Package org.codelibs.fess.sso.oic
Class OpenIdConnectAuthenticator
java.lang.Object
org.codelibs.fess.sso.oic.OpenIdConnectAuthenticator
- All Implemented Interfaces:
SsoAuthenticator
OpenID Connect authenticator for SSO integration.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final com.google.api.client.http.HttpTransportHTTP transport for OpenID Connect requests.protected final com.google.api.client.json.JsonFactoryJSON factory for OpenID Connect response parsing.protected static final StringConfiguration key for OpenID Connect authorization server URL.protected static final StringConfiguration key for OpenID Connect base URL.protected static final StringConfiguration key for OpenID Connect client ID.protected static final StringConfiguration key for OpenID Connect client secret.protected static final StringConfiguration key for OpenID Connect redirect URL.protected static final StringConfiguration key for OpenID Connect scope.protected static final StringSession key for OpenID Connect state parameter.protected static final StringConfiguration key for OpenID Connect token server URL. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected StringBuilds a default redirect URL for OpenID Connect based on the environment.protected byte[]decodeBase64(String base64String) Decodes a Base64 string to bytes.protected StringgetAuthUrl(jakarta.servlet.http.HttpServletRequest request) Gets the authorization URL for OpenID Connect.org.lastaflute.web.login.credential.LoginCredentialGets the login credential for SSO authentication.protected StringGets the OpenID Connect authorization server URL.protected StringGets the OpenID Connect client ID.protected StringGets the OpenID Connect client secret.protected StringGets the OpenID Connect redirect URL.protected StringGets the OpenID Connect scope.protected StringGets the OpenID Connect token server URL.org.lastaflute.web.response.ActionResponsegetResponse(SsoResponseType responseType) Gets the action response for the specified SSO response type.protected com.google.api.client.auth.oauth2.TokenResponsegetTokenUrl(String code) Gets the token response from the OpenID Connect provider.voidinit()Initializes the OpenID Connect authenticator.logout(org.codelibs.fess.mylasta.action.FessUserBean user) Performs logout for the specified user.protected ObjectparseArray(com.google.api.client.json.JsonParser jsonParser) Parses array values from JSON parser.protected voidparseJwtClaim(String jwtClaim, Map<String, Object> attributes) Parses the JWT claim and extracts attributes.parseObject(com.google.api.client.json.JsonParser jsonParser) Parses object values from JSON parser.protected ObjectparsePrimitive(com.google.api.client.json.JsonParser jsonParser) Parses primitive values from JSON parser.protected org.lastaflute.web.login.credential.LoginCredentialprocessCallback(jakarta.servlet.http.HttpServletRequest request, String code) Processes the callback from OpenID Connect provider.voidResolves credential using the provided resolver.
-
Field Details
-
OIC_AUTH_SERVER_URL
Configuration key for OpenID Connect authorization server URL.- See Also:
-
OIC_CLIENT_ID
Configuration key for OpenID Connect client ID.- See Also:
-
OIC_SCOPE
Configuration key for OpenID Connect scope.- See Also:
-
OIC_REDIRECT_URL
Configuration key for OpenID Connect redirect URL.- See Also:
-
OIC_TOKEN_SERVER_URL
Configuration key for OpenID Connect token server URL.- See Also:
-
OIC_CLIENT_SECRET
Configuration key for OpenID Connect client secret.- See Also:
-
OIC_STATE
Session key for OpenID Connect state parameter.- See Also:
-
OIC_BASE_URL
Configuration key for OpenID Connect base URL.- See Also:
-
httpTransport
protected final com.google.api.client.http.HttpTransport httpTransportHTTP transport for OpenID Connect requests. -
jsonFactory
protected final com.google.api.client.json.JsonFactory jsonFactoryJSON factory for OpenID Connect response parsing.
-
-
Constructor Details
-
OpenIdConnectAuthenticator
public OpenIdConnectAuthenticator()Default constructor.
-
-
Method Details
-
init
@PostConstruct public void init()Initializes the OpenID Connect authenticator. -
getLoginCredential
public org.lastaflute.web.login.credential.LoginCredential getLoginCredential()Description copied from interface:SsoAuthenticatorGets the login credential for SSO authentication.- Specified by:
getLoginCredentialin interfaceSsoAuthenticator- Returns:
- The login credential.
-
getAuthUrl
Gets the authorization URL for OpenID Connect.- Parameters:
request- the HTTP servlet request- Returns:
- the authorization URL
-
decodeBase64
Decodes a Base64 string to bytes.- Parameters:
base64String- the Base64 string to decode- Returns:
- the decoded bytes, or null if input is null
-
processCallback
protected org.lastaflute.web.login.credential.LoginCredential processCallback(jakarta.servlet.http.HttpServletRequest request, String code) Processes the callback from OpenID Connect provider.- Parameters:
request- the HTTP servlet requestcode- the authorization code- Returns:
- the login credential
-
parseJwtClaim
Parses the JWT claim and extracts attributes.- Parameters:
jwtClaim- the JWT claim stringattributes- the attributes map to populate- Throws:
IOException- if an I/O error occurs
-
parsePrimitive
protected Object parsePrimitive(com.google.api.client.json.JsonParser jsonParser) throws IOException Parses primitive values from JSON parser.- Parameters:
jsonParser- the JSON parser- Returns:
- the parsed primitive value
- Throws:
IOException- if an I/O error occurs
-
parseArray
Parses array values from JSON parser.- Parameters:
jsonParser- the JSON parser- Returns:
- the parsed array as a list
- Throws:
IOException- if an I/O error occurs
-
parseObject
protected Map<String,Object> parseObject(com.google.api.client.json.JsonParser jsonParser) throws IOException Parses object values from JSON parser.- Parameters:
jsonParser- the JSON parser- Returns:
- the parsed object as a map
- Throws:
IOException- if an I/O error occurs
-
getTokenUrl
protected com.google.api.client.auth.oauth2.TokenResponse getTokenUrl(String code) throws IOException Gets the token response from the OpenID Connect provider.- Parameters:
code- the authorization code- Returns:
- the token response
- Throws:
IOException- if an I/O error occurs
-
getOicClientSecret
Gets the OpenID Connect client secret.- Returns:
- the client secret
-
getOicTokenServerUrl
Gets the OpenID Connect token server URL.- Returns:
- the token server URL
-
getOicRedirectUrl
Gets the OpenID Connect redirect URL.- Returns:
- the redirect URL
-
buildDefaultRedirectUrl
Builds a default redirect URL for OpenID Connect based on the environment. Uses the configured base URL or defaults to http://localhost:8080 for compatibility with common OIDC provider configurations.- Returns:
- the default redirect URL
-
getOicScope
Gets the OpenID Connect scope.- Returns:
- the scope
-
getOicClientId
Gets the OpenID Connect client ID.- Returns:
- the client ID
-
getOicAuthServerUrl
Gets the OpenID Connect authorization server URL.- Returns:
- the authorization server URL
-
resolveCredential
Description copied from interface:SsoAuthenticatorResolves credential using the provided resolver.- Specified by:
resolveCredentialin interfaceSsoAuthenticator- Parameters:
resolver- The login credential resolver.
-
getResponse
Description copied from interface:SsoAuthenticatorGets the action response for the specified SSO response type.- Specified by:
getResponsein interfaceSsoAuthenticator- Parameters:
responseType- The type of SSO response required.- Returns:
- The action response.
-
logout
Description copied from interface:SsoAuthenticatorPerforms logout for the specified user.- Specified by:
logoutin interfaceSsoAuthenticator- Parameters:
user- The user to logout.- Returns:
- The logout URL or null if not applicable.
-