Example 11 with AuthenticationFailureException
use of org.codice.ddf.platform.filter.AuthenticationFailureException in project ddf by codice.
the class IdpHandler method getNormalizedToken.
/**
* Handler implementing SAML 2.0 IdP authentication. Supports HTTP-Redirect and HTTP-POST
* bindings.
*
* @param request http request to obtain attributes from and to pass into any local filter chains
* required
* @param response http response to return http responses or redirects
* @param chain original filter chain (should not be called from your handler)
* @param resolve flag with true implying that credentials should be obtained, false implying
* return if no credentials are found.
* @return result of handling this request - status and optional tokens
* @throws AuthenticationFailureException
*/
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, SecurityFilterChain chain, boolean resolve) throws AuthenticationFailureException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (httpRequest.getMethod().equals("HEAD")) {
((HttpServletResponse) response).setStatus(HttpServletResponse.SC_OK);
try {
response.flushBuffer();
} catch (IOException e) {
throw new AuthenticationFailureException("Unable to send response to HEAD message from IdP client.");
}
return new HandlerResultImpl(HandlerResult.Status.NO_ACTION, null);
}
LOGGER.trace("Checking for assertion in HTTP header.");
HandlerResult samlResult = checkForAssertionInHttpHeader(request);
if (samlResult != null && samlResult.getStatus() == HandlerResult.Status.COMPLETED) {
return samlResult;
}
if (isEcpEnabled(request)) {
return doPaosRequest(request, response);
}
if (userAgentCheck && userAgentIsNotBrowser(httpRequest)) {
securityLogger.audit("Attempting to log client in as a legacy system.");
return new HandlerResultImpl(HandlerResult.Status.NO_ACTION, null);
}
HandlerResult handlerResult = new HandlerResultImpl(HandlerResult.Status.REDIRECTED, null);
handlerResult.setSource(SOURCE);
String path = httpRequest.getServletPath();
LOGGER.debug("Doing IdP authentication and authorization for path {}", path);
// Default to HTTP-Redirect if binding is null
if (idpMetadata.getSingleSignOnBinding() == null || idpMetadata.getSingleSignOnBinding().endsWith("Redirect")) {
doHttpRedirectBinding((HttpServletRequest) request, (HttpServletResponse) response);
} else {
doHttpPostBinding((HttpServletRequest) request, (HttpServletResponse) response);
}
return handlerResult;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
IOException(java.io.IOException)
AuthenticationFailureException(org.codice.ddf.platform.filter.AuthenticationFailureException)
Aggregations
AuthenticationFailureException (org.codice.ddf.platform.filter.AuthenticationFailureException)11
IOException (java.io.IOException)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)4
HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)4
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)3
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)3
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)3
Document (org.w3c.dom.Document)3
Element (org.w3c.dom.Element)3
SignatureException (ddf.security.samlp.SignatureException)2
AuthenticationChallengeException (org.codice.ddf.platform.filter.AuthenticationChallengeException)2
SecurityAssertion (ddf.security.assertion.SecurityAssertion)1
SecurityServiceException (ddf.security.service.SecurityServiceException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
X509Certificate (java.security.cert.X509Certificate)1
UriBuilder (javax.ws.rs.core.UriBuilder)1
UriBuilderImpl (org.apache.cxf.jaxrs.impl.UriBuilderImpl)1
