in src/main/java/com/microsoft/aad/oidcpoc/CoreFilter.java [22:57]
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
try {
//see if call is a response from Azure AD with claims
if (AuthHelper.isAuthenticated(httpRequest) || (!AuthHelper.containsAuthenticationData(httpRequest))) {
chain.doFilter(request, response);
return;
}
//continue with Azure AD validation
// check if user has a AuthData in the session
String currentUri = AuthHelper.GetReplyUri((HttpServletRequest) request);
String queryStr = httpRequest.getQueryString();
String fullUrl = currentUri + (queryStr != null ? "?" + queryStr : "");
_flow.processAuthenticationData(httpRequest, httpResponse, currentUri, fullUrl);
if (_flow.isAuthDataExpired(httpRequest)) {
_flow.updateAuthDataUsingRefreshToken(httpRequest, httpResponse);
}
} catch (AuthenticationException authException) {
// something went wrong (like expiration or revocation of token)
// we should invalidate AuthData stored in session and redirect to Authorization server
_flow.removePrincipalFromSession(httpRequest);
return;
} catch (Throwable exc) {
httpResponse.setStatus(500);
request.setAttribute("error", exc.getMessage());
request.getRequestDispatcher("/error.jsp").forward(request, response);
}
}
chain.doFilter(request, response);
}