diff options
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java')
| -rw-r--r-- | id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java | 239 |
1 files changed, 135 insertions, 104 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 6573270e4..37d66d29b 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -22,37 +22,52 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.saml1; +import java.io.IOException; import java.util.Arrays; -import java.util.HashMap; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; -public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { +/** + * SAML1 authentication protocol implementation + * + * @deprecated + * @author tlenz + * + */ + +@Controller +public class SAML1Protocol extends AbstractAuthProtocolModulController { + @Autowired private SAML1AuthenticationServer saml1AuthServer; + + public static final String REQ_DATA_SOURCEID = "saml1_sourceID"; + public static final String REQ_DATA_TARGET = "saml1_target"; + public static final String NAME = SAML1Protocol.class.getName(); public static final String PATH = "id_saml1"; @@ -72,24 +87,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { PVPConstants.EID_SOURCE_PIN_TYPE_NAME }); - private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); - - static { - - actions.put(GETARTIFACT, new GetArtifactAction()); - - instance = new SAML1Protocol(); - } - - private static SAML1Protocol instance = null; - - public static SAML1Protocol getInstance() { - if (instance == null) { - instance = new SAML1Protocol(); - } - return instance; - } - public String getName() { return NAME; } @@ -98,92 +95,135 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { return PATH; } - public IRequest preProcess(HttpServletRequest request, - HttpServletResponse response, String action, - String sessionId, String transactionId) throws MOAIDException { - SAML1RequestImpl config = new SAML1RequestImpl(request); - + + @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) + public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { Logger.info("SAML1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); } - - String oaURL = (String) request.getParameter(PARAM_OA); - //oaURL = StringEscapeUtils.escapeHtml(oaURL); - String target = (String) request.getParameter(PARAM_TARGET); - target = StringEscapeUtils.escapeHtml(target); - - String sourceID = request.getParameter(PARAM_SOURCEID); - sourceID = StringEscapeUtils.escapeHtml(sourceID); - - //the target parameter is used to define the OA in SAML1 standard - if (target != null && target.startsWith("http")) { - oaURL = target; - target = null; - } + SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class); + pendingReq.initialize(req); + pendingReq.setModule(NAME); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); - if (MiscUtil.isEmpty(oaURL)) { - Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.12"); + //preProcess SAML1 Request + preProcess(req, resp, pendingReq); - } - - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.12"); - - config.setOAURL(oaURL); - - Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); - - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); - - - //load Target only from OA config - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaURL); - - if (oaParam == null) - throw new InvalidProtocolRequestException("auth.00", - new Object[] { null }); + performAuthentication(req, resp, pendingReq); + return; - SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter(); - if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) { - Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication."); - throw new InvalidProtocolRequestException("auth.00", - new Object[] { null }); - } - config.setOnlineApplicationConfiguration(oaParam); - config.setSourceID(sourceID); - - MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); - - if (MiscUtil.isNotEmpty(target)) - config.setTarget(target); - - else - config.setTarget(oaParam.getTarget()); + } + + + public void preProcess(HttpServletRequest request, + HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { + try { + String oaURL = (String) request.getParameter(PARAM_OA); + //oaURL = StringEscapeUtils.escapeHtml(oaURL); + + String target = (String) request.getParameter(PARAM_TARGET); + target = StringEscapeUtils.escapeHtml(target); + + String sourceID = request.getParameter(PARAM_SOURCEID); + sourceID = StringEscapeUtils.escapeHtml(sourceID); + + //the target parameter is used to define the OA in SAML1 standard + if (target != null && target.startsWith("http")) { + oaURL = target; + target = null; + } + + if (MiscUtil.isEmpty(oaURL)) { + Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + + } + + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + + pendingRequest.setOAURL(oaURL); + + Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); + + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + + + //load Target only from OA config + IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new InvalidProtocolRequestException("auth.00", + new Object[] { null }); + + SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter(); + if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) { + Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication."); + throw new InvalidProtocolRequestException("auth.00", + new Object[] { null }); + } + pendingRequest.setOnlineApplicationConfiguration(oaParam); + + //check and set SourceID + if (oaParam.getSAML1Parameter() != null && + MiscUtil.isNotEmpty(oaParam.getSAML1Parameter().getSourceID())) { + pendingRequest.setSourceID(oaParam.getSAML1Parameter().getSourceID()); + + } else + pendingRequest.setSourceID(sourceID); + + revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); + + if (MiscUtil.isNotEmpty(target)) { + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); + pendingRequest.setTarget(target); - return config; + } + else { + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget()); + pendingRequest.setTarget(oaParam.getTarget()); + + } + + //AuthnRequest needs authentication + pendingRequest.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + pendingRequest.setAction(GetArtifactAction.class.getName()); + + } catch (WrongParametersException e) { + throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters()); + + } catch (InvalidProtocolRequestException e) { + throw e; + + } + } public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); - if (!oa.getSAML1Parameter().isProvideAllErrors()) + if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors()) return false; - else { - SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); - String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); + else { + String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest); String url = protocolRequest.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); @@ -199,15 +239,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { } } - public IAction getAction(String action) { - return actions.get(action); - } - - public IAction canHandleRequest(HttpServletRequest request, - HttpServletResponse response) { - return null; - } - public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { |