aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java443
1 files changed, 226 insertions, 217 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
index 274aa21bf..ac9d65cbf 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
@@ -77,221 +77,230 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
public class SLOFrontChannelServlet extends SLOBasicServlet {
- private static final long serialVersionUID = -6280199681356977759L;
- private static final Logger log = LoggerFactory
- .getLogger(SLOFrontChannelServlet.class);
-
- /**
- * @throws ConfigurationException
- */
- public SLOFrontChannelServlet() throws ConfigurationException {
- super();
- }
-
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- try {
- if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) {
- //process user initiated single logout process
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
-
- if (authUserObj == null) {
- log.warn("No user information found. Single Log-Out not possible");
- buildErrorMessage(request, response);
-
- }
-
- AuthenticatedUser authUser = (AuthenticatedUser) authUserObj;
-
- String nameIDFormat = authUser.getNameIDFormat();
- String nameID = authUser.getNameID();
-
- //remove user
- AuthenticationManager authManager = AuthenticationManager.getInstance();
- authManager.removeActiveUser(authUser);
-
- if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) {
- log.warn("No user information found. Single Log-Out not possible");
- buildErrorMessage(request, response);
-
- } else
- log.info("Fount user information for user nameID: " + nameID
- + " , nameIDFormat: " + nameIDFormat
- + ". Build Single Log-Out request ...");
-
- //build SLO request to IDP
- LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request);
-
- request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID());
-
- //send message
- sendMessage(request, response, sloReq, null);
-
- } else {
- //process PVP 2.1 single logout process
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
- messageContext.setMetadataProvider(getConfig().getMetaDataProvier());
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- PVP2Utils.getTrustEngine(getConfig()));
- SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signatureRule);
- policy.getPolicyRules().add(signedRole);
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setSecurityPolicyResolver(resolver);
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- decode.decode(messageContext);
-
- signatureRule.evaluate(messageContext);
-
-
- processMessage(request, response,
- messageContext.getInboundMessage(), messageContext.getRelayState());
-
- }
-
- } catch (SLOException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (ConfigurationException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (PVP2Exception e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (SecurityPolicyException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (MessageDecodingException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (SecurityException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (NoSuchAlgorithmException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- }
- }
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- try {
- HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
- messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
- decode.decode(messageContext);
-
- PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig());
-
- processMessage(request, response,
- messageContext.getInboundMessage(), messageContext.getRelayState());
-
-
- } catch (MessageDecodingException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (SecurityException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (ValidationException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (ConfigurationException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (PVP2Exception e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (NoSuchAlgorithmException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- }
- }
-
- private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) {
-
- request.getSession().setAttribute(Constants.SESSION_SLOERROR,
- LanguageHelper.getErrorString("webpages.slo.error", request));
-
- //check response destination
- String serviceURL = getConfig().getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
-
- String redirectURL = serviceURL + Constants.SERVLET_LOGOUT;
- redirectURL = response.encodeRedirectURL(redirectURL);
- response.setContentType("text/html");
- response.setStatus(302);
- response.addHeader("Location", redirectURL);
- }
-
- private void processMessage(HttpServletRequest request, HttpServletResponse response,
- XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception, NoSuchAlgorithmException {
- if (xmlObject instanceof LogoutRequest) {
- LogoutResponse sloResp =
- processLogOutRequest((LogoutRequest) xmlObject, request);
- sendMessage(request, response, sloResp, relayState);
-
- } else if (xmlObject instanceof LogoutResponse) {
- LogoutResponse sloResp = (LogoutResponse) xmlObject;
-
- String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID);
- request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null);
- validateLogOutResponse(sloResp, reqID, request, response);
-
- }
- }
-
- private void sendMessage(HttpServletRequest request, HttpServletResponse response,
- RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception {
- SingleLogoutService sloService = findIDPFrontChannelSLOService();
- sloReq.setDestination(sloService.getLocation());
- sendMessage(request, response, sloReq, sloService, relayState);
- }
-
- private void sendMessage(HttpServletRequest request, HttpServletResponse response,
- StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception {
- SingleLogoutService sloService = findIDPFrontChannelSLOService();
- sloReq.setDestination(sloService.getLocation());
- sendMessage(request, response, sloReq, sloService, relayState);
- }
-
- private void sendMessage(HttpServletRequest request, HttpServletResponse response,
- SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState) throws ConfigurationException, PVP2Exception {
- X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq, getConfig());
- if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))
- PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState);
-
- else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI))
- PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState);
- }
-
+ private static final long serialVersionUID = -6280199681356977759L;
+ private static final Logger log = LoggerFactory
+ .getLogger(SLOFrontChannelServlet.class);
+
+ /**
+ * @throws ConfigurationException
+ */
+ public SLOFrontChannelServlet() throws ConfigurationException {
+ super();
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+ if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) {
+ // process user initiated single logout process
+ final Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+
+ if (authUserObj == null) {
+ log.warn("No user information found. Single Log-Out not possible");
+ buildErrorMessage(request, response);
+
+ }
+
+ final AuthenticatedUser authUser = (AuthenticatedUser) authUserObj;
+
+ final String nameIDFormat = authUser.getNameIDFormat();
+ final String nameID = authUser.getNameID();
+
+ // remove user
+ final AuthenticationManager authManager = AuthenticationManager.getInstance();
+ authManager.removeActiveUser(authUser);
+
+ if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) {
+ log.warn("No user information found. Single Log-Out not possible");
+ buildErrorMessage(request, response);
+
+ } else {
+ log.info("Fount user information for user nameID: " + nameID
+ + " , nameIDFormat: " + nameIDFormat
+ + ". Build Single Log-Out request ...");
+ }
+
+ // build SLO request to IDP
+ final LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request);
+
+ request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID());
+
+ // send message
+ sendMessage(request, response, sloReq, null);
+
+ } else {
+ // process PVP 2.1 single logout process
+ final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
+ new BasicParserPool());
+ final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
+ messageContext.setMetadataProvider(getConfig().getMetaDataProvier());
+
+ final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ PVP2Utils.getTrustEngine(getConfig()));
+ final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
+ final BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ policy.getPolicyRules().add(signedRole);
+ final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setSecurityPolicyResolver(resolver);
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ decode.decode(messageContext);
+
+ signatureRule.evaluate(messageContext);
+
+ processMessage(request, response,
+ messageContext.getInboundMessage(), messageContext.getRelayState());
+
+ }
+
+ } catch (final SLOException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final ConfigurationException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final PVP2Exception e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final SecurityPolicyException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final MessageDecodingException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final SecurityException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final NoSuchAlgorithmException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ }
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+ final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ final BasicSAMLMessageContext<Response, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
+ decode.decode(messageContext);
+
+ PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig());
+
+ processMessage(request, response,
+ messageContext.getInboundMessage(), messageContext.getRelayState());
+
+ } catch (final MessageDecodingException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final SecurityException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final ValidationException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final ConfigurationException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final PVP2Exception e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final NoSuchAlgorithmException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ }
+ }
+
+ private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) {
+
+ request.getSession().setAttribute(Constants.SESSION_SLOERROR,
+ LanguageHelper.getErrorString("webpages.slo.error", request));
+
+ // check response destination
+ String serviceURL = getConfig().getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+
+ String redirectURL = serviceURL + Constants.SERVLET_LOGOUT;
+ redirectURL = response.encodeRedirectURL(redirectURL);
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", redirectURL);
+ }
+
+ private void processMessage(HttpServletRequest request, HttpServletResponse response,
+ XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception,
+ NoSuchAlgorithmException {
+ if (xmlObject instanceof LogoutRequest) {
+ final LogoutResponse sloResp =
+ processLogOutRequest((LogoutRequest) xmlObject, request);
+ sendMessage(request, response, sloResp, relayState);
+
+ } else if (xmlObject instanceof LogoutResponse) {
+ final LogoutResponse sloResp = (LogoutResponse) xmlObject;
+
+ final String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID);
+ request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null);
+ validateLogOutResponse(sloResp, reqID, request, response);
+
+ }
+ }
+
+ private void sendMessage(HttpServletRequest request, HttpServletResponse response,
+ RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception {
+ final SingleLogoutService sloService = findIDPFrontChannelSLOService();
+ sloReq.setDestination(sloService.getLocation());
+ sendMessage(request, response, sloReq, sloService, relayState);
+ }
+
+ private void sendMessage(HttpServletRequest request, HttpServletResponse response,
+ StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception {
+ final SingleLogoutService sloService = findIDPFrontChannelSLOService();
+ sloReq.setDestination(sloService.getLocation());
+ sendMessage(request, response, sloReq, sloService, relayState);
+ }
+
+ private void sendMessage(HttpServletRequest request, HttpServletResponse response,
+ SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState)
+ throws ConfigurationException, PVP2Exception {
+ final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq,
+ getConfig());
+ if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(),
+ relayState);
+ } else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(),
+ relayState);
+ }
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 00:45:18 +0000