-
Notifications
You must be signed in to change notification settings - Fork 1.9k
/
OAuth2CallbackFilter.java
100 lines (89 loc) · 4.06 KB
/
OAuth2CallbackFilter.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
/*
* SonarQube
* Copyright (C) 2009-2016 SonarSource SA
* mailto:contact AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.server.authentication;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.sonar.api.CoreProperties;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.web.ServletFilter;
import static com.google.common.base.Strings.isNullOrEmpty;
import static java.lang.String.format;
import static org.sonar.server.authentication.AuthenticationError.handleError;
import static org.sonar.server.authentication.AuthenticationError.handleUnauthorizedError;
public class OAuth2CallbackFilter extends ServletFilter {
public static final String CALLBACK_PATH = "/oauth2/callback/";
private final IdentityProviderRepository identityProviderRepository;
private final OAuth2ContextFactory oAuth2ContextFactory;
public OAuth2CallbackFilter(IdentityProviderRepository identityProviderRepository, OAuth2ContextFactory oAuth2ContextFactory) {
this.identityProviderRepository = identityProviderRepository;
this.oAuth2ContextFactory = oAuth2ContextFactory;
}
@Override
public UrlPattern doGetPattern() {
return UrlPattern.create(CALLBACK_PATH + "*");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
String requestUri = httpRequest.getRequestURI();
String keyProvider = "";
try {
keyProvider = extractKeyProvider(requestUri, CALLBACK_PATH);
IdentityProvider provider = identityProviderRepository.getEnabledByKey(keyProvider);
if (provider instanceof OAuth2IdentityProvider) {
OAuth2IdentityProvider oauthProvider = (OAuth2IdentityProvider) provider;
oauthProvider.callback(oAuth2ContextFactory.newCallback(httpRequest, (HttpServletResponse) response, oauthProvider));
} else {
handleError((HttpServletResponse) response, format("Not an OAuth2IdentityProvider: %s", provider.getClass()));
}
} catch (UnauthorizedException e) {
handleUnauthorizedError(e, (HttpServletResponse) response);
} catch (Exception e) {
handleError(e, (HttpServletResponse) response,
keyProvider.isEmpty() ? "Fail to callback authentication" :
format("Fail to callback authentication with '%s'", keyProvider));
}
}
public static String extractKeyProvider(String requestUri, String context) {
if (requestUri.contains(context)) {
String key = requestUri.replace(context, "");
if (!isNullOrEmpty(key)) {
return key;
}
}
throw new IllegalArgumentException(String.format("A valid identity provider key is required. Please check that property '%s' is valid.", CoreProperties.SERVER_BASE_URL));
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// Nothing to do
}
@Override
public void destroy() {
// Nothing to do
}
}