Search in sources :

Example 1 with SamlOnRedirectUpdateSessionResponseWrapper

use of org.pentaho.platform.spring.security.saml.responsewrapper.SamlOnRedirectUpdateSessionResponseWrapper in project pentaho-engineering-samples by pentaho.

the class PentahoSamlAuthenticationSuccessHandler method onAuthenticationSuccess.

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
    try {
        if (authentication instanceof ExpiringUsernameAuthenticationToken) {
            // since no expiration date is passed, this token's behaviour is the same as UsernamePasswordAuthenticationToken
            // also, we would have a hard time supporting a supporting a saml-specific token like this
            // ExpiringUsernameAuthenticationToken in ss2-proxies / ss4-proxies
            // 
            // http://docs.spring.io/spring-security-saml/docs/current/api/org/springframework/security/providers/ExpiringUsernameAuthenticationToken.html
            authentication = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authentication.getAuthorities());
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
        // legacy spring ( i.e. non-osgi spring.framework ) SecurityContext storing
        IProxyFactory factory = PentahoSystem.get(IProxyFactory.class);
        Object securityContextProxy = null;
        if (requireProxyWrapping) {
            securityContextProxy = factory.createProxy(SecurityContextHolder.getContext());
            request.setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContextProxy);
        } else {
            request.setAttribute(SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
        }
        // pentaho auth storing
        // $NON-NLS-1$
        logger.info("synchronizing current IPentahoSession with SecurityContext");
        IPentahoSession pentahoSession = PentahoSessionHolder.getSession();
        Assert.notNull(pentahoSession, "PentahoSessionHolder doesn't have a session");
        pentahoSession.setAuthenticated(authentication.getName());
        // Note: spring-security 2 expects an *array* of GrantedAuthorities ( ss4 uses a list )
        pentahoSession.setAttribute(IPentahoSession.SESSION_ROLES, requireProxyWrapping ? proxyGrantedAuthorities(factory, authentication.getAuthorities()) : authentication.getAuthorities());
        // time to create this user's home folder
        createUserHomeFolder(authentication.getName());
        super.onAuthenticationSuccess(request, new SamlOnRedirectUpdateSessionResponseWrapper(response, request, true, 0, requireProxyWrapping ? securityContextProxy : SecurityContextHolder.getContext(), authentication), authentication);
    } catch (Exception e) {
        logger.error(e.getLocalizedMessage(), e);
    }
}
Also used : IProxyFactory(org.pentaho.platform.proxy.api.IProxyFactory) IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession) ExpiringUsernameAuthenticationToken(org.springframework.security.providers.ExpiringUsernameAuthenticationToken) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) SamlOnRedirectUpdateSessionResponseWrapper(org.pentaho.platform.spring.security.saml.responsewrapper.SamlOnRedirectUpdateSessionResponseWrapper) ServletException(javax.servlet.ServletException) ProxyException(org.pentaho.platform.proxy.impl.ProxyException) IOException(java.io.IOException)

Aggregations

IOException (java.io.IOException)1 ServletException (javax.servlet.ServletException)1 IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)1 IProxyFactory (org.pentaho.platform.proxy.api.IProxyFactory)1 ProxyException (org.pentaho.platform.proxy.impl.ProxyException)1 SamlOnRedirectUpdateSessionResponseWrapper (org.pentaho.platform.spring.security.saml.responsewrapper.SamlOnRedirectUpdateSessionResponseWrapper)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 ExpiringUsernameAuthenticationToken (org.springframework.security.providers.ExpiringUsernameAuthenticationToken)1