private String getResponseToken(ServletRequest request, FedizContext fedConfig) { if (fedConfig.getProtocol() instanceof FederationProtocol) { return request.getParameter(FederationConstants.PARAM_RESULT); } else if (fedConfig.getProtocol() instanceof SAMLProtocol) { return request.getParameter(SAMLSSOConstants.SAML_RESPONSE); } return null; }
private void initializeRelativePath(FedizContext ctx) { if (relativePath != null && relativePath.length() > 0) { ctx.setRelativePath(relativePath); } if (ctx.getRelativePath() == null) { String catalinaBase = System.getProperty("catalina.base"); if (catalinaBase != null && catalinaBase.length() > 0) { ctx.setRelativePath(catalinaBase); } } if (ctx.getRelativePath() == null) { String jettyHome = System.getProperty("jetty.home"); if (jettyHome != null && jettyHome.length() > 0) { ctx.setRelativePath(jettyHome); } } }
protected boolean checkUserAuthentication(Request request, HttpServletResponse response, FedizContext fedCtx) { // Have we already authenticated someone? Principal principal = request.getUserPrincipal(); // String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); if (principal != null) { LOG.debug("Already authenticated '{}'", principal.getName()); // Associate the session with any existing SSO session /* * if (ssoId != null) associate(ssoId, request.getSessionInternal(true)); */ if (fedCtx.isDetectExpiredTokens()) { // Check whether security token still valid return validateToken(request, response, fedCtx); } else { LOG.debug("Token expiration not validated."); return true; } } return false; }
String logoutUrl = fedConfig.getLogoutURL(); FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); signOutRedirectToIssuer(request, response, wfProc);
FedizProcessorFactory.newFedizProcessor(config.getProtocol()); try { wfRes = wfProc.processRequest(wfReq, config); List<String> audienceURIs = config.getAudienceUris(); boolean validAudience = false; for (String a : audienceURIs) { if (roles == null || roles.isEmpty()) { roles = Collections.singletonList("Authenticated"); } else if (config.isAddAuthenticatedRole()) { roles = new ArrayList<>(roles); roles.add("Authenticated");
protected synchronized FedizContext getContextConfiguration(String contextName) { if (configurator == null) { throw new IllegalStateException("No Fediz configuration available"); } FedizContext config = configurator.getFedizContext(contextName); if (config == null) { throw new IllegalStateException("No Fediz configuration for context :" + contextName); } String catalinaBase = System.getProperty("catalina.base"); if (catalinaBase != null && catalinaBase.length() > 0) { config.setRelativePath(catalinaBase); } return config; }
FedizProcessorFactory.newFedizProcessor(config.getProtocol()); try { wfRes = wfProc.processRequest(wfReq, config); List<String> audienceURIs = config.getAudienceUris(); boolean validAudience = false; for (String a : audienceURIs) {
@Override protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) { String wa = request.getParameter(FederationConstants.PARAM_ACTION); if (FederationConstants.ACTION_SIGNOUT.equals(wa) || FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(wa)) { // Default WS-Federation logout action return true; } if (this.logoutUrl == null) { String contextName = request.getContextPath(); if (contextName == null || contextName.isEmpty()) { contextName = "/"; } this.logoutUrl = federationConfig.getFedizContext(contextName).getLogoutURL(); } if (this.logoutUrl != null && !this.logoutUrl.isEmpty()) { super.setLogoutRequestMatcher(new AntPathRequestMatcher(logoutUrl)); return super.requiresLogout(request, response); } return false; }
@Override protected FedizPrincipal createPrincipal(HttpServletRequest request, HttpServletResponse response, FedizResponse wfRes) { // Add "Authenticated" role List<String> roles = wfRes.getRoles(); if (roles == null || roles.isEmpty()) { roles = Collections.singletonList("Authenticated"); } else if (getFedizContext().isAddAuthenticatedRole()) { roles = new ArrayList<>(roles); roles.add("Authenticated"); } // proceed creating the JAAS Subject FedizPrincipal principal = new FederationPrincipalImpl(wfRes.getUsername(), roles, wfRes.getClaims(), wfRes.getToken()); Session session = ((Request)request).getSessionInternal(); // Save the authenticated Principal in our session session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); // Save Federation response in our session session.setNote(FederationAuthenticator.FEDERATION_NOTE, wfRes); // Save Federation response in public session request.getSession(true).setAttribute(FederationAuthenticator.SECURITY_TOKEN, wfRes.getToken()); LOG.debug("UserPrincipal was created successfully for {}", principal); return principal; }
@Override protected synchronized void stopInternal() throws LifecycleException { if (configurator != null) { List<FedizContext> fedContextList = configurator.getFedizContextList(); if (fedContextList != null) { for (FedizContext fedContext : fedContextList) { try { fedContext.close(); } catch (IOException ex) { // } } } } super.stopInternal(); }
protected boolean checkUserAuthentication(Request request, HttpServletResponse response, FedizContext fedCtx) { // Have we already authenticated someone? Principal principal = request.getUserPrincipal(); // String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); if (principal != null) { LOG.debug("Already authenticated '{}'", principal.getName()); // Associate the session with any existing SSO session /* * if (ssoId != null) associate(ssoId, request.getSessionInternal(true)); */ if (fedCtx.isDetectExpiredTokens()) { // Check whether security token still valid return validateToken(request, response, fedCtx); } else { LOG.debug("Token expiration not validated."); return true; } } return false; }
String logoutUrl = fedConfig.getLogoutURL(); FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); signOutRedirectToIssuer(request, response, wfProc);
FedizProcessorFactory.newFedizProcessor(config.getProtocol()); try { wfRes = wfProc.processRequest(wfReq, config); List<String> audienceURIs = config.getAudienceUris(); boolean validAudience = false; for (String a : audienceURIs) { if (roles == null || roles.isEmpty()) { roles = Collections.singletonList("Authenticated"); } else if (config.isAddAuthenticatedRole()) { roles = new ArrayList<>(roles); roles.add("Authenticated");
private FedizContext getContextConfiguration(String contextName) { if (configurator == null) { throw new IllegalStateException("No Fediz configuration available"); } FedizContext config = configurator.getFedizContext(contextName); if (config == null) { throw new IllegalStateException("No Fediz configuration for context :" + contextName); } String jettyHome = System.getProperty("jetty.home"); if (jettyHome != null && jettyHome.length() > 0) { config.setRelativePath(jettyHome); } return config; }
@Override protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) { String wa = request.getParameter(FederationConstants.PARAM_ACTION); if (FederationConstants.ACTION_SIGNOUT.equals(wa) || FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(wa)) { // Default WS-Federation logout action return true; } if (this.logoutUrl == null) { String contextName = request.getContextPath(); if (contextName == null || contextName.isEmpty()) { contextName = "/"; } this.logoutUrl = federationConfig.getFedizContext(contextName).getLogoutURL(); } if (this.logoutUrl != null && !this.logoutUrl.isEmpty()) { super.setLogoutRequestMatcher(new AntPathRequestMatcher(logoutUrl)); return super.requiresLogout(request, response); } return false; }
@Override protected FedizPrincipal createPrincipal(HttpServletRequest request, HttpServletResponse response, FedizResponse wfRes) { // Add "Authenticated" role List<String> roles = wfRes.getRoles(); if (roles == null || roles.isEmpty()) { roles = Collections.singletonList("Authenticated"); } else if (getFedizContext().isAddAuthenticatedRole()) { roles = new ArrayList<>(roles); roles.add("Authenticated"); } // proceed creating the JAAS Subject FedizPrincipal principal = new FederationPrincipalImpl(wfRes.getUsername(), roles, wfRes.getClaims(), wfRes.getToken()); Session session = ((Request)request).getSessionInternal(); // Save the authenticated Principal in our session session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); // Save Federation response in our session session.setNote(FederationAuthenticator.FEDERATION_NOTE, wfRes); // Save Federation response in public session request.getSession(true).setAttribute(FederationAuthenticator.SECURITY_TOKEN, wfRes.getToken()); LOG.debug("UserPrincipal was created successfully for {}", principal); return principal; }
@Override protected synchronized void stopInternal() throws LifecycleException { if (configurator != null) { List<FedizContext> fedContextList = configurator.getFedizContextList(); if (fedContextList != null) { for (FedizContext fedContext : fedContextList) { try { fedContext.close(); } catch (IOException ex) { // } } } } super.stopInternal(); }
private boolean isSignInRequest(ServletRequest request, FedizContext fedConfig) { if (fedConfig.getProtocol() instanceof FederationProtocol && FederationConstants.ACTION_SIGNIN.equals( request.getParameter(FederationConstants.PARAM_ACTION))) { return true; } else if (fedConfig.getProtocol() instanceof SAMLProtocol && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) { return true; } return false; }
private boolean isTokenExpired() { SecurityContext context = SecurityContextHolder.getContext(); boolean detectExpiredTokens = federationConfig != null && federationConfig.getFedizContext().isDetectExpiredTokens(); if (context != null && detectExpiredTokens) { Authentication authentication = context.getAuthentication(); if (authentication instanceof FederationAuthenticationToken) { Date tokenExpires = ((FederationAuthenticationToken)authentication).getResponse().getTokenExpires(); if (tokenExpires == null) { return false; } Date currentTime = new Date(); if (currentTime.after(tokenExpires)) { return true; } } } return false; }
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); try { Document metadata = wfProc.getMetaData(request, fedConfig); String logoutUrl = fedConfig.getLogoutURL(); if (logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) { session.invalidate(); FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); signOutRedirectToIssuer(request, response, wfProc); FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); signInRedirectToIssuer(request, response, wfProc, session);