private void refreshData(
AuthenticationSettings authSettings,
AuthorizationRequestData rdo,
HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException, MarketplaceRemovedException {
if (authSettings.isServiceProvider()) {
rdo.setTenantID(getTenantID(rdo, request));
if (!isSamlForward(request)) {
return;
}
rdo.refreshData(request);
SAMLCredentials samlCredentials = new SAMLCredentials(request);
if (rdo.getUserId() == null) {
rdo.setUserId(samlCredentials.getUserId());
}
if (rdo.getPassword() == null) {
String generatedPassword = samlCredentials.generatePassword();
if (generatedPassword == null) {
request.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_SAML_TIMEOUT);
forward(errorPage, request, response);
}
rdo.setPassword(generatedPassword);
// if generated password is null, then timeout!!!
}
} else {
rdo.refreshData(request);
// store some parameters if the login fails (needed for login.xhtml)
request.setAttribute(Constants.REQ_PARAM_USER_ID, rdo.getUserId());
}
}
protected void handleProtectedUrlAndChangePwdCase(
FilterChain chain,
HttpServletRequest httpRequest,
HttpServletResponse httpResponse,
AuthorizationRequestData rdo)
throws IOException, ServletException {
if (logger.isDebugLoggingEnabled()) {
logger.logDebug("Access to protected URL='" + rdo.getRelativePath() + "'");
}
ServiceAccess serviceAccess = ServiceAccess.getServiceAcccessFor(httpRequest.getSession());
try {
if (rdo.isAccessToServiceUrl()) {
/*
* We must NOT read the request parameters for service URLs
* because this would cause a state switch of the request.
* Afterwards the rewriting of a POST request may fail because
* the parameters can't be accessed via the request input
* stream.
*/
httpRequest = handleServiceUrl(chain, httpRequest, httpResponse, rdo);
if (httpRequest == null) {
return;
}
} else if (ADMStringUtils.isBlank(rdo.getUserId())) {
if (authSettings.isServiceProvider()) {
if (isSamlForward(httpRequest)) {
SAMLCredentials samlCredentials = new SAMLCredentials(httpRequest);
rdo.setUserId(samlCredentials.getUserId());
if (rdo.getUserId() == null) {
httpRequest.setAttribute(
Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_INVALID_SAML_RESPONSE);
forward(errorPage, httpRequest, httpResponse);
}
}
} else {
rdo.setUserId(httpRequest.getParameter(Constants.REQ_PARAM_USER_ID));
}
}
// continue if user is already logged-in
if (handleLoggedInUser(chain, httpRequest, httpResponse, serviceAccess, rdo)) {
return;
}
// the httpRequest was already processed and we forwarded to the
// corresponding page therefore we must not try to login again
if (httpRequest.getAttribute(Constants.REQ_ATTR_ERROR_KEY) != null) {
chain.doFilter(httpRequest, httpResponse);
return;
}
refreshData(authSettings, rdo, httpRequest, httpResponse);
// user not logged in, check user-name and password before login
// don't do a trim on password because it may have
// leading/trailing/only blanks
if (authSettings.isServiceProvider()) {
rollbackDefaultTimeout(httpRequest);
if (ADMStringUtils.isBlank(rdo.getUserId())) {
httpRequest.setAttribute(
Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_INVALID_SAML_RESPONSE);
if (isSamlForward(httpRequest)) {
forward(errorPage, httpRequest, httpResponse);
} else {
forwardToLoginPage(rdo.getRelativePath(), true, httpRequest, httpResponse, chain);
}
return;
}
} else {
if (ADMStringUtils.isBlank(rdo.getUserId()) || !rdo.isPasswordSet()) {
if (!rdo.isMarketplace()
&& (!ADMStringUtils.isBlank(rdo.getUserId()) || rdo.isPasswordSet())) {
// login data not complete, user or password empty
httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_LOGIN);
}
forwardToLoginPage(rdo.getRelativePath(), true, httpRequest, httpResponse, chain);
return;
}
}
IdentityService identityService = serviceAccess.getService(IdentityService.class);
VOUser voUser;
try {
voUser = readTechnicalUserFromDb(identityService, rdo);
} catch (ObjectNotFoundException e) {
handleUserNotRegistered(chain, httpRequest, httpResponse, rdo);
return;
} catch (SaaSApplicationException e) {
setErrorAttributesAndForward(errorPage, httpRequest, httpResponse, e);
return;
}
if (!authSettings.isServiceProvider()) {
if (isAccountLocked(httpRequest, httpResponse, voUser)) {
return;
}
}
final boolean operationSucceeded;
if (!authSettings.isServiceProvider() && rdo.isRequestedToChangePwd()) {
operationSucceeded =
handleChangeUserPasswordRequest(chain, httpRequest, httpResponse, rdo, identityService);
} else {
operationSucceeded =
loginUser(chain, httpRequest, httpResponse, voUser, rdo, identityService);
}
if (!operationSucceeded) {
return;
}
rdo.setUserDetails(identityService.getCurrentUserDetails());
// read user details value object and store it in the session, DON'T
// use old session, because it might have been invalidated
httpRequest.getSession().setAttribute(Constants.SESS_ATTR_USER, rdo.getUserDetails());
if (isPageForbiddenToAccess(httpRequest, rdo, serviceAccess)) {
forward(insufficientAuthoritiesUrl, httpRequest, httpResponse);
}
// check if user must change his password
if (!authSettings.isServiceProvider()
&& (rdo.getUserDetails().getStatus() == UserAccountStatus.PASSWORD_MUST_BE_CHANGED)) {
forwardToPwdPage(rdo.getUserDetails().getUserId(), httpRequest, httpResponse);
} else {
redirectToPrimarilyRequestedUrl(chain, httpRequest, httpResponse, serviceAccess, rdo);
}
} catch (NumberFormatException e) {
handleNumberFormatException(chain, httpRequest, httpResponse, e, rdo);
} catch (ServletException e) {
handleServletException(httpRequest, httpResponse, e);
} catch (MarketplaceRemovedException e) {
handleMarketplaceRemovedException(httpRequest, httpResponse);
}
}