Package org.codelibs.fess.sso.aad
Class AzureAdAuthenticator
- java.lang.Object
-
- org.codelibs.fess.sso.aad.AzureAdAuthenticator
-
- All Implemented Interfaces:
SsoAuthenticator
public class AzureAdAuthenticator extends java.lang.Object implements SsoAuthenticator
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected classAzureAdAuthenticator.StateData
-
Field Summary
Fields Modifier and Type Field Description protected longacquisitionTimeoutprotected static java.lang.StringAZUREAD_AUTHORITYprotected static java.lang.StringAZUREAD_CLIENT_IDprotected static java.lang.StringAZUREAD_CLIENT_SECRETprotected static java.lang.StringAZUREAD_REPLY_URLprotected static java.lang.StringAZUREAD_STATE_TTLprotected static java.lang.StringAZUREAD_TENANTprotected static java.lang.StringCODEprotected static java.lang.StringERRORprotected static java.lang.StringERROR_DESCRIPTIONprotected static java.lang.StringERROR_URIprotected com.google.common.cache.Cache<java.lang.String,org.codelibs.core.misc.Pair<java.lang.String[],java.lang.String[]>>groupCacheprotected longgroupCacheExpiryprotected static java.lang.StringID_TOKENprotected static java.lang.StringSTATEprotected static java.lang.StringSTATES
-
Constructor Summary
Constructors Constructor Description AzureAdAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected booleancontainsAuthenticationData(javax.servlet.http.HttpServletRequest request)protected com.microsoft.aad.adal4j.AuthenticationResultgetAccessToken(com.nimbusds.oauth2.sdk.AuthorizationCode authorizationCode, java.lang.String currentUri)com.microsoft.aad.adal4j.AuthenticationResultgetAccessToken(java.lang.String refreshToken)protected java.lang.StringgetAuthority()protected java.lang.StringgetAuthUrl(javax.servlet.http.HttpServletRequest request)protected java.lang.StringgetClientId()protected java.lang.StringgetClientSecret()protected java.util.List<java.lang.String>getDefaultGroupList()protected java.util.List<java.lang.String>getDefaultRoleList()org.lastaflute.web.login.credential.LoginCredentialgetLoginCredential()protected org.codelibs.core.misc.Pair<java.lang.String[],java.lang.String[]>getParentGroup(AzureAdCredential.AzureAdUser user, java.lang.String id)protected java.lang.StringgetReplyUrl(javax.servlet.http.HttpServletRequest request)protected longgetStateTtl()protected java.lang.StringgetTenant()voidinit()protected com.nimbusds.openid.connect.sdk.AuthenticationResponseparseAuthenticationResponse(java.lang.String url, java.util.Map<java.lang.String,java.util.List<java.lang.String>> params)protected org.lastaflute.web.login.credential.LoginCredentialprocessAuthenticationData(javax.servlet.http.HttpServletRequest request)protected voidprocessGroup(AzureAdCredential.AzureAdUser user, java.util.List<java.lang.String> groupList, java.util.List<java.lang.String> roleList, java.lang.String id)protected voidprocessMemberOf(AzureAdCredential.AzureAdUser user, java.util.List<java.lang.String> groupList, java.util.List<java.lang.String> roleList, java.lang.String url)protected voidprocessParentGroup(AzureAdCredential.AzureAdUser user, java.util.List<java.lang.String> groupList, java.util.List<java.lang.String> roleList, java.lang.String id)protected AzureAdAuthenticator.StateDataremoveStateFromSession(javax.servlet.http.HttpSession session, java.lang.String state)voidresolveCredential(FessLoginAssist.LoginCredentialResolver resolver)voidsetAcquisitionTimeout(long acquisitionTimeout)voidsetGroupCacheExpiry(long groupCacheExpiry)protected voidstoreStateInSession(javax.servlet.http.HttpSession session, java.lang.String state, java.lang.String nonce)voidupdateMemberOf(AzureAdCredential.AzureAdUser user)protected voidvalidateAuthRespMatchesCodeFlow(com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse oidcResponse)protected voidvalidateNonce(AzureAdAuthenticator.StateData stateData, com.microsoft.aad.adal4j.AuthenticationResult authData)protected AzureAdAuthenticator.StateDatavalidateState(javax.servlet.http.HttpSession session, java.lang.String state)
-
-
-
Field Detail
-
AZUREAD_STATE_TTL
protected static final java.lang.String AZUREAD_STATE_TTL
- See Also:
- Constant Field Values
-
AZUREAD_AUTHORITY
protected static final java.lang.String AZUREAD_AUTHORITY
- See Also:
- Constant Field Values
-
AZUREAD_TENANT
protected static final java.lang.String AZUREAD_TENANT
- See Also:
- Constant Field Values
-
AZUREAD_CLIENT_SECRET
protected static final java.lang.String AZUREAD_CLIENT_SECRET
- See Also:
- Constant Field Values
-
AZUREAD_CLIENT_ID
protected static final java.lang.String AZUREAD_CLIENT_ID
- See Also:
- Constant Field Values
-
AZUREAD_REPLY_URL
protected static final java.lang.String AZUREAD_REPLY_URL
- See Also:
- Constant Field Values
-
STATES
protected static final java.lang.String STATES
- See Also:
- Constant Field Values
-
STATE
protected static final java.lang.String STATE
- See Also:
- Constant Field Values
-
ERROR
protected static final java.lang.String ERROR
- See Also:
- Constant Field Values
-
ERROR_DESCRIPTION
protected static final java.lang.String ERROR_DESCRIPTION
- See Also:
- Constant Field Values
-
ERROR_URI
protected static final java.lang.String ERROR_URI
- See Also:
- Constant Field Values
-
ID_TOKEN
protected static final java.lang.String ID_TOKEN
- See Also:
- Constant Field Values
-
CODE
protected static final java.lang.String CODE
- See Also:
- Constant Field Values
-
acquisitionTimeout
protected long acquisitionTimeout
-
groupCache
protected com.google.common.cache.Cache<java.lang.String,org.codelibs.core.misc.Pair<java.lang.String[],java.lang.String[]>> groupCache
-
groupCacheExpiry
protected long groupCacheExpiry
-
-
Method Detail
-
init
@PostConstruct public void init()
-
getLoginCredential
public org.lastaflute.web.login.credential.LoginCredential getLoginCredential()
- Specified by:
getLoginCredentialin interfaceSsoAuthenticator
-
getAuthUrl
protected java.lang.String getAuthUrl(javax.servlet.http.HttpServletRequest request)
-
storeStateInSession
protected void storeStateInSession(javax.servlet.http.HttpSession session, java.lang.String state, java.lang.String nonce)
-
processAuthenticationData
protected org.lastaflute.web.login.credential.LoginCredential processAuthenticationData(javax.servlet.http.HttpServletRequest request)
-
parseAuthenticationResponse
protected com.nimbusds.openid.connect.sdk.AuthenticationResponse parseAuthenticationResponse(java.lang.String url, java.util.Map<java.lang.String,java.util.List<java.lang.String>> params)
-
validateNonce
protected void validateNonce(AzureAdAuthenticator.StateData stateData, com.microsoft.aad.adal4j.AuthenticationResult authData)
-
getAccessToken
public com.microsoft.aad.adal4j.AuthenticationResult getAccessToken(java.lang.String refreshToken)
-
getAccessToken
protected com.microsoft.aad.adal4j.AuthenticationResult getAccessToken(com.nimbusds.oauth2.sdk.AuthorizationCode authorizationCode, java.lang.String currentUri)
-
validateAuthRespMatchesCodeFlow
protected void validateAuthRespMatchesCodeFlow(com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse oidcResponse)
-
validateState
protected AzureAdAuthenticator.StateData validateState(javax.servlet.http.HttpSession session, java.lang.String state)
-
removeStateFromSession
protected AzureAdAuthenticator.StateData removeStateFromSession(javax.servlet.http.HttpSession session, java.lang.String state)
-
containsAuthenticationData
protected boolean containsAuthenticationData(javax.servlet.http.HttpServletRequest request)
-
updateMemberOf
public void updateMemberOf(AzureAdCredential.AzureAdUser user)
-
processMemberOf
protected void processMemberOf(AzureAdCredential.AzureAdUser user, java.util.List<java.lang.String> groupList, java.util.List<java.lang.String> roleList, java.lang.String url)
-
processParentGroup
protected void processParentGroup(AzureAdCredential.AzureAdUser user, java.util.List<java.lang.String> groupList, java.util.List<java.lang.String> roleList, java.lang.String id)
-
getParentGroup
protected org.codelibs.core.misc.Pair<java.lang.String[],java.lang.String[]> getParentGroup(AzureAdCredential.AzureAdUser user, java.lang.String id)
-
processGroup
protected void processGroup(AzureAdCredential.AzureAdUser user, java.util.List<java.lang.String> groupList, java.util.List<java.lang.String> roleList, java.lang.String id)
-
getDefaultGroupList
protected java.util.List<java.lang.String> getDefaultGroupList()
-
getDefaultRoleList
protected java.util.List<java.lang.String> getDefaultRoleList()
-
getClientId
protected java.lang.String getClientId()
-
getClientSecret
protected java.lang.String getClientSecret()
-
getTenant
protected java.lang.String getTenant()
-
getAuthority
protected java.lang.String getAuthority()
-
getStateTtl
protected long getStateTtl()
-
getReplyUrl
protected java.lang.String getReplyUrl(javax.servlet.http.HttpServletRequest request)
-
resolveCredential
public void resolveCredential(FessLoginAssist.LoginCredentialResolver resolver)
- Specified by:
resolveCredentialin interfaceSsoAuthenticator
-
setAcquisitionTimeout
public void setAcquisitionTimeout(long acquisitionTimeout)
-
setGroupCacheExpiry
public void setGroupCacheExpiry(long groupCacheExpiry)
-
-