View Javadoc
1   /*
2    * Copyright 2009 Andrew McCall
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.springframework.security.oauth.provider.filter;
17  
18  import org.springframework.security.web.DefaultRedirectStrategy;
19  import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
20  import org.springframework.security.core.Authentication;
21  
22  import javax.servlet.http.HttpServletRequest;
23  import javax.servlet.http.HttpServletResponse;
24  import javax.servlet.ServletException;
25  import java.io.IOException;
26  
27  import static org.springframework.security.oauth.provider.filter.UserAuthorizationProcessingFilter.CALLBACK_ATTRIBUTE;
28  import static org.springframework.security.oauth.provider.filter.UserAuthorizationProcessingFilter.VERIFIER_ATTRIBUTE;
29  
30  import org.apache.commons.logging.Log;
31  import org.apache.commons.logging.LogFactory;
32  
33  /**
34   * Successful AuthenticationHandler that gets called when a user complete authorization of a resource.
35   *
36   * If the callback URL is oob, the request is handled by the SimpleUrlAuthenticationSuccessHandler using the default
37   * success URL. Otherwise, the oauth_verifier and oauth_token parmeters are appended to the callback URL and the user
38   * is redirected.
39   *
40   * @author Andrew McCall
41   */
42  public class UserAuthorizationSuccessfulAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler {
43  
44    private static Log LOG = LogFactory.getLog(UserAuthorizationSuccessfulAuthenticationHandler.class);
45  
46    private String tokenIdParameterName = "requestToken";
47    private String callbackParameterName = "callbackURL";
48    private boolean require10a = true;
49  
50    public UserAuthorizationSuccessfulAuthenticationHandler() {
51      super();
52      setRedirectStrategy(new org.springframework.security.web.DefaultRedirectStrategy());
53    }
54  
55    public UserAuthorizationSuccessfulAuthenticationHandler(String s) {
56      super(s);
57      setRedirectStrategy(new DefaultRedirectStrategy());
58    }
59  
60    @Override
61    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
62      if (LOG.isDebugEnabled()) {
63        LOG.debug("Processing successful authentication successful");
64      }
65  
66      String callbackURL = (String) request.getAttribute(CALLBACK_ATTRIBUTE);
67      if (callbackURL == null) {
68        if (!isRequire10a()) {
69          callbackURL = request.getParameter(getCallbackParameterName());
70          if (callbackURL == null) {
71            //if we're not requiring 1.0a, then not providing a callback url is the same as stating 'oob'
72            callbackURL = "oob";
73          }
74        }
75        else {
76          throw new IllegalStateException("Callback URL was not loaded into the request. attemptAuthentication() never called?");
77        }
78      }
79  
80      if ("oob".equals(callbackURL)) {
81        callbackURL = super.determineTargetUrl(request, response);
82      }
83  
84      String requestToken = request.getParameter(getTokenParameterName());
85      char appendChar = '?';
86      if (callbackURL.indexOf('?') > 0) {
87        appendChar = '&';
88      }
89  
90      String verifier = (String) request.getAttribute(VERIFIER_ATTRIBUTE);
91      String targetUrl = new StringBuilder(callbackURL).append(appendChar).append("oauth_token=").append(requestToken).append("&oauth_verifier=").append(verifier).toString();
92      getRedirectStrategy().sendRedirect(request, response, targetUrl);
93    }
94  
95    /**
96     * The name of the request parameter that supplies the token id.
97     *
98     * @return The name of the request parameter that supplies the token id.
99     */
100   public String getTokenParameterName() {
101     return tokenIdParameterName;
102   }
103 
104   /**
105    * The name of the request parameter that supplies the token id.
106    *
107    * @param tokenIdParameterName The name of the request parameter that supplies the token id.
108    */
109   public void setTokenIdParameterName(String tokenIdParameterName) {
110     this.tokenIdParameterName = tokenIdParameterName;
111   }
112 
113   /**
114    * Whether to require 1.0a support.
115    *
116    * @return Whether to require 1.0a support.
117    */
118   public boolean isRequire10a() {
119     return require10a;
120   }
121 
122   /**
123    * Whether to require 1.0a support.
124    *
125    * @param require10a Whether to require 1.0a support.
126    */
127   public void setRequire10a(boolean require10a) {
128     this.require10a = require10a;
129   }
130 
131   /**
132    * The name of the request parameter that supplies the callback URL.
133    *
134    * @return The name of the request parameter that supplies the callback URL.
135    */
136   public String getCallbackParameterName() {
137     return callbackParameterName;
138   }
139 
140   /**
141    * The name of the request parameter that supplies the callback URL.
142    *
143    * @param callbackParameterName The name of the request parameter that supplies the callback URL.
144    */
145   public void setCallbackParameterName(String callbackParameterName) {
146     this.callbackParameterName = callbackParameterName;
147   }
148 
149 }