diff --git a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java index 74150fa8..081241da 100644 --- a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java @@ -62,6 +62,7 @@ import io.burt.jmespath.RuntimeConfiguration; import io.burt.jmespath.jcf.JcfRuntime; import java.io.IOException; +import java.io.Serializable; import java.io.UnsupportedEncodingException; import java.lang.reflect.Field; import java.net.MalformedURLException; @@ -119,7 +120,8 @@ * @author Steve Arch */ @SuppressWarnings("deprecation") -public class OicSecurityRealm extends SecurityRealm { +public class OicSecurityRealm extends SecurityRealm implements Serializable { + private static final long serialVersionUID = 1L; private static final Logger LOGGER = Logger.getLogger(OicSecurityRealm.class.getName()); public static enum TokenAuthMethod { client_secret_basic, client_secret_post }; @@ -803,17 +805,15 @@ public HttpResponse doCommenceLogin(@QueryParameter String from, @Header("Refere final String redirectOnFinish = getValidRedirectUrl(from != null ? from : referer); - final AuthorizationCodeFlow flow = this.buildAuthorizationCodeFlow(); - - return new OicSession(flow, from, buildOAuthRedirectUrl()) { + return new OicSession(from, buildOAuthRedirectUrl()) { @Override - public HttpResponse onSuccess(String authorizationCode) { + public HttpResponse onSuccess(String authorizationCode, AuthorizationCodeFlow flow) { try { AuthorizationCodeTokenRequest tokenRequest = flow.newTokenRequest(authorizationCode) .setRedirectUri(buildOAuthRedirectUrl()) .setResponseClass(OicTokenResponse.class); if (!sendScopesInTokenRequest) { - tokenRequest.setScopes(Collections.emptyList()); + tokenRequest.setScopes(Collections.emptyList()); } OicTokenResponse response = (OicTokenResponse) tokenRequest.execute(); @@ -850,7 +850,7 @@ public HttpResponse onSuccess(String authorizationCode) { } } - }.doCommenceLogin(isNonceDisabled()); + }.commenceLogin(isNonceDisabled(), buildAuthorizationCodeFlow()); } @SuppressFBWarnings( @@ -1132,7 +1132,7 @@ public HttpResponse doFinishLogin(StaplerRequest request) throws IOException { LOGGER.fine("No session to resume (perhaps jenkins was restarted?)"); return HttpResponses.errorWithoutStack(401, "Unauthorized"); } - return currentSession.doFinishLogin(request); + return currentSession.finishLogin(request, buildAuthorizationCodeFlow()); } @Extension diff --git a/src/main/java/org/jenkinsci/plugins/oic/OicSession.java b/src/main/java/org/jenkinsci/plugins/oic/OicSession.java index 5b802cbb..dc703b1c 100644 --- a/src/main/java/org/jenkinsci/plugins/oic/OicSession.java +++ b/src/main/java/org/jenkinsci/plugins/oic/OicSession.java @@ -32,6 +32,7 @@ import hudson.model.Failure; import hudson.remoting.Base64; import java.io.IOException; +import java.io.Serializable; import java.nio.charset.StandardCharsets; import java.util.UUID; import javax.servlet.http.HttpSession; @@ -52,9 +53,8 @@ * @author Michael Bischoff - adoptation */ @SuppressWarnings("deprecation") -abstract class OicSession { - - private final AuthorizationCodeFlow flow; +abstract class OicSession implements Serializable { + private static final long serialVersionUID = 1L; /** * An opaque value used by the client to maintain state between the request and callback. @@ -79,8 +79,7 @@ abstract class OicSession { */ private String idToken; - OicSession(AuthorizationCodeFlow flow, String from, String redirectUrl) { - this.flow = flow; + OicSession(String from, String redirectUrl) { this.from = from; this.redirectUrl = redirectUrl; } @@ -100,7 +99,7 @@ private void setupOicSession(HttpSession session) { * @return an {@link HttpResponse} */ @Restricted(DoNotUse.class) - public HttpResponse doCommenceLogin(boolean disableNonce) { + public HttpResponse commenceLogin(boolean disableNonce, AuthorizationCodeFlow flow) { setupOicSession(Stapler.getCurrentRequest().getSession()); AuthorizationCodeRequestUrl authorizationCodeRequestUrl = flow.newAuthorizationUrl().setState(state).setRedirectUri(redirectUrl); if (disableNonce) { @@ -115,7 +114,7 @@ public HttpResponse doCommenceLogin(boolean disableNonce) { * When the identity provider is done with its thing, the user comes back here. * @return an {@link HttpResponse} */ - public HttpResponse doFinishLogin(StaplerRequest request) throws IOException { + public HttpResponse finishLogin(StaplerRequest request, AuthorizationCodeFlow flow) throws IOException { StringBuffer buf = request.getRequestURL(); if (request.getQueryString() != null) { buf.append('?').append(request.getQueryString()); @@ -142,7 +141,7 @@ public HttpResponse doFinishLogin(StaplerRequest request) throws IOException { } setupOicSession(request.getSession(true)); - return onSuccess(code); + return onSuccess(code, flow); } /** @@ -158,7 +157,7 @@ public String getState() { return this.state; } - protected abstract HttpResponse onSuccess(String authorizationCode); + protected abstract HttpResponse onSuccess(String authorizationCode, AuthorizationCodeFlow flow); protected final boolean validateNonce(IdToken idToken) { if (idToken == null || this.nonce == null) { diff --git a/src/test/java/org/jenkinsci/plugins/oic/OicSessionTest.java b/src/test/java/org/jenkinsci/plugins/oic/OicSessionTest.java index b7913975..c9ce5a1e 100644 --- a/src/test/java/org/jenkinsci/plugins/oic/OicSessionTest.java +++ b/src/test/java/org/jenkinsci/plugins/oic/OicSessionTest.java @@ -1,5 +1,6 @@ package org.jenkinsci.plugins.oic; +import com.google.api.client.auth.oauth2.AuthorizationCodeFlow; import java.io.IOException; import jenkins.model.Jenkins; import org.junit.Before; @@ -28,9 +29,9 @@ public void init() throws IOException { .WithMinimalDefaults().WithScopes("openid") .build(); - session = new OicSession(realm.buildAuthorizationCodeFlow(), from, buildOAuthRedirectUrl()) { + session = new OicSession(from, buildOAuthRedirectUrl()) { @Override - public HttpResponse onSuccess(String authorizationCode) { + public HttpResponse onSuccess(String authorizationCode, AuthorizationCodeFlow flow) { return null; } };