/** This method is not adapted used in SAML_SP case. */
void reLogginUserIfRequired(
HttpServletRequest httpRequest,
HttpServletResponse httpResponse,
AuthorizationRequestData rdo,
StringBuffer url) {
final String userId = httpRequest.getParameter(PARAM_LOGIN_USER_ID);
if (!ADMStringUtils.isBlank(userId)) {
// user login data was just provided by the login dialog
try {
ServiceAccess serviceAccess = ServiceAccess.getServiceAcccessFor(httpRequest.getSession());
IdentityService identityService = serviceAccess.getService(IdentityService.class);
rdo.setUserId(userId);
rdo.setPassword(httpRequest.getParameter(PARAM_LOGIN_PASSWORD));
VOUser voUser = readTechnicalUserFromDb(identityService, rdo);
serviceAccess.login(voUser, rdo.getPassword(), httpRequest, httpResponse);
httpRequest
.getSession()
.setAttribute(Constants.SESS_ATTR_USER, identityService.getCurrentUserDetails());
} catch (Exception e2) {
httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_LOGIN);
// open marketplace login dialog again and fill in
// userId
appendParam(
url,
Constants.REQ_PARAM_AUTO_OPEN_MP_LOGIN_DIALOG,
Boolean.TRUE.toString(),
httpRequest.getCharacterEncoding());
appendParam(url, Constants.REQ_PARAM_USER_ID, userId, httpRequest.getCharacterEncoding());
}
}
}
private void refreshData(
AuthenticationSettings authSettings,
AuthorizationRequestData rdo,
HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException, MarketplaceRemovedException {
if (authSettings.isServiceProvider()) {
rdo.setTenantID(getTenantID(rdo, request));
if (!isSamlForward(request)) {
return;
}
rdo.refreshData(request);
SAMLCredentials samlCredentials = new SAMLCredentials(request);
if (rdo.getUserId() == null) {
rdo.setUserId(samlCredentials.getUserId());
}
if (rdo.getPassword() == null) {
String generatedPassword = samlCredentials.generatePassword();
if (generatedPassword == null) {
request.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_SAML_TIMEOUT);
forward(errorPage, request, response);
}
rdo.setPassword(generatedPassword);
// if generated password is null, then timeout!!!
}
} else {
rdo.refreshData(request);
// store some parameters if the login fails (needed for login.xhtml)
request.setAttribute(Constants.REQ_PARAM_USER_ID, rdo.getUserId());
}
}
/**
* Invokes the validators and bean actions specified in the xhtml file to change the user's
* password.
*
* @throws ServletException
* @throws IOException
* @throws DatatypeConfigurationException
* @throws SAML2AuthnRequestException
*/
protected boolean handleChangeUserPasswordRequest(
FilterChain chain,
HttpServletRequest httpRequest,
HttpServletResponse httpResponse,
AuthorizationRequestData rdo,
IdentityService identityService)
throws IOException, ServletException {
if (rdo.isRequestedToChangePwd()) {
if (!PasswordValidator.validPasswordLength(rdo.getNewPassword())
|| !PasswordValidator.validPasswordLength(rdo.getNewPassword2())
|| !PasswordValidator.passwordsAreEqual(rdo.getNewPassword(), rdo.getNewPassword2())) {
// Let JSF run the validators and return the response!
chain.doFilter(httpRequest, httpResponse);
return false;
}
// Run the validators and bean methods. Prevent JSF
// from writing content to the response, otherwise the following
// redirect's wouldn't work.
HttpServletResponse resp =
new HttpServletResponseWrapper(httpResponse) {
@Override
public void flushBuffer() throws IOException {}
@Override
public PrintWriter getWriter() throws IOException {
return new PrintWriter(getOutputStream());
}
@Override
public ServletOutputStream getOutputStream() throws IOException {
return new ServletOutputStream() {
@Override
public void write(int b) throws IOException {}
};
}
};
chain.doFilter(httpRequest, resp);
httpResponse.reset();
}
VOUser voUser = new VOUser();
voUser.setUserId(rdo.getUserId());
try {
voUser = identityService.getUser(voUser);
} catch (ObjectNotFoundException e) {
handleUserNotRegistered(chain, httpRequest, httpResponse, rdo);
return false;
} catch (SaaSApplicationException e) {
setErrorAttributesAndForward(errorPage, httpRequest, httpResponse, e);
return false;
}
if (httpRequest.getAttribute(Constants.REQ_ATTR_ERROR_KEY) != null) {
// Error occurred - check if user is locked now
if (voUser.getStatus() != null
&& voUser.getStatus().getLockLevel() > UserAccountStatus.LOCK_LEVEL_LOGIN) {
httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, BaseBean.ERROR_USER_LOCKED);
sendRedirect(httpRequest, httpResponse, errorPage);
} else {
// Run it again to get error result on current response
chain.doFilter(httpRequest, httpResponse);
}
return false;
}
if (voUser.getStatus() != UserAccountStatus.ACTIVE) {
// the password change request failed
// set the REQ_ATTR_ERROR_KEY to avoid an infinite loop
httpRequest
.getSession()
.setAttribute(Constants.SESS_ATTR_USER, identityService.getCurrentUserDetails());
httpRequest.setAttribute(Constants.REQ_ATTR_ERROR_KEY, "");
if (rdo.isMarketplace()) {
forward(BaseBean.MARKETPLACE_LOGIN, httpRequest, httpResponse);
} else {
forward(pwdPage, httpRequest, httpResponse);
}
return false;
}
rdo.setPassword(httpRequest.getParameter(BesServletRequestReader.REQ_PARAM_PASSWORD_NEW));
rdo.getUserDetails().setStatus(UserAccountStatus.ACTIVE);
return true;
}
