Package org.oa4mp.di

Class DIService

  • All Implemented Interfaces:
    edu.uiuc.ncsa.security.core.Logable, Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig, org.oa4mp.delegation.common.servlet.TransactionFilter
    public class DIService
extends OA4MPServlet
    The detached/independent (DI) service. This is the authentication case where there is a wholly standalone authentication service. It does authentication then notifies OA4MP via back channel callouts to OA4MP to start and finish flows.
    See Also:
    Serialized Form

    • Constructor Detail

      • DIService

        public DIService()

    • Method Detail

      • doIt

        protected void doIt​(javax.servlet.http.HttpServletRequest request,
                    javax.servlet.http.HttpServletResponse response)
             throws Throwable
        Specified by:
        doIt in class edu.uiuc.ncsa.security.servlet.AbstractServlet
        Throws:
        Throwable

      • doAction

        protected void doAction​(javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response,
                        String action)
                 throws IOException,
                        javax.servlet.ServletException
        Throws:
        IOException
        javax.servlet.ServletException

      • init

        public void init​(javax.servlet.ServletConfig config)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Servlet
        Overrides:
        init in class javax.servlet.GenericServlet
        Throws:
        javax.servlet.ServletException

      • checkUserCode

        protected void checkUserCode​(javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws IOException
        Taken from CIL-934 action: checkUserCode param: user_code (required, but can be empty)

        Purpose: This is an "internal" diService method used by the PHP web front end to (1) verify that a user_code input by the user is valid and (2) return the client_id associated with this transaction in order to display client information to the end user. The user_code parameter is required, but it can be empty. The user_code parameter can contain extra "user-friendly" characters such as dash '-', space ' ', underscore '_', etc. These extra characters will be stripped out/ignored by the diService. The user_code can contain lower-case and/or upper-case characters which will be transformed to upper-case characters by the diService. Returns: HTTP 200 response, body is basic text, one line per returned value:

        status=INTEGER 0 = Success 1048569 = missing parameter 65537 = transaction not found 65539 = expired user_code (token) client_id=The OIDC client_id matching the user_code user_code=The original user_code to be displayed to the end user. The purpose of this is that the returned user_code should visually match the one that was returned to the device so the user can easily verify a match (i.e., ignore any transformations done by the user when inputting the user_code). scope=A (possibly empty/absent) space-separated list of scopes that were requested by the client. This is needed when displaying the list of attributes to be delegated since the scopes requested by the device client may differ from those registered.

        Parameters:
        request -
        response -
        Throws:
        IOException

      • approveUserCode

        protected void approveUserCode​(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response)
                        throws IOException
        action: userCodeApproved param(s):

        user_code (required) approved (optional; defaults to 1; 1=approved; 0=denied)

        Purpose: This is an "internal" diService method used by the PHP web front end to let the diService know that the user has logged on to their chosen Identity Provider and approved the transaction OR that the user has clicked a "Cancel" button and denied the transaction. If the user has approved the transaction (approved=1 or 'approved' is absent, the default), the OA4MP server can proceed with the rest of the Device authz grant flow. If the user has denied the transaction (approved=0), the OA4MP server should inform the device that the user has canceled the transaction. Returns: HTTP 200 response, body is basic text, one line per returned value:

        status=INTEGER 0 = Success 1048569 = missing parameter 65537 = transaction not found

        Throws:
        IOException

      • startAuthCodeFlow

        protected void startAuthCodeFlow​(javax.servlet.http.HttpServletRequest req,
                                 javax.servlet.http.HttpServletResponse resp)
                          throws IOException
        This accepts the following parameters 
         client_id
 response_type
 redirect_uri
 scope
 state
 code_challenge          (RFC 7636)
 code_challenge_method      "   "
        and the response
        Parameters:
        req -
        resp -
        Throws:
        IOException

      • finishAuthCodeFlow

        protected void finishAuthCodeFlow​(javax.servlet.http.HttpServletRequest req,
                                  javax.servlet.http.HttpServletResponse resp)
                           throws IOException
        Throws:
        IOException

      • doUserClaims

        protected void doUserClaims​(OA2ServiceTransaction t,
                            javax.servlet.http.HttpServletRequest request,
                            edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)
                     throws Throwable
        This will run the QDL scripts for the client in the auth phase If there are specialized claims for all users, override and do them here, then call super. In that case, it should get and set OA2ServiceTransaction.getUserMetaData(). This call will save the transaction. .
        Parameters:
        t -
        request -
        debugger -
        Throws:
        Throwable

      • doError

        protected void doError​(String message,
                       int errorCode,
                       javax.servlet.http.HttpServletResponse resp)
                throws IOException
        Throws:
        IOException

      • startWrite

        protected void startWrite​(javax.servlet.http.HttpServletResponse response)
        Sets up the response with the right encoding and status.
        Parameters:
        response -

      • stopWrite

        protected void stopWrite​(javax.servlet.http.HttpServletResponse response)
                  throws IOException
        Stop writing to the response. This flushes and closes the writer. No writes should work after this.
        Parameters:
        response -
        Throws:
        IOException

      • writeMessage

        protected void writeMessage​(javax.servlet.http.HttpServletResponse response,
                            Err errResponse)
                     throws IOException
        Throws:
        IOException

      • getOA2SE

        protected OA2SE getOA2SE()
        Convenience to get the service environment.
        Returns: