refactor PVP2 IDP to allow generic post-processing of SAML2 AuthnRequests

1 files changed, 25 insertions, 5 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java
index 90195f1d..b23c230e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java
@@ -21,15 +21,35 @@ package at.gv.egiz.eaaf.modules.pvp2.api.validation;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
 
-public interface IAuthnRequestValidator {
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+/**
+ * SAML2 Authn. request post-processor.
+ *
+ * <p>
+ * Implementations of this interface are executed before user authentication starts.
+ * </p>
+ *
+ * @author tlenz
+ *
+ */
+public interface IAuthnRequestPostProcessor {
 
-  void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq,
+  /**
+   * Authn. request post-processor
+   *
+   * @param httpReq http request
+   * @param pendingReq current pending request
+   * @param authReq received SAML2 authentication request
+   * @param spSsoDescriptor Metadata descriptor of the requested SP
+   * @throws AuthnRequestValidatorException In case of a validation error,
+   *     if post processor implements additional validation
+   */
+  void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq,
       SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException;
 
 }