-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/maven/fixes/9.0' into maven/rele…
…ase/9.0
- Loading branch information
Showing
6 changed files
with
146 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
67 changes: 67 additions & 0 deletions
67
...haring/service/lti13/uoc/elc/spring/lti/security/openid/HttpSessionOIDCLaunchSession.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
package org.edu_sharing.service.lti13.uoc.elc.spring.lti.security.openid; | ||
|
||
import edu.uoc.lti.oidc.OIDCLaunchSession; | ||
import jakarta.servlet.http.HttpSession; | ||
import lombok.RequiredArgsConstructor; | ||
|
||
import jakarta.servlet.http.HttpServletRequest; | ||
|
||
/** | ||
* @author [email protected] | ||
*/ | ||
@RequiredArgsConstructor | ||
public class HttpSessionOIDCLaunchSession implements OIDCLaunchSession { | ||
private final static String STATE_SESSION_ATTRIBUTE_NAME = "currentLti1.3State"; | ||
private final static String NONCE_SESSION_ATTRIBUTE_NAME = "currentLti1.3Nonce"; | ||
private final static String TARGETLINK_URI_SESSION_ATTRIBUTE_NAME = "currentLti1.3TargetLinkUri"; | ||
|
||
private final HttpServletRequest request; | ||
|
||
@Override | ||
public void setState(String s) { | ||
setAttribute(STATE_SESSION_ATTRIBUTE_NAME, s); | ||
} | ||
|
||
@Override | ||
public void setNonce(String s) { | ||
setAttribute(NONCE_SESSION_ATTRIBUTE_NAME, s); | ||
} | ||
|
||
@Override | ||
public void setTargetLinkUri(String s) { | ||
setAttribute(TARGETLINK_URI_SESSION_ATTRIBUTE_NAME, s); | ||
} | ||
|
||
private void setAttribute(String name, String value) { | ||
request.getSession().setAttribute(name, value); | ||
} | ||
|
||
@Override | ||
public String getState() { | ||
return getAttribute(STATE_SESSION_ATTRIBUTE_NAME); | ||
} | ||
|
||
@Override | ||
public String getNonce() { | ||
return getAttribute(NONCE_SESSION_ATTRIBUTE_NAME); | ||
} | ||
|
||
@Override | ||
public String getTargetLinkUri() { | ||
return getAttribute(TARGETLINK_URI_SESSION_ATTRIBUTE_NAME); | ||
} | ||
|
||
private String getAttribute(String name) { | ||
Object state = request.getSession().getAttribute(name); | ||
return state != null ? state.toString() : null; | ||
} | ||
|
||
public void clear() { | ||
final HttpSession session = this.request.getSession(false); | ||
if (session != null) { | ||
setState(null); | ||
setTargetLinkUri(null); | ||
setNonce(null); | ||
} | ||
} | ||
} |
17 changes: 17 additions & 0 deletions
17
...org/edu_sharing/service/lti13/uoc/elc/spring/lti/security/openid/LoginRequestFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package org.edu_sharing.service.lti13.uoc.elc.spring.lti.security.openid; | ||
|
||
import edu.uoc.elc.lti.tool.oidc.LoginRequest; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
|
||
public class LoginRequestFactory { | ||
public static LoginRequest from(HttpServletRequest request) { | ||
return LoginRequest.builder() | ||
.iss(request.getParameter("iss")) | ||
.login_hint(request.getParameter("login_hint")) | ||
.target_link_uri(request.getParameter("target_link_uri")) | ||
.lti_message_hint(request.getParameter("lti_message_hint")) | ||
.lti_deployment_id(request.getParameter("lti_deployment_id")) | ||
.client_id(request.getParameter("client_id")) | ||
.build(); | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
...in/java/org/edu_sharing/service/lti13/uoc/elc/spring/lti/security/utils/TokenFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
package org.edu_sharing.service.lti13.uoc.elc.spring.lti.security.utils; | ||
|
||
import jakarta.servlet.http.HttpServletRequest; | ||
|
||
public class TokenFactory { | ||
public static String from(HttpServletRequest httpServletRequest) { | ||
String token = httpServletRequest.getParameter("jwt"); | ||
if (token == null || "".equals(token)) { | ||
token = httpServletRequest.getParameter("id_token"); | ||
} | ||
return token; | ||
} | ||
|
||
} | ||
|
40 changes: 40 additions & 0 deletions
40
...core/src/main/java/org/edu_sharing/service/lti13/uoc/elc/spring/lti/tool/ToolFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
package org.edu_sharing.service.lti13.uoc.elc.spring.lti.tool; | ||
|
||
import edu.uoc.elc.lti.tool.Tool; | ||
import edu.uoc.elc.lti.tool.ToolDefinition; | ||
|
||
|
||
|
||
import edu.uoc.elc.spring.lti.tool.ToolDefinitionBean; | ||
import edu.uoc.elc.spring.lti.tool.ToolDefinitionFactory; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import org.edu_sharing.service.lti13.uoc.elc.spring.lti.security.openid.HttpSessionOIDCLaunchSession; | ||
import org.edu_sharing.service.lti13.uoc.elc.spring.lti.security.utils.TokenFactory; | ||
|
||
/** | ||
* @author [email protected] | ||
*/ | ||
public class ToolFactory { | ||
HttpSessionOIDCLaunchSession oidcLaunchSession; | ||
|
||
public ToolFactory() { | ||
} | ||
|
||
public Tool from(ToolDefinitionBean toolDefinitionBean, HttpServletRequest request) { | ||
return this.from(toolDefinitionBean, request, false); | ||
} | ||
|
||
public Tool from(ToolDefinitionBean toolDefinitionBean, HttpServletRequest request, boolean clearSession) { | ||
this.oidcLaunchSession = new HttpSessionOIDCLaunchSession(request); | ||
if (clearSession) { | ||
this.oidcLaunchSession.clear(); | ||
} | ||
|
||
ToolDefinition toolDefinition = ToolDefinitionFactory.from(toolDefinitionBean); | ||
Tool tool = new Tool(toolDefinition, toolDefinitionBean.getClaimAccessor(), this.oidcLaunchSession, toolDefinitionBean.getBuilders()); | ||
String token = TokenFactory.from(request); | ||
String state = request.getParameter("state"); | ||
tool.validate(token, state); | ||
return tool; | ||
} | ||
} |