PicketLink Federation Common Server Bindings for Apache Tomcat 2.1.3.1-redhat-1

org.picketlink.identity.federation.bindings.tomcat.sp
Class AbstractSPFormAuthenticator

java.lang.Object
  extended by org.apache.catalina.valves.ValveBase
      extended by org.apache.catalina.authenticator.AuthenticatorBase
          extended by org.apache.catalina.authenticator.FormAuthenticator
              extended by org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
                  extended by org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator
All Implemented Interfaces:
MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.Valve
Direct Known Subclasses:
AbstractSAML11SPRedirectFormAuthenticator

public abstract class AbstractSPFormAuthenticator
extends BaseFormAuthenticator

Abstract class to be extended by Service Provider valves to handle SAML requests and responses.

Author:
Anil Saldhana, Pedro Silva

Field Summary
protected  boolean jbossEnv
           
 
Fields inherited from class org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
auditHelper, canonicalizationMethod, chain, chainConfigOptions, chainLock, configFile, configProvider, enableAudit, identityURL, idpAddress, idpCertificate, issuerID, keyManager, logger, picketLinkConfiguration, samlHandlerChainClass, saveRestoreRequest, serviceURL, spConfiguration
 
Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator
characterEncoding, info
 
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
algorithm, cache, changeSessionIdOnAuthentication, context, DEFAULT_ALGORITHM, digest, disableProxyCaching, entropy, lifecycle, random, randomClass, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started
 
Fields inherited from class org.apache.catalina.valves.ValveBase
container, containerLog, controller, domain, mserver, next, oname
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
AbstractSPFormAuthenticator()
           
 
Method Summary
 boolean authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, org.apache.catalina.deploy.LoginConfig config)
          Authenticate the request
 boolean authenticate(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig loginConfig)
           
protected  String getBinding()
          Return the SAML Binding that this authenticator supports
protected  org.apache.catalina.Context getContext()
           
protected abstract  String getContextPath()
          Subclasses need to return the context path based on the capability of their servlet api
protected  Principal getGenericPrincipal(org.apache.catalina.connector.Request request, String username, List<String> roles)
           
protected  void initKeyProvider(org.apache.catalina.Context context)
           Initialize the KeyProvider configurations.
protected  boolean isHttpPostBinding()
           Indicates if the SP is configure with HTTP POST Binding.
protected  boolean isPOSTBindingResponse()
           
protected  void sendHttpPostBindingRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest)
           Sends a HTTP POST request to the IDP.
protected  void sendHttpRedirectRequest(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature)
           Sends a HTTP Redirect request to the IDP.
protected  void sendRequestToIDP(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest, String destinationQueryStringWithSignature)
           Send the request to the IDP.
protected  void startPicketLink()
           
 
Methods inherited from class org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
doSupportSignature, getConfigFile, getConfiguration, getIdentityURL, getIdpCertificate, getIDPSSODescriptor, handleMetadata, handleMetadata, initializeHandlerChain, localAuthentication, populateChainConfig, processConfiguration, processIDPMetadataFile, register, sendToLogoutPage, setAuditHelper, setConfigFile, setConfigProvider, setConfigProvider, setIdpAddress, setIssuerID, setLogOutPage, setSamlHandlerChainClass, setSaveRestoreRequest, setServiceURL, testStart, validate
 
Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator
forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding
 
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
addLifecycleListener, associate, findLifecycleListeners, generateSessionId, getAlgorithm, getCache, getChangeSessionIdOnAuthentication, getContainer, getDigest, getDisableProxyCaching, getEntropy, getRandom, getRandomClass, getSecurePagesWithPragma, invoke, reauthenticateFromSSO, removeLifecycleListener, setAlgorithm, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setEntropy, setRandomClass, setSecurePagesWithPragma, start, stop
 
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

jbossEnv

protected boolean jbossEnv
Constructor Detail

AbstractSPFormAuthenticator

public AbstractSPFormAuthenticator()
Method Detail

startPicketLink

protected void startPicketLink()
                        throws org.apache.catalina.LifecycleException
Overrides:
startPicketLink in class BaseFormAuthenticator
Throws:
org.apache.catalina.LifecycleException

sendRequestToIDP

protected void sendRequestToIDP(String destination,
                                Document samlDocument,
                                String relayState,
                                org.apache.catalina.connector.Response response,
                                boolean willSendRequest,
                                String destinationQueryStringWithSignature)
                         throws ProcessingException,
                                ConfigurationException,
                                IOException

Send the request to the IDP. Subclasses should override this method to implement how requests must be sent to the IDP.

Parameters:
destination - idp url
samlDocument - request or response document
relayState -
response -
willSendRequest - are we sending Request or Response to IDP
destinationQueryStringWithSignature - used only with Redirect binding and with signature enabled.
Throws:
ProcessingException
ConfigurationException
IOException

sendHttpRedirectRequest

protected void sendHttpRedirectRequest(String destination,
                                       Document samlDocument,
                                       String relayState,
                                       org.apache.catalina.connector.Response response,
                                       boolean willSendRequest,
                                       String destinationQueryStringWithSignature)
                                throws IOException,
                                       ProcessingException,
                                       ConfigurationException

Sends a HTTP Redirect request to the IDP.

Parameters:
destination -
relayState -
response -
willSendRequest -
destinationQueryStringWithSignature -
Throws:
IOException
UnsupportedEncodingException
ConfigurationException
ProcessingException

sendHttpPostBindingRequest

protected void sendHttpPostBindingRequest(String destination,
                                          Document samlDocument,
                                          String relayState,
                                          org.apache.catalina.connector.Response response,
                                          boolean willSendRequest)
                                   throws ProcessingException,
                                          IOException,
                                          ConfigurationException

Sends a HTTP POST request to the IDP.

Parameters:
destination -
samlDocument -
relayState -
response -
willSendRequest -
Throws:
TrustKeyProcessingException
ProcessingException
IOException
ConfigurationException

initKeyProvider

protected void initKeyProvider(org.apache.catalina.Context context)
                        throws org.apache.catalina.LifecycleException

Initialize the KeyProvider configurations. This configurations are to be used during signing and validation of SAML assertions.

Specified by:
initKeyProvider in class BaseFormAuthenticator
Parameters:
context -
Throws:
org.apache.catalina.LifecycleException

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                            javax.servlet.http.HttpServletResponse response,
                            org.apache.catalina.deploy.LoginConfig config)
                     throws IOException
Authenticate the request

Parameters:
request -
response -
config -
Returns:
Throws:
IOException
{@link - RuntimeException} when the response is not of type catalina response object

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                            org.apache.catalina.connector.Response response,
                            org.apache.catalina.deploy.LoginConfig loginConfig)
                     throws IOException
Overrides:
authenticate in class org.apache.catalina.authenticator.FormAuthenticator
Throws:
IOException

isPOSTBindingResponse

protected boolean isPOSTBindingResponse()

getBinding

protected String getBinding()
Description copied from class: BaseFormAuthenticator
Return the SAML Binding that this authenticator supports

Specified by:
getBinding in class BaseFormAuthenticator
Returns:
See Also:
JBossSAMLURIConstants#SAML_HTTP_POST_BINDING}, JBossSAMLURIConstants#SAML_HTTP_REDIRECT_BINDING}

isHttpPostBinding

protected boolean isHttpPostBinding()

Indicates if the SP is configure with HTTP POST Binding.

Returns:

getContext

protected org.apache.catalina.Context getContext()

getContextPath

protected abstract String getContextPath()
Subclasses need to return the context path based on the capability of their servlet api

Returns:

getGenericPrincipal

protected Principal getGenericPrincipal(org.apache.catalina.connector.Request request,
                                        String username,
                                        List<String> roles)

PicketLink Federation Common Server Bindings for Apache Tomcat 2.1.3.1-redhat-1

Copyright © 2012 JBoss Inc.. All Rights Reserved.