Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Polish spring-security-openid main code 

Manually polish `spring-security-openid` following the formatting
and checkstyle fixes.

Issue gh-8945
This commit is contained in:
Phillip Webb 2020-07-31 22:33:29 -07:00 committed by Rob Winch
parent ba19a9e4b6
commit 5924ed885b
5 changed files with 38 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
View File

@ -80,27 +80,28 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
@Override
public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm)
throws OpenIDConsumerException {
List<DiscoveryInformation> discoveries;
List<DiscoveryInformation> discoveries = getDiscoveries(identityUrl);
DiscoveryInformation information = this.consumerManager.associate(discoveries);
req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
AuthRequest authReq = getAuthRequest(req, identityUrl, returnToUrl, realm, information);
return authReq.getDestinationUrl(true);
}
private List<DiscoveryInformation> getDiscoveries(String identityUrl) throws OpenIDConsumerException {
try {
discoveries = this.consumerManager.discover(identityUrl);
return this.consumerManager.discover(identityUrl);
}
catch (DiscoveryException ex) {
throw new OpenIDConsumerException("Error during discovery", ex);
}
}
DiscoveryInformation information = this.consumerManager.associate(discoveries);
req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
AuthRequest authReq;
private AuthRequest getAuthRequest(HttpServletRequest req, String identityUrl, String returnToUrl, String realm,
DiscoveryInformation information) throws OpenIDConsumerException {
try {
authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
AuthRequest authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
this.logger.debug("Looking up attribute fetch list for identifier: " + identityUrl);
List<OpenIDAttribute> attributesToFetch = this.attributesToFetchFactory.createAttributeList(identityUrl);
if (!attributesToFetch.isEmpty()) {
req.getSession().setAttribute(ATTRIBUTE_LIST_KEY, attributesToFetch);
FetchRequest fetchRequest = FetchRequest.createFetchRequest();
@ -112,12 +113,11 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
}
authReq.addExtension(fetchRequest);
}
return authReq;
}
catch (MessageException | ConsumerException ex) {
throw new OpenIDConsumerException("Error processing ConsumerManager authentication", ex);
}
return authReq.getDestinationUrl(true);
}
@Override
@ -125,42 +125,32 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
// extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
ParameterList openidResp = new ParameterList(request.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
if (discovered == null) {
throw new OpenIDConsumerException(
"DiscoveryInformation is not available. Possible causes are lost session or replay attack");
}
List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession()
.getAttribute(ATTRIBUTE_LIST_KEY);
request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
// extract the receiving URL from the HTTP request
StringBuffer receivingURL = request.getRequestURL();
String queryString = request.getQueryString();
if (StringUtils.hasLength(queryString)) {
receivingURL.append("?").append(request.getQueryString());
}
// verify the response
VerificationResult verification;
try {
verification = this.consumerManager.verify(receivingURL.toString(), openidResp, discovered);
}
catch (MessageException | AssociationException | DiscoveryException ex) {
throw new OpenIDConsumerException("Error verifying openid response", ex);
}
// examine the verification result and extract the verified identifier
Identifier verified = verification.getVerifiedId();
if (verified == null) {
Identifier id = discovered.getClaimedIdentifier();
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
@ -168,30 +158,23 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
"Verification status message: [" + verification.getStatusMsg() + "]",
Collections.<OpenIDAttribute>emptyList());
}
List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(),
"some message", attributes);
}
List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch)
throws OpenIDConsumerException {
if (attributesToFetch == null || !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
return Collections.emptyList();
}
this.logger.debug("Extracting attributes retrieved by attribute exchange");
List<OpenIDAttribute> attributes = Collections.emptyList();
try {
MessageExtension ext = authSuccess.getExtension(AxMessage.OPENID_NS_AX);
if (ext instanceof FetchResponse) {
FetchResponse fetchResp = (FetchResponse) ext;
attributes = new ArrayList<>(attributesToFetch.size());
for (OpenIDAttribute attr : attributesToFetch) {
List<String> values = fetchResp.getAttributeValues(attr.getName());
if (!values.isEmpty()) {
@ -205,11 +188,9 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
catch (MessageException ex) {
throw new OpenIDConsumerException("Attribute retrieval failed", ex);
}
if (this.logger.isDebugEnabled()) {
this.logger.debug("Retrieved attributes" + attributes);
}
return attributes;
}

25
openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
View File

@ -95,7 +95,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
@Override
public void afterPropertiesSet() {
super.afterPropertiesSet();
if (this.consumer == null) {
try {
this.consumer = new OpenID4JavaConsumer();
@ -104,7 +103,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
throw new IllegalArgumentException("Failed to initialize OpenID", ex);
}
}
if (this.returnToUrlParameters.isEmpty() && getRememberMeServices() instanceof AbstractRememberMeServices) {
this.returnToUrlParameters = new HashSet<>();
this.returnToUrlParameters.add(((AbstractRememberMeServices) getRememberMeServices()).getParameter());
@ -124,12 +122,9 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException {
OpenIDAuthenticationToken token;
String identity = request.getParameter("openid.identity");
if (!StringUtils.hasText(identity)) {
String claimedIdentity = obtainUsername(request);
try {
String returnToUrl = buildReturnToUrl(request);
String realm = lookupRealm(returnToUrl);
@ -139,7 +134,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
this.logger.debug("Redirecting to " + openIdUrl);
}
response.sendRedirect(openIdUrl);
// Indicate to parent class that authentication is continuing.
return null;
}
@ -149,34 +143,27 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
"Unable to process claimed identity '" + claimedIdentity + "'");
}
}
if (this.logger.isDebugEnabled()) {
this.logger.debug("Supplied OpenID identity is " + identity);
}
try {
token = this.consumer.endConsumption(request);
}
catch (OpenIDConsumerException oice) {
throw new AuthenticationServiceException("Consumer error", oice);
catch (OpenIDConsumerException ex) {
throw new AuthenticationServiceException("Consumer error", ex);
}
token.setDetails(this.authenticationDetailsSource.buildDetails(request));
// delegate to the authentication provider
Authentication authentication = this.getAuthenticationManager().authenticate(token);
return authentication;
}
protected String lookupRealm(String returnToUrl) {
String mapping = this.realmMapping.get(returnToUrl);
if (mapping == null) {
try {
URL url = new URL(returnToUrl);
int port = url.getPort();
StringBuilder realmBuffer = new StringBuilder(returnToUrl.length()).append(url.getProtocol())
.append("://").append(url.getHost());
if (port > 0) {
@ -189,7 +176,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
this.logger.warn("returnToUrl was not a valid URL: [" + returnToUrl + "]", ex);
}
}
return mapping;
}
@ -201,25 +187,20 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
*/
protected String buildReturnToUrl(HttpServletRequest request) {
StringBuffer sb = request.getRequestURL();
Iterator<String> iterator = this.returnToUrlParameters.iterator();
boolean isFirst = true;
while (iterator.hasNext()) {
String name = iterator.next();
// Assume for simplicity that there is only one value
String value = request.getParameter(name);
if (value == null) {
continue;
}
if (isFirst) {
sb.append("?");
isFirst = false;
}
sb.append(utf8UrlEncode(name)).append("=").append(utf8UrlEncode(value));
if (iterator.hasNext()) {
sb.append("&");
}
@ -232,12 +213,10 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
*/
protected String obtainUsername(HttpServletRequest req) {
String claimedIdentity = req.getParameter(this.claimedIdentityFieldName);
if (!StringUtils.hasText(claimedIdentity)) {
this.logger.error("No claimed identity supplied in authentication request");
return "";
}
return claimedIdentity.trim();
}

55
openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java
View File

@ -66,42 +66,33 @@ public class OpenIDAuthenticationProvider implements AuthenticationProvider, Ini
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
if (!supports(authentication.getClass())) {
return null;
}
if (authentication instanceof OpenIDAuthenticationToken) {
OpenIDAuthenticationToken response = (OpenIDAuthenticationToken) authentication;
OpenIDAuthenticationStatus status = response.getStatus();
// handle the various possibilities
if (status == OpenIDAuthenticationStatus.SUCCESS) {
// Lookup user details
UserDetails userDetails = this.userDetailsService.loadUserDetails(response);
return createSuccessfulAuthentication(userDetails, response);
}
else if (status == OpenIDAuthenticationStatus.CANCELLED) {
throw new AuthenticationCancelledException("Log in cancelled");
}
else if (status == OpenIDAuthenticationStatus.ERROR) {
throw new AuthenticationServiceException("Error message from server: " + response.getMessage());
}
else if (status == OpenIDAuthenticationStatus.FAILURE) {
throw new BadCredentialsException("Log in failed - identity could not be verified");
}
else if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
throw new AuthenticationServiceException(
"The server responded setup was needed, which shouldn't happen");
}
else {
throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
}
if (!(authentication instanceof OpenIDAuthenticationToken)) {
return null;
}
return null;
OpenIDAuthenticationToken response = (OpenIDAuthenticationToken) authentication;
OpenIDAuthenticationStatus status = response.getStatus();
// handle the various possibilities
if (status == OpenIDAuthenticationStatus.SUCCESS) {
// Lookup user details
UserDetails userDetails = this.userDetailsService.loadUserDetails(response);
return createSuccessfulAuthentication(userDetails, response);
}
if (status == OpenIDAuthenticationStatus.CANCELLED) {
throw new AuthenticationCancelledException("Log in cancelled");
}
if (status == OpenIDAuthenticationStatus.ERROR) {
throw new AuthenticationServiceException("Error message from server: " + response.getMessage());
}
if (status == OpenIDAuthenticationStatus.FAILURE) {
throw new BadCredentialsException("Log in failed - identity could not be verified");
}
if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
throw new AuthenticationServiceException("The server responded setup was needed, which shouldn't happen");
}
throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
}
/**

1
openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
View File

@ -63,7 +63,6 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
* Created by the <tt>OpenIDAuthenticationProvider</tt> on successful authentication.
* @param principal usually the <tt>UserDetails</tt> returned by the configured
* <tt>UserDetailsService</tt> used by the <tt>OpenIDAuthenticationProvider</tt>.
*
*/
public OpenIDAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities,
String identityUrl, List<OpenIDAttribute> attributes) {

1
openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java
View File

@ -57,7 +57,6 @@ public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
return entry.getValue();
}
}
return Collections.emptyList();
}