private void processSignInRequest()

in plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java [123:206]

• 67 lines of code
• 8 McCabe index (conditional complexity)

    private void processSignInRequest(ContainerRequestContext context, FedizContext fedConfig,
                                      Message m, MultivaluedMap<String, String> params) {
        String responseToken = getResponseToken(fedConfig, params);
        String state = getState(fedConfig, params);

        if (responseToken == null) {
            LOG.debug("SignIn request must contain a response token from the IdP");
            throw ExceptionUtils.toBadRequestException(null, null);
        } else {
            // processSignInRequest
            LOG.debug("Process SignIn request");
            LOG.debug("token=\n{}", responseToken);

            FedizResponse wfRes =
                validateSignInRequest(fedConfig, params, responseToken, state);

            // Validate AudienceRestriction
            List<String> audienceURIs = fedConfig.getAudienceUris();
            HttpServletRequest request = messageContext.getHttpServletRequest();
            validateAudienceRestrictions(wfRes, audienceURIs, request);

            // Set the security context
            String securityContextKey = UUID.randomUUID().toString();

            long currentTime = System.currentTimeMillis();
            Instant notOnOrAfter = wfRes.getTokenExpires();
            final long expiresAt;
            if (notOnOrAfter != null) {
                expiresAt = notOnOrAfter.toEpochMilli();
            } else {
                expiresAt = currentTime + getStateTimeToLive();
            }

            String webAppDomain = getWebAppDomain();
            String token = DOM2Writer.nodeToString(wfRes.getToken());
            // Add "Authenticated" role
            List<String> roles = wfRes.getRoles();
            if (roles == null || roles.isEmpty()) {
                roles = Collections.singletonList("Authenticated");
            } else if (fedConfig.isAddAuthenticatedRole()) {
                roles = new ArrayList<>(roles);
                roles.add("Authenticated");
            }

            String webAppContext = getWebAppContext(m);

            ResponseState responseState =
                new ResponseState(token,
                                  state,
                                  webAppContext,
                                  webAppDomain,
                                  currentTime,
                                  expiresAt);
            responseState.setClaims(wfRes.getClaims());
            responseState.setRoles(roles);
            responseState.setIssuer(wfRes.getIssuer());
            responseState.setSubject(wfRes.getUsername());
            getStateManager().setResponseState(securityContextKey, responseState);

            long stateTimeToLive = getStateTimeToLive();
            String contextCookie = CookieUtils.createCookie(SECURITY_CONTEXT_TOKEN,
                                                            securityContextKey,
                                                            webAppContext,
                                                            webAppDomain,
                                                            stateTimeToLive);

            // Redirect with cookie set
            if (isRedirectOnInitialSignIn()) {
                ResponseBuilder response =
                    Response.seeOther(new UriInfoImpl(m).getAbsolutePath());
                response.header(HttpHeaders.SET_COOKIE, contextCookie);

                context.abortWith(response.build());
            } else {
                try {
                    setSecurityContext(responseState, m, wfRes.getToken());
                    context.setProperty(SECURITY_CONTEXT_TOKEN, contextCookie);
                } catch (Exception ex) {
                    reportError("INVALID_RESPONSE_STATE");
                }
            }
        }

    }