/** * This method processes TARGET and SAMLResponse info from the request, validates the * response/assertion(s), then redirects user to the TARGET resource if all are valid. * * @param request <code>HttpServletRequest</code> instance * @param response <code>HttpServletResponse</code> instance * @throws ServletException if there is an error. * @throws IOException if there is an error. */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html; charset=UTF-8"); if ((request == null) || (response == null)) { String[] data = {SAMLUtils.bundle.getString("nullInputParameter")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter")); return; } SAMLUtils.checkHTTPContentLength(request); // obtain TARGET String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM); if (target == null || target.length() == 0) { String[] data = {SAMLUtils.bundle.getString("missingTargetSite")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite")); return; } // obtain SAMLResponse String samlResponse = request.getParameter(SAMLConstants.POST_SAML_RESPONSE_PARAM); if (samlResponse == null) { String[] data = {SAMLUtils.bundle.getString("missingSAMLResponse")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_RESPONSE, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "missingSAMLResponse", SAMLUtils.bundle.getString("missingSAMLResponse")); return; } // decode the Response byte raw[] = null; try { raw = Base64.decode(samlResponse); } catch (Exception e) { SAMLUtils.debug.error( "SAMLPOSTProfileServlet.doPost: Exception " + "when decoding SAMLResponse:", e); SAMLUtils.sendError( request, response, response.SC_INTERNAL_SERVER_ERROR, "errorDecodeResponse", SAMLUtils.bundle.getString("errorDecodeResponse")); return; } // Get Response back Response sResponse = SAMLUtils.getResponse(raw); if (sResponse == null) { String[] data = {SAMLUtils.bundle.getString("errorObtainResponse")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.RESPONSE_MESSAGE_ERROR, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "errorObtainResponse", SAMLUtils.bundle.getString("errorObtainResponse")); return; } if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("SAMLPOSTProfileServlet.doPost: Received " + sResponse.toString()); } // verify that Response is correct StringBuffer requestUrl = request.getRequestURL(); if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("SAMLPOSTProfileServlet.doPost: " + "requestUrl=" + requestUrl); } boolean valid = SAMLUtils.verifyResponse(sResponse, requestUrl.toString(), request); if (!valid) { String[] data = {SAMLUtils.bundle.getString("invalidResponse")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_RESPONSE, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "invalidResponse", SAMLUtils.bundle.getString("invalidResponse")); return; } Map attrMap = null; List assertions = null; javax.security.auth.Subject authSubject = null; try { Map sessionAttr = SAMLUtils.processResponse(sResponse, target); Object token = SAMLUtils.generateSession(request, response, sessionAttr); } catch (Exception ex) { SAMLUtils.debug.error("generateSession: ", ex); String[] data = {SAMLUtils.bundle.getString("failedCreateSSOToken")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.FAILED_TO_CREATE_SSO_TOKEN, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedCreateSSOToken", ex.getMessage()); ; return; } if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) { String[] data = {SAMLUtils.bundle.getString("accessGranted"), new String(raw, "UTF-8")}; LogUtils.access(java.util.logging.Level.FINE, LogUtils.ACCESS_GRANTED, data); } else { String[] data = {SAMLUtils.bundle.getString("accessGranted")}; LogUtils.access(java.util.logging.Level.INFO, LogUtils.ACCESS_GRANTED, data); } if (SAMLUtils.postYN(target)) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("POST to target:" + target); } SAMLUtils.postToTarget(response, assertions, target, attrMap); } else { response.setHeader("Location", target); response.sendRedirect(target); } }