Package org.gatein.sso.saml.plugin.valve
Class AbstractSPFormAuthenticator
- java.lang.Object
-
- org.apache.catalina.util.LifecycleBase
-
- org.apache.catalina.util.LifecycleMBeanBase
-
- org.apache.catalina.valves.ValveBase
-
- org.apache.catalina.authenticator.AuthenticatorBase
-
- org.apache.catalina.authenticator.FormAuthenticator
-
- org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator
-
- org.gatein.sso.saml.plugin.valve.AbstractSPFormAuthenticator
-
- All Implemented Interfaces:
MBeanRegistration,javax.security.auth.message.config.RegistrationListener,org.apache.catalina.Authenticator,org.apache.catalina.Contained,org.apache.catalina.JmxEnabled,org.apache.catalina.Lifecycle,org.apache.catalina.Valve
- Direct Known Subclasses:
AbstractSAML11SPRedirectFormAuthenticator,ServiceProviderAuthenticator
public abstract class AbstractSPFormAuthenticator extends BaseFormAuthenticator
Abstract class to be extended by Service Provider valves to handle SAML requests and responses. forked from org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator and made compatible with Tomcat 8.5 since picketlink doesn't provide such a support
-
-
Field Summary
Fields Modifier and Type Field Description protected booleanjbossEnv-
Fields inherited from class org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator
auditHelper, canonicalizationMethod, chain, chainConfigOptions, chainLock, configFile, configProvider, enableAudit, identityURL, idpAddress, idpCertificate, issuerID, keyManager, logger, picketLinkConfiguration, samlHandlerChainClass, saveRestoreRequest, serviceURL, spConfiguration, timer, timerInterval
-
Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator
characterEncoding, landingPage
-
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso
-
Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next
-
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
-
-
Constructor Summary
Constructors Constructor Description AbstractSPFormAuthenticator()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description booleanauthenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)Authenticate the requestprotected booleandoAuthenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)protected StringgetBinding()Return the SAML Binding that this authenticator supportsorg.apache.catalina.ContextgetContext()protected abstract StringgetContextPath()Subclasses need to return the context path based on the capability of their servlet apiprotected PrincipalgetGenericPrincipal(org.apache.catalina.connector.Request request, String username, List<String> roles)protected voidinitKeyProvider(org.apache.catalina.Context context)Initialize the KeyProvider configurations.protected booleanisHttpPostBinding()Indicates if the SP is configure with HTTP POST Binding.protected booleanisPOSTBindingResponse()booleanrestoreRequest(org.apache.catalina.connector.Request request, org.apache.catalina.Session session)protected voidsendHttpPostBindingRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest)Sends a HTTP POST request to the IDP.protected voidsendHttpRedirectRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature)Sends a HTTP Redirect request to the IDP.protected voidsendRequestToIDP(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature)Send the request to the IDP.protected voidstartPicketLink()-
Methods inherited from class org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator
doSupportSignature, getConfigFile, getConfiguration, getIdentityURL, getIdpCertificate, getIDPSSODescriptor, handleMetadata, handleMetadata, initializeHandlerChain, localAuthentication, populateChainConfig, processConfiguration, processIDPMetadataFile, sendToLogoutPage, setAuditHelper, setConfigFile, setConfigProvider, setConfigProvider, setIdpAddress, setIssuerID, setLogOutPage, setSamlHandlerChainClass, setSaveRestoreRequest, setServiceURL, setTimerInterval, testStart, validate
-
Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator
forwardToErrorPage, forwardToLoginPage, getAuthMethod, getCharacterEncoding, getLandingPage, isContinuationRequired, matchRequest, register, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage
-
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
allowCorsPreflightBypass, associate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getRequestCertificates, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal
-
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString
-
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
-
-
-
-
Method Detail
-
startPicketLink
protected void startPicketLink() throws org.apache.catalina.LifecycleException- Overrides:
startPicketLinkin classBaseFormAuthenticator- Throws:
org.apache.catalina.LifecycleException
-
sendRequestToIDP
protected void sendRequestToIDP(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature) throws org.picketlink.common.exceptions.ProcessingException, org.picketlink.common.exceptions.ConfigurationException, IOException
Send the request to the IDP. Subclasses should override this method to implement how requests must be sent to the IDP.
- Parameters:
destination- idp urlsamlDocument- request or response documentrelayState- used in SAML Workflowresponse- Apache Catalina HTTP Responserequest- Apache Catalina HTTP RequestwillSendRequest- are we sending Request or Response to IDPdestinationQueryStringWithSignature- used only with Redirect binding and with signature enabled.- Throws:
org.picketlink.common.exceptions.ProcessingException- Exception to indicate a server processing errororg.picketlink.common.exceptions.ConfigurationException- Exception indicating an issue with the configurationIOException- I/O exception
-
sendHttpRedirectRequest
protected void sendHttpRedirectRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature) throws IOException, org.picketlink.common.exceptions.ProcessingException, org.picketlink.common.exceptions.ConfigurationException
Sends a HTTP Redirect request to the IDP.
- Parameters:
destination- idp urlsamlDocument- SAML request documentrelayState- used in SAML Workflowresponse- Apache Catalina HTTP ResponsewillSendRequest- are we sending Request or Response to IDPdestinationQueryStringWithSignature- used only with Redirect binding and with signature enabled.- Throws:
IOException- I/O exceptionUnsupportedEncodingException- when decoding SAML Messageorg.picketlink.common.exceptions.ConfigurationException- Exception indicating an issue with the configurationorg.picketlink.common.exceptions.ProcessingException- Exception to indicate a server processing error
-
sendHttpPostBindingRequest
protected void sendHttpPostBindingRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest) throws org.picketlink.common.exceptions.ProcessingException, IOException, org.picketlink.common.exceptions.ConfigurationException
Sends a HTTP POST request to the IDP.
- Parameters:
destination- idp urlsamlDocument- request or response documentrelayState- used in SAML Workflowresponse- Apache Catalina HTTP ResponsewillSendRequest- are we sending Request or Response to IDP- Throws:
org.picketlink.common.exceptions.ProcessingException- Exception to indicate a server processing errororg.picketlink.common.exceptions.ConfigurationException- Exception indicating an issue with the configurationIOException- I/O exception
-
initKeyProvider
protected void initKeyProvider(org.apache.catalina.Context context) throws org.apache.catalina.LifecycleExceptionInitialize the KeyProvider configurations. This configurations are to be used during signing and validation of SAML assertions.
- Specified by:
initKeyProviderin classBaseFormAuthenticator- Parameters:
context- Apache Catalina Context- Throws:
org.apache.catalina.LifecycleException- any exception occurred while processing key provider
-
doAuthenticate
protected boolean doAuthenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response) throws IOException- Overrides:
doAuthenticatein classorg.apache.catalina.authenticator.FormAuthenticator- Throws:
IOException
-
authenticate
public boolean authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response) throws IOExceptionAuthenticate the request- Specified by:
authenticatein interfaceorg.apache.catalina.Authenticator- Overrides:
authenticatein classorg.apache.catalina.authenticator.AuthenticatorBase- Parameters:
request- Apache Catalina Requestresponse- Apache Catalina Response- Returns:
- true if authenticated, else false
- Throws:
IOException- any I/O exception
-
isPOSTBindingResponse
protected boolean isPOSTBindingResponse()
-
getBinding
protected String getBinding()
Description copied from class:BaseFormAuthenticatorReturn the SAML Binding that this authenticator supports- Specified by:
getBindingin classBaseFormAuthenticator- Returns:
- supported SAML Binding
-
isHttpPostBinding
protected boolean isHttpPostBinding()
Indicates if the SP is configure with HTTP POST Binding.
- Returns:
- true if post binding
-
getContext
public org.apache.catalina.Context getContext()
-
restoreRequest
public boolean restoreRequest(org.apache.catalina.connector.Request request, org.apache.catalina.Session session) throws IOException- Overrides:
restoreRequestin classorg.apache.catalina.authenticator.FormAuthenticator- Throws:
IOException
-
getContextPath
protected abstract String getContextPath()
Subclasses need to return the context path based on the capability of their servlet api- Returns:
- Servlet Context Path
-
-