/** This method is not adapted used in SAML_SP case. */ void reLogginUserIfRequired( HttpServletRequest httpRequest, HttpServletResponse httpResponse, AuthorizationRequestData rdo, StringBuffer url) { final String userId = httpRequest.getParameter(PARAM_LOGIN_USER_ID); if (!ADMStringUtils.isBlank(userId)) { // user login data was just provided by the login dialog try { ServiceAccess serviceAccess = ServiceAccess.getServiceAcccessFor(httpRequest.getSession()); IdentityService identityService = serviceAccess.getService(IdentityService.class); rdo.setUserId(userId); rdo.setPassword(httpRequest.getParameter(PARAM_LOGIN_PASSWORD)); VOUser voUser = readTechnicalUserFromDb(identityService, rdo); serviceAccess.login(voUser, rdo.getPassword(), httpRequest, httpResponse); httpRequest .getSession() .setAttribute(Constants.SESS_ATTR_USER, identityService.getCurrentUserDetails()); } catch (Exception e2) { httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_LOGIN); // open marketplace login dialog again and fill in // userId appendParam( url, Constants.REQ_PARAM_AUTO_OPEN_MP_LOGIN_DIALOG, Boolean.TRUE.toString(), httpRequest.getCharacterEncoding()); appendParam(url, Constants.REQ_PARAM_USER_ID, userId, httpRequest.getCharacterEncoding()); } } }
private void refreshData( AuthenticationSettings authSettings, AuthorizationRequestData rdo, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, MarketplaceRemovedException { if (authSettings.isServiceProvider()) { rdo.setTenantID(getTenantID(rdo, request)); if (!isSamlForward(request)) { return; } rdo.refreshData(request); SAMLCredentials samlCredentials = new SAMLCredentials(request); if (rdo.getUserId() == null) { rdo.setUserId(samlCredentials.getUserId()); } if (rdo.getPassword() == null) { String generatedPassword = samlCredentials.generatePassword(); if (generatedPassword == null) { request.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_SAML_TIMEOUT); forward(errorPage, request, response); } rdo.setPassword(generatedPassword); // if generated password is null, then timeout!!! } } else { rdo.refreshData(request); // store some parameters if the login fails (needed for login.xhtml) request.setAttribute(Constants.REQ_PARAM_USER_ID, rdo.getUserId()); } }
/** * Invokes the validators and bean actions specified in the xhtml file to change the user's * password. * * @throws ServletException * @throws IOException * @throws DatatypeConfigurationException * @throws SAML2AuthnRequestException */ protected boolean handleChangeUserPasswordRequest( FilterChain chain, HttpServletRequest httpRequest, HttpServletResponse httpResponse, AuthorizationRequestData rdo, IdentityService identityService) throws IOException, ServletException { if (rdo.isRequestedToChangePwd()) { if (!PasswordValidator.validPasswordLength(rdo.getNewPassword()) || !PasswordValidator.validPasswordLength(rdo.getNewPassword2()) || !PasswordValidator.passwordsAreEqual(rdo.getNewPassword(), rdo.getNewPassword2())) { // Let JSF run the validators and return the response! chain.doFilter(httpRequest, httpResponse); return false; } // Run the validators and bean methods. Prevent JSF // from writing content to the response, otherwise the following // redirect's wouldn't work. HttpServletResponse resp = new HttpServletResponseWrapper(httpResponse) { @Override public void flushBuffer() throws IOException {} @Override public PrintWriter getWriter() throws IOException { return new PrintWriter(getOutputStream()); } @Override public ServletOutputStream getOutputStream() throws IOException { return new ServletOutputStream() { @Override public void write(int b) throws IOException {} }; } }; chain.doFilter(httpRequest, resp); httpResponse.reset(); } VOUser voUser = new VOUser(); voUser.setUserId(rdo.getUserId()); try { voUser = identityService.getUser(voUser); } catch (ObjectNotFoundException e) { handleUserNotRegistered(chain, httpRequest, httpResponse, rdo); return false; } catch (SaaSApplicationException e) { setErrorAttributesAndForward(errorPage, httpRequest, httpResponse, e); return false; } if (httpRequest.getAttribute(Constants.REQ_ATTR_ERROR_KEY) != null) { // Error occurred - check if user is locked now if (voUser.getStatus() != null && voUser.getStatus().getLockLevel() > UserAccountStatus.LOCK_LEVEL_LOGIN) { httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_USER_LOCKED); sendRedirect(httpRequest, httpResponse, errorPage); } else { // Run it again to get error result on current response chain.doFilter(httpRequest, httpResponse); } return false; } if (voUser.getStatus() != UserAccountStatus.ACTIVE) { // the password change request failed // set the REQ_ATTR_ERROR_KEY to avoid an infinite loop httpRequest .getSession() .setAttribute(Constants.SESS_ATTR_USER, identityService.getCurrentUserDetails()); httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, ""); if (rdo.isMarketplace()) { forward(BaseBean.MARKETPLACE_LOGIN, httpRequest, httpResponse); } else { forward(pwdPage, httpRequest, httpResponse); } return false; } rdo.setPassword(httpRequest.getParameter(BesServletRequestReader.REQ_PARAM_PASSWORD_NEW)); rdo.getUserDetails().setStatus(UserAccountStatus.ACTIVE); return true; }