@@ -86,10 +88,12 @@ public class ValidUserFilter extends PerunRequestFilter {
}
@Override
- protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) {
- HttpServletRequest request = (HttpServletRequest) req;
- HttpServletResponse response = (HttpServletResponse) res;
+ protected String getSessionAppliedParamName() {
+ return APPLIED;
+ }
+ @Override
+ protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
Set<Long> additionalVos = new HashSet<>();
Set<Long> additionalGroups = new HashSet<>();
@@ -106,7 +110,7 @@ public class ValidUserFilter extends PerunRequestFilter {
return true;
}
- if (!checkMemberValidInGroupsAndVos(user, facility, response, params, allEnvVos, allEnvGroups,
+ if (!checkMemberValidInGroupsAndVos(user, facility, res, params, allEnvVos, allEnvGroups,
PerunUnapprovedController.UNAPPROVED_NOT_IN_MANDATORY_VOS_GROUPS)) {
return false;
}
@@ -121,7 +125,7 @@ public class ValidUserFilter extends PerunRequestFilter {
additionalVos.addAll(testEnvVos);
additionalGroups.addAll(testEnvGroups);
- if (!checkMemberValidInGroupsAndVos(user, facility, response, params, additionalVos,
+ if (!checkMemberValidInGroupsAndVos(user, facility, res, params, additionalVos,
additionalGroups, PerunUnapprovedController.UNAPPROVED_NOT_IN_TEST_VOS_GROUPS)) {
return false;
}
@@ -129,7 +133,7 @@ public class ValidUserFilter extends PerunRequestFilter {
additionalVos.addAll(prodEnvVos);
additionalGroups.addAll(prodEnvGroups);
- if (!checkMemberValidInGroupsAndVos(user, facility, response, params, additionalVos,
+ if (!checkMemberValidInGroupsAndVos(user, facility, res, params, additionalVos,
additionalGroups, PerunUnapprovedController.UNAPPROVED_NOT_IN_PROD_VOS_GROUPS)) {
return false;
}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/AuthorizationEndpoint.java b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/AuthorizationEndpoint.java
index 4191449c6..f2d6022bf 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/AuthorizationEndpoint.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/endpoint/AuthorizationEndpoint.java
@@ -12,7 +12,6 @@ public class AuthorizationEndpoint {
@RequestMapping(value = "/authorize")
public RedirectView authorize(HttpServletRequest req) {
- log.debug("Handling authorize in endpoint");
RedirectView view = new RedirectView("/auth/authorize?" + req.getQueryString());
view.setContextRelative(true);
view.setAttributesMap(req.getParameterMap());
@@ -20,4 +19,6 @@ public class AuthorizationEndpoint {
return view;
}
+ //TODO: handle also device endpoint
+
}