package at.gv.egovernment.moa.id.protocols.saml1; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; public class GetArtifactServlet extends AuthServlet { /** * */ private static final long serialVersionUID = 3593264832041467899L; /** * Constructor for GetArtifactServlet. */ public GetArtifactServlet() { super(); } @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { HttpSession httpSession = req.getSession(); AuthenticationManager authmanager = AuthenticationManager.getInstance(); AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); String oaURL = (String) req.getAttribute(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); String target = (String) req.getAttribute(PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); try { // check parameter if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (oaURL == null) { oaURL = session.getOAURLRequested(); } if (oaURL == null) { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); } String samlArtifactBase64 = SAML1AuthenticationServer .BuildSAMLArtifact(session); String redirectURL = oaURL; session.getOAURLRequested(); if (!session.getBusinessService()) { redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = resp.encodeRedirectURL(redirectURL); resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); // CONFIRMATION FOR SSO! /* * OAAuthParameter oaParam = * AuthConfigurationProvider.getInstance(). * getOnlineApplicationParameter(oaURL); * * String friendlyName = oaParam.getFriendlyName(); if(friendlyName * == null) { friendlyName = oaURL; } * * * LoginConfirmationBuilder builder = new * LoginConfirmationBuilder(); * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); * String form = builder.finish(oaURL, session.getIdentityLink() * .getName(), friendlyName); */ /* resp.setContentType("text/html"); OutputStream out = resp.getOutputStream(); out.write(form.getBytes("UTF-8")); out.flush(); out.close();*/ } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } catch (ConfigurationException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (BuildException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (AuthenticationException e) { // TODO Auto-generated catch block e.printStackTrace(); } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } }