/** * Get the {@link ProfileRequestContext} associated with a request. * * @param key the value returned by {@link #startExternalAuthentication(HttpServletRequest)} * @param request servlet request * * @return the profile request context * @throws ExternalAuthenticationException if an error occurs */ @Nonnull public static ProfileRequestContext getProfileRequestContext(@Nonnull @NotEmpty final String key, @Nonnull final HttpServletRequest request) throws ExternalAuthenticationException { final Object obj = request.getSession().getAttribute(CONVERSATION_KEY + key); if (obj == null || !(obj instanceof ExternalAuthentication)) { throw new ExternalAuthenticationException("No conversation state found in session"); } return ((ExternalAuthentication) obj).getProfileRequestContext(request); }
/** * Complete a request for external authentication by seeking out the information stored in * request attributes and transferring to the session's conversation state, and then transfer * control back to the authentication web flow. * * @param key the value returned by {@link #startExternalAuthentication(HttpServletRequest)} * @param request servlet request * @param response servlet response * * @throws ExternalAuthenticationException if an error occurs * @throws IOException if the redirect cannot be issued */ public static void finishExternalAuthentication(@Nonnull @NotEmpty final String key, @Nonnull final HttpServletRequest request, @Nonnull final HttpServletResponse response) throws ExternalAuthenticationException, IOException { final Object obj = request.getSession().getAttribute(CONVERSATION_KEY + key); if (obj == null || !(obj instanceof ExternalAuthentication)) { throw new ExternalAuthenticationException("No conversation state found in session for key (" + key + ")"); } request.getSession().removeAttribute(CONVERSATION_KEY + key); ((ExternalAuthentication) obj).doFinish(request, response); }
/** * Initialize a request for external authentication by seeking out the information stored in * the servlet session and exposing it as request attributes. * * @param request servlet request * * @return a handle to subsequent use of * {@link #finishExternalAuthentication(java.lang.String, HttpServletRequest, HttpServletResponse)} * * @throws ExternalAuthenticationException if an error occurs */ @Nonnull @NotEmpty public static String startExternalAuthentication(@Nonnull final HttpServletRequest request) throws ExternalAuthenticationException { final String conv = request.getParameter(CONVERSATION_KEY); if (conv == null || conv.isEmpty()) { throw new ExternalAuthenticationException("No conversation key found in request"); } final Object obj = request.getSession().getAttribute(CONVERSATION_KEY + conv); if (obj == null || !(obj instanceof ExternalAuthentication)) { throw new ExternalAuthenticationException("No conversation state found in session for key (" + conv + ")"); } ((ExternalAuthentication) obj).doStart(request); return conv; }
throws ExternalAuthenticationException, IOException { final String key = ExternalAuthentication.startExternalAuthentication(httpRequest); if (!key.equals(conversationKey)) { throw new ExternalAuthenticationException("Conversation key on query string doesn't match URL path"); final ProfileRequestContext prc = ExternalAuthentication.getProfileRequestContext(key, httpRequest);
final String key = ExternalAuthentication.startExternalAuthentication(httpRequest); log.error("No X.509 Certificates found in request"); httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, AuthnEventIds.NO_CREDENTIALS); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); return; httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, AuthnEventIds.INVALID_CREDENTIALS); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); return; log.error("Exception raised by trust engine", e); httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_EXCEPTION_KEY, e); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); return; ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse);
/** * Finish the authentication process with an exception. * * <p>Sets the attribute {@link ExternalAuthentication#AUTHENTICATION_EXCEPTION_KEY}.</p> * * @param key the conversation key * @param httpRequest the HTTP request * @param httpResponse the HTTP response * @param ex the exception that has been thrown * * @throws IOException * @throws ExternalAuthenticationException */ private void finishWithException(@Nonnull @NotEmpty final String key, @Nonnull final HttpServletRequest httpRequest, @Nonnull final HttpServletResponse httpResponse, @Nonnull final Exception ex) throws ExternalAuthenticationException, IOException { // Finish the external authentication task and return to the flow. httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_EXCEPTION_KEY, ex); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); }
final String key = ExternalAuthentication.startExternalAuthentication(httpRequest); log.debug("Java Subject extracted from attribute {}: {}", subjectAttribute, subject); httpRequest.setAttribute(ExternalAuthentication.SUBJECT_KEY, subject); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); return; } else { ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); return; ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); return; } else { ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse);
/** * Finish the authentication process with an error. * * <p>Sets the attribute {@link ExternalAuthentication#AUTHENTICATION_ERROR_KEY}.</p> * * @param key the conversation key * @param httpRequest the HTTP request * @param httpResponse the HTTP response * @param error the error string/event to return * * @throws IOException * @throws ExternalAuthenticationException */ private void finishWithError(@Nonnull @NotEmpty final String key, @Nonnull final HttpServletRequest httpRequest, @Nonnull final HttpServletResponse httpResponse, @Nonnull @NotEmpty final String error) throws ExternalAuthenticationException, IOException { // Finish the external authentication task and return to the flow. httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, error); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); }
/** * Get the executing {@link AuthenticationFlowDescriptor}. * * @param key external authentication key * @param httpRequest servlet request * * @return active descriptor, or null * @throws ExternalAuthenticationException if unable to access the profile context */ @Nullable public AuthenticationFlowDescriptor getAuthenticationFlowDescriptor(@Nonnull @NotEmpty final String key, @Nonnull final HttpServletRequest httpRequest) throws ExternalAuthenticationException { final ProfileRequestContext prc = ExternalAuthentication.getProfileRequestContext(key, httpRequest); final AuthenticationContext authnCtx = prc.getSubcontext(AuthenticationContext.class); return (authnCtx != null) ? authnCtx.getAttemptedFlow() : null; }
/** * Finish the authentication process successfully. * * <p>Sets the attribute {@link ExternalAuthentication#SUBJECT_KEY}.</p> * * @param key the conversation key * @param httpRequest the HTTP request * @param httpResponse the HTTP response * @param kerberosPrincipal the Kerberos principal to return * * @throws IOException * @throws ExternalAuthenticationException */ private void finishWithSuccess(@Nonnull @NotEmpty final String key, @Nonnull final HttpServletRequest httpRequest, @Nonnull final HttpServletResponse httpResponse, @Nonnull final KerberosPrincipal kerberosPrincipal) throws ExternalAuthenticationException, IOException { // Store the user as a username and as a real KerberosPrincipal object. final Subject subject = new Subject(); subject.getPrincipals().add(new UsernamePrincipal(kerberosPrincipal.getName())); subject.getPrincipals().add(kerberosPrincipal); // Finish the external authentication task and return to the flow. httpRequest.setAttribute(ExternalAuthentication.SUBJECT_KEY, subject); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); }
ProfileRequestContext prc = ExternalAuthentication.getProfileRequestContext(key, request);
throws ExternalAuthenticationException, IOException { final ProfileRequestContext prc = ExternalAuthentication.getProfileRequestContext(conversationKey, httpRequest);