summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java (renamed from eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java)30
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java21
2 files changed, 41 insertions, 10 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java
index 90195f1d..b23c230e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java
@@ -21,15 +21,35 @@ package at.gv.egiz.eaaf.modules.pvp2.api.validation;
import javax.servlet.http.HttpServletRequest;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-public interface IAuthnRequestValidator {
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+/**
+ * SAML2 Authn. request post-processor.
+ *
+ * <p>
+ * Implementations of this interface are executed before user authentication starts.
+ * </p>
+ *
+ * @author tlenz
+ *
+ */
+public interface IAuthnRequestPostProcessor {
- void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq,
+ /**
+ * Authn. request post-processor
+ *
+ * @param httpReq http request
+ * @param pendingReq current pending request
+ * @param authReq received SAML2 authentication request
+ * @param spSsoDescriptor Metadata descriptor of the requested SP
+ * @throws AuthnRequestValidatorException In case of a validation error,
+ * if post processor implements additional validation
+ */
+ void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq,
SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index f38ed43b..f8a39b61 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -20,9 +20,11 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.impl;
import java.util.List;
+
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
@@ -38,7 +40,7 @@ import at.gv.egiz.eaaf.modules.pvp2.PvpEventConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
@@ -54,6 +56,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
@@ -84,8 +87,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
protected IPvpMetadataProvider metadataProvider;
@Autowired(required = true)
protected SamlVerificationEngine samlVerificationEngine;
- @Autowired(required = true)
- protected IAuthnRequestValidator authRequestValidator;
+ @Autowired(required = false)
+ protected List<IAuthnRequestPostProcessor> authRequestPostProcessors;
private AbstractCredentialProvider pvpIdpCredentials;
@@ -433,7 +436,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
* @param pendingReq current pending request
* @throws Throwable in case of an error
*/
- private void preProcessAuthRequest(final HttpServletRequest request,
+ protected void preProcessAuthRequest(final HttpServletRequest request,
final PvpSProfilePendingRequest pendingReq)
throws Throwable {
@@ -538,8 +541,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
// set protocol action, which should be executed after authentication
pendingReq.setAction(AuthenticationAction.class.getName());
+ // do post-processing if required
log.trace("Starting extended AuthnRequest validation and processing ... ");
- authRequestValidator.validate(request, pendingReq, authReq, spSsoDescriptor);
+ if (authRequestPostProcessors != null) {
+ for (final IAuthnRequestPostProcessor processor : authRequestPostProcessors) {
+ log.trace("Post-process AuthnRequest with module: {}", processor.getClass().getSimpleName());
+ processor.process(request, pendingReq, authReq, spSsoDescriptor);
+
+ }
+ }
+
log.debug("Extended AuthnRequest validation and processing finished");
// write revisionslog entry