in plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java [221:282]
public boolean isTargetInterceptor(HttpServletRequest req) throws WebTrustAssociationException {
boolean isTargetInterceptor = false;
LOG.debug("Request URI: {}", req.getRequestURI());
FedizContext fedCtx = getFederationContext(req);
if (fedCtx != null) {
// Validate SAML token lifetime on each request?
if (fedCtx.isDetectExpiredTokens()) {
return true;
}
// Handle Metadata Document requests
MetadataDocumentHandler mddHandler = new MetadataDocumentHandler(fedCtx);
if (mddHandler.canHandleRequest(req)) {
LOG.debug("MetadataDocument request detected");
return true;
}
// Handle Logout requests
LogoutHandler logoutHandler = new LogoutHandler(fedCtx, req.getContextPath());
if (logoutHandler.canHandleRequest(req)) {
LOG.debug("Logout URL request detected");
return true;
}
// Handle Signin requests
SigninHandler<TAIResult> signinHandler = new SigninHandler<>(fedCtx);
if (signinHandler.canHandleRequest(req)) {
LOG.debug("SignIn request detected");
return true;
}
HttpSession session = req.getSession(false);
if (session != null) {
// Check if user is already authenticated
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie c : cookies) {
if (cookieName.equals(c.getName())) {
LOG.debug("User is already authenticated. Fediz TAI Interceptor will not be invoked");
isTargetInterceptor = false;
break;
}
}
}
// Check if token is already in session
Object token = session.getAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY);
if (token != null) {
LOG.debug("SAML Token found in session");
isTargetInterceptor = true;
}
return isTargetInterceptor;
}
// User not authenticated
LOG.debug("User is not yet authenticated. Fediz TAI Interceptor will be invoked");
isTargetInterceptor = true;
} else {
LOG.warn("No Federation Context configured for context-path {}", req.getContextPath());
}
return isTargetInterceptor;
}