Example 1 with HandlerResult
use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.
the class IdpHandler method getNormalizedToken.
/**
* Handler implementing SAML 2.0 IdP authentication. Supports HTTP-Redirect and HTTP-POST bindings.
*
* @param request http request to obtain attributes from and to pass into any local filter chains required
* @param response http response to return http responses or redirects
* @param chain original filter chain (should not be called from your handler)
* @param resolve flag with true implying that credentials should be obtained, false implying return if no credentials are found.
* @return result of handling this request - status and optional tokens
* @throws ServletException
*/
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, FilterChain chain, boolean resolve) throws ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (httpRequest.getMethod().equals("HEAD")) {
((HttpServletResponse) response).setStatus(HttpServletResponse.SC_OK);
try {
response.flushBuffer();
} catch (IOException e) {
throw new ServletException("Unable to send response to HEAD message from IdP client.");
}
return new HandlerResult(HandlerResult.Status.NO_ACTION, null);
}
HttpServletRequestWrapper wrappedRequest = new HttpServletRequestWrapper(httpRequest) {
@Override
public Object getAttribute(String name) {
if (ContextPolicy.ACTIVE_REALM.equals(name)) {
return "idp";
}
return super.getAttribute(name);
}
};
SAMLAssertionHandler samlAssertionHandler = new SAMLAssertionHandler();
samlAssertionHandler.setSessionFactory(sessionFactory);
LOGGER.trace("Processing SAML assertion with SAML Handler.");
HandlerResult samlResult = samlAssertionHandler.getNormalizedToken(wrappedRequest, null, null, false);
if (samlResult != null && samlResult.getStatus() == HandlerResult.Status.COMPLETED) {
return samlResult;
}
if (isEcpEnabled(request)) {
return doPaosRequest(request, response);
}
if (userAgentCheck && userAgentIsNotBrowser(httpRequest)) {
SecurityLogger.audit("Attempting to log client in as a legacy system.");
return new HandlerResult(HandlerResult.Status.NO_ACTION, null);
}
HandlerResult handlerResult = new HandlerResult(HandlerResult.Status.REDIRECTED, null);
handlerResult.setSource("idp-" + SOURCE);
String path = httpRequest.getServletPath();
LOGGER.debug("Doing IdP authentication and authorization for path {}", path);
// Default to HTTP-Redirect if binding is null
if (idpMetadata.getSingleSignOnBinding() == null || idpMetadata.getSingleSignOnBinding().endsWith("Redirect")) {
doHttpRedirectBinding((HttpServletRequest) request, (HttpServletResponse) response);
} else {
doHttpPostBinding((HttpServletRequest) request, (HttpServletResponse) response);
}
return handlerResult;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
SAMLAssertionHandler(org.codice.ddf.security.handler.saml.SAMLAssertionHandler)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
IOException(java.io.IOException)
Example 2 with HandlerResult
use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.
the class SAMLAssertionHandlerTest method testGetNormalizedTokenSuccessWithHeader.
/**
* This test ensures the proper functionality of SAMLAssertionHandler's
* method, getNormalizedToken(), when given a valid HttpServletRequest.
*/
@Test
public void testGetNormalizedTokenSuccessWithHeader() throws Exception {
SAMLAssertionHandler handler = new SAMLAssertionHandler();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
FilterChain chain = mock(FilterChain.class);
Element assertion = readDocument("/saml.xml").getDocumentElement();
String assertionId = assertion.getAttributeNodeNS(null, "ID").getNodeValue();
SecurityToken samlToken = new SecurityToken(assertionId, assertion, null);
SamlAssertionWrapper wrappedAssertion = new SamlAssertionWrapper(samlToken.getToken());
String saml = wrappedAssertion.assertionToString();
doReturn("SAML " + RestSecurity.deflateAndBase64Encode(saml)).when(request).getHeader(SecurityConstants.SAML_HEADER_NAME);
HandlerResult result = handler.getNormalizedToken(request, response, chain, true);
assertNotNull(result);
assertEquals(HandlerResult.Status.COMPLETED, result.getStatus());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
FilterChain(javax.servlet.FilterChain)
Element(org.w3c.dom.Element)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Test(org.junit.Test)
Example 3 with HandlerResult
use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.
the class SAMLAssertionHandlerTest method testGetNormalizedTokenFromSession.
@Test
public void testGetNormalizedTokenFromSession() throws Exception {
SAMLAssertionHandler handler = new SAMLAssertionHandler();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
FilterChain chain = mock(FilterChain.class);
when(request.getCookies()).thenReturn(null);
HttpSession session = mock(HttpSession.class);
when(request.getSession(false)).thenReturn(session);
when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("foo");
SecurityTokenHolder tokenHolder = mock(SecurityTokenHolder.class);
when(session.getAttribute(SecurityConstants.SAML_ASSERTION)).thenReturn(tokenHolder);
SecurityToken securityToken = mock(SecurityToken.class);
when(tokenHolder.getSecurityToken("foo")).thenReturn(securityToken);
when(securityToken.getToken()).thenReturn(readDocument("/saml.xml").getDocumentElement());
HandlerResult result = handler.getNormalizedToken(request, response, chain, true);
assertNotNull(result);
assertEquals(HandlerResult.Status.COMPLETED, result.getStatus());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurityTokenHolder(ddf.security.common.SecurityTokenHolder)
HttpSession(javax.servlet.http.HttpSession)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Test(org.junit.Test)
Example 4 with HandlerResult
use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.
the class SAMLAssertionHandlerTest method testGetNormalizedTokenSuccessWithCookie.
/**
* This test ensures the proper functionality of SAMLAssertionHandler's
* method, getNormalizedToken(), when given a valid HttpServletRequest.
* Uses legacy SAML cookie
*/
@Test
public void testGetNormalizedTokenSuccessWithCookie() throws Exception {
SAMLAssertionHandler handler = new SAMLAssertionHandler();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
FilterChain chain = mock(FilterChain.class);
Element assertion = readDocument("/saml.xml").getDocumentElement();
String assertionId = assertion.getAttributeNodeNS(null, "ID").getNodeValue();
SecurityToken samlToken = new SecurityToken(assertionId, assertion, null);
SamlAssertionWrapper wrappedAssertion = new SamlAssertionWrapper(samlToken.getToken());
String saml = wrappedAssertion.assertionToString();
Cookie cookie = new Cookie(SecurityConstants.SAML_COOKIE_NAME, RestSecurity.deflateAndBase64Encode(saml));
when(request.getCookies()).thenReturn(new Cookie[] { cookie });
HandlerResult result = handler.getNormalizedToken(request, response, chain, true);
assertNotNull(result);
assertEquals(HandlerResult.Status.COMPLETED, result.getStatus());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Cookie(javax.servlet.http.Cookie)
FilterChain(javax.servlet.FilterChain)
Element(org.w3c.dom.Element)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Test(org.junit.Test)
Example 5 with HandlerResult
use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.
the class SAMLAssertionHandlerTest method testGetNormalizedTokenFailureWithHeader.
/**
* This test ensures the proper functionality of SAMLAssertionHandler's
* method, getNormalizedToken(), when given an invalid HttpServletRequest.
*/
@Test
public void testGetNormalizedTokenFailureWithHeader() {
SAMLAssertionHandler handler = new SAMLAssertionHandler();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
FilterChain chain = mock(FilterChain.class);
doReturn(null).when(request).getHeader(SecurityConstants.SAML_HEADER_NAME);
HandlerResult result = handler.getNormalizedToken(request, response, chain, true);
assertNotNull(result);
assertEquals(HandlerResult.Status.NO_ACTION, result.getStatus());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Test(org.junit.Test)
Aggregations
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)74
HttpServletRequest (javax.servlet.http.HttpServletRequest)44
Test (org.junit.Test)44
HttpServletResponse (javax.servlet.http.HttpServletResponse)40
HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)17
SecurityFilterChain (org.codice.ddf.platform.filter.SecurityFilterChain)15
FilterChain (javax.servlet.FilterChain)13
IOException (java.io.IOException)11
ServletException (javax.servlet.ServletException)8
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)8
HttpSession (javax.servlet.http.HttpSession)7
AuthenticationHandler (org.codice.ddf.security.handler.api.AuthenticationHandler)7
Element (org.w3c.dom.Element)7
ServletRequest (javax.servlet.ServletRequest)6
ServletResponse (javax.servlet.ServletResponse)6
ContextPolicyManager (org.codice.ddf.security.policy.context.ContextPolicyManager)6
AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)5
BaseAuthenticationToken (org.codice.ddf.security.handler.api.BaseAuthenticationToken)5
SAMLAuthenticationToken (org.codice.ddf.security.handler.api.SAMLAuthenticationToken)5
ProxyFilterChain (org.codice.ddf.security.handler.cas.filter.ProxyFilterChain)5
