Example 1 with SAMLAssertionHandler
use of org.codice.ddf.security.handler.saml.SAMLAssertionHandler in project ddf by codice.
the class IdpHandler method getNormalizedToken.
/**
* Handler implementing SAML 2.0 IdP authentication. Supports HTTP-Redirect and HTTP-POST bindings.
*
* @param request http request to obtain attributes from and to pass into any local filter chains required
* @param response http response to return http responses or redirects
* @param chain original filter chain (should not be called from your handler)
* @param resolve flag with true implying that credentials should be obtained, false implying return if no credentials are found.
* @return result of handling this request - status and optional tokens
* @throws ServletException
*/
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, FilterChain chain, boolean resolve) throws ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (httpRequest.getMethod().equals("HEAD")) {
((HttpServletResponse) response).setStatus(HttpServletResponse.SC_OK);
try {
response.flushBuffer();
} catch (IOException e) {
throw new ServletException("Unable to send response to HEAD message from IdP client.");
}
return new HandlerResult(HandlerResult.Status.NO_ACTION, null);
}
HttpServletRequestWrapper wrappedRequest = new HttpServletRequestWrapper(httpRequest) {
@Override
public Object getAttribute(String name) {
if (ContextPolicy.ACTIVE_REALM.equals(name)) {
return "idp";
}
return super.getAttribute(name);
}
};
SAMLAssertionHandler samlAssertionHandler = new SAMLAssertionHandler();
samlAssertionHandler.setSessionFactory(sessionFactory);
LOGGER.trace("Processing SAML assertion with SAML Handler.");
HandlerResult samlResult = samlAssertionHandler.getNormalizedToken(wrappedRequest, null, null, false);
if (samlResult != null && samlResult.getStatus() == HandlerResult.Status.COMPLETED) {
return samlResult;
}
if (isEcpEnabled(request)) {
return doPaosRequest(request, response);
}
if (userAgentCheck && userAgentIsNotBrowser(httpRequest)) {
SecurityLogger.audit("Attempting to log client in as a legacy system.");
return new HandlerResult(HandlerResult.Status.NO_ACTION, null);
}
HandlerResult handlerResult = new HandlerResult(HandlerResult.Status.REDIRECTED, null);
handlerResult.setSource("idp-" + SOURCE);
String path = httpRequest.getServletPath();
LOGGER.debug("Doing IdP authentication and authorization for path {}", path);
// Default to HTTP-Redirect if binding is null
if (idpMetadata.getSingleSignOnBinding() == null || idpMetadata.getSingleSignOnBinding().endsWith("Redirect")) {
doHttpRedirectBinding((HttpServletRequest) request, (HttpServletResponse) response);
} else {
doHttpPostBinding((HttpServletRequest) request, (HttpServletResponse) response);
}
return handlerResult;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
SAMLAssertionHandler(org.codice.ddf.security.handler.saml.SAMLAssertionHandler)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
IOException(java.io.IOException)
Aggregations
IOException (java.io.IOException)1
ServletException (javax.servlet.ServletException)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)1
SAMLAssertionHandler (org.codice.ddf.security.handler.saml.SAMLAssertionHandler)1
