org.picketlink.identity.federation.bindings.tomcat.sp

Class AbstractSPFormAuthenticator

java.lang.Object

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.FormAuthenticator

org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator

org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator

All Implemented Interfaces:

MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.Valve

Direct Known Subclasses:

ServiceProviderAuthenticator

public abstract class AbstractSPFormAuthenticator
extends BaseFormAuthenticator

Abstract class to be extended by Service Provider valves to handle SAML requests and responses.

Author:

Anil Saldhana, Pedro Silva

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	jbossEnv
protected Logger	log
protected boolean	trace

Fields inherited from class org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator

canonicalizationMethod, chain, chainConfigOptions, chainLock, configFile, configProvider, identityURL, idpAddress, idpCertificate, issuerID, keyManager, logOutPage, picketLinkConfiguration, samlHandlerChainClass, saveRestoreRequest, serviceURL, spConfiguration

Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator

characterEncoding, info, landingPage

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started

Fields inherited from class org.apache.catalina.valves.ValveBase

container, controller, domain, mserver, next, oname

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
AbstractSPFormAuthenticator()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	authenticate(org.apache.catalina.connector.Request request, HttpServletResponse response, org.apache.catalina.deploy.LoginConfig config) Authenticate the request
boolean	authenticate(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.LoginConfig loginConfig)
protected String	getBinding() Return the SAML Binding that this authenticator supports
protected void	initKeyProvider(org.apache.catalina.Context context) Initialize the KeyProvider configurations.
protected boolean	isHttpPostBinding() Indicates if the SP is configure with HTTP POST Binding.
protected boolean	isPOSTBindingResponse()
protected void	processStart()
protected abstract void	sendRequestToIDP(String destination, Document samlDocument, String relayState, org.apache.catalina.connector.Response response, boolean willSendRequest) Send the request to the IDP.

Methods inherited from class org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator

doSupportSignature, getConfigFile, getConfiguration, getIdentityURL, getIdpCertificate, getIDPSSODescriptor, handleMetadata, handleMetadata, initializeHandlerChain, localAuthentication, populateChainConfig, processConfiguration, processIDPMetadataFile, register, sendToLogoutPage, setConfigFile, setConfigProvider, setIdpAddress, setIssuerID, setLogOutPage, setSamlHandlerChainClass, setSaveRestoreRequest, setServiceURL, start, testStart, validate

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator

forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, invoke, isChangeSessionIdOnAuthentication, login, logout, reauthenticateFromSSO, register, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, stop, unregister

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

log

protected Logger log

trace

protected final boolean trace

jbossEnv

protected boolean jbossEnv

Constructor Detail

AbstractSPFormAuthenticator

public AbstractSPFormAuthenticator()

Method Detail

processStart

protected void processStart()
                     throws org.apache.catalina.LifecycleException

Overrides:

processStart in class BaseFormAuthenticator

Throws:

org.apache.catalina.LifecycleException

initKeyProvider

protected void initKeyProvider(org.apache.catalina.Context context)
                        throws org.apache.catalina.LifecycleException

Initialize the KeyProvider configurations. This configurations are to be used during signing and validation of SAML assertions.

Specified by:

initKeyProvider in class BaseFormAuthenticator

Parameters:

context -

Throws:

org.apache.catalina.LifecycleException

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                   HttpServletResponse response,
                   org.apache.catalina.deploy.LoginConfig config)
                     throws IOException

Authenticate the request

Overrides:

authenticate in class org.apache.catalina.authenticator.FormAuthenticator

Parameters:

request -

response -

config -

Returns:

Throws:

IOException

{@link - RuntimeException} when the response is not of type catalina response object

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                   org.apache.catalina.connector.Response response,
                   org.apache.catalina.deploy.LoginConfig loginConfig)
                     throws IOException

Throws:

IOException

isPOSTBindingResponse

protected boolean isPOSTBindingResponse()

sendRequestToIDP

protected abstract void sendRequestToIDP(String destination,
                    Document samlDocument,
                    String relayState,
                    org.apache.catalina.connector.Response response,
                    boolean willSendRequest)
                                  throws ProcessingException,
                                         ConfigurationException,
                                         IOException

Send the request to the IDP. Subclasses should override this method to implement how requests must be sent to the IDP.

Parameters:

destination - idp url

samlDocument - request or response document

relayState -

response -

willSendRequest - are we sending Request or Response to IDP

Throws:

ProcessingException

ConfigurationException

IOException

getBinding

protected String getBinding()

Description copied from class: BaseFormAuthenticator

Return the SAML Binding that this authenticator supports

Specified by:

getBinding in class BaseFormAuthenticator

Returns:

See Also:

JBossSAMLURIConstants#SAML_HTTP_POST_BINDING}, JBossSAMLURIConstants#SAML_HTTP_REDIRECT_BINDING}

isHttpPostBinding

protected boolean isHttpPostBinding()

Indicates if the SP is configure with HTTP POST Binding.

Returns: