Skip to content

Commit d284b5e

Browse files
author
Takahiko Kawasaki
authored
Merge pull request #4 from authlete/refactor-methods
Refactored some methods.
2 parents c17f877 + af56458 commit d284b5e

File tree

2 files changed

+101
-82
lines changed

2 files changed

+101
-82
lines changed

src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionEndpoint.java

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,7 @@ private HttpSession getSession(HttpServletRequest request)
107107

108108
// A session does not exist. Make a response of "400 Bad Request".
109109
String message = "A session does not exist.";
110+
110111
Response response = Response
111112
.status(Status.BAD_REQUEST)
112113
.entity(message)
@@ -131,21 +132,19 @@ private static User getUser(HttpSession session, MultivaluedMap<String, String>
131132
{
132133
return sessionUser;
133134
}
134-
else
135+
136+
// Look up an end-user who has the login credentials.
137+
User loginUser = UserDao.getByCredentials(parameters.getFirst("loginId"),
138+
parameters.getFirst("password"));
139+
140+
if (loginUser != null)
135141
{
136-
// Look up an end-user who has the login credentials.
137-
User loginUser = UserDao.getByCredentials(parameters.getFirst("loginId"),
138-
parameters.getFirst("password"));
139-
140-
if (loginUser != null)
141-
{
142-
//System.err.println("Logged in as: " + loginUser);
143-
session.setAttribute("user", loginUser);
144-
session.setAttribute("authTime", new Date());
145-
}
146-
147-
return loginUser;
142+
//System.err.println("Logged in as: " + loginUser);
143+
session.setAttribute("user", loginUser);
144+
session.setAttribute("authTime", new Date());
148145
}
146+
147+
return loginUser;
149148
}
150149

151150

src/main/java/com/authlete/jaxrs/server/api/AuthorizationRequestHandlerSpiImpl.java

Lines changed: 89 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -96,59 +96,11 @@ public Response generateAuthorizationPage(AuthorizationResponse info)
9696
session.setAttribute("claimNames", info.getClaims());
9797
session.setAttribute("claimLocales", info.getClaimsLocales());
9898

99-
// Get the user from the session if they exist.
100-
User user = (User) session.getAttribute("user");
101-
Date authTime = (Date) session.getAttribute("authTime");
102-
103-
//System.err.println("USER: " + user);
104-
//System.err.println("Auth Time: " + authTime);
105-
//System.err.println("AuthorizationResponse: " + info.summarize());
106-
107-
if (user != null && authTime != null)
108-
{
109-
// See if the user should be prompted for login anyway.
110-
if (info.getPrompts() != null)
111-
{
112-
List<Prompt> prompts = Arrays.asList(info.getPrompts());
113-
114-
//System.err.println("Prompts: " + prompts);
115-
116-
if (prompts.contains(Prompt.LOGIN))
117-
{
118-
// Force a login by clearing out the current user.
119-
120-
//System.err.println("XX Logged out from prompt");
121-
122-
user = null;
123-
session.removeAttribute("user");
124-
session.removeAttribute("authTime");
125-
}
126-
}
127-
128-
// Check the auth age to make sure this session isn't too old.
129-
130-
// TODO: max_age == 0 effectively means "log in the user interactively
131-
// now" but it's used here as a flag, we should fix this to use Integer
132-
// instead of int probably.
133-
if (info.getMaxAge() > 0)
134-
{
135-
Date now = new Date();
136-
137-
// Calculate number of seconds that have elapsed since login.
138-
long authAge = (now.getTime() - authTime.getTime()) / 1000;
139-
140-
if (authAge > info.getMaxAge())
141-
{
142-
// Session age is too old, clear out the current user.
143-
144-
//System.err.println("XX Logged out from max_auth");
99+
// Clear the current user information in the session if necessary.
100+
clearCurrentUserInfoInSessionIfNecessary(info, session);
145101

146-
user = null;
147-
session.removeAttribute("user");
148-
session.removeAttribute("authTime");
149-
}
150-
}
151-
}
102+
// Get the user from the session if they exist.
103+
User user = (User) session.getAttribute("user");
152104

153105
// Prepare a model object which contains information needed to
154106
// render the authorization page. Feel free to create a subclass
@@ -174,14 +126,9 @@ public boolean isUserAuthenticated()
174126
// Get the user from the session if they exist.
175127
User user = (User) session.getAttribute("user");
176128

177-
if (user != null)
178-
{
179-
return true;
180-
}
181-
else
182-
{
183-
return false;
184-
}
129+
// If the user information exists in the session, the user is already
130+
// authenticated; Otherwise, the user is not authenticated.
131+
return user != null;
185132
}
186133

187134

@@ -194,14 +141,12 @@ public long getUserAuthenticatedAt()
194141
// Get the user from the session if they exist.
195142
Date authTime = (Date) session.getAttribute("authTime");
196143

197-
if (authTime != null)
198-
{
199-
return authTime.getTime() / 1000L;
200-
}
201-
else
144+
if (authTime == null)
202145
{
203146
return 0;
204147
}
148+
149+
return authTime.getTime() / 1000L;
205150
}
206151

207152

@@ -214,13 +159,88 @@ public String getUserSubject()
214159
// Get the user from the session if they exist.
215160
User user = (User) session.getAttribute("user");
216161

217-
if (user != null)
162+
if (user == null)
218163
{
219-
return user.getSubject();
164+
return null;
220165
}
221-
else
166+
167+
return user.getSubject();
168+
}
169+
170+
171+
private void clearCurrentUserInfoInSessionIfNecessary(AuthorizationResponse info, HttpSession session)
172+
{
173+
// Get the user from the session if they exist.
174+
User user = (User) session.getAttribute("user");
175+
Date authTime = (Date) session.getAttribute("authTime");
176+
177+
//System.err.println("USER: " + user);
178+
//System.err.println("Auth Time: " + authTime);
179+
//System.err.println("AuthorizationResponse: " + info.summarize());
180+
181+
if (user == null || authTime == null)
222182
{
223-
return null;
183+
// The information about the user does not exist in the session.
184+
return;
185+
}
186+
187+
// Check 'prompts'.
188+
checkPrompts(info, session);
189+
190+
// Check 'authentication age'.
191+
checkAuthenticationAge(info, session, authTime);
192+
}
193+
194+
195+
private void checkPrompts(AuthorizationResponse info, HttpSession session)
196+
{
197+
if (info.getPrompts() == null)
198+
{
199+
return;
224200
}
201+
202+
List<Prompt> prompts = Arrays.asList(info.getPrompts());
203+
204+
//System.err.println("Prompts: " + prompts);
205+
206+
if (prompts.contains(Prompt.LOGIN))
207+
{
208+
// Force a login by clearing out the current user.
209+
clearCurrentUserInfoInSession(session);
210+
211+
//System.err.println("XX Logged out from prompt");
212+
};
213+
}
214+
215+
216+
private void checkAuthenticationAge(AuthorizationResponse info, HttpSession session, Date authTime)
217+
{
218+
// TODO: max_age == 0 effectively means "log in the user interactively
219+
// now" but it's used here as a flag, we should fix this to use Integer
220+
// instead of int probably.
221+
if (info.getMaxAge() <= 0)
222+
{
223+
return;
224+
}
225+
226+
Date now = new Date();
227+
228+
// Calculate number of seconds that have elapsed since login.
229+
long authAge = (now.getTime() - authTime.getTime()) / 1000L;
230+
231+
if (authAge > info.getMaxAge())
232+
{
233+
// Session age is too old, clear out the current user.
234+
clearCurrentUserInfoInSession(session);
235+
236+
//System.err.println("XX Logged out from max_auth");
237+
};
238+
}
239+
240+
241+
private void clearCurrentUserInfoInSession(HttpSession session)
242+
{
243+
session.removeAttribute("user");
244+
session.removeAttribute("authTime");
225245
}
226246
}

0 commit comments

Comments
 (0)