Examples of PicketLinkAuditHelper

Examples of org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper

66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
        if (!isSupportsSignature(request)) {
            return;
        }

        Map<String, Object> requestOptions = request.getOptions();
        PicketLinkAuditHelper auditHelper = (PicketLinkAuditHelper) requestOptions.get(GeneralConstants.AUDIT_HELPER);
        Boolean ignoreSignatures = (Boolean) requestOptions.get(GeneralConstants.IGNORE_SIGNATURES);
        if (ignoreSignatures == Boolean.TRUE)
            return;

        Document signedDocument = request.getRequestDocument();

        if (logger.isTraceEnabled()) {
            logger.trace("Going to validate signature for: " + DocumentUtil.asString(signedDocument));
        }

        PublicKey publicKey = (PublicKey) request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY);
        try {
            boolean isValid;

            HTTPContext httpContext = (HTTPContext) request.getContext();
            boolean isPost = httpContext.getRequest().getMethod().equalsIgnoreCase("POST");

            logger.trace("HTTP method for validating response: " + httpContext.getRequest().getMethod());

            if (isPost) {
                isValid = verifyPostBindingSignature(signedDocument, publicKey);
            } else {
                isValid = verifyRedirectBindingSignature(httpContext, publicKey);
            }

            if (!isValid) {
                if (auditHelper != null) {
                    PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                    auditEvent.setWhoIsAuditing((String) requestOptions.get(GeneralConstants.CONTEXT_PATH));
                    auditEvent.setType(PicketLinkAuditEventType.ERROR_SIG_VALIDATION);
                    auditHelper.audit(auditEvent);
                }

                throw constructSignatureException();
            }
        } catch (ProcessingException pe) {
            if (auditHelper != null) {
                PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                auditEvent.setWhoIsAuditing((String) requestOptions.get(GeneralConstants.CONTEXT_PATH));
                auditEvent.setType(PicketLinkAuditEventType.ERROR_SIG_VALIDATION);
                auditHelper.audit(auditEvent);
            }
            response.setError(SAML2HandlerErrorCodes.SIGNATURE_INVALID, "Signature Validation Failed");
            throw pe;
        }
    }
View Full Code Here

Examples of org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper

469
470
471
472
473
474
475
476
477
478
479
                if (enableAudit) {
                    if (auditHelper == null) {
                        String securityDomainName = PicketLinkAuditHelper.getSecurityDomainName(servletContext);
                       
                        auditHelper = new PicketLinkAuditHelper(securityDomainName);
                    }
                }
            }

            if (StringUtil.isNotNull(spConfiguration.getIdpMetadataFile())) {
View Full Code Here

Examples of org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper

1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
                if (enableAudit) {
                    if (auditHelper == null) {
                        String securityDomainName = PicketLinkAuditHelper.getSecurityDomainName(getContext()
                                .getServletContext());
                        auditHelper = new PicketLinkAuditHelper(securityDomainName);
                    }
                }
            }

            logger.trace("Identity Provider URL=" + getIdentityURL());
View Full Code Here

Examples of org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper

393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
                response.setResultingDocument(samlRequest.convert(authn));
                response.setSendRequest(true);

                Map<String, Object> requestOptions = request.getOptions();
                PicketLinkAuditHelper auditHelper = (PicketLinkAuditHelper) requestOptions.get(GeneralConstants.AUDIT_HELPER);
                if (auditHelper != null) {
                    PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                    auditEvent.setWhoIsAuditing((String) requestOptions.get(GeneralConstants.CONTEXT_PATH));
                    auditEvent.setType(PicketLinkAuditEventType.CREATED_ASSERTION);
                    auditEvent.setAssertionID(id);
                    auditHelper.audit(auditEvent);
                }

                // Save AuthnRequest ID into sharedState, so that we can later process it by another handler
                request.addOption(GeneralConstants.AUTH_REQUEST_ID, id);
            } catch (Exception e) {
View Full Code Here

Examples of org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper

309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
            // Add assertion to the session
            session.setAttribute(GeneralConstants.ASSERTION, assertion);

            Map<String, Object> requestOptions = request.getOptions();
            PicketLinkAuditHelper auditHelper = (PicketLinkAuditHelper) requestOptions.get(GeneralConstants.AUDIT_HELPER);
            if (auditHelper != null) {
                PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                auditEvent.setWhoIsAuditing((String) requestOptions.get(GeneralConstants.CONTEXT_PATH));
                auditEvent.setType(PicketLinkAuditEventType.CREATED_ASSERTION);
                auditEvent.setAssertionID(id);
                auditHelper.audit(auditEvent);
            }

            try {
                samlResponseDocument = saml2Response.convert(responseType);
View Full Code Here

Examples of org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper

144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
            if (spConfiguration == null)
                throw logger.nullArgumentError("SP Configuration");

            String issuer = request.getIssuer().getValue();
            Map<String, Object> requestOptions = request.getOptions();
            PicketLinkAuditHelper auditHelper = (PicketLinkAuditHelper) requestOptions.get(GeneralConstants.AUDIT_HELPER);
            String contextPath = (String) requestOptions.get(GeneralConstants.CONTEXT_PATH);
            try {
                String issuerDomain = getDomain(issuer);
                TrustType spTrust = spConfiguration.getTrust();
                if (spTrust != null) {
                    String domainsTrusted = spTrust.getDomains();

                    logger.trace("Domains that SP trusts = " + domainsTrusted +" and issuer domain = " + issuerDomain);
                   
                    if (domainsTrusted.indexOf(issuerDomain) < 0) {
                        // Let us do string parts checking
                        StringTokenizer st = new StringTokenizer(domainsTrusted, ",");
                        while (st != null && st.hasMoreTokens()) {
                            String uriBit = st.nextToken();

                            logger.trace("Matching uri bit = " + uriBit);
                           
                            if (issuerDomain.indexOf(uriBit) > 0) {
                                logger.trace("Matched " + uriBit + " trust for " + issuerDomain);
                                return;
                            }
                        }
                        if (auditHelper != null) {
                            PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                            auditEvent.setWhoIsAuditing(contextPath);
                            auditEvent.setType(PicketLinkAuditEventType.ERROR_TRUSTED_DOMAIN);
                            auditHelper.audit(auditEvent);
                        }
                        throw logger.samlIssuerNotTrustedError(issuer);
                    }
                } else
                    throw logger.samlHandlerTrustElementMissingError();
View Full Code Here

Examples of org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper

88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
        HTTPContext httpContext = (HTTPContext) request.getContext();
        HttpSession session = httpContext.getRequest().getSession(false);

        Map<String, Object> requestOptions = request.getOptions();
        PicketLinkAuditHelper auditHelper = (PicketLinkAuditHelper) requestOptions.get(GeneralConstants.AUDIT_HELPER);
        String contextPath = (String) requestOptions.get(GeneralConstants.CONTEXT_PATH);

        Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);
        List<String> roles = (List<String>) session.getAttribute(GeneralConstants.ROLES_ID);

        if (roles == null) {
            roles = roleGenerator.generateRoles(userPrincipal);
            if (auditHelper != null) {
                PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                auditEvent.setWhoIsAuditing(contextPath);
                auditEvent.setType(PicketLinkAuditEventType.GENERATED_ROLES);
                auditEvent.setOptionalString(userPrincipal.getName() + "(" + Arrays.toString(roles.toArray()) + ")");
                auditHelper.audit(auditEvent);
            }
            session.setAttribute(GeneralConstants.ROLES_ID, roles);
        }
        response.setRoles(roles);
    }
View Full Code Here

Examples of org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper

179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
                    response.setPostBindingForResponse(isPost);
                } catch (Exception e) {
                    throw logger.processingError(e);
                }
                Map<String, Object> requestOptions = request.getOptions();
                PicketLinkAuditHelper auditHelper = (PicketLinkAuditHelper) requestOptions.get(GeneralConstants.AUDIT_HELPER);
                if (auditHelper != null) {
                    PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                    auditEvent.setWhoIsAuditing((String) requestOptions.get(GeneralConstants.CONTEXT_PATH));
                    auditEvent.setType(PicketLinkAuditEventType.INVALIDATE_HTTP_SESSION);
                    auditEvent.setHttpSessionID(httpSession.getId());
                    auditHelper.audit(auditEvent);
                }
                httpSession.invalidate(); // We are done with the logout interaction
            } else {
                // Put the participant in transit mode
                server.stack().registerTransitParticipant(sessionID, nextParticipant);
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.