in plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java [291:392]
public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest req, HttpServletResponse resp)
throws WebTrustAssociationFailedException {
LOG.debug("Request URI: {}", req.getRequestURI());
FedizContext fedCtx = getFederationContext(req);
if (fedCtx == null) {
LOG.warn("No Federation Context configured for context-path {}", req.getContextPath());
return TAIResult.create(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
try {
// Handle Metadata Document requests
MetadataDocumentHandler mddHandler = new MetadataDocumentHandler(fedCtx);
if (mddHandler.canHandleRequest(req)) {
return TAIResult.create(mddHandler.handleRequest(req, resp)
? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
// Handle Logout requests
LogoutHandler logoutHandler = new LogoutHandler(fedCtx, req.getContextPath()) {
@Override
protected boolean signoutCleanup(HttpServletRequest request, HttpServletResponse response) {
terminateSession(request);
Cookie cookie = new Cookie(Constants.PROPERTY_SESSION_COOKIE_NAME, "");
cookie.setMaxAge(0);
response.addCookie(cookie);
try {
request.logout();
} catch (ServletException e) {
LOG.error("Could not logout users");
}
return super.signoutCleanup(request, response);
}
@Override
protected boolean signout(HttpServletRequest request, HttpServletResponse response) {
terminateSession(request);
try {
request.logout();
} catch (ServletException e) {
LOG.error("Could not logout users");
}
return super.signout(request, response);
}
};
if (logoutHandler.canHandleRequest(req)) {
return TAIResult.create(logoutHandler.handleRequest(req, resp)
? HttpServletResponse.SC_OK : HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
// Handle Signin requests
SigninHandler<TAIResult> signinHandler = new SigninHandler<>(fedCtx) {
@Override
protected TAIResult createPrincipal(HttpServletRequest request, HttpServletResponse response,
FedizResponse federationResponse) {
// proceed creating the JAAS Subject
HttpSession session = request.getSession(true);
session.setAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY, federationResponse);
String username = federationResponse.getUsername();
// List<String> groupsIds =
// groupIdsFromTokenRoles(federationResponse);
// Subject subject = createSubject(federationResponse,
// groupsIds, session.getId());
// LOG.info("UserPrincipal was created successfully for {}",
// username);
try {
// return TAIResult.create(HttpServletResponse.SC_FOUND,
// username, subject);
return TAIResult.create(HttpServletResponse.SC_FOUND);
} catch (WebTrustAssociationFailedException e) {
LOG.error("TAIResult for user '" + username + "' could not be created", e);
return null;
}
}
};
if (signinHandler.canHandleRequest(req)) {
TAIResult taiResult = signinHandler.handleRequest(req, resp);
if (taiResult != null) {
resumeRequest(req, resp);
}
return taiResult;
}
// Check if user was authenticated previously and token is still
// valid
TAIResult taiResult = checkUserAuthentication(req, fedCtx);
if (taiResult != null) {
return taiResult;
}
LOG.info("No valid principal found in existing session. Redirecting to IDP");
redirectToIdp(req, resp, fedCtx);
return TAIResult.create(HttpServletResponse.SC_FOUND);
} catch (Exception e) {
LOG.error("Exception occured validating request", e);
throw new WebTrustAssociationFailedException(e.getMessage());
}
}