@Override public boolean supports(InTransport transport) { if (transport instanceof HTTPInTransport) { HTTPTransport t = (HTTPTransport) transport; return "POST".equalsIgnoreCase(t.getHTTPMethod()) && t.getParameterValue("assertion") != null; } else { return false; } }
String encodedMessage = transport.getParameterValue("assertion");
@Test public void supports() throws Exception { HTTPInTransport transport = mock(HTTPInTransport.class); assertFalse(binding.supports(transport)); when(transport.getHTTPMethod()).thenReturn("POST"); assertFalse(binding.supports(transport)); when(transport.getParameterValue("assertion")).thenReturn("some assertion"); assertTrue(binding.supports(transport)); }
/** * <p> * This implementation performs the following actions on the context's {@link HTTPOutTransport}: * <ol> * <li>Adds the HTTP header: "Cache-control: no-cache, no-store"</li> * <li>Adds the HTTP header: "Pragma: no-cache"</li> * <li>Sets the character encoding to: "UTF-8"</li> * <li>Sets the content type to: "text/xml"</li> * <li>Sets the SOAPAction HTTP header</li> * </ol> * </p> * * @param messageContext the current message context being processed * * @throws MessageEncodingException thrown if there is a problem preprocessing the transport */ protected void preprocessTransport(MessageContext messageContext) throws MessageEncodingException { HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport(); HTTPTransportUtils.addNoCacheHeaders(outTransport); HTTPTransportUtils.setUTF8Encoding(outTransport); HTTPTransportUtils.setContentType(outTransport, "text/xml"); outTransport.setHeader("SOAPAction", "http://www.oasis-open.org/committees/security"); }
protected void populateGenericContext(HttpServletRequest request, HttpServletResponse response, SAMLMessageContext context) throws MetadataProviderException { HttpServletRequestAdapter inTransport = new HttpServletRequestAdapter(request); HttpServletResponseAdapter outTransport = new HttpServletResponseAdapter(response, request.isSecure()); // Store attribute which cannot be located from InTransport directly request.setAttribute(org.springframework.security.saml.SAMLConstants.LOCAL_CONTEXT_PATH, request.getContextPath()); context.setMetadataProvider(metadata); context.setInboundMessageTransport(inTransport); context.setOutboundMessageTransport(outTransport); context.setMessageStorage(storageFactory.getMessageStorage(request)); }
public boolean supports(InTransport transport) { if (transport instanceof HttpServletRequestAdapter) { HttpServletRequestAdapter t = (HttpServletRequestAdapter) transport; HttpServletRequest request = t.getWrappedRequest(); return "POST".equalsIgnoreCase(t.getHTTPMethod()) && request.getContentType() != null && request.getContentType().startsWith("text/xml"); } else { return false; } }
entityId = (String) inTransport.getAttribute(org.springframework.security.saml.SAMLConstants.LOCAL_ENTITY_ID); if (entityId != null) { log.debug("Using protocol specified IdP {}", entityId);
/** {@inheritDoc} */ public void processRequest(InTransport in, OutTransport out) { HttpServletRequest httpRequest = ((HttpServletRequestAdapter)in).getWrappedRequest(); HttpServletResponse httpResponse = ((HttpServletResponseAdapter)out).getWrappedResponse(); RequestDispatcher dispatcher = httpRequest.getRequestDispatcher(jspPage); try { dispatcher.forward(httpRequest, httpResponse); return; } catch (Throwable t) { log.error("Could not dispatch to error JSP page: " + jspPage, t); return; } } }
/** * Find the raw query string parameter indicated and append it to the string builder. * * The appended value will be in the form 'paramName=paramValue' (minus the quotes). * * @param builder string builder to which to append the parameter * @param queryString the URL query string containing parameters * @param paramName the name of the parameter to append * @return true if parameter was found, false otherwise */ private boolean appendParameter(StringBuilder builder, String queryString, String paramName) { String rawParam = HTTPTransportUtils.getRawQueryStringParameter(queryString, paramName); if (rawParam == null) { return false; } if (builder.length() > 0) { builder.append('&'); } builder.append(rawParam); return true; } }
/** * Sets the character encoding of the transport to UTF-8. * * @param transport transport to set character encoding type */ public static void setUTF8Encoding(HTTPOutTransport transport) { transport.setCharacterEncoding("UTF-8"); }
/** * Checks if the transport is secured. * * @param transport transport being evalauted * * @throws SecurityPolicyException thrown if the transport is not secure and was required to be */ protected void evaluateSecured(HTTPTransport transport) throws SecurityPolicyException { if (requireSecured && !transport.isConfidential()) { log.error("Request was required to be secured but was not"); throw new SecurityPolicyException("Request was required to be secured but was not"); } } }
@Override protected String getActualReceiverEndpointURI(SAMLMessageContext messageContext) throws MessageDecodingException { InTransport inTransport = messageContext.getInboundMessageTransport(); if (inTransport instanceof LocationAwareInTransport) { return ((LocationAwareInTransport)inTransport).getLocalAddress(); } else { return super.getActualReceiverEndpointURI(messageContext); } }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state of: {}", relayState); InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport); Assertion inboundMessage = (Assertion) unmarshallMessage(base64DecodedMessage); Response response = SamlRedirectUtils.wrapAssertionIntoResponse(inboundMessage, inboundMessage.getIssuer().getValue()); samlMsgCtx.setInboundMessage(response); samlMsgCtx.setInboundSAMLMessage(response); log.debug("Decoded SAML message"); populateMessageContext(samlMsgCtx); }
public boolean supports(InTransport transport) { if (transport instanceof HTTPInTransport) { HTTPTransport t = (HTTPTransport) transport; return "GET".equalsIgnoreCase(t.getHTTPMethod()) && (t.getParameterValue("SAMLRequest") != null || t.getParameterValue("SAMLResponse") != null); } else { return false; } }
public boolean supports(InTransport transport) { if (transport instanceof HTTPInTransport) { HTTPInTransport t = (HTTPInTransport) transport; return t.getParameterValue("SAMLart") != null; } else { return false; } }
@Override public boolean supports(InTransport transport) { if (transport instanceof HttpServletRequestAdapter) { HttpServletRequestAdapter t = (HttpServletRequestAdapter) transport; if(!"POST".equalsIgnoreCase(t.getHTTPMethod())){ return false; } HttpServletRequest request = t.getWrappedRequest(); String contentType = request.getContentType(); return contentType != null && contentType.startsWith(org.springframework.security.saml.SAMLConstants.PAOS_HTTP_ACCEPT_HEADER); } else { return false; } }
/** * Sets the MIME content type of the transport. * * @param transport the transport to set content type on * @param contentType the content type to set */ public static void setContentType(HTTPOutTransport transport, String contentType) { transport.setHeader("Content-Type", contentType); }
public boolean supports(InTransport transport) { if (transport instanceof HTTPInTransport) { HTTPTransport t = (HTTPTransport) transport; return "POST".equalsIgnoreCase(t.getHTTPMethod()) && (t.getParameterValue("SAMLRequest") != null || t.getParameterValue("SAMLResponse") != null); } else { return false; } }
/** * True value indicates that request is a response from the discovery profile. We use the value to * prevent repeated invocation of the discovery service upon failure. * * @param context context with request and response included * @return true if this HttpRequest is a response from IDP discovery profile. */ private boolean isDiscoResponse(SAMLMessageContext context) { HTTPInTransport request = (HTTPInTransport) context.getInboundMessageTransport(); String disco = request.getParameterValue(DISCOVERY_RESPONSE_PARAMETER); return (disco != null && disco.toLowerCase().trim().equals("true")); }