/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state of: {}", relayState); InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport); Assertion inboundMessage = (Assertion) unmarshallMessage(base64DecodedMessage); Response response = SamlRedirectUtils.wrapAssertionIntoResponse(inboundMessage, inboundMessage.getIssuer().getValue()); samlMsgCtx.setInboundMessage(response); samlMsgCtx.setInboundSAMLMessage(response); log.debug("Decoded SAML message"); populateMessageContext(samlMsgCtx); }
/** {@inheritDoc} */ public void evaluate(MessageContext messageContext) throws SecurityPolicyException { if (!(messageContext.getInboundMessageTransport() instanceof HTTPTransport)) { log.debug("Message context was did not contain an HTTP transport, unable to evaluate security rule"); return; } doEvaluate(messageContext); }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } super.doDecode(messageContext); }
/** {@inheritDoc} */ public void decode(MessageContext messageContext) throws MessageDecodingException, SecurityException { log.debug("Beginning to decode message from inbound transport of type: {}", messageContext .getInboundMessageTransport().getClass().getName()); doDecode(messageContext); logDecodedMessage(messageContext); processSecurityPolicy(messageContext); log.debug("Successfully decoded message."); }
/** {@inheritDoc} */ public void decode(MessageContext messageContext) throws MessageDecodingException, SecurityException { log.debug("Beginning to decode message from inbound transport of type: {}", messageContext .getInboundMessageTransport().getClass().getName()); doDecode(messageContext); logDecodedMessage(messageContext); processPreSecurityInboundHandlerChain(messageContext); log.debug("Successfully processed pre-SecurityPolicy inbound handler chain."); processSecurityPolicy(messageContext); processPostSecurityInboundHandlerChain(messageContext); log.debug("Successfully processed post-SecurityPolicy inbound handler chain."); log.debug("Successfully decoded message."); }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { InTransport inTransport = messageContext.getInboundMessageTransport(); log.debug("Unmarshalling SOAP message"); Envelope soapMessage = (Envelope) unmarshallMessage(inTransport.getIncomingStream()); messageContext.setInboundMessage(soapMessage); }
/** {@inheritDoc} */ public void decode(MessageContext messageContext) throws MessageDecodingException, SecurityException { log.debug("Beginning to decode message from inbound transport of type: {}", messageContext .getInboundMessageTransport().getClass().getName()); doDecode(messageContext); logDecodedMessage(messageContext); processPreSecurityInboundHandlerChain(messageContext); log.debug("Successfully processed pre-SecurityPolicy inbound handler chain."); processSecurityPolicy(messageContext); processPostSecurityInboundHandlerChain(messageContext); log.debug("Successfully processed post-SecurityPolicy inbound handler chain."); log.debug("Successfully decoded message."); // TODO: This gets executed by BaseSAML2MessageDecoder. Probably needs to be // factored out somehow to avoid brittleness in the decode() override. checkEndpointURI((SAMLMessageContext) messageContext); }
/** {@inheritDoc} */ public void evaluate(MessageContext messageContext) throws SecurityPolicyException { Credential peerCredential = messageContext.getInboundMessageTransport().getPeerCredential(); if (peerCredential == null) { log.info("Inbound message transport did not contain a peer credential, " + "skipping client certificate authentication"); return; } if (!(peerCredential instanceof X509Credential)) { log.info("Inbound message transport did not contain an X509Credential, " + "skipping client certificate authentication"); return; } X509Credential requestCredential = (X509Credential) peerCredential; if (log.isDebugEnabled()) { try { log.debug("Attempting to authenticate inbound connection that presented the certificate:"); log.debug(Base64.encodeBytes(requestCredential.getEntityCertificate().getEncoded())); } catch (CertificateEncodingException e) { // do nothing } } doEvaluate(requestCredential, messageContext); }
if (!(messageContext.getInboundMessageTransport() instanceof HttpServletRequestAdapter)) { log.debug("Invalid inbound message transport type, this rule only supports HttpServletRequestAdapter"); return; .getInboundMessageTransport(); HttpServletRequest request = requestAdapter.getWrappedRequest();
/** * Evaluates if the message context transport, guaranteed to be of type {@link HTTPTransport}, meets all * requirements. * * @param messageContext message context being evaluated * * @throws SecurityPolicyException thrown if the message context does not meet the requirements of an evaluated rule */ protected void doEvaluate(MessageContext messageContext) throws SecurityPolicyException { HTTPTransport transport = (HTTPTransport) messageContext.getInboundMessageTransport(); evaluateContentType(transport); evaluateRequestMethod(transport); evaluateSecured(transport); }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; decodeTarget(samlMsgCtx); processArtifacts(samlMsgCtx); populateMessageContext(samlMsgCtx); }
log.info("Authentication via client certificate succeeded for context presenter entity ID: {}", presenterEntityID); messageContext.getInboundMessageTransport().setAuthenticated(true); } else { log.error("Authentication via client certificate failed for context presenter entity ID {}", derivedPresenter); setAuthenticatedCertificatePresenterEntityID(messageContext, derivedPresenter); messageContext.getInboundMessageTransport().setAuthenticated(true); return; derivedPresenter); setAuthenticatedCertificatePresenterEntityID(messageContext, derivedPresenter); messageContext.getInboundMessageTransport().setAuthenticated(true); return;
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); String relayState = DatatypeHelper.safeTrim(inTransport.getParameterValue("RelayState")); samlMsgCtx.setRelayState(relayState); processArtifact(samlMsgCtx); populateMessageContext(samlMsgCtx); }
if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException(
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state of: {}", relayState); InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport); SAMLObject inboundMessage = (SAMLObject) unmarshallMessage(base64DecodedMessage); samlMsgCtx.setInboundMessage(inboundMessage); samlMsgCtx.setInboundSAMLMessage(inboundMessage); log.debug("Decoded SAML message"); populateMessageContext(samlMsgCtx); }
if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException(
if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException(
if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException(