Package org.codelibs.fess.sso.aad
Class AzureAdAuthenticator
- java.lang.Object
-
- org.codelibs.fess.sso.aad.AzureAdAuthenticator
-
- All Implemented Interfaces:
SsoAuthenticator
public class AzureAdAuthenticator extends Object implements SsoAuthenticator
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected classAzureAdAuthenticator.StateData
-
Field Summary
Fields Modifier and Type Field Description protected longacquisitionTimeoutprotected static StringAZUREAD_AUTHORITYprotected static StringAZUREAD_CLIENT_IDprotected static StringAZUREAD_CLIENT_SECRETprotected static StringAZUREAD_REPLY_URLprotected static StringAZUREAD_STATE_TTLprotected static StringAZUREAD_TENANTprotected static StringCODEprotected static StringERRORprotected static StringERROR_DESCRIPTIONprotected static StringERROR_URIprotected com.google.common.cache.Cache<String,org.codelibs.core.misc.Pair<String[],String[]>>groupCacheprotected longgroupCacheExpiryprotected static StringID_TOKENprotected static StringSTATEprotected static StringSTATES
-
Constructor Summary
Constructors Constructor Description AzureAdAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected booleancontainsAuthenticationData(javax.servlet.http.HttpServletRequest request)protected com.microsoft.aad.adal4j.AuthenticationResultgetAccessToken(com.nimbusds.oauth2.sdk.AuthorizationCode authorizationCode, String currentUri)com.microsoft.aad.adal4j.AuthenticationResultgetAccessToken(String refreshToken)protected StringgetAuthority()protected StringgetAuthUrl(javax.servlet.http.HttpServletRequest request)protected StringgetClientId()protected StringgetClientSecret()protected List<String>getDefaultGroupList()protected List<String>getDefaultRoleList()org.lastaflute.web.login.credential.LoginCredentialgetLoginCredential()protected org.codelibs.core.misc.Pair<String[],String[]>getParentGroup(AzureAdCredential.AzureAdUser user, String id)protected StringgetReplyUrl(javax.servlet.http.HttpServletRequest request)protected longgetStateTtl()protected StringgetTenant()voidinit()protected com.nimbusds.openid.connect.sdk.AuthenticationResponseparseAuthenticationResponse(String url, Map<String,List<String>> params)protected org.lastaflute.web.login.credential.LoginCredentialprocessAuthenticationData(javax.servlet.http.HttpServletRequest request)protected voidprocessGroup(AzureAdCredential.AzureAdUser user, List<String> groupList, List<String> roleList, String id)protected voidprocessMemberOf(AzureAdCredential.AzureAdUser user, List<String> groupList, List<String> roleList, String url)protected voidprocessParentGroup(AzureAdCredential.AzureAdUser user, List<String> groupList, List<String> roleList, String id)protected AzureAdAuthenticator.StateDataremoveStateFromSession(javax.servlet.http.HttpSession session, String state)voidresolveCredential(FessLoginAssist.LoginCredentialResolver resolver)voidsetAcquisitionTimeout(long acquisitionTimeout)voidsetGroupCacheExpiry(long groupCacheExpiry)protected voidstoreStateInSession(javax.servlet.http.HttpSession session, String state, String nonce)voidupdateMemberOf(AzureAdCredential.AzureAdUser user)protected voidvalidateAuthRespMatchesCodeFlow(com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse oidcResponse)protected voidvalidateNonce(AzureAdAuthenticator.StateData stateData, com.microsoft.aad.adal4j.AuthenticationResult authData)protected AzureAdAuthenticator.StateDatavalidateState(javax.servlet.http.HttpSession session, String state)
-
-
-
Field Detail
-
AZUREAD_STATE_TTL
protected static final String AZUREAD_STATE_TTL
- See Also:
- Constant Field Values
-
AZUREAD_AUTHORITY
protected static final String AZUREAD_AUTHORITY
- See Also:
- Constant Field Values
-
AZUREAD_TENANT
protected static final String AZUREAD_TENANT
- See Also:
- Constant Field Values
-
AZUREAD_CLIENT_SECRET
protected static final String AZUREAD_CLIENT_SECRET
- See Also:
- Constant Field Values
-
AZUREAD_CLIENT_ID
protected static final String AZUREAD_CLIENT_ID
- See Also:
- Constant Field Values
-
AZUREAD_REPLY_URL
protected static final String AZUREAD_REPLY_URL
- See Also:
- Constant Field Values
-
STATES
protected static final String STATES
- See Also:
- Constant Field Values
-
STATE
protected static final String STATE
- See Also:
- Constant Field Values
-
ERROR
protected static final String ERROR
- See Also:
- Constant Field Values
-
ERROR_DESCRIPTION
protected static final String ERROR_DESCRIPTION
- See Also:
- Constant Field Values
-
ERROR_URI
protected static final String ERROR_URI
- See Also:
- Constant Field Values
-
ID_TOKEN
protected static final String ID_TOKEN
- See Also:
- Constant Field Values
-
CODE
protected static final String CODE
- See Also:
- Constant Field Values
-
acquisitionTimeout
protected long acquisitionTimeout
-
groupCache
protected com.google.common.cache.Cache<String,org.codelibs.core.misc.Pair<String[],String[]>> groupCache
-
groupCacheExpiry
protected long groupCacheExpiry
-
-
Method Detail
-
init
@PostConstruct public void init()
-
getLoginCredential
public org.lastaflute.web.login.credential.LoginCredential getLoginCredential()
- Specified by:
getLoginCredentialin interfaceSsoAuthenticator
-
getAuthUrl
protected String getAuthUrl(javax.servlet.http.HttpServletRequest request)
-
storeStateInSession
protected void storeStateInSession(javax.servlet.http.HttpSession session, String state, String nonce)
-
processAuthenticationData
protected org.lastaflute.web.login.credential.LoginCredential processAuthenticationData(javax.servlet.http.HttpServletRequest request)
-
parseAuthenticationResponse
protected com.nimbusds.openid.connect.sdk.AuthenticationResponse parseAuthenticationResponse(String url, Map<String,List<String>> params)
-
validateNonce
protected void validateNonce(AzureAdAuthenticator.StateData stateData, com.microsoft.aad.adal4j.AuthenticationResult authData)
-
getAccessToken
public com.microsoft.aad.adal4j.AuthenticationResult getAccessToken(String refreshToken)
-
getAccessToken
protected com.microsoft.aad.adal4j.AuthenticationResult getAccessToken(com.nimbusds.oauth2.sdk.AuthorizationCode authorizationCode, String currentUri)
-
validateAuthRespMatchesCodeFlow
protected void validateAuthRespMatchesCodeFlow(com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse oidcResponse)
-
validateState
protected AzureAdAuthenticator.StateData validateState(javax.servlet.http.HttpSession session, String state)
-
removeStateFromSession
protected AzureAdAuthenticator.StateData removeStateFromSession(javax.servlet.http.HttpSession session, String state)
-
containsAuthenticationData
protected boolean containsAuthenticationData(javax.servlet.http.HttpServletRequest request)
-
updateMemberOf
public void updateMemberOf(AzureAdCredential.AzureAdUser user)
-
processMemberOf
protected void processMemberOf(AzureAdCredential.AzureAdUser user, List<String> groupList, List<String> roleList, String url)
-
processParentGroup
protected void processParentGroup(AzureAdCredential.AzureAdUser user, List<String> groupList, List<String> roleList, String id)
-
getParentGroup
protected org.codelibs.core.misc.Pair<String[],String[]> getParentGroup(AzureAdCredential.AzureAdUser user, String id)
-
processGroup
protected void processGroup(AzureAdCredential.AzureAdUser user, List<String> groupList, List<String> roleList, String id)
-
getClientId
protected String getClientId()
-
getClientSecret
protected String getClientSecret()
-
getTenant
protected String getTenant()
-
getAuthority
protected String getAuthority()
-
getStateTtl
protected long getStateTtl()
-
getReplyUrl
protected String getReplyUrl(javax.servlet.http.HttpServletRequest request)
-
resolveCredential
public void resolveCredential(FessLoginAssist.LoginCredentialResolver resolver)
- Specified by:
resolveCredentialin interfaceSsoAuthenticator
-
setAcquisitionTimeout
public void setAcquisitionTimeout(long acquisitionTimeout)
-
setGroupCacheExpiry
public void setGroupCacheExpiry(long groupCacheExpiry)
-
-