private Authentication handleSignInRequest()

in plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java [251:324]

• 60 lines of code
• 11 McCabe index (conditional complexity)

    private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
                                               HttpSession session, FedizContext fedConfig) throws IOException {
        FedizResponse wfRes = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("SignIn request found");
        }

        String action = request.getParameter(FederationConstants.PARAM_ACTION);
        String responseToken = getResponseToken(request, fedConfig);
        if (responseToken == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("SignIn request must contain a response token from the IdP");
            }
            response.sendError(HttpServletResponse.SC_BAD_REQUEST);
            return Authentication.SEND_FAILURE;
        } else {

            FedizRequest wfReq = new FedizRequest();
            wfReq.setAction(action);
            wfReq.setResponseToken(responseToken);
            wfReq.setState(getState(request));
            wfReq.setRequest(request);
            wfReq.setRequestState((RequestState) session.getAttribute(J_CONTEXT));

            X509Certificate[] certs =
                (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
            wfReq.setCerts(certs);

            FederationLoginService fedLoginService = (FederationLoginService)this._loginService;
            UserIdentity user = fedLoginService.login(null, wfReq, fedConfig);
            if (user != null) {
                session = renewSession(request, response);

                // Redirect to original request
                String nuri;
                synchronized (session) {
                    // Check the context
                    RequestState savedRequestState = (RequestState) session.getAttribute(J_CONTEXT);
                    String receivedContext = getState(request);
                    if (savedRequestState == null || !savedRequestState.getState().equals(receivedContext)) {
                        LOG.warn("The received wctx/RelayState parameter does not match the saved value");
                        response.sendError(HttpServletResponse.SC_FORBIDDEN);
                        return Authentication.UNAUTHENTICATED;
                    }

                    nuri = (String) session.getAttribute(J_URI);

                    if (nuri == null || nuri.length() == 0) {
                        nuri = request.getContextPath();
                        if (nuri.length() == 0) {
                            nuri = URIUtil.SLASH;
                        }
                    }
                    Authentication cached = new SessionAuthentication(getAuthMethod(), user, wfRes);
                    session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
                }

                FederationUserIdentity fui = (FederationUserIdentity)user;
                session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());

                response.setContentLength(0);
                response.sendRedirect(response.encodeRedirectURL(nuri));

                return new FederationAuthentication(getAuthMethod(), user);
            }

            // not authenticated
            if (LOG.isDebugEnabled()) {
                LOG.debug("WSFED authentication FAILED");
            }
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
            return Authentication.UNAUTHENTICATED;
        }
    }