Package jetbrains.buildServer.serverSide.oauth

Class AuthorizationStateUtil

java.lang.Object

jetbrains.buildServer.serverSide.oauth.AuthorizationStateUtil

public class AuthorizationStateUtil
extends Object

Constructor Summary

Constructors

Constructor	Description
AuthorizationStateUtil()

Method Summary

Modifier and Type	Method	Description
static String	encodeStateContainer(Map<String,String> stateParametrs)
static String	generateRequestKeyForState(javax.servlet.http.HttpServletRequest request, String validationValue)	Generates a unique request key to be used in the state container.
static Map<String,String>	getStateContainer(javax.servlet.http.HttpServletRequest request)
static boolean	isStateValid(String requestKey, javax.servlet.http.HttpServletRequest request, String validationValue)	Confirms that the given request key does exist in the HTTP session and its associated validation value matches the given validation value.
static void	removeState(String requestKey, javax.servlet.http.HttpServletRequest request)	Removes a state entry from the session storage by its request key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationStateUtil

public AuthorizationStateUtil()

Method Detail

generateRequestKeyForState

@NotNull
public static String generateRequestKeyForState(@NotNull
                                                javax.servlet.http.HttpServletRequest request,
                                                @NotNull
                                                String validationValue)

Generates a unique request key to be used in the state container. The request key will be stored in the HTTP session alongside the provided validation value. Request key and validation value can be used for validating received state containers, see isStateValid(java.lang.String, javax.servlet.http.HttpServletRequest, java.lang.String).

Parameters:

request - HTTP servlet request

validationValue - validation value

Returns:

request key

isStateValid

public static boolean isStateValid(String requestKey,
                                   @NotNull
                                   javax.servlet.http.HttpServletRequest request,
                                   @NotNull
                                   String validationValue)

Confirms that the given request key does exist in the HTTP session and its associated validation value matches the given validation value. Callers must ensure that the validation value provided here and at generateRequestKeyForState(javax.servlet.http.HttpServletRequest, java.lang.String) is derived similarly. It is advisable to remove the state value on successful validation via removeState(java.lang.String, javax.servlet.http.HttpServletRequest) to prevent replay attacks.

Parameters:

requestKey - request key to validate

request - HTTP servlet request

validationValue - validation value to match

Returns:

true if all values match

removeState

public static void removeState(@NotNull
                               String requestKey,
                               @NotNull
                               javax.servlet.http.HttpServletRequest request)

Removes a state entry from the session storage by its request key. Subsequent calls to isStateValid(java.lang.String, javax.servlet.http.HttpServletRequest, java.lang.String) will fail thereafter.

Parameters:

requestKey - key of the entry to remove

request - HTTP servlet request

getStateContainer

@Nullable
public static Map<String,String> getStateContainer(@NotNull
                                                         javax.servlet.http.HttpServletRequest request)

encodeStateContainer

public static String encodeStateContainer(@NotNull
                                          Map<String,String> stateParametrs)