PicketLink Federation Server Bindings for Apache Tomcat 5/6 2.1.1.Final-redhat-1

org.picketlink.identity.federation.bindings.tomcat.sp
Class AbstractSPFormAuthenticator

java.lang.Object
  extended by org.apache.catalina.valves.ValveBase
      extended by org.apache.catalina.authenticator.AuthenticatorBase
          extended by org.apache.catalina.authenticator.FormAuthenticator
              extended by org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
                  extended by org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator
All Implemented Interfaces:
MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.Valve
Direct Known Subclasses:
ServiceProviderAuthenticator

public abstract class AbstractSPFormAuthenticator
extends BaseFormAuthenticator

Abstract class to be extended by Service Provider valves to handle SAML requests and responses.

Author:
Anil Saldhana, Pedro Silva

Field Summary
protected  boolean jbossEnv
           
protected  org.apache.log4j.Logger log
           
protected  boolean trace
           
 
Fields inherited from class org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
canonicalizationMethod, chain, chainConfigOptions, chainLock, configFile, configProvider, identityURL, idpAddress, idpCertificate, issuerID, keyManager, logOutPage, picketLinkConfiguration, samlHandlerChainClass, saveRestoreRequest, serviceURL, spConfiguration
 
Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator
characterEncoding, info, landingPage
 
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started
 
Fields inherited from class org.apache.catalina.valves.ValveBase
container, controller, domain, mserver, next, oname
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
AbstractSPFormAuthenticator()
           
 
Method Summary
 boolean authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, org.apache.catalina.deploy.LoginConfig config)
          Authenticate the request
 boolean authenticate(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig loginConfig)
           
protected  String getBinding()
          Return the SAML Binding that this authenticator supports
protected  void initKeyProvider(org.apache.catalina.Context context)
           Initialize the KeyProvider configurations.
protected  boolean isHttpPostBinding()
           Indicates if the SP is configure with HTTP POST Binding.
protected  boolean isPOSTBindingResponse()
           
protected  void processStart()
           
protected abstract  void sendRequestToIDP(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest)
           Send the request to the IDP.
 
Methods inherited from class org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
doSupportSignature, getConfigFile, getConfiguration, getIdentityURL, getIdpCertificate, getIDPSSODescriptor, handleMetadata, handleMetadata, initializeHandlerChain, localAuthentication, populateChainConfig, processConfiguration, processIDPMetadataFile, register, sendToLogoutPage, setConfigFile, setConfigProvider, setIdpAddress, setIssuerID, setLogOutPage, setSamlHandlerChainClass, setSaveRestoreRequest, setServiceURL, start, testStart, validate
 
Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator
forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage
 
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, invoke, isChangeSessionIdOnAuthentication, login, logout, reauthenticateFromSSO, register, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, stop, unregister
 
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

log

protected org.apache.log4j.Logger log

trace

protected final boolean trace

jbossEnv

protected boolean jbossEnv
Constructor Detail

AbstractSPFormAuthenticator

public AbstractSPFormAuthenticator()
Method Detail

processStart

protected void processStart()
                     throws org.apache.catalina.LifecycleException
Overrides:
processStart in class BaseFormAuthenticator
Throws:
org.apache.catalina.LifecycleException

initKeyProvider

protected void initKeyProvider(org.apache.catalina.Context context)
                        throws org.apache.catalina.LifecycleException

Initialize the KeyProvider configurations. This configurations are to be used during signing and validation of SAML assertions.

Specified by:
initKeyProvider in class BaseFormAuthenticator
Parameters:
context -
Throws:
org.apache.catalina.LifecycleException

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                            javax.servlet.http.HttpServletResponse response,
                            org.apache.catalina.deploy.LoginConfig config)
                     throws IOException
Authenticate the request

Overrides:
authenticate in class org.apache.catalina.authenticator.FormAuthenticator
Parameters:
request -
response -
config -
Returns:
Throws:
IOException
{@link - RuntimeException} when the response is not of type catalina response object

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                            org.apache.catalina.connector.Response response,
                            org.apache.catalina.deploy.LoginConfig loginConfig)
                     throws IOException
Throws:
IOException

isPOSTBindingResponse

protected boolean isPOSTBindingResponse()

sendRequestToIDP

protected abstract void sendRequestToIDP(String destination,
                                         Document samlDocument,
                                         String relayState,
                                         org.apache.catalina.connector.Response response,
                                         boolean willSendRequest)
                                  throws ProcessingException,
                                         ConfigurationException,
                                         IOException

Send the request to the IDP. Subclasses should override this method to implement how requests must be sent to the IDP.

Parameters:
destination - idp url
samlDocument - request or response document
relayState -
response -
willSendRequest - are we sending Request or Response to IDP
Throws:
ProcessingException
ConfigurationException
IOException

getBinding

protected String getBinding()
Description copied from class: BaseFormAuthenticator
Return the SAML Binding that this authenticator supports

Specified by:
getBinding in class BaseFormAuthenticator
Returns:
See Also:
JBossSAMLURIConstants#SAML_HTTP_POST_BINDING}, JBossSAMLURIConstants#SAML_HTTP_REDIRECT_BINDING}

isHttpPostBinding

protected boolean isHttpPostBinding()

Indicates if the SP is configure with HTTP POST Binding.

Returns:

PicketLink Federation Server Bindings for Apache Tomcat 5/6 2.1.1.Final-redhat-1

Copyright © 2012 JBoss Inc.. All Rights Reserved.