aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java313
1 files changed, 158 insertions, 155 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java
index 84fbec0e8..c6946e509 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java
@@ -36,7 +36,6 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.joda.time.DateTime;
-import org.opensaml.Configuration;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnContextClassRef;
@@ -67,163 +66,167 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
import at.gv.egovernment.moa.util.MiscUtil;
-
/**
* Servlet implementation class Authenticate
*/
public class Authenticate extends HttpServlet {
- private static final long serialVersionUID = 1L;
-
- private static final Logger log = LoggerFactory
- .getLogger(Authenticate.class);
-
- private static DocumentBuilderFactory factory = null;
-
- static {
- initialDocumentBuilderFactory();
- }
-
- synchronized private static void initialDocumentBuilderFactory() {
- factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
-
- }
-
- public Document asDOMDocument(XMLObject object) throws IOException,
- MarshallingException, TransformerException, ParserConfigurationException {
- try {
- DocumentBuilder builder = null;
- synchronized (factory) {
- builder = factory.newDocumentBuilder();
-
- }
-
- Document document = builder.newDocument();
- Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
- object);
- out.marshall(object, document);
- return document;
-
- } catch (ParserConfigurationException e) {
- log.warn("PVP2 AuthenticationServlet can not be initialized.", e);
- throw e;
- }
-
- }
-
- protected void process(HttpServletRequest request,
- HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException {
- try {
-
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- config.initializePVP2Login();
-
- AuthnRequest authReq = SAML2Utils
- .createSAMLObject(AuthnRequest.class);
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- authReq.setID(gen.generateIdentifier());
-
- HttpSession session = request.getSession();
- if (session != null) {
- session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID());
- }
-
- authReq.setAssertionConsumerServiceIndex(0);
- authReq.setAttributeConsumingServiceIndex(0);
- authReq.setIssueInstant(new DateTime());
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
- NameID name = SAML2Utils.createSAMLObject(NameID.class);
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
- name.setValue(serviceURL);
- issuer.setValue(serviceURL);
-
- subject.setNameID(name);
- authReq.setSubject(subject);
- issuer.setFormat(NameIDType.ENTITY);
- authReq.setIssuer(issuer);
- NameIDPolicy policy = SAML2Utils
- .createSAMLObject(NameIDPolicy.class);
- policy.setAllowCreate(true);
- policy.setFormat(NameID.PERSISTENT);
- authReq.setNameIDPolicy(policy);
-
- String entityname = config.getPVP2IDPMetadataEntityName();
- if (MiscUtil.isEmpty(entityname)) {
- log.info("No IDP EntityName configurated");
- throw new ConfigurationException("No IDP EntityName configurated");
- }
-
- HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
- EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
- if (idpEntity == null) {
- log.info("IDP EntityName is not found in IDP Metadata");
- throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
- }
-
- SingleSignOnService redirectEndpoint = null;
- for (SingleSignOnService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-
- //Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- redirectEndpoint = sss;
- }
- }
-
- authReq.setDestination(redirectEndpoint.getLocation());
-
- RequestedAuthnContext reqAuthContext =
- SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
-
- AuthnContextClassRef authnClassRef =
- SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-
- authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
-
- reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
-
- reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
-
- authReq.setRequestedAuthnContext(reqAuthContext);
-
- //sign Message
- X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, config);
-
- //encode message
- PVP2Utils.postBindingEncoder(request,
- response,
- authReq,
- authcredential,
- redirectEndpoint.getLocation(),
- null);
-
- } catch (Exception e) {
- log.warn("Authentication Request can not be generated", e);
- throw new ServletException("Authentication Request can not be generated.", e);
- }
- }
-
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
-
- process(request, response, null);
- }
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- process(request, response, null);
- }
+ private static final long serialVersionUID = 1L;
+
+ private static final Logger log = LoggerFactory
+ .getLogger(Authenticate.class);
+
+ private static DocumentBuilderFactory factory = null;
+
+ static {
+ initialDocumentBuilderFactory();
+ }
+
+ synchronized private static void initialDocumentBuilderFactory() {
+ factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+
+ }
+
+ public Document asDOMDocument(XMLObject object) throws IOException,
+ MarshallingException, TransformerException, ParserConfigurationException {
+ try {
+ DocumentBuilder builder = null;
+ synchronized (factory) {
+ builder = factory.newDocumentBuilder();
+
+ }
+
+ final Document document = builder.newDocument();
+ final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+
+ } catch (final ParserConfigurationException e) {
+ log.warn("PVP2 AuthenticationServlet can not be initialized.", e);
+ throw e;
+ }
+
+ }
+
+ protected void process(HttpServletRequest request,
+ HttpServletResponse response, Map<String, String> legacyParameter) throws ServletException,
+ IOException {
+ try {
+
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+ config.initializePVP2Login();
+
+ final AuthnRequest authReq = SAML2Utils
+ .createSAMLObject(AuthnRequest.class);
+ final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ authReq.setID(gen.generateIdentifier());
+
+ final HttpSession session = request.getSession();
+ if (session != null) {
+ session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID());
+ }
+
+ authReq.setAssertionConsumerServiceIndex(0);
+ authReq.setAttributeConsumingServiceIndex(0);
+ authReq.setIssueInstant(new DateTime());
+ final Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ final NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+
+ subject.setNameID(name);
+ authReq.setSubject(subject);
+ issuer.setFormat(NameIDType.ENTITY);
+ authReq.setIssuer(issuer);
+ final NameIDPolicy policy = SAML2Utils
+ .createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameIDType.PERSISTENT);
+ authReq.setNameIDPolicy(policy);
+
+ final String entityname = config.getPVP2IDPMetadataEntityName();
+ if (MiscUtil.isEmpty(entityname)) {
+ log.info("No IDP EntityName configurated");
+ throw new ConfigurationException("No IDP EntityName configurated");
+ }
+
+ final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
+ final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
+ if (idpEntity == null) {
+ log.info("IDP EntityName is not found in IDP Metadata");
+ throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
+ }
+
+ SingleSignOnService redirectEndpoint = null;
+ for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)
+ .getSingleSignOnServices()) {
+
+ // Get the service address for the binding you wish to use
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ redirectEndpoint = sss;
+ }
+ }
+
+ authReq.setDestination(redirectEndpoint.getLocation());
+
+ final RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+
+ final AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+
+ authReq.setRequestedAuthnContext(reqAuthContext);
+
+ // sign Message
+ final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq,
+ config);
+
+ // encode message
+ PVP2Utils.postBindingEncoder(request,
+ response,
+ authReq,
+ authcredential,
+ redirectEndpoint.getLocation(),
+ null);
+
+ } catch (final Exception e) {
+ log.warn("Authentication Request can not be generated", e);
+ throw new ServletException("Authentication Request can not be generated.", e);
+ }
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ process(request, response, null);
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ process(request, response, null);
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 08:00:17 +0000