diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml')
3 files changed, 123 insertions, 9 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java index dc60019a..d23affba 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java @@ -7,10 +7,13 @@ import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; +import org.opensaml.core.xml.XMLObject; import org.opensaml.messaging.decoder.MessageDecodingException; import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder; import com.google.common.base.Strings; + +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.codec.Base64Support; @@ -34,8 +37,6 @@ public class EaafHttpPostDecoder extends HTTPPostDecoder { encodedMessage = getLastParameterFromRequest(request, "SAMLResponse"); } - - if (Strings.isNullOrEmpty(encodedMessage)) { log.info("Request did not contain either a SAMLRequest or " + "SAMLResponse paramter. Invalid request for SAML 2 HTTP POST binding."); @@ -54,14 +55,27 @@ public class EaafHttpPostDecoder extends HTTPPostDecoder { } /** - * Always read the last parameter with this name from request to get a strict deterministic behavior. - * <br><br> - * <b><i>If more than one parameters with the same name exists, - * this method always select the last parameter value.</i></b> + * EAAF specific unmarshaller perform XML schema validation before unmarshalling + * the SAML message. + * + */ + @Override + protected XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException { + return Saml2Utils.unmarshallMessage(messageStream); + + } + + /** + * Always read the last parameter with this name from request to get a strict + * deterministic behavior. <br> + * <br> + * <b><i>If more than one parameters with the same name exists, this method + * always select the last parameter value.</i></b> * - * @param request Incoming http request + * @param request Incoming http request * @param paramName Name of the http parameter - * @return the last parameter value with this name, or <code>null</code> if the parameter not exists + * @return the last parameter value with this name, or <code>null</code> if the + * parameter not exists */ @Nullable private String getLastParameterFromRequest(@Nonnull HttpServletRequest request, @Nonnull String paramName) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java index e9140f26..16d73296 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java @@ -4,6 +4,7 @@ import java.io.InputStream; import javax.servlet.http.HttpServletRequest; +import org.opensaml.core.xml.XMLObject; import org.opensaml.messaging.context.MessageContext; import org.opensaml.messaging.decoder.MessageDecodingException; import org.opensaml.saml.common.SAMLObject; @@ -12,6 +13,8 @@ import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder; import com.google.common.base.Strings; + +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.net.URISupport; import net.shibboleth.utilities.java.support.primitive.StringSupport; @@ -58,7 +61,7 @@ public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder { throw new MessageDecodingException( "No SAMLRequest or SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message"); } - + final SAMLObject samlMessage = (SAMLObject) unmarshallMessage(samlMessageIns); messageContext.setMessage(samlMessage); log.debug("Decoded SAML message"); @@ -66,6 +69,18 @@ public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder { populateBindingContext(messageContext); setMessageContext(messageContext); + + } + + /** + * EAAF specific unmarshaller perform XML schema validation before unmarshalling + * the SAML message. + * + */ + @Override + protected XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException { + return Saml2Utils.unmarshallMessage(messageStream); + } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java new file mode 100644 index 00000000..2e45aea2 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java @@ -0,0 +1,85 @@ +package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; + +import net.shibboleth.utilities.java.support.resource.Resource; + +/** + * Adapter that connects a Spring {@link org.springframework.core.io.Resource} to a {@link Resource}. + * + * @author tlenz + * + */ +public class OpenSaml3ResourceAdapter implements Resource { + + private org.springframework.core.io.Resource internalResource; + + public OpenSaml3ResourceAdapter(org.springframework.core.io.Resource resource) { + this.internalResource = resource; + } + + @Override + public boolean exists() { + return internalResource.exists(); + } + + @Override + public boolean isReadable() { + return internalResource.isReadable(); + } + + @Override + public boolean isOpen() { + return internalResource.isOpen(); + } + + @Override + public URL getURL() throws IOException { + return internalResource.getURL(); + } + + @Override + public URI getURI() throws IOException { + return internalResource.getURI(); + } + + @Override + public File getFile() throws IOException { + return internalResource.getFile(); + } + + @Override + public InputStream getInputStream() throws IOException { + return internalResource.getInputStream(); + } + + @Override + public long contentLength() throws IOException { + return internalResource.contentLength(); + } + + @Override + public long lastModified() throws IOException { + return internalResource.lastModified(); + } + + @Override + public Resource createRelativeResource(String relativePath) throws IOException { + throw new IOException("This method is not supperted by this adapter"); + } + + @Override + public String getFilename() { + return internalResource.getFilename(); + } + + @Override + public String getDescription() { + return internalResource.getDescription(); + } + +} |