org.mitre.openid.connect.client

Class OIDCAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.mitre.openid.connect.client.OIDCAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.web.context.ServletContextAware

public class OIDCAuthenticationFilter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

OpenID Connect Authentication Filter class

Author:

nemonik, jricher

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	OIDCAuthenticationFilter.TargetLinkURIAuthenticationSuccessHandler Handle a successful authentication event.

Field Summary

Fields

Modifier and Type	Field and Description
protected static String	CODE_VERIFIER_SESSION_VARIABLE
static String	FILTER_PROCESSES_URL
protected static int	HTTP_SOCKET_TIMEOUT
protected int	httpSocketTimeout
protected static String	ISSUER_SESSION_VARIABLE
protected static String	NONCE_SESSION_VARIABLE
protected static String	REDIRECT_URI_SESION_VARIABLE
protected static String	STATE_SESSION_VARIABLE
protected static String	TARGET_SESSION_VARIABLE

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
OIDCAuthenticationFilter() OpenIdConnectAuthenticationFilter constructor

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
org.springframework.security.core.Authentication	attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected static String	createCodeVerifier(javax.servlet.http.HttpSession session) Create a random code challenge and store it in the session
protected static String	createNonce(javax.servlet.http.HttpSession session) Create a cryptographically random nonce and store it in the session
protected static String	createState(javax.servlet.http.HttpSession session) Create a cryptographically random state and store it in the session
AuthRequestOptionsService	getAuthRequestOptionsService()
AuthRequestUrlBuilder	getAuthRequestUrlBuilder()
ClientConfigurationService	getClientConfigurationService()
IssuerService	getIssuerService()
ServerConfigurationService	getServerConfigurationService()
protected static String	getStoredCodeVerifier(javax.servlet.http.HttpSession session) Retrieve the stored challenge from our session
protected static String	getStoredNonce(javax.servlet.http.HttpSession session) Get the nonce we stored in the session
protected static String	getStoredState(javax.servlet.http.HttpSession session) Get the state we stored in the session
SymmetricKeyJWTValidatorCacheService	getSymmetricCacheService()
OIDCAuthenticationFilter.TargetLinkURIAuthenticationSuccessHandler	getTargetLinkURIAuthenticationSuccessHandler()
int	getTimeSkewAllowance()
JWKSetCacheService	getValidationServices()
protected org.springframework.security.core.Authentication	handleAuthorizationCodeResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected void	handleAuthorizationRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Initiate an Authorization request
protected void	handleError(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Handle Authorization Endpoint error
void	setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)
void	setAuthRequestOptionsService(AuthRequestOptionsService authOptions)
void	setAuthRequestUrlBuilder(AuthRequestUrlBuilder authRequestBuilder)
void	setClientConfigurationService(ClientConfigurationService clients)
void	setIssuerService(IssuerService issuerService)
void	setServerConfigurationService(ServerConfigurationService servers)
void	setSymmetricCacheService(SymmetricKeyJWTValidatorCacheService symmetricCacheService)
void	setTargetLinkURIAuthenticationSuccessHandler(OIDCAuthenticationFilter.TargetLinkURIAuthenticationSuccessHandler targetSuccessHandler)
void	setTargetLinkURIChecker(TargetLinkURIChecker deepLinkFilter)
void	setTimeSkewAllowance(int timeSkewAllowance)
void	setValidationServices(JWKSetCacheService validationServices)
TargetLinkURIChecker	targetLinkURIChecker()

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REDIRECT_URI_SESION_VARIABLE

protected static final String REDIRECT_URI_SESION_VARIABLE

See Also:

Constant Field Values

CODE_VERIFIER_SESSION_VARIABLE

protected static final String CODE_VERIFIER_SESSION_VARIABLE

See Also:

Constant Field Values

STATE_SESSION_VARIABLE

protected static final String STATE_SESSION_VARIABLE

See Also:

Constant Field Values

NONCE_SESSION_VARIABLE

protected static final String NONCE_SESSION_VARIABLE

See Also:

Constant Field Values

ISSUER_SESSION_VARIABLE

protected static final String ISSUER_SESSION_VARIABLE

See Also:

Constant Field Values

TARGET_SESSION_VARIABLE

protected static final String TARGET_SESSION_VARIABLE

See Also:

Constant Field Values

HTTP_SOCKET_TIMEOUT

protected static final int HTTP_SOCKET_TIMEOUT

See Also:

Constant Field Values

FILTER_PROCESSES_URL

public static final String FILTER_PROCESSES_URL

See Also:

Constant Field Values

httpSocketTimeout

protected int httpSocketTimeout

Constructor Detail

OIDCAuthenticationFilter

public OIDCAuthenticationFilter()

OpenIdConnectAuthenticationFilter constructor

Method Detail

afterPropertiesSet

public void afterPropertiesSet()

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Overrides:

afterPropertiesSet in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

attemptAuthentication

public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
                                                                              javax.servlet.http.HttpServletResponse response)
                                                                       throws org.springframework.security.core.AuthenticationException,
                                                                              IOException,
                                                                              javax.servlet.ServletException

Specified by:

attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Throws:

org.springframework.security.core.AuthenticationException

IOException

javax.servlet.ServletException

handleAuthorizationRequest

protected void handleAuthorizationRequest(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response)
                                   throws IOException

Initiate an Authorization request

Parameters:

request - The request from which to extract parameters and perform the authentication

response -

Throws:

IOException - If an input or output exception occurs

handleAuthorizationCodeResponse

protected org.springframework.security.core.Authentication handleAuthorizationCodeResponse(javax.servlet.http.HttpServletRequest request,
                                                                                           javax.servlet.http.HttpServletResponse response)

Parameters:

request - The request from which to extract parameters and perform the authentication

Returns:

The authenticated user token, or null if authentication is incomplete.

handleError

protected void handleError(javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response)
                    throws IOException

Handle Authorization Endpoint error

Parameters:

request - The request from which to extract parameters and handle the error

response - The response, needed to do a redirect to display the error

Throws:

IOException - If an input or output exception occurs

createNonce

protected static String createNonce(javax.servlet.http.HttpSession session)

Create a cryptographically random nonce and store it in the session

Parameters:

session -

Returns:

getStoredNonce

protected static String getStoredNonce(javax.servlet.http.HttpSession session)

Get the nonce we stored in the session

Parameters:

session -

Returns:

createState

protected static String createState(javax.servlet.http.HttpSession session)

Create a cryptographically random state and store it in the session

Parameters:

session -

Returns:

getStoredState

protected static String getStoredState(javax.servlet.http.HttpSession session)

Get the state we stored in the session

Parameters:

session -

Returns:

createCodeVerifier

protected static String createCodeVerifier(javax.servlet.http.HttpSession session)

Create a random code challenge and store it in the session

Parameters:

session -

Returns:

getStoredCodeVerifier

protected static String getStoredCodeVerifier(javax.servlet.http.HttpSession session)

Retrieve the stored challenge from our session

Parameters:

session -

Returns:

setAuthenticationSuccessHandler

public void setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)

Overrides:

setAuthenticationSuccessHandler in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

getTimeSkewAllowance

public int getTimeSkewAllowance()

setTimeSkewAllowance

public void setTimeSkewAllowance(int timeSkewAllowance)

getValidationServices

public JWKSetCacheService getValidationServices()

Returns:

the validationServices

setValidationServices

public void setValidationServices(JWKSetCacheService validationServices)

Parameters:

validationServices - the validationServices to set

getServerConfigurationService

public ServerConfigurationService getServerConfigurationService()

Returns:

the servers

setServerConfigurationService

public void setServerConfigurationService(ServerConfigurationService servers)

Parameters:

servers - the servers to set

getClientConfigurationService

public ClientConfigurationService getClientConfigurationService()

Returns:

the clients

setClientConfigurationService

public void setClientConfigurationService(ClientConfigurationService clients)

Parameters:

clients - the clients to set

getIssuerService

public IssuerService getIssuerService()

Returns:

the issuerService

setIssuerService

public void setIssuerService(IssuerService issuerService)

Parameters:

issuerService - the issuerService to set

getAuthRequestUrlBuilder

public AuthRequestUrlBuilder getAuthRequestUrlBuilder()

Returns:

the authRequestBuilder

setAuthRequestUrlBuilder

public void setAuthRequestUrlBuilder(AuthRequestUrlBuilder authRequestBuilder)

Parameters:

authRequestBuilder - the authRequestBuilder to set

getAuthRequestOptionsService

public AuthRequestOptionsService getAuthRequestOptionsService()

Returns:

the authOptions

setAuthRequestOptionsService

public void setAuthRequestOptionsService(AuthRequestOptionsService authOptions)

Parameters:

authOptions - the authOptions to set

getSymmetricCacheService

public SymmetricKeyJWTValidatorCacheService getSymmetricCacheService()

setSymmetricCacheService

public void setSymmetricCacheService(SymmetricKeyJWTValidatorCacheService symmetricCacheService)

getTargetLinkURIAuthenticationSuccessHandler

public OIDCAuthenticationFilter.TargetLinkURIAuthenticationSuccessHandler getTargetLinkURIAuthenticationSuccessHandler()

setTargetLinkURIAuthenticationSuccessHandler

public void setTargetLinkURIAuthenticationSuccessHandler(OIDCAuthenticationFilter.TargetLinkURIAuthenticationSuccessHandler targetSuccessHandler)

targetLinkURIChecker

public TargetLinkURIChecker targetLinkURIChecker()

setTargetLinkURIChecker

public void setTargetLinkURIChecker(TargetLinkURIChecker deepLinkFilter)