better error message when authn servlets are accessed directly
authorwnorris <wnorris@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 24 Oct 2007 21:13:29 +0000 (21:13 +0000)
committerwnorris <wnorris@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 24 Oct 2007 21:13:29 +0000 (21:13 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2422 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
src/edu/internet2/middleware/shibboleth/idp/authn/provider/IPAddressLoginHandler.java
src/edu/internet2/middleware/shibboleth/idp/authn/provider/RemoteUserAuthServlet.java
src/edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginServlet.java

index 934e86d..d893735 100644 (file)
@@ -78,15 +78,20 @@ public class AuthenticationEngine extends HttpServlet {
      * 
      * @param httpRequest current http request
      * @param httpResponse current http response
+     * 
+     * @throws ServletException thrown if unable to return to authentication engine
      */
-    public static void returnToAuthenticationEngine(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
+    public static void returnToAuthenticationEngine(HttpServletRequest httpRequest, HttpServletResponse httpResponse)
+            throws ServletException {
         if (LOG.isDebugEnabled()) {
             LOG.debug("Returning control to authentication engine");
         }
         HttpSession httpSession = httpRequest.getSession();
         LoginContext loginContext = (LoginContext) httpSession.getAttribute(LoginContext.LOGIN_CONTEXT_KEY);
-        if(loginContext == null){
+        if (loginContext == null) {
             LOG.error("User HttpSession did not contain a login context.  Unable to return to authentication engine");
+            throw new ServletException(
+                    "User HttpSession did not contain a login context.  Unable to return to authentication engine");
         }
         forwardRequest(loginContext.getAuthenticationEngineURL(), httpRequest, httpResponse);
     }
index 2418755..654346c 100644 (file)
@@ -125,7 +125,12 @@ public class IPAddressLoginHandler extends AbstractLoginHandler {
             handleDefaultAllow(httpRequest, httpResponse);
         }
 
-        AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
+        try {
+            AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
+        } catch (ServletException e) {
+            // this shouldn't ever happen since the handler can only be accessed through the authentication engine
+            return;
+        }
     }
 
     protected void handleDefaultDeny(HttpServletRequest request, HttpServletResponse response) {
index 700bd0d..067e2e3 100644 (file)
@@ -49,6 +49,13 @@ public class RemoteUserAuthServlet extends HttpServlet {
                             + " returning control back to authentication engine");
         }
         httpRequest.setAttribute(LoginHandler.PRINCIPAL_NAME_KEY, httpRequest.getRemoteUser());
-        AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
+
+        try {
+            AuthenticationEngine.returnToAuthenticationEngine(httpRequest, httpResponse);
+        } catch (ServletException e) {
+            throw new ServletException("Unable to return to authentication engine.  "
+                    + "Authentication servlet should not be accessed directly.");
+        }
+
     }
 }
\ No newline at end of file
index 2f3a5b2..2991059 100644 (file)
@@ -80,7 +80,12 @@ public class UsernamePasswordLoginServlet extends HttpServlet {
         }
 
         if (authenticateUser(request)) {
-            AuthenticationEngine.returnToAuthenticationEngine(request, response);
+            try {
+                AuthenticationEngine.returnToAuthenticationEngine(request, response);
+            } catch (ServletException e) {
+                throw new ServletException("Unable to return to authentication engine.  "
+                        + "Authentication servlet should not be accessed directly.");
+            }
         } else {
             List<Pair<String, String>> queryParams = new ArrayList<Pair<String, String>>();
             queryParams.add(new Pair<String, String>(failureParam, "true"));