diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2019-12-12 14:34:01 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2019-12-12 14:34:01 +0100 |
commit | a2ee5133c2593b8f0e4e1a8e929d83bbd26c60ca (patch) | |
tree | 0d0f9bc420221b70b1eeab31ed29c4cb6c6240c0 /eaaf_modules/eaaf_module_pvp2_idp | |
parent | 8fb857388f087643480d755f112175cdcb335cca (diff) | |
download | EAAF-Components-a2ee5133c2593b8f0e4e1a8e929d83bbd26c60ca.tar.gz EAAF-Components-a2ee5133c2593b8f0e4e1a8e929d83bbd26c60ca.tar.bz2 EAAF-Components-a2ee5133c2593b8f0e4e1a8e929d83bbd26c60ca.zip |
refactor PVP2 IDP to allow generic post-processing of SAML2 AuthnRequests
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp')
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index f38ed43b..f8a39b61 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -20,9 +20,11 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl; import java.util.List; + import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; @@ -38,7 +40,7 @@ import at.gv.egiz.eaaf.modules.pvp2.PvpEventConstants; import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException; import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException; import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; @@ -54,6 +56,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; + import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; @@ -84,8 +87,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement protected IPvpMetadataProvider metadataProvider; @Autowired(required = true) protected SamlVerificationEngine samlVerificationEngine; - @Autowired(required = true) - protected IAuthnRequestValidator authRequestValidator; + @Autowired(required = false) + protected List<IAuthnRequestPostProcessor> authRequestPostProcessors; private AbstractCredentialProvider pvpIdpCredentials; @@ -433,7 +436,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement * @param pendingReq current pending request * @throws Throwable in case of an error */ - private void preProcessAuthRequest(final HttpServletRequest request, + protected void preProcessAuthRequest(final HttpServletRequest request, final PvpSProfilePendingRequest pendingReq) throws Throwable { @@ -538,8 +541,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement // set protocol action, which should be executed after authentication pendingReq.setAction(AuthenticationAction.class.getName()); + // do post-processing if required log.trace("Starting extended AuthnRequest validation and processing ... "); - authRequestValidator.validate(request, pendingReq, authReq, spSsoDescriptor); + if (authRequestPostProcessors != null) { + for (final IAuthnRequestPostProcessor processor : authRequestPostProcessors) { + log.trace("Post-process AuthnRequest with module: {}", processor.getClass().getSimpleName()); + processor.process(request, pendingReq, authReq, spSsoDescriptor); + + } + } + log.debug("Extended AuthnRequest validation and processing finished"); // write revisionslog entry |