diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src/main')
2 files changed, 45 insertions, 30 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 1e42ac9c..2e30dcd9 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -44,6 +44,7 @@ import org.opensaml.xmlsec.signature.SignableXMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.Assert; import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; @@ -78,6 +79,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import lombok.Setter; public abstract class AbstractPvp2XProtocol extends AbstractController implements IModulInfo { private static final Logger log = LoggerFactory.getLogger(AbstractPvp2XProtocol.class); @@ -88,12 +90,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement @Autowired(required = true) protected IPvp2BasicConfiguration pvpBasicConfiguration; @Autowired(required = true) - protected IPvp2MetadataProvider metadataProvider; - @Autowired(required = true) protected SamlVerificationEngine samlVerificationEngine; @Autowired(required = false) protected List<IAuthnRequestPostProcessor> authRequestPostProcessors; + /** + * SAML2 metadata provider that should be used in this component. + */ + @Setter + protected IPvp2MetadataProvider metadataProvider; + private IPvp2CredentialProvider pvpIdpCredentials; /** @@ -124,7 +130,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement final StatusCode statusCode = Saml2Utils.createSamlObject(StatusCode.class); final StatusMessage statusMessage = Saml2Utils.createSamlObject(StatusMessage.class); - String moaError = null; + String internalErrorCode = null; if (e instanceof NoPassivAuthenticationException) { statusCode.setValue(StatusCode.NO_PASSIVE); @@ -144,30 +150,37 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement final String statusMessageValue = ex.getStatusMessageValue(); if (statusMessageValue != null) { statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); + } - moaError = statusMessager.mapInternalErrorToExternalError(ex.getErrorId()); + + internalErrorCode = ex.getErrorId(); } else { statusCode.setValue(StatusCode.RESPONDER); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); - moaError = statusMessager.getResponseErrorCode(e); + internalErrorCode = statusMessager.getResponseErrorCode(e); + } - if (StringUtils.isNotEmpty(moaError)) { - final StatusCode moaStatusCode = Saml2Utils.createSamlObject(StatusCode.class); - moaStatusCode.setValue(moaError); - statusCode.setStatusCode(moaStatusCode); + //set external sub-statusCode if one was selected + if (StringUtils.isNotEmpty(internalErrorCode)) { + final StatusCode externalStatusCode = Saml2Utils.createSamlObject(StatusCode.class); + externalStatusCode.setValue( + statusMessager.mapInternalErrorToExternalError(internalErrorCode)); + statusCode.setStatusCode(externalStatusCode); + } - status.setStatusCode(statusCode); + //set status-message if availabe if (statusMessage.getMessage() != null) { status.setStatusMessage(statusMessage); - } - samlResponse.setStatus(status); - final String remoteSessionID = Saml2Utils.getSecureIdentifier(); - samlResponse.setID(remoteSessionID); - + + } + status.setStatusCode(statusCode); + samlResponse.setStatus(status); + samlResponse.setID(Saml2Utils.getSecureIdentifier()); samlResponse.setIssueInstant(Instant.now()); + final Issuer nissuer = Saml2Utils.createSamlObject(Issuer.class); nissuer.setValue(pvpBasicConfiguration.getIdpEntityId(pvpRequest.getAuthUrl())); nissuer.setFormat(NameIDType.ENTITY); @@ -176,13 +189,13 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement IEncoder encoder = null; if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class); + encoder = applicationContext.getBean("PvpRedirectBinding", RedirectBinding.class); } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class); + encoder = applicationContext.getBean("PvpPostBinding", PostBinding.class); } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { - encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class); + encoder = applicationContext.getBean("PvpSoapBinding", SoapBinding.class); } if (encoder == null) { @@ -263,7 +276,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement pendingReq.getUniqueTransactionIdentifier()); } - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {e.getMessage()}); } catch (final Pvp2Exception e) { final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); @@ -337,7 +350,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement pendingReq.getUniqueTransactionIdentifier()); } - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {e.getMessage()}); } catch (final Pvp2Exception e) { final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); @@ -555,11 +568,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement @PostConstruct private void verifyInitialization() { - if (pvpIdpCredentials == null) { - log.error("No SAML2 credentialProvider injected!"); - throw new RuntimeException("No SAML2 credentialProvider injected!"); + Assert.notNull(metadataProvider, "No SAML2 MetadataProvider injected!"); + Assert.notNull(pvpIdpCredentials, "No SAML2 credentialProvider injected!"); - } } } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index 91e92d63..a3c6cb5d 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -36,6 +36,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; +import org.springframework.util.Assert; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAction; @@ -57,14 +58,13 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import lombok.Setter; @Service("PVPAuthenticationRequestAction") public class AuthenticationAction implements IAction { private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class); @Autowired(required = true) - private IPvp2MetadataProvider metadataProvider; - @Autowired(required = true) ApplicationContext springContext; @Autowired(required = true) IConfiguration authConfig; @@ -75,6 +75,12 @@ public class AuthenticationAction implements IAction { @Autowired(required = true) IRevisionLogger revisionsLogger; + /** + * SAML2 metadata provider that should be used in this component. + */ + @Setter + protected IPvp2MetadataProvider metadataProvider; + private IPvp2CredentialProvider pvpIdpCredentials; /** @@ -169,11 +175,9 @@ public class AuthenticationAction implements IAction { @PostConstruct private void verifyInitialization() { - if (pvpIdpCredentials == null) { - log.error("No SAML2 credentialProvider injected!"); - throw new RuntimeException("No SAML2 credentialProvider injected!"); + Assert.notNull(metadataProvider, "No SAML2 MetadataProvider injected!"); + Assert.notNull(pvpIdpCredentials, "No SAML2 credentialProvider injected!"); - } } } |