Versions Compared

Old Version 104

changes.mady.by.user Jeppe Gravgaard

Saved on

compared with

New Version 105

changes.mady.by.user Jeppe Gravgaard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejava
@Provider
public class AuthFilter implements ContainerRequestFilter {

    // https://howtodoinjava.com/resteasy/resteasy-containerrequestfilter-example/

    static private final Logger log;
    public static final Response ACCESS_DENIED = Response.status(401).build();
    private static final String[][] XML_PATH_TO_SAML_ASSERTION = {
            {NameSpaces.WSA_1_0_SCHEMA, WSATags.metadata.getTagName()},
            {NameSpaces.LIBERTY_DISCOVERY_SCHEMA, LibertyDiscoveryTags.securityContext.getTagName()},
            {NameSpaces.LIBERTY_SECURITY_SCHEMA, LibertySecurityTags.token.getTagName()},
            {NameSpaces.SAML2ASSERTION_SCHEMA, SAMLTags.ASSERTION}
    };

    static {
        log = Logger.getLogger(AuthFilter.class);
    }

    // https://howtodoinjava.com/resteasy/resteasy-containerrequestfilter-example/
    @Override
    public void filter(ContainerRequestContext requestContext) {
        final RequestContext context = RequestContext.getContext();
        final UserAssertion userAssertion = UserAssertionHolder.get();
        context.setAssertion(userAssertion);
        context.setUserIdCard(getIdCardFromAssertion(userAssertion));
    }

    private UserIDCard getIdCardFromAssertion(UserAssertion ua) {
        UserAttribute attribute = ua.getAttribute(OIOSAMLAttributes.DISCOVERY_EPR);
        if (attribute == null) {
            if (log.isDebugEnabled()) log.debug("No embedded idcard in SAML assertion");
            return null;
        }

        if (!Attribute.URI_REFERENCE.equals(attribute.getFormat())) {
            if (log.isDebugEnabled()) log.debug("Attribute of name " + OIOSAMLAttributes.DISCOVERY_EPR +
                    " is not an embedded idcard - NameFormat mismatch (was + " + attribute.getFormat() +
                    ", expected " + Attribute.URI_REFERENCE);

            return null;
        }

        if (log.isDebugEnabled()) log.debug("Extracting idcard from SAML assertion");

        String attributeValue = attribute.getValue();
        InputSource inputSource = new InputSource(new StringReader(attributeValue));
        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
        documentBuilderFactory.setNamespaceAware(true);
        DocumentBuilder documentBuilder;
        try {
            documentBuilder = documentBuilderFactory.newDocumentBuilder();
            Document document = documentBuilder.parse(inputSource);

            Element idCardElm = getDescendant(document.getDocumentElement());

            return (UserIDCard) new IDCardModelBuilder().buildModel(idCardElm);

        } catch (ParserConfigurationException | SAXException | IOException e) {
            log.error("Error parsing embedded idcard", e);
        }

        return null;
    }

    private Element getDescendant(Element elm) {
        for (String[] qName : AuthFilter.XML_PATH_TO_SAML_ASSERTION) {
            NodeList nodeList = elm.getElementsByTagNameNS(qName[0], qName[1]);
            if (nodeList == null || nodeList.getLength() == 0) {
                log.error("Path element not found: {" + qName[0] + "}" + qName[1]);
                return null;
            }
            Node child = nodeList.item(0);
            if (!(child instanceof Element)) {
                log.error("Path component {" + qName[0] + "}" + qName[1] + " is not an element; node=" + child);
                return null;
            }
            elm = (Element) nodeList.item(0);
        }

        return elm;
    }
}

...