Package org.gatein.sso.saml.plugin.valve

Class AbstractSPFormAuthenticator

java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.FormAuthenticator
org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator
org.gatein.sso.saml.plugin.valve.AbstractSPFormAuthenticator
All Implemented Interfaces:
MBeanRegistration, javax.security.auth.message.config.RegistrationListener, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.JmxEnabled, org.apache.catalina.Lifecycle, org.apache.catalina.Valve
Direct Known Subclasses:
AbstractSAML11SPRedirectFormAuthenticator, ServiceProviderAuthenticator
public abstract class AbstractSPFormAuthenticator extends BaseFormAuthenticator
Abstract class to be extended by Service Provider valves to handle SAML requests and responses. forked from org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator and made compatible with Tomcat 8.5 since picketlink doesn't provide such a support

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

    org.apache.catalina.authenticator.AuthenticatorBase.AllowCorsPreflight

    Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

    org.apache.catalina.Lifecycle.SingleUse

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected boolean
    jbossEnv
     

    Fields inherited from class org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator

    auditHelper, canonicalizationMethod, chain, chainConfigOptions, chainLock, configFile, configProvider, enableAudit, identityURL, idpAddress, idpCertificate, issuerID, keyManager, logger, picketLinkConfiguration, samlHandlerChainClass, saveRestoreRequest, serviceURL, spConfiguration, timer, timerInterval

    Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator

    characterEncoding, landingPage

    Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

    alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso

    Fields inherited from class org.apache.catalina.valves.ValveBase

    asyncSupported, container, containerLog, next

    Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

    mserver

    Fields inherited from interface org.apache.catalina.Lifecycle

    AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractSPFormAuthenticator()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)
    Authenticate the request
    protected boolean
    doAuthenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)
     
    protected String
    getBinding()
    Return the SAML Binding that this authenticator supports
    org.apache.catalina.Context
    getContext()
     
    protected abstract String
    getContextPath()
    Subclasses need to return the context path based on the capability of their servlet api
    protected Principal
    getGenericPrincipal(org.apache.catalina.connector.Request request, String username, List<String> roles)
     
    protected void
    initKeyProvider(org.apache.catalina.Context context)
    Initialize the KeyProvider configurations.
    protected boolean
    isHttpPostBinding()
    Indicates if the SP is configure with HTTP POST Binding.
    protected boolean
    isPOSTBindingResponse()
     
    boolean
    restoreRequest(org.apache.catalina.connector.Request request, org.apache.catalina.Session session)
     
    protected void
    sendHttpPostBindingRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest)
    Sends a HTTP POST request to the IDP.
    protected void
    sendHttpRedirectRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature)
    Sends a HTTP Redirect request to the IDP.
    protected void
    sendRequestToIDP(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature)
    Send the request to the IDP.
    protected void
    startPicketLink()
     

    Methods inherited from class org.gatein.sso.saml.plugin.valve.BaseFormAuthenticator

    doSupportSignature, getConfigFile, getConfiguration, getIdentityURL, getIdpCertificate, getIDPSSODescriptor, handleMetadata, handleMetadata, initializeHandlerChain, localAuthentication, populateChainConfig, processConfiguration, processIDPMetadataFile, sendToLogoutPage, setAuditHelper, setConfigFile, setConfigProvider, setConfigProvider, setIdpAddress, setIssuerID, setLogOutPage, setSamlHandlerChainClass, setSaveRestoreRequest, setServiceURL, setTimerInterval, testStart, validate

    Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator

    forwardToErrorPage, forwardToLoginPage, getAuthMethod, getCharacterEncoding, getLandingPage, isContinuationRequired, matchRequest, register, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage

    Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

    allowCorsPreflightBypass, associate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isPreemptiveAuthPossible, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal

    Methods inherited from class org.apache.catalina.valves.ValveBase

    backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

    Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

    destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister

    Methods inherited from class org.apache.catalina.util.LifecycleBase

    addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Field Details

    • jbossEnv

      protected boolean jbossEnv

  • Constructor Details

    • AbstractSPFormAuthenticator

      public AbstractSPFormAuthenticator()

  • Method Details

    • startPicketLink

      protected void startPicketLink() throws org.apache.catalina.LifecycleException
      Overrides:
      startPicketLink in class BaseFormAuthenticator
      Throws:
      org.apache.catalina.LifecycleException

    • sendRequestToIDP

      protected void sendRequestToIDP(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature) throws org.picketlink.common.exceptions.ProcessingException, org.picketlink.common.exceptions.ConfigurationException, IOException

      Send the request to the IDP. Subclasses should override this method to implement how requests must be sent to the IDP.

      Parameters:
      destination - idp url
      samlDocument - request or response document
      relayState - used in SAML Workflow
      response - Apache Catalina HTTP Response
      request - Apache Catalina HTTP Request
      willSendRequest - are we sending Request or Response to IDP
      destinationQueryStringWithSignature - used only with Redirect binding and with signature enabled.
      Throws:
      org.picketlink.common.exceptions.ProcessingException - Exception to indicate a server processing error
      org.picketlink.common.exceptions.ConfigurationException - Exception indicating an issue with the configuration
      IOException - I/O exception

    • sendHttpRedirectRequest

      protected void sendHttpRedirectRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature) throws IOException, org.picketlink.common.exceptions.ProcessingException, org.picketlink.common.exceptions.ConfigurationException

      Sends a HTTP Redirect request to the IDP.

      Parameters:
      destination - idp url
      samlDocument - SAML request document
      relayState - used in SAML Workflow
      response - Apache Catalina HTTP Response
      willSendRequest - are we sending Request or Response to IDP
      destinationQueryStringWithSignature - used only with Redirect binding and with signature enabled.
      Throws:
      IOException - I/O exception
      UnsupportedEncodingException - when decoding SAML Message
      org.picketlink.common.exceptions.ConfigurationException - Exception indicating an issue with the configuration
      org.picketlink.common.exceptions.ProcessingException - Exception to indicate a server processing error

    • sendHttpPostBindingRequest

      protected void sendHttpPostBindingRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest) throws org.picketlink.common.exceptions.ProcessingException, IOException, org.picketlink.common.exceptions.ConfigurationException

      Sends a HTTP POST request to the IDP.

      Parameters:
      destination - idp url
      samlDocument - request or response document
      relayState - used in SAML Workflow
      response - Apache Catalina HTTP Response
      willSendRequest - are we sending Request or Response to IDP
      Throws:
      org.picketlink.common.exceptions.ProcessingException - Exception to indicate a server processing error
      org.picketlink.common.exceptions.ConfigurationException - Exception indicating an issue with the configuration
      IOException - I/O exception

    • initKeyProvider

      protected void initKeyProvider(org.apache.catalina.Context context) throws org.apache.catalina.LifecycleException

      Initialize the KeyProvider configurations. This configurations are to be used during signing and validation of SAML assertions.

      Specified by:
      initKeyProvider in class BaseFormAuthenticator
      Parameters:
      context - Apache Catalina Context
      Throws:
      org.apache.catalina.LifecycleException - any exception occurred while processing key provider

    • doAuthenticate

      protected boolean doAuthenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response) throws IOException
      Overrides:
      doAuthenticate in class org.apache.catalina.authenticator.FormAuthenticator
      Throws:
      IOException

    • authenticate

      public boolean authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response) throws IOException
      Authenticate the request
      Specified by:
      authenticate in interface org.apache.catalina.Authenticator
      Overrides:
      authenticate in class org.apache.catalina.authenticator.AuthenticatorBase
      Parameters:
      request - Apache Catalina Request
      response - Apache Catalina Response
      Returns:
      true if authenticated, else false
      Throws:
      IOException - any I/O exception

    • isPOSTBindingResponse

      protected boolean isPOSTBindingResponse()

    • getBinding

      protected String getBinding()
      Description copied from class: BaseFormAuthenticator
      Return the SAML Binding that this authenticator supports
      Specified by:
      getBinding in class BaseFormAuthenticator
      Returns:
      supported SAML Binding

    • isHttpPostBinding

      protected boolean isHttpPostBinding()

      Indicates if the SP is configure with HTTP POST Binding.

      Returns:
      true if post binding

    • getContext

      public org.apache.catalina.Context getContext()

    • restoreRequest

      public boolean restoreRequest(org.apache.catalina.connector.Request request, org.apache.catalina.Session session) throws IOException
      Overrides:
      restoreRequest in class org.apache.catalina.authenticator.FormAuthenticator
      Throws:
      IOException

    • getContextPath

      protected abstract String getContextPath()
      Subclasses need to return the context path based on the capability of their servlet api
      Returns:
      Servlet Context Path

    • getGenericPrincipal

      protected Principal getGenericPrincipal(org.apache.catalina.connector.Request request, String username, List<String> roles)