Adding the redirect URL configuration (#15)

2019-07-29 16:23:37 -05:00 · 2019-07-29 16:23:37 -05:00 · 7883b54131
--- a/secure-app-model/keyvault/partnerconsent/src/main/java/com/microsoft/store/samples/partnerconsent/security/AuthenticationFilter.java
+++ b/secure-app-model/keyvault/partnerconsent/src/main/java/com/microsoft/store/samples/partnerconsent/security/AuthenticationFilter.java
@ -25,6 +25,7 @@ import javax.naming.ServiceUnavailableException;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@ -103,6 +104,11 @@ public class AuthenticationFilter implements Filter
     */
    private String clientSecret;

+    /**
+     * The redirect address used when requesting the token.
+     */
+    private String redirectUrl;
+
    /**
     * Provides a secure mechanism for retrieving and store sensitive information.
     */
@ -224,14 +230,15 @@ public class AuthenticationFilter implements Filter
     */
    public void init(FilterConfig config) throws ServletException 
    {
-        clientId = config.getInitParameter("client_id");
-        authority = config.getServletContext().getInitParameter("authority");
-        clientSecret = config.getInitParameter("client_secret");
+        authority = getConfigValue(config.getServletContext(), "authority");
+        clientId = getConfigValue(config, "client_id");
+        clientSecret = getConfigValue(config, "client_secret");
+        redirectUrl = getConfigValue(config, "redirect_url");

        vault = new KeyVaultProvider(
-            config.getInitParameter("keyvault_base_url"),
-            config.getInitParameter("keyvault_client_id"),
-            config.getInitParameter("keyvault_client_secret"));
+            getConfigValue(config, "keyvault_base_url"),
+            getConfigValue(config, "keyvault_client_id"),
+            getConfigValue(config, "keyvault_client_secret"));
    }

    /**
@ -267,13 +274,13 @@ public class AuthenticationFilter implements Filter
            service =  Executors.newFixedThreadPool(1);

            authContext = new AuthenticationContext(
-                MessageFormat.format("{0}common", authority), 
+                MessageFormat.format("{0}/common", authority), 
                true, 
                service);

            future = authContext.acquireTokenByAuthorizationCode(
                code.getValue(),
-                new URI(request.getRequestURL().toString()),
+                new URI(redirectUrl),
                new ClientCredential(
                    clientId,
                    clientSecret), 
@ -321,7 +328,7 @@ public class AuthenticationFilter implements Filter
                clientSecret);

            authContext = new AuthenticationContext(
-                MessageFormat.format("{0}common", authority), 
+                MessageFormat.format("{0}/common", authority), 
                true, 
                service);

@ -349,6 +356,41 @@ public class AuthenticationFilter implements Filter
        return authResult;
    }

+    /**
+     * Gets the configuration value.
+     * 
+     * @param config The object containing the filter's configuration and initialization parameters 
+     * @param name The name of the configuration.
+     * @return The value for the specified configuration.
+     */
+    private String getConfigValue(FilterConfig config, String name)
+    {
+        return isNullOrEmpty(config.getInitParameter(name)) ? System.getenv(name) : config.getInitParameter(name);
+    }
+
+    /**
+     * Gets the configuration value.
+     * 
+     * @param context The context for the servlet. 
+     * @param name The name of the configuration.
+     * @return The value for the specified configuration.
+     */
+    private String getConfigValue(ServletContext context, String name)
+    {
+        return isNullOrEmpty(context.getInitParameter(name)) ? System.getenv(name) : context.getInitParameter(name);
+    }
+
+    /**
+     * Indicates whether the specified string is null or an empty string ("").
+     * 
+     * @param value The string to be tested.
+     * @return true if the value parameter is null or an empty string (""); otherwise, false.
+     */
+    private boolean isNullOrEmpty(String value)
+    {
+        return value == null || value.isEmpty();
+    }
+
    /**
     * Removes the state information from the HTTP session.
     * 
@ -362,7 +404,7 @@ public class AuthenticationFilter implements Filter
        Map<String, StateData> states; 
        Map.Entry<String, StateData> entry;
        StateData stateData; 
-        String state = request.getParameter("state");
+        String state = request.getParameter(STATE_NAME);
        long difference; 

        if(StringUtils.isNotEmpty(state))
@ -441,7 +483,7 @@ public class AuthenticationFilter implements Filter

            authResult = getAccessToken(request, oidcResponse.getAuthorizationCode());

-            // Validate the nonce to prevent replay attacks (code maybe substitued to one with broader access).
+            // Validate the nonce to prevent replay attacks (code maybe substituted to one with broader access).
            nonce = (String)JWTParser.parse(authResult.getIdToken()).getJWTClaimsSet().getClaim("nonce");

            if(StringUtils.isEmpty(nonce) || !nonce.equals(stateData.getNonce()))
@ -481,15 +523,13 @@ public class AuthenticationFilter implements Filter
        String state = UUID.randomUUID().toString();

        String redirectUri = MessageFormat.format(
-            "{0}common/oauth2/authorize?response_type=code&scope=openid&response_mode=form_post&redirect_uri={1}&client_id={2}&state={3}&nonce={4}", 
+            "{0}/common/oauth2/authorize?response_type=code&scope=openid&response_mode=form_post&redirect_uri={1}&client_id={2}&state={3}&nonce={4}", 
            authority,
-            URLEncoder.encode(request.getRequestURL().toString(), "UTF-8"),
+            URLEncoder.encode(redirectUrl, "UTF-8"),
            clientId,
            state, 
            nonce);

-        response.setStatus(302);
-
        if(request.getSession().getAttribute(STATE_NAME) == null)
        {
            request.getSession().setAttribute(STATE_NAME, new HashMap<String, StateData>());
@ -497,6 +537,7 @@ public class AuthenticationFilter implements Filter

        ((Map<String, StateData>) request.getSession().getAttribute(STATE_NAME)).put(state, new StateData(nonce, new Date()));

+        response.setStatus(302);
        response.sendRedirect(redirectUri);
    }

--- a/secure-app-model/keyvault/partnerconsent/src/main/java/com/microsoft/store/samples/partnerconsent/security/KeyVaultProvider.java
+++ b/secure-app-model/keyvault/partnerconsent/src/main/java/com/microsoft/store/samples/partnerconsent/security/KeyVaultProvider.java
@ -76,7 +76,7 @@ public class KeyVaultProvider implements IVaultProvider
     * @param resource Identifier of the target resource that is the recipient of the requested token.
     * @param clientId The identifier of the client requesting the token.
     * @param clientSecret The secure secret of the client requesting the token.
-     * @return An instance of {@link AuthenticationResult} that contians an access token and refresh token.
+     * @return An instance of {@link AuthenticationResult} that contains an access token and refresh token.
     * 
     * @throws ExecutionException {@link ExecutionException}
     * @throws InterruptedException {@link InterruptedException}
--- a/secure-app-model/keyvault/partnerconsent/src/main/webapp/WEB-INF/web.xml
+++ b/secure-app-model/keyvault/partnerconsent/src/main/webapp/WEB-INF/web.xml
@ -6,13 +6,12 @@
 	<display-name>Archetype Created Web Application</display-name>
 	<context-param>
 		<param-name>authority</param-name>
-		<param-value>https://login.microsoftonline.com/</param-value>
+		<param-value>https://login.microsoftonline.com</param-value>
 	</context-param>
 	<context-param>
 		<param-name>tenant</param-name>
 		<param-value>common</param-value>
 	</context-param>
-
 	<filter>
 		<filter-name>AuthenticationFilter</filter-name>
 		<filter-class>com.microsoft.store.samples.partnerconsent.security.AuthenticationFilter</filter-class>
@ -24,7 +23,6 @@
 			<param-name>client_secret</param-name>
 			<param-value></param-value>
 		</init-param>
-
 		<init-param>
 			<param-name>keyvault_base_url</param-name>
 			<param-value></param-value>
@ -41,28 +39,28 @@
 			<param-name>keyvault_certifcate_path</param-name>
 			<param-value></param-value>
 		</init-param>
+		<init-param>
+			<param-name>redirect_url</param-name>
+			<param-value></param-value>
+		</init-param>
 	</filter>
 	<filter-mapping>
 		<filter-name>AuthenticationFilter</filter-name>
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
-
 	<servlet>
 		<servlet-name>mvc-dispatcher</servlet-name>
 		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
-
 	<servlet-mapping>
 		<servlet-name>mvc-dispatcher</servlet-name>
 		<url-pattern></url-pattern>
 	</servlet-mapping>
-
 	<context-param>
 		<param-name>contextConfigLocation</param-name>
 		<param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
 	</context-param>
-
 	<listener>
 		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 	</listener>