use of com.epam.pipeline.security.ExternalServiceEndpoint in project cloud-pipeline by epam.
the class SAMLProxyFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (!urlMatches(request)) {
filterChain.doFilter(request, response);
return;
}
List<ExternalServiceEndpoint> externalServices = preferenceManager.getPreference(SYSTEM_EXTERNAL_SERVICES_ENDPOINTS);
if (CollectionUtils.isEmpty(externalServices)) {
LOGGER.warn(messageHelper.getMessage(MessageConstants.ERROR_PROXY_SECURITY_CONFIG_MISSING));
} else {
String samlResponse = request.getParameter("SAMLResponse");
if (StringUtils.isNotBlank(samlResponse)) {
try {
Response decoded = CustomSamlClient.decodeSamlResponse(samlResponse);
String audience = ListUtils.emptyIfNull(decoded.getAssertions()).stream().findFirst().map(Assertion::getConditions).map(conditions -> ListUtils.emptyIfNull(conditions.getAudienceRestrictions()).stream().findFirst()).flatMap(Function.identity()).map(audienceRestriction -> ListUtils.emptyIfNull(audienceRestriction.getAudiences()).stream().findFirst()).flatMap(Function.identity()).map(Audience::getAudienceURI).orElse(StringUtils.EMPTY);
LOGGER.debug("Received SAMLResponse for audience: {}", audience);
Optional<ExternalServiceEndpoint> endpointOpt = externalServices.stream().filter(e -> !StringUtils.EMPTY.equals(audience) && e.getEndpointId().equals(audience)).findFirst();
if (endpointOpt.isPresent()) {
authenticate(samlResponse, decoded, audience, endpointOpt.get());
}
} catch (SAMLException e) {
LOGGER.warn(e.getMessage(), e);
}
}
}
filterChain.doFilter(request, response);
}
use of com.epam.pipeline.security.ExternalServiceEndpoint in project cloud-pipeline by epam.
the class SAMLProxyAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
SAMLProxyAuthentication auth = (SAMLProxyAuthentication) authentication;
List<ExternalServiceEndpoint> externalServices = preferenceManager.getPreference(SYSTEM_EXTERNAL_SERVICES_ENDPOINTS);
if (CollectionUtils.isEmpty(externalServices)) {
throw new AuthenticationServiceException(messageHelper.getMessage(MessageConstants.ERROR_PROXY_SECURITY_CONFIG_MISSING));
}
if (StringUtils.isNotBlank(auth.getRawSamlResponse())) {
try {
Response decoded = CustomSamlClient.decodeSamlResponse(auth.getRawSamlResponse());
String endpointId = // cut out SSO endpoint
decoded.getDestination().substring(0, decoded.getDestination().length() - CustomSamlClient.SSO_ENDPOINT.length());
Optional<ExternalServiceEndpoint> endpointOpt = externalServices.stream().filter(e -> e.getEndpointId().equals(endpointId)).findFirst();
if (endpointOpt.isPresent()) {
return validateAuthentication(auth, decoded, endpointId, endpointOpt.get());
} else {
throw new AuthenticationServiceException("Authentication error: unexpected external service");
}
} catch (SAMLException e) {
throw new AuthenticationServiceException("Authentication error: ", e);
}
} else {
throw new AuthenticationServiceException("Authentication error: missing SAML token");
}
}
Aggregations