summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_idp/src
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-12 14:34:01 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-12 14:34:01 +0100
commita2ee5133c2593b8f0e4e1a8e929d83bbd26c60ca (patch)
tree0d0f9bc420221b70b1eeab31ed29c4cb6c6240c0 /eaaf_modules/eaaf_module_pvp2_idp/src
parent8fb857388f087643480d755f112175cdcb335cca (diff)
downloadEAAF-Components-a2ee5133c2593b8f0e4e1a8e929d83bbd26c60ca.tar.gz
EAAF-Components-a2ee5133c2593b8f0e4e1a8e929d83bbd26c60ca.tar.bz2
EAAF-Components-a2ee5133c2593b8f0e4e1a8e929d83bbd26c60ca.zip
refactor PVP2 IDP to allow generic post-processing of SAML2 AuthnRequests
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java21
1 files changed, 16 insertions, 5 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index f38ed43b..f8a39b61 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -20,9 +20,11 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.impl;
import java.util.List;
+
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
@@ -38,7 +40,7 @@ import at.gv.egiz.eaaf.modules.pvp2.PvpEventConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
@@ -54,6 +56,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
@@ -84,8 +87,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
protected IPvpMetadataProvider metadataProvider;
@Autowired(required = true)
protected SamlVerificationEngine samlVerificationEngine;
- @Autowired(required = true)
- protected IAuthnRequestValidator authRequestValidator;
+ @Autowired(required = false)
+ protected List<IAuthnRequestPostProcessor> authRequestPostProcessors;
private AbstractCredentialProvider pvpIdpCredentials;
@@ -433,7 +436,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
* @param pendingReq current pending request
* @throws Throwable in case of an error
*/
- private void preProcessAuthRequest(final HttpServletRequest request,
+ protected void preProcessAuthRequest(final HttpServletRequest request,
final PvpSProfilePendingRequest pendingReq)
throws Throwable {
@@ -538,8 +541,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
// set protocol action, which should be executed after authentication
pendingReq.setAction(AuthenticationAction.class.getName());
+ // do post-processing if required
log.trace("Starting extended AuthnRequest validation and processing ... ");
- authRequestValidator.validate(request, pendingReq, authReq, spSsoDescriptor);
+ if (authRequestPostProcessors != null) {
+ for (final IAuthnRequestPostProcessor processor : authRequestPostProcessors) {
+ log.trace("Post-process AuthnRequest with module: {}", processor.getClass().getSimpleName());
+ processor.process(request, pendingReq, authReq, spSsoDescriptor);
+
+ }
+ }
+
log.debug("Extended AuthnRequest validation and processing finished");
// write revisionslog entry