@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
AuthorizationRequest authorizationRequest = findAuthorizationRequest(request);
if (authorizationRequest == null) {
response.sendError(
HttpServletResponse.SC_BAD_REQUEST,
"No valid AbstractAuthenticator.AUTH_STATE on the Request");
}
if (initialRequest(request)) {
storePrincipal(request, response, authorizationRequest);
request.setAttribute(AbstractAuthenticator.RETURN_URI, RETURN_URI);
request.setAttribute(AbstractUserConsentHandler.CLIENT, authorizationRequest.getClient());
if (!authorizationRequest.getClient().isSkipConsent()) {
userConsentHandler.doFilter(request, response, chain);
} else {
chain.doFilter(request, response);
}
} else {
/*
* Ok, the consentHandler wants to have control again (because he stepped
* out)
*/
userConsentHandler.doFilter(request, response, chain);
}
}
private AuthorizationRequest clientCredentialToken(AccessTokenRequest accessTokenRequest) {
AuthorizationRequest request = new AuthorizationRequest();
request.setClient(accessTokenRequest.getClient());
// We have to construct a AuthenticatedPrincipal on-the-fly as there is only key-secret
// authentication
request.setPrincipal(new AuthenticatedPrincipal(request.getClient().getClientId()));
// Get scopes (either from request or the client's default set)
request.setGrantedScopes(accessTokenRequest.getScopeList());
return request;
}
/*
* In the user consent filter the scopes are (possible) set on the Request
*/
private void processScopes(AuthorizationRequest authReq, HttpServletRequest request) {
if (authReq.getClient().isSkipConsent()) {
// return the scopes in the authentication request since the requested scopes are stored in
// the
// authorizationRequest.
authReq.setGrantedScopes(authReq.getRequestedScopes());
} else {
String[] scopes = (String[]) request.getAttribute(AbstractUserConsentHandler.GRANTED_SCOPES);
if (!ArrayUtils.isEmpty(scopes)) {
authReq.setGrantedScopes(Arrays.asList(scopes));
} else {
authReq.setGrantedScopes(null);
}
}
}
private Response sendImplicitGrantResponse(
AuthorizationRequest authReq, AccessToken accessToken) {
String uri = authReq.getRedirectUri();
String fragment =
String.format(
"access_token=%s&token_type=bearer&expires_in=%s&scope=%s",
accessToken.getToken(),
accessToken.getExpiresIn(),
StringUtils.join(authReq.getGrantedScopes(), ','))
+ appendStateParameter(authReq);
if (authReq.getClient().isIncludePrincipal()) {
fragment += String.format("&principal=%s", authReq.getPrincipal().getDisplayName());
}
return Response.seeOther(UriBuilder.fromUri(uri).fragment(fragment).build())
.cacheControl(cacheControlNoStore())
.header("Pragma", "no-cache")
.build();
}
private AccessToken createAccessToken(AuthorizationRequest request, boolean isImplicitGrant) {
Client client = request.getClient();
long expireDuration = client.getExpireDuration();
long expires =
(expireDuration == 0L ? 0L : (System.currentTimeMillis() + (1000 * expireDuration)));
String refreshToken =
(client.isUseRefreshTokens() && !isImplicitGrant) ? getTokenValue(true) : null;
AuthenticatedPrincipal principal = request.getPrincipal();
AccessToken token =
new AccessToken(
getTokenValue(false),
principal,
client,
expires,
request.getGrantedScopes(),
refreshToken);
return accessTokenRepository.save(token);
}