From 75c60dd85acc809515ccba4d87bc60afe02b0d6b Mon Sep 17 00:00:00 2001 From: hiroshi yamashita Date: Fri, 27 Sep 2024 11:54:29 +0900 Subject: [PATCH] bugfix OpenIdConnectAuthenticator --- .../sso/oic/OpenIdConnectAuthenticator.java | 105 +++++++++++------- 1 file changed, 62 insertions(+), 43 deletions(-) diff --git a/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java b/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java index 5de4e138c..63ff86fbb 100644 --- a/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java +++ b/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java @@ -105,7 +105,6 @@ public LoginCredential getLoginCredential() { if (sesState.equals(reqState) && StringUtil.isNotBlank(code)) { return processCallback(request, code); } - return null; } } @@ -171,54 +170,74 @@ protected void parseJwtClaim(final String jwtClaim, final Map at if (name != null) { jsonParser.nextToken(); - // TODO other parameters - switch (name) { - case "iss": - attributes.put("iss", jsonParser.getText()); - break; - case "sub": - attributes.put("sub", jsonParser.getText()); - break; - case "azp": - attributes.put("azp", jsonParser.getText()); - break; - case "email": - attributes.put("email", jsonParser.getText()); - break; - case "at_hash": - attributes.put("at_hash", jsonParser.getText()); - break; - case "email_verified": - attributes.put("email_verified", jsonParser.getText()); - break; - case "aud": - attributes.put("aud", jsonParser.getText()); - break; - case "iat": - attributes.put("iat", jsonParser.getText()); - break; - case "exp": - attributes.put("exp", jsonParser.getText()); - break; - case "groups": - final List list = new ArrayList<>(); - while (jsonParser.nextToken() != JsonToken.END_ARRAY) { - final String group = jsonParser.getText(); - list.add(group); - } - if (logger.isDebugEnabled()) { - logger.debug("groups: {}", list); - } - attributes.put("groups", list.toArray(new String[list.size()])); - break; - default: - break; + if (jsonParser.getCurrentToken() == JsonToken.START_ARRAY) { + // Handle array type + attributes.put(name, parseArray(jsonParser)); + } else if (jsonParser.getCurrentToken() == JsonToken.START_OBJECT) { + // Handle nested object type + attributes.put(name, parseObject(jsonParser)); + } else { + // Handle primitive types (string, number, boolean, etc.) + attributes.put(name, parsePrimitive(jsonParser)); } } } } } + private Object parsePrimitive(JsonParser jsonParser) throws IOException { + JsonToken token = jsonParser.getCurrentToken(); + switch (token) { + case VALUE_STRING: + return jsonParser.getText(); + case VALUE_NUMBER_INT: + return jsonParser.getLongValue(); + case VALUE_NUMBER_FLOAT: + return jsonParser.getDoubleValue(); + case VALUE_TRUE: + return true; + case VALUE_FALSE: + return false; + case VALUE_NULL: + return null; + default: + return null; // Or throw an exception if unexpected token + } + } + + private Object parseArray(JsonParser jsonParser) throws IOException { + List list = new ArrayList<>(); + while (jsonParser.nextToken() != JsonToken.END_ARRAY) { + if (jsonParser.getCurrentToken() == JsonToken.START_OBJECT) { + list.add(parseObject(jsonParser)); + } else if (jsonParser.getCurrentToken() == JsonToken.START_ARRAY) { + list.add(parseArray(jsonParser)); // Nested array + } else { + list.add(parsePrimitive(jsonParser)); + } + } + return list; + } + + private Map parseObject(JsonParser jsonParser) throws IOException { + Map nestedMap = new HashMap<>(); + while (jsonParser.nextToken() != JsonToken.END_OBJECT) { + String fieldName = jsonParser.getCurrentName(); + if (fieldName != null) { + jsonParser.nextToken(); // Move to the value of the current field + + if (jsonParser.getCurrentToken() == JsonToken.START_ARRAY) { + nestedMap.put(fieldName, parseArray(jsonParser)); + } else if (jsonParser.getCurrentToken() == JsonToken.START_OBJECT) { + nestedMap.put(fieldName, parseObject(jsonParser)); + } else { + nestedMap.put(fieldName, parsePrimitive(jsonParser)); + } + } + } + return nestedMap; + } + protected TokenResponse getTokenUrl(final String code) throws IOException { return new AuthorizationCodeTokenRequest(httpTransport, jsonFactory, new GenericUrl(getOicTokenServerUrl()), code)// .setGrantType("authorization_code")//