login hints now handled in a slightly smarter (and more pluggable) manner, closes #851
Justin Richer
parent
98e1d26134
commit
d280ca40a4
|
|
@ -0,0 +1,32 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2015 The MITRE Corporation
|
||||
* and the MIT Kerberos and Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
|
||||
package org.mitre.openid.connect.service;
|
||||
|
||||
/**
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
public interface LoginHintExtracter {
|
||||
|
||||
/**
|
||||
* @param loginHint
|
||||
* @return
|
||||
*/
|
||||
public String extractHint(String loginHint);
|
||||
|
||||
}
|
||||
|
|
@ -19,6 +19,8 @@
|
|||
*/
|
||||
package org.mitre.openid.connect.filter;
|
||||
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.*;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URISyntaxException;
|
||||
import java.util.Date;
|
||||
|
|
@ -37,6 +39,8 @@ import javax.servlet.http.HttpSession;
|
|||
import org.apache.http.client.utils.URIBuilder;
|
||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||
import org.mitre.openid.connect.service.LoginHintExtracter;
|
||||
import org.mitre.openid.connect.service.impl.RemoveLoginHintsWithHTTP;
|
||||
import org.mitre.openid.connect.web.AuthenticationTimeStamper;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
|
@ -53,16 +57,6 @@ import org.springframework.web.filter.GenericFilterBean;
|
|||
import com.google.common.base.Splitter;
|
||||
import com.google.common.base.Strings;
|
||||
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.ERROR;
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT;
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_REQUIRED;
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE;
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT;
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_LOGIN;
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_NONE;
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR;
|
||||
import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE;
|
||||
|
||||
/**
|
||||
* @author jricher
|
||||
*
|
||||
|
|
@ -87,6 +81,9 @@ public class AuthorizationRequestFilter extends GenericFilterBean {
|
|||
@Autowired
|
||||
private RedirectResolver redirectResolver;
|
||||
|
||||
@Autowired(required = false)
|
||||
private LoginHintExtracter loginHintExtracter = new RemoveLoginHintsWithHTTP();
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
|
|
@ -115,8 +112,10 @@ public class AuthorizationRequestFilter extends GenericFilterBean {
|
|||
}
|
||||
|
||||
// save the login hint to the session
|
||||
if (authRequest.getExtensions().get(LOGIN_HINT) != null) {
|
||||
session.setAttribute(LOGIN_HINT, authRequest.getExtensions().get(LOGIN_HINT));
|
||||
// but first check to see if the login hint makes any sense
|
||||
String loginHint = loginHintExtracter.extractHint((String) authRequest.getExtensions().get(LOGIN_HINT));
|
||||
if (!Strings.isNullOrEmpty(loginHint)) {
|
||||
session.setAttribute(LOGIN_HINT, loginHint);
|
||||
} else {
|
||||
session.removeAttribute(LOGIN_HINT);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,59 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2015 The MITRE Corporation
|
||||
* and the MIT Kerberos and Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
|
||||
package org.mitre.openid.connect.service.impl;
|
||||
|
||||
import org.mitre.openid.connect.model.UserInfo;
|
||||
import org.mitre.openid.connect.service.LoginHintExtracter;
|
||||
import org.mitre.openid.connect.service.UserInfoService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
|
||||
/**
|
||||
* Checks the login hint against the User Info collection, only populates it if a user is found.
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
public class MatchLoginHintsAgainstUsers implements LoginHintExtracter {
|
||||
|
||||
@Autowired
|
||||
private UserInfoService userInfoService;
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public String extractHint(String loginHint) {
|
||||
if (Strings.isNullOrEmpty(loginHint)) {
|
||||
return null;
|
||||
} else {
|
||||
UserInfo user = userInfoService.getByEmailAddress(loginHint);
|
||||
if (user == null) {
|
||||
user = userInfoService.getByUsername(loginHint);
|
||||
if (user == null) {
|
||||
return null;
|
||||
} else {
|
||||
return user.getPreferredUsername();
|
||||
}
|
||||
} else {
|
||||
return user.getPreferredUsername();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2015 The MITRE Corporation
|
||||
* and the MIT Kerberos and Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
|
||||
package org.mitre.openid.connect.service.impl;
|
||||
|
||||
import org.mitre.openid.connect.service.LoginHintExtracter;
|
||||
|
||||
/**
|
||||
* Sends all login hints through to the login page regardless of setup.
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
public class PassAllLoginHints implements LoginHintExtracter {
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public String extractHint(String loginHint) {
|
||||
return loginHint;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2015 The MITRE Corporation
|
||||
* and the MIT Kerberos and Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
|
||||
package org.mitre.openid.connect.service.impl;
|
||||
|
||||
import org.mitre.openid.connect.service.LoginHintExtracter;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
|
||||
/**
|
||||
* Passes login hints that don't start with "http"
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
public class RemoveLoginHintsWithHTTP implements LoginHintExtracter {
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public String extractHint(String loginHint) {
|
||||
if (Strings.isNullOrEmpty(loginHint)) {
|
||||
return null;
|
||||
} else {
|
||||
if (loginHint.startsWith("http")) {
|
||||
return null;
|
||||
} else {
|
||||
return loginHint;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue