/** * @see {@code SAML2Handler#handleRequestType(SAML2HandlerRequest, SAML2HandlerResponse)} */ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException { Map<String, Object> requestOptions = request.getOptions(); Boolean ignoreSignatures = (Boolean) requestOptions.get(GeneralConstants.IGNORE_SIGNATURES); if (ignoreSignatures == Boolean.TRUE) return; Document signedDocument = request.getRequestDocument(); if (trace) { log.trace("Will validate :" + DocumentUtil.asString(signedDocument)); } PublicKey publicKey = (PublicKey) request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY); try { boolean isValid = this.validateSender(signedDocument, publicKey); if (!isValid) throw constructSignatureException(); } catch (ProcessingException pe) { response.setError(SAML2HandlerErrorCodes.SIGNATURE_INVALID, "Signature Validation Failed"); throw pe; } }
/** * @see {@code SAML2Handler#handleRequestType(SAML2HandlerRequest, SAML2HandlerResponse)} */ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException { Map<String, Object> requestOptions = request.getOptions(); Boolean ignoreSignatures = (Boolean) requestOptions.get(GeneralConstants.IGNORE_SIGNATURES); if (ignoreSignatures == Boolean.TRUE) return; Document signedDocument = request.getRequestDocument(); if (trace) { log.trace("Will validate :" + DocumentUtil.asString(signedDocument)); } PublicKey publicKey = (PublicKey) request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY); try { boolean isValid = this.validateSender(signedDocument, publicKey); if (!isValid) throw constructSignatureException(); } catch (ProcessingException pe) { response.setError(SAML2HandlerErrorCodes.SIGNATURE_INVALID, "Signature Validation Failed"); throw pe; } }
if (userPrincipal == null) response.setError(403, "User Principal not determined: Forbidden");
if (userPrincipal == null) response.setError(403, "User Principal not determined: Forbidden");
response.setError(403, "User Principal not determined: Forbidden"); } else { HttpSession session = httpContext.getRequest().getSession(false);
response.setError(403, "User Principal not determined: Forbidden"); } else { HttpSession session = httpContext.getRequest().getSession(false);
response.setError(403, "User Principal not determined: Forbidden"); } else { HttpSession session = httpContext.getRequest().getSession(false);
auditHelper.audit(auditEvent); response.setError(SAML2HandlerErrorCodes.SIGNATURE_INVALID, "Signature Validation Failed"); throw pe;
auditHelper.audit(auditEvent); response.setError(SAML2HandlerErrorCodes.SIGNATURE_INVALID, "Signature Validation Failed"); throw pe;
auditHelper.audit(auditEvent); response.setError(SAML2HandlerErrorCodes.SIGNATURE_INVALID, "Signature Validation Failed"); throw pe;