Examples of IDPWebRequestUtil

org.jboss.identity.federation.web.util.IDPWebRequestUtil
Request Util Not thread safe @author Anil.Saldhana@redhat.com @since May 18, 2009
org.picketlink.identity.federation.web.util.IDPWebRequestUtil
Request Util Not thread safe @author Anil.Saldhana@redhat.com @since May 18, 2009

Examples of org.jboss.identity.federation.web.util.IDPWebRequestUtil

            log.trace("Login Filters have not been configured");
         response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); 
      } 
      
      
      IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, 
            idpConfiguration, keyManager);


      if(userPrincipal != null)
      {
         if(trace)
         {
            log.trace("Retrieved saml message and relay state from session");
            log.trace("saml message=" + samlMessage + "::relay state="+ relayState);
         }
         session.removeAttribute("SAMLRequest");


         if(relayState != null && relayState.length() > 0)
            session.removeAttribute("RelayState");


         //Send valid saml response after processing the request
         if(samlMessage != null)
         {
            //Get the SAML Request Message
            RequestAbstractType requestAbstractType =  null; 
            Document samlResponse = null;
            String destination = null;
            try
            {
               requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
               boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
               boolean isValid = validate(request.getRemoteAddr(),
                     request.getQueryString(),
                     new SessionHolder(samlMessage, null, null), isPost);
               
               if(!isValid)
                  throw new GeneralSecurityException("Validation check failed");


               webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());


               
               List<String> roles = (List<String>) session.getAttribute(ROLES_ID); 
               if(roles == null) 
               {
                  roles = rg.generateRoles(userPrincipal);
                  session.setAttribute(ROLES_ID, roles);
               }
                  


               if(trace) 
                  log.trace("Roles have been determined:Creating response");


               AuthnRequestType art = (AuthnRequestType) requestAbstractType;
               destination = art.getAssertionConsumerServiceURL();


               samlResponse = 
                  webRequestUtil.getResponse(destination, 
                        userPrincipal, roles,
                        this.identityURL, this.assertionValidity, this.signOutgoingMessages); 
            }
            catch (IssuerNotTrustedException e)
            {
               if(trace) log.trace(e);


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(), 
                        this.identityURL, this.signOutgoingMessages);  
            }
            catch (ParsingException e)
            {
               if(trace) log.trace(e);


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages); 
            }
            catch (ConfigurationException e)
            {
               if(trace) log.trace(e); 


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages);
            }
            catch (IssueInstantMissingException e)
            {
               if(trace) log.trace(e); 


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages); 
            } 
            catch(GeneralSecurityException e)
            {
               if(trace) log.trace(e); 


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages); 
            }
            finally
            {
               try
               { 
                  if(this.signOutgoingMessages)
                     webRequestUtil.send(samlResponse, destination,relayState, response, true, 
                           this.keyManager.getSigningKey());
                  else
                     webRequestUtil.send(samlResponse, destination, relayState, response, false,null);
               }
               catch (ParsingException e)
               {
                  if(trace) log.trace(e);
               }

View Full Code Here

Examples of org.jboss.identity.federation.web.util.IDPWebRequestUtil

            log.trace("Login Filters have not been configured");
         response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); 
      } 
      
      
      IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, 
            idpConfiguration, keyManager);
      webRequestUtil.setAttributeManager(this.attribManager);
      webRequestUtil.setAttributeKeys(attributeKeys);


      if(userPrincipal != null)
      {
         if(trace)
         {
            log.trace("Retrieved saml message and relay state from session");
            log.trace("saml message=" + samlMessage + "::relay state="+ relayState);
         }
         session.removeAttribute("SAMLRequest");


         if(relayState != null && relayState.length() > 0)
            session.removeAttribute("RelayState");


         //Send valid saml response after processing the request
         if(samlMessage != null)
         {
            //Get the SAML Request Message
            RequestAbstractType requestAbstractType =  null; 
            Document samlResponse = null;
            String destination = null;
            try
            {
               requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
               boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
               boolean isValid = validate(request.getRemoteAddr(),
                     request.getQueryString(),
                     new SessionHolder(samlMessage, null), isPost);
               
               if(!isValid)
                  throw new GeneralSecurityException("Validation check failed");


               webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());


               
               List<String> roles = (List<String>) session.getAttribute(ROLES_ID); 
               if(roles == null) 
               {
                  roles = rg.generateRoles(userPrincipal);
                  session.setAttribute(ROLES_ID, roles);
               }
                  


               if(trace) 
                  log.trace("Roles have been determined:Creating response");


               AuthnRequestType art = (AuthnRequestType) requestAbstractType;
               destination = art.getAssertionConsumerServiceURL();


               samlResponse = 
                  webRequestUtil.getResponse(destination, 
                        userPrincipal, roles,
                        this.identityURL, this.assertionValidity, this.signOutgoingMessages); 
            }
            catch (IssuerNotTrustedException e)
            {
               if(trace) log.trace(e);


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(), 
                        this.identityURL, this.signOutgoingMessages);  
            }
            catch (ParsingException e)
            {
               if(trace) log.trace(e);


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages); 
            }
            catch (ConfigurationException e)
            {
               if(trace) log.trace(e); 


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages);
            }
            catch (IssueInstantMissingException e)
            {
               if(trace) log.trace(e); 


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages); 
            } 
            catch(GeneralSecurityException e)
            {
               if(trace) log.trace(e); 


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages); 
            }
            finally
            {
               try
               { 
                  if(samlResponse == null)
                     throw new ServletException("SAML Response has not been generated");
                  
                  if(this.signOutgoingMessages)
                     webRequestUtil.send(samlResponse, destination,relayState, response, true, 
                           this.keyManager.getSigningKey());
                  else
                     webRequestUtil.send(samlResponse, destination, relayState, response, false,null);
               }
               catch (ParsingException e)
               {
                  if(trace) log.trace(e);
               }

View Full Code Here

Examples of org.jboss.identity.federation.web.util.IDPWebRequestUtil

               log.trace("Referer in finally block="+ referer + ":user principal=" + userPrincipal); 
         }
      }
      
      
      IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);
      webRequestUtil.setAttributeManager(this.attribManager);
      webRequestUtil.setAttributeKeys(attributeKeys);
      
      Document samlErrorResponse = null;
      //Look for unauthorized status
      if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
      {
         try
         {
            samlErrorResponse =
              webRequestUtil.getErrorResponse(referer, 
                  JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                  this.identityURL, this.signOutgoingMessages); 
         
            if(this.signOutgoingMessages)
               webRequestUtil.send(samlErrorResponse, referer, relayState, response, true, 
                     this.keyManager.getSigningKey());
            else
               webRequestUtil.send(samlErrorResponse, referer,relayState, response, false,null);
            
         } 
         catch (GeneralSecurityException e)
         {
            throw new ServletException(e);
         }  
         return;
      }  
      
      if(userPrincipal != null)
      {
         /**
          * Since the container has finished the authentication,
          * we can retrieve the original saml message as well as
          * any relay state from the SP
          */
         samlMessage = (String) session.getNote("SAMLRequest");
         relayState = (String) session.getNote("RelayState");
         signature = (String) session.getNote("Signature");
         sigAlg = (String) session.getNote("sigAlg");
         
         if(trace) 
         {
            log.trace("Retrieved saml message and relay state from session");
            log.trace("saml message=" + samlMessage + "::relay state="+ relayState);
            log.trace("Signature=" + signature + "::sigAlg="+ sigAlg);
         }
         
         session.removeNote("SAMLRequest");
         
         if(relayState != null && relayState.length() > 0)
            session.removeNote("RelayState");
         
         if(signature != null && signature.length() > 0)
            session.removeNote("Signature");
         if(sigAlg != null && sigAlg.length() > 0)
            session.removeNote("sigAlg");
         
         //Send valid saml response after processing the request
         if(samlMessage != null)
         {
            //Get the SAML Request Message
            RequestAbstractType requestAbstractType =  null; 
            Document samlResponse = null;
            String destination = null;
               try
               {
                  requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
                  boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
                  boolean isValid = validate(request.getRemoteAddr(),
                        request.getQueryString(),
                        new SessionHolder(samlMessage, signature, sigAlg), isPost);
                  if(!isValid)
                     throw new GeneralSecurityException("Validation check failed");
                  
                  webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());


                  List<String> roles = rg.generateRoles(userPrincipal);
                  
                  log.trace("Roles have been determined:Creating response");


                  AuthnRequestType art = (AuthnRequestType) requestAbstractType;
                  destination = art.getAssertionConsumerServiceURL();
                  
                  samlResponse = 
                     webRequestUtil.getResponse(destination, 
                           userPrincipal, roles,
                           this.identityURL, this.assertionValidity, this.signOutgoingMessages); 
               }
               catch (IssuerNotTrustedException e)
               {
                  if(trace) log.trace(e);
                   
                  samlResponse =
                        webRequestUtil.getErrorResponse(referer, 
                            JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(), 
                            this.identityURL, this.signOutgoingMessages);  
               }
               catch (ParsingException e)
               {
                  if(trace) log.trace(e);
                   
                  samlResponse =
                     webRequestUtil.getErrorResponse(referer, 
                         JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                         this.identityURL, this.signOutgoingMessages); 
               }
               catch (ConfigurationException e)
               {
                  if(trace) log.trace(e);
                   
                  samlResponse =
                     webRequestUtil.getErrorResponse(referer, 
                         JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                         this.identityURL, this.signOutgoingMessages);
               }
               catch (IssueInstantMissingException e)
               {
                  if(trace) log.trace(e); 
                  
                  samlResponse =
                     webRequestUtil.getErrorResponse(referer, 
                         JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                         this.identityURL, this.signOutgoingMessages); 
               } 
               catch(GeneralSecurityException e)
               {
                  if(trace) log.trace(e);
                  
                  samlResponse =
                     webRequestUtil.getErrorResponse(referer, 
                         JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                         this.identityURL, this.signOutgoingMessages); 
               }
               finally
               {
                  try
                  {
                     if(webRequestUtil.hasSAMLRequestInPostProfile())
                        recycle(response);
                     
                     if(this.signOutgoingMessages)
                        webRequestUtil.send(samlResponse, destination,relayState, response, true, 
                              this.keyManager.getSigningKey());
                     else
                        webRequestUtil.send(samlResponse, destination, relayState, response, false,null);
                  }
                  catch (ParsingException e)
                  {
                     if(trace) log.trace(e);
                  }

View Full Code Here

Examples of org.jboss.identity.federation.web.util.IDPWebRequestUtil

         if(trace) 
            log.trace("Login Filters have not been configured");
         response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); 
      }      
      
      IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, 
            idpConfiguration, keyManager);
      webRequestUtil.setAttributeManager(this.attribManager);
      webRequestUtil.setAttributeKeys(attributeKeys);


      if(userPrincipal != null)
      {
         if(trace)
         {
            log.trace("Retrieved saml message and relay state from session");
            log.trace("saml Request message=" + samlRequestMessage + "::relay state="+ relayState);
            log.trace("saml Response message=" + samlResponseMessage + "::relay state="+ relayState);
         }
         session.removeAttribute("SAMLRequest");
         session.removeAttribute("SAMLResponse");


         if(relayState != null && relayState.length() > 0)
            session.removeAttribute("RelayState");
         
         SAML2Object samlObject = null;
         String destination = null;
         Document samlResponse = null;
         
         if(samlResponseMessage != null)
         {
            StatusResponseType statusResponseType = null;
            try
            {
               samlObject = webRequestUtil.getSAMLObject(samlResponseMessage);
               
               boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
               boolean isValid = validate(request.getRemoteAddr(),
                     request.getQueryString(),
                     new SessionHolder(samlResponseMessage, null), isPost);
               
               if(!isValid)
                  throw new GeneralSecurityException("Validation check failed");


               String issuer = null;
               IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
               ProtocolContext protocolContext = new HTTPContext(request,response, context);
               //Create the request/response
               SAML2HandlerRequest saml2HandlerRequest = 
                  new DefaultSAML2HandlerRequest(protocolContext,
                        idpIssuer.getIssuer(), samlObject, 
                        HANDLER_TYPE.IDP);
               saml2HandlerRequest.setRelayState(relayState);
               
               Map<String, Object> requestOptions = new HashMap<String, Object>();
               requestOptions.put("ROLE_GENERATOR", rg);
               saml2HandlerRequest.setOptions(requestOptions); 
               
               SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse(); 


               Set<SAML2Handler> handlers = chain.handlers();
               
               if(samlObject instanceof StatusResponseType)
               {
                  statusResponseType = (StatusResponseType) samlObject;
                  issuer = statusResponseType.getIssuer().getValue();
                  webRequestUtil.isTrusted(issuer);
                  
                  if(handlers != null)
                  { 
                     for(SAML2Handler handler: handlers)
                     {
                        handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
                     } 
                  }  
               }
               else
                  throw new RuntimeException("Unknown type:" + samlObject.getClass().getName());


               samlResponse = saml2HandlerResponse.getResultingDocument();
               relayState = saml2HandlerResponse.getRelayState();
               
               destination = saml2HandlerResponse.getDestination();
            }
            catch(Exception e)
            {
               throw new RuntimeException(e);
            }
              
         }
         else
         //Send valid saml response after processing the request
         if(samlRequestMessage != null)
         {
            //Get the SAML Request Message
            RequestAbstractType requestAbstractType =  null;
            StatusResponseType statusResponseType = null;
            
            try
            {
               samlObject = webRequestUtil.getSAMLObject(samlRequestMessage);
               
               boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
               boolean isValid = validate(request.getRemoteAddr(),
                     request.getQueryString(),
                     new SessionHolder(samlRequestMessage, null), isPost);
               
               if(!isValid)
                  throw new GeneralSecurityException("Validation check failed");


               String issuer = null;
               IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
               ProtocolContext protocolContext = new HTTPContext(request,response, context);
               //Create the request/response
               SAML2HandlerRequest saml2HandlerRequest = 
                  new DefaultSAML2HandlerRequest(protocolContext,
                        idpIssuer.getIssuer(), samlObject, 
                        HANDLER_TYPE.IDP);
               saml2HandlerRequest.setRelayState(relayState);
               
               Map<String, Object> requestOptions = new HashMap<String, Object>();
               requestOptions.put(GeneralConstants.ROLE_GENERATOR, rg);
               requestOptions.put(GeneralConstants.ASSERTIONS_VALIDITY, this.assertionValidity);
               requestOptions.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);
               Map<String,Object> attribs  = this.attribManager.getAttributes(userPrincipal, attributeKeys);
               requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);
               
               saml2HandlerRequest.setOptions(requestOptions); 
               
               List<String> roles = (List<String>) session.getAttribute(GeneralConstants.ROLES_ID); 
               if(roles == null) 
               {
                  roles = rg.generateRoles(userPrincipal);
                  session.setAttribute(GeneralConstants.ROLES_ID, roles);
               }
               
               SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse(); 


               Set<SAML2Handler> handlers = chain.handlers();
               
               if(samlObject instanceof RequestAbstractType)
               {
                  requestAbstractType = (RequestAbstractType) samlObject;
                  issuer = requestAbstractType.getIssuer().getValue();
                  webRequestUtil.isTrusted(issuer);
                  
                  if(handlers != null)
                  { 
                     for(SAML2Handler handler: handlers)
                     {
                        handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
                     } 
                  } 
               } 
               else
                  throw new RuntimeException("Unknown type:" + samlObject.getClass().getName());


               samlResponse = saml2HandlerResponse.getResultingDocument();
               relayState = saml2HandlerResponse.getRelayState();
               
               destination = saml2HandlerResponse.getDestination();
               
               
               //requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
               
               
               /*//RequestAbstractType
               if(requestAbstractType != null)
               {
                  List<String> roles = (List<String>) session.getAttribute(ROLES_ID); 
                  if(roles == null) 
                  {
                     roles = rg.generateRoles(userPrincipal);
                     session.setAttribute(ROLES_ID, roles);
                  }
                     
                  if(trace) 
                     log.trace("Roles have been determined:Creating response");
                  
                  if(requestAbstractType instanceof LogoutRequestType)
                  {
                     LogoutRequestType lot = (LogoutRequestType) requestAbstractType;
                     
                  }


                  AuthnRequestType art = (AuthnRequestType) requestAbstractType;
                  destination = art.getAssertionConsumerServiceURL();


                  samlResponse = 
                     webRequestUtil.getResponse(destination, 
                           userPrincipal, roles,
                           this.identityURL, this.assertionValidity, this.signOutgoingMessages);   
               }
               else
               {
                  //status response type
               }*/
            }
            catch (IssuerNotTrustedException e)
            {
               if(trace) log.trace(e);


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(), 
                        this.identityURL, this.signOutgoingMessages);  
            }
            catch (ParsingException e)
            {
               if(trace) log.trace(e);


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages); 
            }
            catch (ConfigurationException e)
            {
               if(trace) log.trace(e); 


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages);
            }
            catch (IssueInstantMissingException e)
            {
               if(trace) log.trace(e); 


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages); 
            } 
            catch(GeneralSecurityException e)
            {
               if(trace) log.trace(e); 


               samlResponse =
                  webRequestUtil.getErrorResponse(referer, 
                        JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                        this.identityURL, this.signOutgoingMessages); 
            }
            
         }
         else
         {
            log.error("No SAML Request Message");
            if(trace) log.trace("Referer="+referer);


            try
            {
               sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
               return;
            }
            catch (ConfigurationException e)
            {
               if(trace) log.trace(e);
            } 
         } 
         
         try
         { 
            if(samlResponse == null)
               throw new ServletException("SAML Response has not been generated");


            if(this.signOutgoingMessages)
               webRequestUtil.send(samlResponse, destination,relayState, response, true, 
                     this.keyManager.getSigningKey());
            else
               webRequestUtil.send(samlResponse, destination, relayState, response, false,null);
         }
         catch (ParsingException e)
         {
            if(trace) log.trace(e);
         }

View Full Code Here

Examples of org.jboss.identity.federation.web.util.IDPWebRequestUtil

               log.trace("Referer in finally block="+ referer + ":user principal=" + userPrincipal); 
         }
      }
      
      
      IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);
      webRequestUtil.setAttributeManager(this.attribManager);
      webRequestUtil.setAttributeKeys(attributeKeys);
      
      Document samlErrorResponse = null;
      //Look for unauthorized status
      if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
      {
         try
         {
            samlErrorResponse =
              webRequestUtil.getErrorResponse(referer, 
                  JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                  this.identityURL, this.signOutgoingMessages); 
         
            if(this.signOutgoingMessages)
               webRequestUtil.send(samlErrorResponse, referer, relayState, response, true, 
                     this.keyManager.getSigningKey());
            else
               webRequestUtil.send(samlErrorResponse, referer,relayState, response, false,null);
            
         } 
         catch (GeneralSecurityException e)
         {
            throw new ServletException(e);
         }  
         return;
      }  
      
      if(userPrincipal != null)
      {
         /**
          * Since the container has finished the authentication,
          * we can retrieve the original saml message as well as
          * any relay state from the SP
          */
         samlMessage = (String) session.getNote("SAMLRequest");
         relayState = (String) session.getNote("RelayState");
         signature = (String) session.getNote("Signature");
         sigAlg = (String) session.getNote("sigAlg");
         
         if(trace) 
         {
            log.trace("Retrieved saml message and relay state from session");
            log.trace("saml message=" + samlMessage + "::relay state="+ relayState);
            log.trace("Signature=" + signature + "::sigAlg="+ sigAlg);
         }
         
         session.removeNote("SAMLRequest");
         
         if(relayState != null && relayState.length() > 0)
            session.removeNote("RelayState");
         
         if(signature != null && signature.length() > 0)
            session.removeNote("Signature");
         if(sigAlg != null && sigAlg.length() > 0)
            session.removeNote("sigAlg");
         
         //Send valid saml response after processing the request
         if(samlMessage != null)
         {
            //Get the SAML Request Message
            RequestAbstractType requestAbstractType =  null; 
            Document samlResponse = null;
            String destination = null;
               try
               {
                  requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
                  boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
                  boolean isValid = validate(request.getRemoteAddr(),
                        request.getQueryString(),
                        new SessionHolder(samlMessage, signature, sigAlg), isPost);
                  if(!isValid)
                     throw new GeneralSecurityException("Validation check failed");
                  
                  webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());


                  List<String> roles = rg.generateRoles(userPrincipal);
                  
                  log.trace("Roles have been determined:Creating response");


                  AuthnRequestType art = (AuthnRequestType) requestAbstractType;
                  destination = art.getAssertionConsumerServiceURL();
                  
                  samlResponse = 
                     webRequestUtil.getResponse(destination, 
                           userPrincipal, roles,
                           this.identityURL, this.assertionValidity, this.signOutgoingMessages); 
               }
               catch (IssuerNotTrustedException e)
               {
                  if(trace) log.trace(e);
                   
                  samlResponse =
                        webRequestUtil.getErrorResponse(referer, 
                            JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(), 
                            this.identityURL, this.signOutgoingMessages);  
               }
               catch (ParsingException e)
               {
                  if(trace) log.trace(e);
                   
                  samlResponse =
                     webRequestUtil.getErrorResponse(referer, 
                         JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                         this.identityURL, this.signOutgoingMessages); 
               }
               catch (ConfigurationException e)
               {
                  if(trace) log.trace(e);
                   
                  samlResponse =
                     webRequestUtil.getErrorResponse(referer, 
                         JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                         this.identityURL, this.signOutgoingMessages);
               }
               catch (IssueInstantMissingException e)
               {
                  if(trace) log.trace(e); 
                  
                  samlResponse =
                     webRequestUtil.getErrorResponse(referer, 
                         JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                         this.identityURL, this.signOutgoingMessages); 
               } 
               catch(GeneralSecurityException e)
               {
                  if(trace) log.trace(e);
                  
                  samlResponse =
                     webRequestUtil.getErrorResponse(referer, 
                         JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), 
                         this.identityURL, this.signOutgoingMessages); 
               }
               finally
               {
                  try
                  {
                     if(webRequestUtil.hasSAMLRequestInPostProfile())
                        recycle(response);
                     
                     if(this.signOutgoingMessages)
                        webRequestUtil.send(samlResponse, destination,relayState, response, true, 
                              this.keyManager.getSigningKey());
                     else
                        webRequestUtil.send(samlResponse, destination, relayState, response, false,null);
                  }
                  catch (ParsingException e)
                  {
                     if(trace) log.trace(e);
                  }

View Full Code Here

Examples of org.picketlink.identity.federation.web.util.IDPWebRequestUtil

            || containsSAMLRequestMessage || containsSAMLResponseMessage)
      {
         request = restoreRequestInfoFromSP(request, session);
      }


      IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);


      Document samlErrorResponse = null;
      // Look for unauthorized status
      if (response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
      {
         try
         {
            samlErrorResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
                  getIdentityURL(), this.idpConfiguration.isSupportsSignature());


            IDPWebRequestUtil.WebRequestUtilHolder holder = webRequestUtil.getHolder();
            holder.setResponseDoc(samlErrorResponse).setDestination(referer).setRelayState(relayState)
                  .setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false)
                  .setServletResponse(response);
            holder.setPostBindingRequested(webRequestUtil.hasSAMLRequestInPostProfile());


            if (this.idpConfiguration.isSupportsSignature())
            {
               holder.setSupportSignature(true).setPrivateKey(keyManager.getSigningKey());
            }


            holder.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());


            webRequestUtil.send(holder);
         }
         catch (GeneralSecurityException e)
         {
            throw new ServletException(e);
         }

View Full Code Here

Examples of org.picketlink.identity.federation.web.util.IDPWebRequestUtil

            || containsSAMLRequestMessage || containsSAMLResponseMessage)
      {
         request = restoreRequestInfoFromSP(request, session);
      }


      IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);


      Document samlErrorResponse = null;
      // Look for unauthorized status
      if (response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
      {
         try
         {
            samlErrorResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
                  getIdentityURL(), this.idpConfiguration.isSupportsSignature());


            IDPWebRequestUtil.WebRequestUtilHolder holder = webRequestUtil.getHolder();
            holder.setResponseDoc(samlErrorResponse).setDestination(referer).setRelayState(relayState)
                  .setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false)
                  .setServletResponse(response);
            holder.setPostBindingRequested(webRequestUtil.hasSAMLRequestInPostProfile());


            if (this.idpConfiguration.isSupportsSignature())
            {
               holder.setSupportSignature(true).setPrivateKey(keyManager.getSigningKey());
            }


            holder.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());


            webRequestUtil.send(holder);
         }
         catch (GeneralSecurityException e)
         {
            throw new ServletException(e);
         }

View Full Code Here

Examples of org.picketlink.identity.federation.web.util.IDPWebRequestUtil

            if (trace)
                log.trace("Login Filters have not been configured");
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }


        IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);
        webRequestUtil.setCanonicalizationMethod(canonicalizationMethod);


        boolean willSendRequest = true;


        if (userPrincipal != null) {
            if (trace) {
                log.trace("Retrieved saml message and relay state from session");
                log.trace("saml Request message=" + samlRequestMessage + "::relay state=" + relayState);
                log.trace("saml Response message=" + samlResponseMessage + "::relay state=" + relayState);
            }
            session.removeAttribute(GeneralConstants.SAML_REQUEST_KEY);
            session.removeAttribute(GeneralConstants.SAML_RESPONSE_KEY);


            if (isNotNull(relayState))
                session.removeAttribute(GeneralConstants.RELAY_STATE);


            SAMLDocumentHolder samlDocumentHolder = null;
            SAML2Object samlObject = null;
            String destination = null;
            Document samlResponse = null;


            if (samlResponseMessage != null) {
                StatusResponseType statusResponseType = null;
                try {
                    samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlResponseMessage);
                    samlObject = samlDocumentHolder.getSamlObject();


                    boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
                    boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
                            samlResponseMessage, null), isPost);


                    if (!isValid)
                        throw new GeneralSecurityException("Validation check failed");


                    String issuer = null;
                    IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
                    ProtocolContext protocolContext = new HTTPContext(request, response, context);
                    // Create the request/response
                    SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
                            idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);


                    saml2HandlerRequest.setRelayState(relayState);


                    SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();


                    Set<SAML2Handler> handlers = chain.handlers();


                    if (samlObject instanceof StatusResponseType) {
                        statusResponseType = (StatusResponseType) samlObject;
                        issuer = statusResponseType.getIssuer().getValue();
                        webRequestUtil.isTrusted(issuer);


                        if (handlers != null) {
                            for (SAML2Handler handler : handlers) {
                                handler.reset();
                                handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
                                willSendRequest = saml2HandlerResponse.getSendRequest();
                            }
                        }
                    } else
                        throw new RuntimeException(ErrorCodes.UNSUPPORTED_TYPE + "Unknown type:"
                                + samlObject.getClass().getName());


                    samlResponse = saml2HandlerResponse.getResultingDocument();
                    relayState = saml2HandlerResponse.getRelayState();


                    destination = saml2HandlerResponse.getDestination();
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }


            } else
            // Send valid saml response after processing the request
            if (samlRequestMessage != null) {
                // Get the SAML Request Message
                RequestAbstractType requestAbstractType = null;


                try {
                    samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlRequestMessage);
                    samlObject = samlDocumentHolder.getSamlObject();


                    boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
                    boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
                            samlRequestMessage, null), isPost);


                    if (!isValid)
                        throw new GeneralSecurityException(ErrorCodes.VALIDATION_CHECK_FAILED + "Validation check failed");


                    String issuer = null;
                    IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
                    ProtocolContext protocolContext = new HTTPContext(request, response, context);
                    // Create the request/response
                    SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
                            idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
                    saml2HandlerRequest.setRelayState(relayState);


                    // Set the options on the handler request
                    Map<String, Object> requestOptions = new HashMap<String, Object>();
                    requestOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
                    requestOptions.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);


                    Map<String, Object> attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys);
                    requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);


                    saml2HandlerRequest.setOptions(requestOptions);


                    List<String> roles = (List<String>) session.getAttribute(GeneralConstants.ROLES_ID);
                    if (roles == null) {
                        roles = roleGenerator.generateRoles(userPrincipal);
                        session.setAttribute(GeneralConstants.ROLES_ID, roles);
                    }


                    SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();


                    Set<SAML2Handler> handlers = chain.handlers();


                    if (samlObject instanceof RequestAbstractType) {
                        requestAbstractType = (RequestAbstractType) samlObject;
                        issuer = requestAbstractType.getIssuer().getValue();
                        webRequestUtil.isTrusted(issuer);


                        if (handlers != null) {
                            for (SAML2Handler handler : handlers) {
                                handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
                                willSendRequest = saml2HandlerResponse.getSendRequest();
                            }
                        }
                    } else
                        throw new RuntimeException(ErrorCodes.UNSUPPORTED_TYPE + "Unknown type:"
                                + samlObject.getClass().getName());


                    samlResponse = saml2HandlerResponse.getResultingDocument();
                    relayState = saml2HandlerResponse.getRelayState();


                    destination = saml2HandlerResponse.getDestination();


                } catch (IssuerNotTrustedException e) {
                    if (trace)
                        log.trace("Exception:", e);


                    samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(),
                            this.identityURL, this.signOutgoingMessages);
                } catch (ParsingException e) {
                    if (trace)
                        log.trace("Exception:", e);


                    samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
                            this.identityURL, this.signOutgoingMessages);
                } catch (ConfigurationException e) {
                    if (trace)
                        log.trace("Exception:", e);


                    samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
                            this.identityURL, this.signOutgoingMessages);
                } catch (IssueInstantMissingException e) {
                    if (trace)
                        log.trace("Exception:", e);


                    samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
                            this.identityURL, this.signOutgoingMessages);
                } catch (GeneralSecurityException e) {
                    if (trace)
                        log.trace("Security Exception:", e);


                    samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
                            this.identityURL, this.signOutgoingMessages);
                } catch (Exception e) {
                    if (trace)
                        log.trace("Exception:", e);


                    samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
                            this.identityURL, this.signOutgoingMessages);
                }


            } else {
                log.error("No SAML Request Message");
                if (trace)
                    log.trace("Referer=" + referer);


                try {
                    sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
                    return;
                } catch (ConfigurationException e) {
                    if (trace)
                        log.trace(e);
                }
            }


            try {
                if (samlResponse == null)
                    throw new ServletException(ErrorCodes.NULL_VALUE + "SAML Response has not been generated");


                WebRequestUtilHolder holder = webRequestUtil.getHolder();
                holder.setResponseDoc(samlResponse).setDestination(destination).setRelayState(relayState)
                        .setAreWeSendingRequest(willSendRequest).setPrivateKey(null).setSupportSignature(false)
                        .setServletResponse(response);
                holder.setPostBindingRequested(true);


                if (this.signOutgoingMessages) {
                    holder.setPrivateKey(keyManager.getSigningKey()).setSupportSignature(true);
                }


                if (strictPostBinding)
                    holder.setStrictPostBinding(strictPostBinding);
                webRequestUtil.send(holder);
            } catch (ParsingException e) {
                if (trace)
                    log.trace(e);
            } catch (GeneralSecurityException e) {
                if (trace)

View Full Code Here

Examples of org.picketlink.identity.federation.web.util.IDPWebRequestUtil

     * @param response
     * @throws IOException
     * @throws ServletException
     */
    private void handleUnauthorizedResponse(Request request, Response response) throws IOException, ServletException {
        IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);
        Document samlErrorResponse = null;
        String referer = request.getHeader("Referer");
        String relayState = request.getParameter(GeneralConstants.RELAY_STATE);


        try {
            samlErrorResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
                    getIdentityURL(), this.idpConfiguration.isSupportsSignature());


            WebRequestUtilHolder holder = webRequestUtil.getHolder();
            holder.setResponseDoc(samlErrorResponse).setDestination(referer).setRelayState(relayState)
                    .setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false).setServletResponse(response)
                    .setErrorResponse(true);
            holder.setPostBindingRequested(webRequestUtil.hasSAMLRequestInPostProfile());


            if (this.idpConfiguration.isSupportsSignature()) {
                holder.setSupportSignature(true).setPrivateKey(keyManager.getSigningKey());
            }


            holder.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());


            webRequestUtil.send(holder);
        } catch (GeneralSecurityException e) {
            throw new ServletException(e);
        }
    }

View Full Code Here

Examples of org.picketlink.identity.federation.web.util.IDPWebRequestUtil

        return principal;
    }


    protected void handleSAML11(Request request, Response response) throws ServletException, IOException {
        try {
            IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);


            Principal userPrincipal = request.getPrincipal();
            String contextPath = getContextPath();


            String target = request.getParameter(SAML11Constants.TARGET);


            Session session = request.getSessionInternal();
            SAML11AssertionType saml11Assertion = (SAML11AssertionType) session.getNote("SAML11");
            if (saml11Assertion == null) {
                SAML11ProtocolContext saml11Protocol = new SAML11ProtocolContext();
                saml11Protocol.setIssuerID(getIdentityURL());
                SAML11SubjectType subject = new SAML11SubjectType();
                SAML11SubjectTypeChoice subjectChoice = new SAML11SubjectTypeChoice(new SAML11NameIdentifierType(
                        userPrincipal.getName()));
                subject.setChoice(subjectChoice);
                saml11Protocol.setSubjectType(subject);


                PicketLinkCoreSTS.instance().issueToken(saml11Protocol);
                saml11Assertion = saml11Protocol.getIssuedAssertion();
                session.setNote("SAML11", saml11Assertion);


                if (AssertionUtil.hasExpired(saml11Assertion)) {
                    saml11Protocol.setIssuedAssertion(saml11Assertion);
                    PicketLinkCoreSTS.instance().renewToken(saml11Protocol);
                    saml11Assertion = saml11Protocol.getIssuedAssertion();
                    session.setNote("SAML11", saml11Assertion);
                }
            }
            GenericPrincipal genericPrincipal = (GenericPrincipal) userPrincipal;
            String[] roles = genericPrincipal.getRoles();
            SAML11AttributeStatementType attributeStatement = this.createAttributeStatement(Arrays.asList(roles));
            if (attributeStatement != null) {
                saml11Assertion.add(attributeStatement);
            }


            // Send it as SAMLResponse
            String id = IDGenerator.create("ID_");
            SAML11ResponseType saml11Response = new SAML11ResponseType(id, XMLTimeUtil.getIssueInstant());
            saml11Response.add(saml11Assertion);
            saml11Response.setStatus(SAML11StatusType.successType());


            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            SAML11ResponseWriter writer = new SAML11ResponseWriter(StaxUtil.getXMLStreamWriter(baos));
            writer.write(saml11Response);


            Document samlResponse = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));


            WebRequestUtilHolder holder = webRequestUtil.getHolder();
            holder.setResponseDoc(samlResponse).setDestination(target).setRelayState("").setAreWeSendingRequest(false)
                    .setPrivateKey(null).setSupportSignature(false).setServletResponse(response);


            if (enableAudit) {
                PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                auditEvent.setType(PicketLinkAuditEventType.RESPONSE_TO_SP);
                auditEvent.setDestination(target);
                auditEvent.setWhoIsAuditing(contextPath);
                auditHelper.audit(auditEvent);
            }


            response.getCoyoteResponse().recycle();


            webRequestUtil.send(holder);
        } catch (GeneralSecurityException e) {
            logger.samlIDPHandlingSAML11Error(e);
            throw new ServletException();
        }
    }

View Full Code Here

0 1

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.