コード例 #1
0
  /**
   * Initiates <code>SAML</code> web browser POST profile. This method takes in a TARGET in the
   * request, creates a SAMLResponse, then redirects user to the destination site.
   *
   * @param request <code>HttpServletRequest</code> instance
   * @param response <code>HttpServletResponse</code> instance
   * @throws ServletException if there is an error.
   * @throws IOException if there is an error.
   */
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    if ((request == null) || (response == null)) {
      String[] data = {SAMLUtils.bundle.getString("nullInputParameter")};
      LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
          "nullInputParameter",
          SAMLUtils.bundle.getString("nullInputParameter"));
      return;
    }

    SAMLUtils.checkHTTPContentLength(request);

    // get Session
    Object token = getSession(request);
    if (token == null) {
      response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
      return;
    }

    // obtain TARGET
    String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM);
    if (target == null || target.length() == 0) {
      String[] data = {SAMLUtils.bundle.getString("missingTargetSite")};
      LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data, token);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_BAD_REQUEST,
          "missingTargetSite",
          SAMLUtils.bundle.getString("missingTargetSite"));
      return;
    }

    // Get the Destination site Entry
    // find the destSite POST URL, which is the Receipient
    SAMLServiceManager.SiteEntry destSite = getDestSite(target);
    String destSiteUrl = null;
    if ((destSite == null) || ((destSiteUrl = destSite.getPOSTUrl()) == null)) {
      String[] data = {SAMLUtils.bundle.getString("targetForbidden"), target};
      LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data, token);
      SAMLUtils.sendError(
          request,
          response,
          response.SC_BAD_REQUEST,
          "targetForbidden",
          SAMLUtils.bundle.getString("targetForbidden") + " " + target);
      return;
    }

    Response samlResponse = null;
    try {
      String version = destSite.getVersion();
      int majorVersion = SAMLConstants.PROTOCOL_MAJOR_VERSION;
      int minorVersion = SAMLConstants.PROTOCOL_MINOR_VERSION;
      if (version != null) {
        StringTokenizer st = new StringTokenizer(version, ".");
        if (st.countTokens() == 2) {
          majorVersion = Integer.parseInt(st.nextToken().trim());
          minorVersion = Integer.parseInt(st.nextToken().trim());
        }
      }
      // create assertion
      AssertionManager am = AssertionManager.getInstance();
      SessionProvider sessionProvider = SessionManager.getProvider();
      Assertion assertion =
          am.createSSOAssertion(
              sessionProvider.getSessionID(token),
              null,
              request,
              response,
              destSite.getSourceID(),
              target,
              majorVersion + "." + minorVersion);

      // create SAMLResponse
      StatusCode statusCode = new StatusCode(SAMLConstants.STATUS_CODE_SUCCESS);
      Status status = new Status(statusCode);
      List contents = new ArrayList();
      contents.add(assertion);
      samlResponse = new Response(null, status, destSiteUrl, contents);
      samlResponse.setMajorVersion(majorVersion);
      samlResponse.setMinorVersion(minorVersion);
    } catch (SessionException sse) {
      SAMLUtils.debug.error(
          "SAMLPOSTProfileServlet.doGet: Exception " + "Couldn't get SessionProvider:", sse);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
          "couldNotCreateResponse",
          sse.getMessage());
      return;
    } catch (NumberFormatException ne) {
      SAMLUtils.debug.error(
          "SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", ne);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
          "couldNotCreateResponse",
          ne.getMessage());
      return;
    } catch (SAMLException se) {
      SAMLUtils.debug.error(
          "SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", se);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
          "couldNotCreateResponse",
          se.getMessage());
      return;
    }

    // sign the samlResponse
    byte signedBytes[] = null;
    try {
      samlResponse.signXML();
      if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message(
            "SAMLPOSTProfileServlet.doGet: "
                + "signed samlResponse is"
                + samlResponse.toString(true, true, true));
      }
      signedBytes = SAMLUtils.getResponseBytes(samlResponse);
    } catch (Exception e) {
      SAMLUtils.debug.error(
          "SAMLPOSTProfileServlet.doGet: Exception " + "when signing the response:", e);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
          "errorSigningResponse",
          SAMLUtils.bundle.getString("errorSigningResponse"));
      return;
    }

    // base64 encode the signed samlResponse
    String encodedResponse = null;
    try {
      encodedResponse = Base64.encode(signedBytes, true).trim();
    } catch (Exception e) {
      SAMLUtils.debug.error(
          "SAMLPOSTProfileServlet.doGet: Exception " + "when encoding the response:", e);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
          "errorEncodeResponse",
          SAMLUtils.bundle.getString("errorEncodeResponse"));
      return;
    }

    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) {
      String[] data = {
        SAMLUtils.bundle.getString("redirectTo"),
        target,
        destSiteUrl,
        new String(signedBytes, "UTF-8")
      };
      LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, token);
    } else {
      String[] data = {SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl};
      LogUtils.access(java.util.logging.Level.INFO, LogUtils.REDIRECT_TO_URL, data, token);
    }
    response.setContentType("text/html; charset=UTF-8");
    PrintWriter out = response.getWriter();
    out.println("<HTML>");
    out.println("<BODY Onload=\"document.forms[0].submit()\">");
    out.println("<FORM METHOD=\"POST\" ACTION=\"" + destSiteUrl + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_SAML_RESPONSE_PARAM + "\" ");
    out.println("VALUE=\"" + encodedResponse + "\">");
    out.println(
        "<INPUT TYPE=\"HIDDEN\" NAME=\""
            + SAMLConstants.POST_TARGET_PARAM
            + "\" VALUE=\""
            + target
            + "\"> </FORM>");
    out.println("</BODY></HTML>");
    out.close();
  }
コード例 #2
0
  /**
   * This method processes TARGET and SAMLResponse info from the request, validates the
   * response/assertion(s), then redirects user to the TARGET resource if all are valid.
   *
   * @param request <code>HttpServletRequest</code> instance
   * @param response <code>HttpServletResponse</code> instance
   * @throws ServletException if there is an error.
   * @throws IOException if there is an error.
   */
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html; charset=UTF-8");

    if ((request == null) || (response == null)) {
      String[] data = {SAMLUtils.bundle.getString("nullInputParameter")};
      LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_BAD_REQUEST,
          "nullInputParameter",
          SAMLUtils.bundle.getString("nullInputParameter"));
      return;
    }

    SAMLUtils.checkHTTPContentLength(request);

    // obtain TARGET
    String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM);
    if (target == null || target.length() == 0) {
      String[] data = {SAMLUtils.bundle.getString("missingTargetSite")};
      LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_BAD_REQUEST,
          "missingTargetSite",
          SAMLUtils.bundle.getString("missingTargetSite"));
      return;
    }

    // obtain SAMLResponse
    String samlResponse = request.getParameter(SAMLConstants.POST_SAML_RESPONSE_PARAM);
    if (samlResponse == null) {
      String[] data = {SAMLUtils.bundle.getString("missingSAMLResponse")};
      LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_RESPONSE, data);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_BAD_REQUEST,
          "missingSAMLResponse",
          SAMLUtils.bundle.getString("missingSAMLResponse"));
      return;
    }

    // decode the Response
    byte raw[] = null;
    try {
      raw = Base64.decode(samlResponse);
    } catch (Exception e) {
      SAMLUtils.debug.error(
          "SAMLPOSTProfileServlet.doPost: Exception " + "when decoding SAMLResponse:", e);
      SAMLUtils.sendError(
          request,
          response,
          response.SC_INTERNAL_SERVER_ERROR,
          "errorDecodeResponse",
          SAMLUtils.bundle.getString("errorDecodeResponse"));
      return;
    }

    // Get Response back
    Response sResponse = SAMLUtils.getResponse(raw);
    if (sResponse == null) {
      String[] data = {SAMLUtils.bundle.getString("errorObtainResponse")};
      LogUtils.error(java.util.logging.Level.INFO, LogUtils.RESPONSE_MESSAGE_ERROR, data);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_BAD_REQUEST,
          "errorObtainResponse",
          SAMLUtils.bundle.getString("errorObtainResponse"));
      return;
    }

    if (SAMLUtils.debug.messageEnabled()) {
      SAMLUtils.debug.message("SAMLPOSTProfileServlet.doPost: Received " + sResponse.toString());
    }

    // verify that Response is correct
    StringBuffer requestUrl = request.getRequestURL();
    if (SAMLUtils.debug.messageEnabled()) {
      SAMLUtils.debug.message("SAMLPOSTProfileServlet.doPost: " + "requestUrl=" + requestUrl);
    }
    boolean valid = SAMLUtils.verifyResponse(sResponse, requestUrl.toString(), request);
    if (!valid) {
      String[] data = {SAMLUtils.bundle.getString("invalidResponse")};
      LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_RESPONSE, data);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_BAD_REQUEST,
          "invalidResponse",
          SAMLUtils.bundle.getString("invalidResponse"));
      return;
    }

    Map attrMap = null;
    List assertions = null;
    javax.security.auth.Subject authSubject = null;
    try {
      Map sessionAttr = SAMLUtils.processResponse(sResponse, target);
      Object token = SAMLUtils.generateSession(request, response, sessionAttr);
    } catch (Exception ex) {
      SAMLUtils.debug.error("generateSession: ", ex);
      String[] data = {SAMLUtils.bundle.getString("failedCreateSSOToken")};
      LogUtils.error(java.util.logging.Level.INFO, LogUtils.FAILED_TO_CREATE_SSO_TOKEN, data);
      SAMLUtils.sendError(
          request,
          response,
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
          "failedCreateSSOToken",
          ex.getMessage());
      ;
      return;
    }

    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) {
      String[] data = {SAMLUtils.bundle.getString("accessGranted"), new String(raw, "UTF-8")};
      LogUtils.access(java.util.logging.Level.FINE, LogUtils.ACCESS_GRANTED, data);
    } else {
      String[] data = {SAMLUtils.bundle.getString("accessGranted")};
      LogUtils.access(java.util.logging.Level.INFO, LogUtils.ACCESS_GRANTED, data);
    }
    if (SAMLUtils.postYN(target)) {
      if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message("POST to target:" + target);
      }
      SAMLUtils.postToTarget(response, assertions, target, attrMap);
    } else {
      response.setHeader("Location", target);
      response.sendRedirect(target);
    }
  }