Skip to content

MaxKey
MaxKey

yujianwangzivayy / MaxKey
与 Fork 源项目一致

Fork自 MaxKey单点登录官方(MaxKeyTop) / MaxKey

通知 1
Star 0
Fork 0
MaxKey
MaxKey

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
HttpWsFederationEntryPoint.java 6.2 KB
Newer Older
M
EntryPoints  
MaxKey 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 
/*
 * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 

package org.maxkey.authn.support.wsfederation;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
MaxKey单点登录官方's avatar
v3.0.0GA with authentication isTrusted  
MaxKey单点登录官方 已提交
23 
import org.maxkey.authn.LoginCredential;
M
AuthorizationUtils  
MaxKey 已提交
24 
import org.maxkey.authn.web.AuthorizationUtils;
M
EntryPoints  
MaxKey 已提交
25 
import org.maxkey.configuration.ApplicationConfig;
M
v 3.3.0  
MaxKey 已提交
26 
import org.maxkey.constants.ConstsLoginType;
M
EntryPoints  
MaxKey 已提交
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 
import org.maxkey.util.StringUtils;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.AsyncHandlerInterceptor;


public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
	private static final Logger _logger = LoggerFactory.getLogger(HttpWsFederationEntryPoint.class);
	
    boolean enable;
    
  	ApplicationConfig applicationConfig;
    
    AbstractAuthenticationProvider authenticationProvider ;
    
	WsFederationService wsFederationService;
	
	 @Override
	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
M
AuthorizationUtils  
MaxKey 已提交
47 
		 boolean isAuthenticated= AuthorizationUtils.isAuthenticated();
M
EntryPoints  
MaxKey 已提交
48 49 50 51 52 53 54 55 56 57 
		 String wsFederationWA = request.getParameter(WsFederationConstants.WA);
		 String wsFederationWResult = request.getParameter(WsFederationConstants.WRESULT);
		 
		 if(!enable 
				 || isAuthenticated 
				 || !applicationConfig.getLoginConfig().isWsFederation()
				 || wsFederationWA == null){
			 return true;
		 }
M
trace  
MaxKey 已提交
58 59 60 61 62 63 64 65 
		 _logger.trace("WsFederation Login Start ...");
		 _logger.trace("Request url : "+ request.getRequestURL());
		 _logger.trace("Request URI : "+ request.getRequestURI());
		 _logger.trace("Request ContextPath : "+ request.getContextPath());
		 _logger.trace("Request ServletPath : "+ request.getServletPath());
		 _logger.trace("RequestSessionId : "+ request.getRequestedSessionId());
		 _logger.trace("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
		 _logger.trace("getSession : "+ request.getSession(false));
M
EntryPoints  
MaxKey 已提交
66 67 68 
		 
		// session not exists,session timeout,recreate new session
		 if(request.getSession(false) == null) {
M
trace  
MaxKey 已提交
69 
		    _logger.trace("recreate new session .");
M
EntryPoints  
MaxKey 已提交
70 71 72 
			request.getSession(true);
		 }
M
trace  
MaxKey 已提交
73 
		 _logger.trace("getSession.getId : "+ request.getSession().getId());
M
EntryPoints  
MaxKey 已提交
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 

		//for WsFederation Login
		 _logger.debug("WsFederation : " + wsFederationWA +" , wsFederationWResult : " + wsFederationWResult);
		 if(applicationConfig.getLoginConfig().isWsFederation()
				 && StringUtils.isNotEmpty(wsFederationWA) 
				 && wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)){
			 _logger.debug("wresult : {}"+wsFederationWResult);

			 final String wctx = request.getParameter(WsFederationConstants.WCTX);
			 _logger.debug("wctx : {}"+ wctx);

            // create credentials
            final AssertionImpl assertion = WsFederationUtils.parseTokenFromString(wsFederationWResult);
            //Validate the signature
            if (assertion != null && WsFederationUtils.validateSignature(assertion, wsFederationService.getWsFederationConfiguration().getSigningCertificates())) {
                final WsFederationCredential wsFederationCredential = WsFederationUtils.createCredentialFromToken(assertion);

                if (wsFederationCredential != null && wsFederationCredential.isValid(wsFederationService.getWsFederationConfiguration().getRelyingParty(),
                		wsFederationService.getWsFederationConfiguration().getIdentifier(),
                		wsFederationService.getWsFederationConfiguration().getTolerance())) {

                    //Give the library user a chance to change the attributes as necessary
                    if (wsFederationService.getWsFederationConfiguration().getAttributeMutator() != null) {
                    	wsFederationService.getWsFederationConfiguration().getAttributeMutator().modifyAttributes(
                    			wsFederationCredential.getAttributes(),
                    			wsFederationService.getWsFederationConfiguration().getUpnSuffix());
                    }
MaxKey单点登录官方's avatar
v3.0.0GA with authentication isTrusted  
MaxKey单点登录官方 已提交
101 
                    LoginCredential loginCredential =new LoginCredential(
M
v 3.3.0  
MaxKey 已提交
102 
                            wsFederationCredential.getAttributes().get("").toString(),"",ConstsLoginType.WSFEDERATION);
M
Provider  
MaxKey 已提交
103 
                    authenticationProvider.authenticate(loginCredential,true);
M
EntryPoints  
MaxKey 已提交
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 
                    return true;
                } else {
                    _logger.warn("SAML assertions are blank or no longer valid.");
                }
            } else {
                _logger.error("WS Requested Security Token is blank or the signature is not valid.");
            }
		 }
		
		 return true;
	 }

	 public HttpWsFederationEntryPoint() {
	        super();
	 }

    public HttpWsFederationEntryPoint (boolean enable) {
        super();
        this.enable = enable;
    }

    public HttpWsFederationEntryPoint(AbstractAuthenticationProvider authenticationProvider, WsFederationService wsFederationService,
			ApplicationConfig applicationConfig, boolean enable) {
		super();
		this.authenticationProvider = authenticationProvider;
		this.wsFederationService = wsFederationService;
		this.applicationConfig = applicationConfig;
		this.enable = enable;
	}

	public boolean isEnable() {
        return enable;
    }

    public void setEnable(boolean enable) {
        this.enable = enable;
    }

	public void setApplicationConfig(ApplicationConfig applicationConfig) {
		this.applicationConfig = applicationConfig;
	}

	public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
		this.authenticationProvider = authenticationProvider;
	}

	public void setWsFederationService(WsFederationService wsFederationService) {
		this.wsFederationService = wsFederationService;
	}


	
}