PicketLink Federation Server Bindings for Apache Tomcat 5/6 2.1.1.Final-redhat-1

org.picketlink.identity.federation.bindings.tomcat.idp
Class IDPWebBrowserSSOValve

java.lang.Object
  extended by org.apache.catalina.valves.ValveBase
      extended by org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve
All Implemented Interfaces:
MBeanRegistration, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.Valve

public class IDPWebBrowserSSOValve
extends org.apache.catalina.valves.ValveBase
implements org.apache.catalina.Lifecycle

Generic Web Browser SSO valve for the IDP Handles both the SAML Redirect as well as Post Bindings Note: Most of the work is done by IDPWebRequestUtil

Since:
May 18, 2009
Author:
Anil.Saldhana@redhat.com

Nested Class Summary
protected static class IDPWebBrowserSSOValve.SessionHolder
           
 
Field Summary
protected  String canonicalizationMethod
           
protected  SAMLConfigurationProvider configProvider
          The user can inject a fully qualified name of a SAMLConfigurationProvider
protected  String identityParticipantStack
          If the user wants to set a particular IdentityParticipantStack
protected  IDPType idpConfiguration
           
protected  org.apache.catalina.util.LifecycleSupport lifecycle
          The lifecycle event support for this component.
 
Fields inherited from class org.apache.catalina.valves.ValveBase
container, controller, domain, info, mserver, next, oname, sm
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
IDPWebBrowserSSOValve()
           
 
Method Summary
 void addLifecycleListener(org.apache.catalina.LifecycleListener listener)
          Add a lifecycle event listener to this component.
protected  void cleanUpSessionNote(org.apache.catalina.connector.Request request)
           
protected  String determineLoginType(boolean isSecure)
           
 org.apache.catalina.LifecycleListener[] findLifecycleListeners()
          Get the lifecycle listeners associated with this lifecycle.
 Boolean getIgnoreIncomingSignatures()
           
 Boolean getSignOutgoingMessages()
           
 Boolean getValidatingAliasToTokenIssuer()
           
protected  void handleSAML11(IDPWebRequestUtil webRequestUtil, org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
           
 void invoke(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
           
protected  void processSAMLRequestMessage(IDPWebRequestUtil webRequestUtil, org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
           
protected  void processSAMLResponseMessage(IDPWebRequestUtil webRequestUtil, org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)
           
 void removeLifecycleListener(org.apache.catalina.LifecycleListener listener)
          Remove a lifecycle event listener from this component.
protected  void sendErrorResponseToSP(String referrer, org.apache.catalina.connector.Response response, String relayState, IDPWebRequestUtil webRequestUtil)
           
 void setAttributeList(String attribList)
           
 void setConfigProvider(String cp)
           
 void setIdentityParticipantStack(String fqn)
           
 void setIgnoreAttributesGeneration(Boolean ignoreAttributes)
          IDP should not do any attributes such as generation of roles etc
 void setIgnoreIncomingSignatures(Boolean ignoreIncomingSignature)
           
 void setRoleGenerator(String rgName)
           
 void setSamlHandlerChainClass(String samlHandlerChainClass)
           
 void setSignOutgoingMessages(Boolean signOutgoingMessages)
           
 void setStrictPostBinding(Boolean strictPostBinding)
           
 void setValidatingAliasToTokenIssuer(Boolean validatingAliasToTokenIssuer)
          PLFED-248 Allows to validate the token's signature against the keystore using the token's issuer.
 void start()
          Prepare for the beginning of active use of the public methods of this component.
 void stop()
          Gracefully terminate the active use of the public methods of this component.
protected  boolean validate(String remoteAddress, String queryString, IDPWebBrowserSSOValve.SessionHolder holder, boolean isPost)
           
 
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, createObjectName, event, getContainer, getContainerName, getController, getDomain, getInfo, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setContainer, setController, setNext, setObjectName, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

idpConfiguration

protected IDPType idpConfiguration

canonicalizationMethod

protected String canonicalizationMethod

configProvider

protected SAMLConfigurationProvider configProvider
The user can inject a fully qualified name of a SAMLConfigurationProvider


identityParticipantStack

protected String identityParticipantStack
If the user wants to set a particular IdentityParticipantStack


lifecycle

protected org.apache.catalina.util.LifecycleSupport lifecycle
The lifecycle event support for this component.

Constructor Detail

IDPWebBrowserSSOValve

public IDPWebBrowserSSOValve()
Method Detail

setAttributeList

public void setAttributeList(String attribList)

setConfigProvider

public void setConfigProvider(String cp)

setStrictPostBinding

public void setStrictPostBinding(Boolean strictPostBinding)

getIgnoreIncomingSignatures

public Boolean getIgnoreIncomingSignatures()

setIgnoreIncomingSignatures

public void setIgnoreIncomingSignatures(Boolean ignoreIncomingSignature)

setValidatingAliasToTokenIssuer

public void setValidatingAliasToTokenIssuer(Boolean validatingAliasToTokenIssuer)
PLFED-248 Allows to validate the token's signature against the keystore using the token's issuer.


getValidatingAliasToTokenIssuer

public Boolean getValidatingAliasToTokenIssuer()

setIgnoreAttributesGeneration

public void setIgnoreAttributesGeneration(Boolean ignoreAttributes)
IDP should not do any attributes such as generation of roles etc

Parameters:
ignoreAttributes -

getSignOutgoingMessages

public Boolean getSignOutgoingMessages()

setSignOutgoingMessages

public void setSignOutgoingMessages(Boolean signOutgoingMessages)

setRoleGenerator

public void setRoleGenerator(String rgName)

setSamlHandlerChainClass

public void setSamlHandlerChainClass(String samlHandlerChainClass)

setIdentityParticipantStack

public void setIdentityParticipantStack(String fqn)

invoke

public void invoke(org.apache.catalina.connector.Request request,
                   org.apache.catalina.connector.Response response)
            throws IOException,
                   javax.servlet.ServletException
Specified by:
invoke in interface org.apache.catalina.Valve
Specified by:
invoke in class org.apache.catalina.valves.ValveBase
Throws:
IOException
javax.servlet.ServletException

handleSAML11

protected void handleSAML11(IDPWebRequestUtil webRequestUtil,
                            org.apache.catalina.connector.Request request,
                            org.apache.catalina.connector.Response response)
                     throws javax.servlet.ServletException,
                            IOException
Throws:
javax.servlet.ServletException
IOException

processSAMLRequestMessage

protected void processSAMLRequestMessage(IDPWebRequestUtil webRequestUtil,
                                         org.apache.catalina.connector.Request request,
                                         org.apache.catalina.connector.Response response)
                                  throws IOException
Throws:
IOException

processSAMLResponseMessage

protected void processSAMLResponseMessage(IDPWebRequestUtil webRequestUtil,
                                          org.apache.catalina.connector.Request request,
                                          org.apache.catalina.connector.Response response)
                                   throws javax.servlet.ServletException,
                                          IOException
Throws:
javax.servlet.ServletException
IOException

cleanUpSessionNote

protected void cleanUpSessionNote(org.apache.catalina.connector.Request request)

sendErrorResponseToSP

protected void sendErrorResponseToSP(String referrer,
                                     org.apache.catalina.connector.Response response,
                                     String relayState,
                                     IDPWebRequestUtil webRequestUtil)
                              throws javax.servlet.ServletException,
                                     IOException,
                                     ConfigurationException
Throws:
javax.servlet.ServletException
IOException
ConfigurationException

validate

protected boolean validate(String remoteAddress,
                           String queryString,
                           IDPWebBrowserSSOValve.SessionHolder holder,
                           boolean isPost)
                    throws IOException,
                           GeneralSecurityException
Throws:
IOException
GeneralSecurityException

addLifecycleListener

public void addLifecycleListener(org.apache.catalina.LifecycleListener listener)
Add a lifecycle event listener to this component.

Specified by:
addLifecycleListener in interface org.apache.catalina.Lifecycle
Parameters:
listener - The listener to add

findLifecycleListeners

public org.apache.catalina.LifecycleListener[] findLifecycleListeners()
Get the lifecycle listeners associated with this lifecycle. If this Lifecycle has no listeners registered, a zero-length array is returned.

Specified by:
findLifecycleListeners in interface org.apache.catalina.Lifecycle

removeLifecycleListener

public void removeLifecycleListener(org.apache.catalina.LifecycleListener listener)
Remove a lifecycle event listener from this component.

Specified by:
removeLifecycleListener in interface org.apache.catalina.Lifecycle
Parameters:
listener - The listener to add

start

public void start()
           throws org.apache.catalina.LifecycleException
Prepare for the beginning of active use of the public methods of this component. This method should be called after configure(), and before any of the public methods of the component are utilized.

Specified by:
start in interface org.apache.catalina.Lifecycle
Throws:
org.apache.catalina.LifecycleException - if this component detects a fatal error that prevents this component from being used

stop

public void stop()
          throws org.apache.catalina.LifecycleException
Gracefully terminate the active use of the public methods of this component. This method should be the last one called on a given instance of this component.

Specified by:
stop in interface org.apache.catalina.Lifecycle
Throws:
org.apache.catalina.LifecycleException - if this component detects a fatal error that needs to be reported

determineLoginType

protected String determineLoginType(boolean isSecure)

PicketLink Federation Server Bindings for Apache Tomcat 5/6 2.1.1.Final-redhat-1

Copyright © 2012 JBoss Inc.. All Rights Reserved.