github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added support for login_hint, closes #250

pull/743/head
Justin Richer 2014-11-26 09:19:28 -05:00
parent 3e7ade9a67
commit e9d764e53e
5 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml
View File

@ -44,7 +44,7 @@
<security:http disable-url-rewriting="true" use-expressions="true">
<security:form-login login-page="/login" authentication-failure-url="/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
<security:intercept-url pattern="/**" access="permitAll" />
<security:custom-filter ref="promptFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="authRequestFilter" after="SECURITY_CONTEXT_FILTER" />
<security:logout logout-url="/logout" />
<security:anonymous />
<security:expression-handler ref="oauthWebExpressionHandler" />

5
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/login.jsp
View File

@ -6,7 +6,8 @@
<!--
$(document).ready(function() {
$('#j_username').focus();
// select the appropriate field based on context
$('#<c:out value="${ login_hint != null ? 'j_password' : 'j_username' }" />').focus();
});
//-->
@ -29,7 +30,7 @@ $(document).ready(function() {
<div>
<div class="input-prepend input-block-level">
<span class="add-on"><i class="icon-user"></i></span>
<input type="text" placeholder="Username" autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" value="" id="j_username" name="j_username">
<input type="text" placeholder="Username" autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" value="<c:out value="${ login_hint }" />" id="j_username" name="j_username">
</div>
</div>
<div>

14
openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
View File

@ -117,11 +117,15 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
request.getExtensions().put("max_age", inputParams.get("max_age"));
}
if (inputParams.containsKey("login_hint")) {
request.getExtensions().put("login_hint", inputParams.get("login_hint"));
}
if (inputParams.containsKey("request")) {
request.getExtensions().put("request", inputParams.get("request"));
processRequestObject(inputParams.get("request"), request);
}
if (request.getClientId() != null) {
try {
ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId());
@ -348,6 +352,14 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
// we save the string because the object might not be a Java Serializable, and we can parse it easily enough anyway
request.getExtensions().put("claims", claimRequest.toString());
}
String loginHint = claims.getStringClaim("login_hint");
if (loginHint != null) {
if (!loginHint.equals(request.getExtensions().get("login_hint"))) {
logger.info("Mistmatch between request object and regular parameter for login_hint, using requst object");
}
request.getExtensions().put("login_hint", loginHint);
}
} catch (ParseException e) {
logger.error("ParseException while parsing RequestObject:", e);

18
openid-connect-server/src/main/java/org/mitre/openid/connect/filter/PromptFilter.java → openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java
View File

@ -54,10 +54,10 @@ import com.google.common.base.Strings;
* @author jricher
*
*/
@Component("promptFilter")
public class PromptFilter extends GenericFilterBean {
@Component("authRequestFilter")
public class AuthorizationRequestFilter extends GenericFilterBean {
private Logger logger = LoggerFactory.getLogger(PromptFilter.class);
private Logger logger = LoggerFactory.getLogger(AuthorizationRequestFilter.class);
public final static String PROMPTED = "PROMPT_FILTER_PROMPTED";
public final static String PROMPT_REQUESTED = "PROMPT_FILTER_REQUESTED";
@ -76,6 +76,7 @@ public class PromptFilter extends GenericFilterBean {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
// skip everything that's not an authorize URL
if (!request.getServletPath().startsWith("/authorize")) {
@ -96,6 +97,15 @@ public class PromptFilter extends GenericFilterBean {
// no need to worry about this here, it would be caught elsewhere
}
// save the login hint to the session
if (authRequest.getExtensions().get("login_hint") != null) {
session.setAttribute("login_hint", authRequest.getExtensions().get("login_hint"));
} else {
session.removeAttribute("login_hint");
}
if (authRequest.getExtensions().get("prompt") != null) {
// we have a "prompt" parameter
String prompt = (String)authRequest.getExtensions().get("prompt");
@ -119,7 +129,6 @@ public class PromptFilter extends GenericFilterBean {
} else if (prompts.contains("login")) {
// first see if the user's already been prompted in this session
HttpSession session = request.getSession();
if (session.getAttribute(PROMPTED) == null) {
// user hasn't been PROMPTED yet, we need to check
@ -160,7 +169,6 @@ public class PromptFilter extends GenericFilterBean {
if (max != null) {
HttpSession session = request.getSession();
Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP);
Date now = new Date();

8
openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthenticationTimeStamper.java
View File

@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.mitre.openid.connect.filter.PromptFilter;
import org.mitre.openid.connect.filter.AuthorizationRequestFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
@ -62,9 +62,9 @@ public class AuthenticationTimeStamper extends SavedRequestAwareAuthenticationSu
session.setAttribute(AUTH_TIMESTAMP, authTimestamp);
if (session.getAttribute(PromptFilter.PROMPT_REQUESTED) != null) {
session.setAttribute(PromptFilter.PROMPTED, Boolean.TRUE);
session.removeAttribute(PromptFilter.PROMPT_REQUESTED);
if (session.getAttribute(AuthorizationRequestFilter.PROMPT_REQUESTED) != null) {
session.setAttribute(AuthorizationRequestFilter.PROMPTED, Boolean.TRUE);
session.removeAttribute(AuthorizationRequestFilter.PROMPT_REQUESTED);
}
logger.info("Successful Authentication of " + authentication.getName() + " at " + authTimestamp.toString());