Page History
...
Code Block | ||
---|---|---|
| ||
@Provider
public class AuthFilter implements ContainerRequestFilter {
static private final Logger log;
public static final Response ACCESS_DENIED = Response.status(401).build();
private static final String[][] XML_PATH_TO_SAML_ASSERTION = {
{NameSpaces.WSA_1_0_SCHEMA, WSATags.metadata.getTagName()},
{NameSpaces.LIBERTY_DISCOVERY_SCHEMA, LibertyDiscoveryTags.securityContext.getTagName()},
{NameSpaces.LIBERTY_SECURITY_SCHEMA, LibertySecurityTags.token.getTagName()},
{NameSpaces.SAML2ASSERTION_SCHEMA, SAMLTags.ASSERTION}
};
static {
log = Logger.getLogger(AuthFilter.class);
}
// https://howtodoinjava.com/resteasy/resteasy-containerrequestfilter-example/
@Override
public void filter(ContainerRequestContext requestContext) {
final RequestContext context = RequestContext.getContext();
final UserAssertion userAssertion = UserAssertionHolder.get();
context.setAssertion(userAssertion);
context.setUserIdCard(getIdCardFromAssertion(userAssertion));
}
private UserIDCard getIdCardFromAssertion(UserAssertion ua) {
UserAttribute attribute = ua.getAttribute(OIOSAMLAttributes.DISCOVERY_EPR);
if (attribute == null) {
if (log.isDebugEnabled()) log.debug("No embedded idcard in SAML assertion");
return null;
}
if (!Attribute.URI_REFERENCE.equals(attribute.getFormat())) {
if (log.isDebugEnabled()) log.debug("Attribute of name " + OIOSAMLAttributes.DISCOVERY_EPR +
" is not an embedded idcard - NameFormat mismatch (was + " + attribute.getFormat() +
", expected " + Attribute.URI_REFERENCE);
return null;
}
if (log.isDebugEnabled()) log.debug("Extracting idcard from SAML assertion");
String attributeValue = attribute.getValue();
InputSource inputSource = new InputSource(new StringReader(attributeValue));
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
DocumentBuilder documentBuilder;
try {
documentBuilder = documentBuilderFactory.newDocumentBuilder();
Document document = documentBuilder.parse(inputSource);
Element idCardElm = getDescendant(document.getDocumentElement());
return (UserIDCard) new IDCardModelBuilder().buildModel(idCardElm);
} catch (ParserConfigurationException | SAXException | IOException e) {
log.error("Error parsing embedded idcard", e);
}
return null;
}
private Element getDescendant(Element elm) {
for (String[] qName : AuthFilter.XML_PATH_TO_SAML_ASSERTION) {
NodeList nodeList = elm.getElementsByTagNameNS(qName[0], qName[1]);
if (nodeList == null || nodeList.getLength() == 0) {
log.error("Path element not found: {" + qName[0] + "}" + qName[1]);
return null;
}
Node child = nodeList.item(0);
if (!(child instanceof Element)) {
log.error("Path component {" + qName[0] + "}" + qName[1] + " is not an element; node=" + child);
return null;
}
elm = (Element) nodeList.item(0);
}
return elm;
}
}
|
...