From a2ee5133c2593b8f0e4e1a8e929d83bbd26c60ca Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 12 Dec 2019 14:34:01 +0100 Subject: refactor PVP2 IDP to allow generic post-processing of SAML2 AuthnRequests --- .../pvp2/idp/impl/AbstractPvp2XProtocol.java | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src') diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index f38ed43b..f8a39b61 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -20,9 +20,11 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl; import java.util.List; + import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; @@ -38,7 +40,7 @@ import at.gv.egiz.eaaf.modules.pvp2.PvpEventConstants; import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException; import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException; import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; @@ -54,6 +56,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; + import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; @@ -84,8 +87,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement protected IPvpMetadataProvider metadataProvider; @Autowired(required = true) protected SamlVerificationEngine samlVerificationEngine; - @Autowired(required = true) - protected IAuthnRequestValidator authRequestValidator; + @Autowired(required = false) + protected List authRequestPostProcessors; private AbstractCredentialProvider pvpIdpCredentials; @@ -433,7 +436,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement * @param pendingReq current pending request * @throws Throwable in case of an error */ - private void preProcessAuthRequest(final HttpServletRequest request, + protected void preProcessAuthRequest(final HttpServletRequest request, final PvpSProfilePendingRequest pendingReq) throws Throwable { @@ -538,8 +541,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement // set protocol action, which should be executed after authentication pendingReq.setAction(AuthenticationAction.class.getName()); + // do post-processing if required log.trace("Starting extended AuthnRequest validation and processing ... "); - authRequestValidator.validate(request, pendingReq, authReq, spSsoDescriptor); + if (authRequestPostProcessors != null) { + for (final IAuthnRequestPostProcessor processor : authRequestPostProcessors) { + log.trace("Post-process AuthnRequest with module: {}", processor.getClass().getSimpleName()); + processor.process(request, pendingReq, authReq, spSsoDescriptor); + + } + } + log.debug("Extended AuthnRequest validation and processing finished"); // write revisionslog entry -- cgit v1.2.3