import javax.security.auth.Subject;
import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
/** Class logger. */
private static final Logger LOG = LoggerFactory.getLogger(AuthenticationEngine.class);
- /**
- * Gets the manager used to retrieve handlers for requests.
- *
- * @return manager used to retrieve handlers for requests
- */
- public IdPProfileHandlerManager getProfileHandlerManager() {
- return (IdPProfileHandlerManager) getServletContext().getAttribute("handlerManager");
- }
+ /** Profile handler manager. */
+ private IdPProfileHandlerManager handlerManager;
- /**
- * Gets the session manager to be used.
- *
- * @return session manager to be used
- */
- @SuppressWarnings("unchecked")
- public SessionManager<Session> getSessionManager() {
- return (SessionManager<Session>) getServletContext().getAttribute("sessionManager");
+ /** Session manager. */
+ private SessionManager<Session> sessionManager;
+
+ /** {@inheritDoc} */
+ public void init(ServletConfig config) throws ServletException {
+ super.init(config);
+
+ String handlerManagerId = config.getInitParameter("handlerManagerId");
+ if (DatatypeHelper.isEmpty(handlerManagerId)) {
+ handlerManagerId = "shibboleth.HandlerManager";
+ }
+ handlerManager = (IdPProfileHandlerManager) getServletContext().getAttribute(handlerManagerId);
+
+ String sessionManagerId = config.getInitParameter("sessionManagedId");
+ if (DatatypeHelper.isEmpty(handlerManagerId)) {
+ sessionManagerId = "shibboleth.SessionManager";
+ }
+
+ sessionManager = (SessionManager<Session>) getServletContext().getAttribute(sessionManagerId);
}
/**
LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
if (loginContext == null) {
LOG.error("User HttpSession did not contain a login context. Unable to return to authentication engine");
+ forwardRequest("/idp-error.jsp", httpRequest, httpResponse);
+ } else {
+ forwardRequest(loginContext.getAuthenticationEngineURL(), httpRequest, httpResponse);
}
- forwardRequest(loginContext.getAuthenticationEngineURL(), httpRequest, httpResponse);
}
/**
public static void returnToProfileHandler(LoginContext loginContext, HttpServletRequest httpRequest,
HttpServletResponse httpResponse) {
LOG.debug("Returning control to profile handler at: {}", loginContext.getProfileHandlerURL());
+ httpRequest.getSession().removeAttribute(LoginContext.LOGIN_CONTEXT_KEY);
+ httpRequest.setAttribute(LoginContext.LOGIN_CONTEXT_KEY, loginContext);
forwardRequest(loginContext.getProfileHandlerURL(), httpRequest, httpResponse);
}
LOG.error("HTTP Response already committed");
}
- HttpSession httpSession = httpRequest.getSession();
- LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
+ LoginContext loginContext = (LoginContext) httpRequest.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
+ if (loginContext == null) {
+ // When the login context comes from the profile handlers its attached to the request
+ // The authn engine attaches it to the session to allow the handlers to do any number of
+ // request/response pairs without maintaining or losing the login context
+ loginContext = (LoginContext) httpRequest.getSession().getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
+ }
+
if (loginContext == null) {
LOG.error("Incoming request does not have attached login context");
throw new ServletException("Incoming request does not have attached login context");
LOG.debug("Forced authentication not required, trying existing authentication methods");
for (AuthenticationMethodInformation activeAuthnMethod : activeAuthnMethods) {
if (possibleLoginHandlers.containsKey(activeAuthnMethod.getAuthenticationMethod())) {
- completeAuthenticationWithActiveMethod(activeAuthnMethod, httpRequest, httpResponse);
+ completeAuthenticationWithActiveMethod(loginContext, activeAuthnMethod, httpRequest,
+ httpResponse);
return;
}
}
*/
protected Map<String, LoginHandler> determinePossibleLoginHandlers(LoginContext loginContext)
throws AuthenticationException {
- Map<String, LoginHandler> supportedLoginHandlers = new HashMap<String, LoginHandler>(getProfileHandlerManager()
+ Map<String, LoginHandler> supportedLoginHandlers = new HashMap<String, LoginHandler>(handlerManager
.getLoginHandlers());
LOG.trace("Supported login handlers: {}", supportedLoginHandlers);
LOG.trace("Requested authentication methods: {}", loginContext.getRequestedAuthenticationMethods());
loginContext.setAuthenticationDuration(logingHandler.getAuthenticationDuration());
loginContext.setAuthenticationMethod(authnMethod);
loginContext.setAuthenticationEngineURL(HttpHelper.getRequestUriWithoutContext(httpRequest));
+ httpRequest.getSession().setAttribute(LoginContext.LOGIN_CONTEXT_KEY, loginContext);
logingHandler.login(httpRequest, httpResponse);
}
/**
* Completes the authentication request using an existing, active, authentication method for the current user.
*
+ * @param loginContext current login context
* @param authenticationMethod authentication method to use to complete the request
* @param httpRequest current HTTP request
* @param httpResponse current HTTP response
*/
- protected void completeAuthenticationWithActiveMethod(AuthenticationMethodInformation authenticationMethod,
- HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
- HttpSession httpSession = httpRequest.getSession();
-
+ protected void completeAuthenticationWithActiveMethod(LoginContext loginContext,
+ AuthenticationMethodInformation authenticationMethod, HttpServletRequest httpRequest,
+ HttpServletResponse httpResponse) {
Session shibSession = (Session) httpRequest.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
- LOG.debug("Populating login context with existing session and authentication method information.");
- LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
loginContext.setAuthenticationDuration(authenticationMethod.getAuthenticationDuration());
loginContext.setAuthenticationInstant(authenticationMethod.getAuthenticationInstant());
loginContext.setAuthenticationMethod(authenticationMethod.getAuthenticationMethod());
authenticationMethod);
shibSession.getServicesInformation().put(serviceInfo.getEntityID(), serviceInfo);
+ LOG.debug("Treating user {} as authenticated via existing method {}", loginContext.getPrincipalName(),
+ loginContext.getAuthenticationMethod());
returnToProfileHandler(loginContext, httpRequest, httpResponse);
}
loginContext.setAuthenticationMethod(actualAuthnMethod);
}
- updateUserSession(loginContext, httpRequest, httpResponse);
-
- LOG.debug("User {} authentication with authentication method {}", loginContext.getPrincipalName(), loginContext
+ LOG.debug("User {} authenticated with method {}", loginContext.getPrincipalName(), loginContext
.getAuthenticationMethod());
-
+ updateUserSession(loginContext, httpRequest, httpResponse);
returnToProfileHandler(loginContext, httpRequest, httpResponse);
}
Session shibSession = (Session) httpRequest.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
if (shibSession == null) {
LOG.debug("Creating shibboleth session for principal {}", loginContext.getPrincipalName());
- shibSession = (Session) getSessionManager().createSession(loginContext.getPrincipalName());
+ shibSession = (Session) sessionManager.createSession(loginContext.getPrincipalName());
loginContext.setSessionID(shibSession.getSessionID());
addSessionCookie(httpRequest, httpResponse, shibSession);
}
Cookie sessionCookie = new Cookie(IDP_SESSION_COOKIE_NAME, userSession.getSessionID());
sessionCookie.setPath(httpRequest.getContextPath());
sessionCookie.setSecure(false);
-
- int maxAge = (int) (userSession.getInactivityTimeout() / 1000);
- sessionCookie.setMaxAge(maxAge);
+ sessionCookie.setMaxAge(-1);
httpResponse.addCookie(sessionCookie);
}
projects / java-idp.git / blobdiff