refactor PVP2 IDP to allow generic post-processing of SAML2 AuthnRequests

1 files changed, 16 insertions, 5 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index f38ed43b..f8a39b61 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -20,9 +20,11 @@
 package at.gv.egiz.eaaf.modules.pvp2.idp.impl;
 
 import java.util.List;
+
 import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
 import at.gv.egiz.components.eventlog.api.EventConstants;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
@@ -38,7 +40,7 @@ import at.gv.egiz.eaaf.modules.pvp2.PvpEventConstants;
 import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
 import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
 import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
 import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException;
 import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException;
 import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
@@ -54,6 +56,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
 import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
 import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
@@ -84,8 +87,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
   protected IPvpMetadataProvider metadataProvider;
   @Autowired(required = true)
   protected SamlVerificationEngine samlVerificationEngine;
-  @Autowired(required = true)
-  protected IAuthnRequestValidator authRequestValidator;
+  @Autowired(required = false)
+  protected List<IAuthnRequestPostProcessor> authRequestPostProcessors;
 
   private AbstractCredentialProvider pvpIdpCredentials;
 
@@ -433,7 +436,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
    * @param pendingReq current pending request
    * @throws Throwable in case of an error
    */
-  private void preProcessAuthRequest(final HttpServletRequest request,
+  protected void preProcessAuthRequest(final HttpServletRequest request,
       final PvpSProfilePendingRequest pendingReq)
       throws Throwable {
 
@@ -538,8 +541,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
     // set protocol action, which should be executed after authentication
     pendingReq.setAction(AuthenticationAction.class.getName());
 
+    // do post-processing if required
     log.trace("Starting extended AuthnRequest validation and processing ... ");
-    authRequestValidator.validate(request, pendingReq, authReq, spSsoDescriptor);
+    if (authRequestPostProcessors != null) {
+      for (final IAuthnRequestPostProcessor processor : authRequestPostProcessors) {
+        log.trace("Post-process AuthnRequest with module: {}", processor.getClass().getSimpleName());
+        processor.process(request, pendingReq, authReq, spSsoDescriptor);
+
+      }
+    }
+
     log.debug("Extended AuthnRequest validation and processing finished");
 
     // write revisionslog entry