in plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java [79:143]
public UserIdentity login(String username, Object credentials, FedizContext config) {
try {
final FedizResponse wfRes;
FedizRequest wfReq = (FedizRequest)credentials;
if (LOG.isDebugEnabled()) {
LOG.debug("Process SignIn request");
LOG.debug("token=\n" + wfReq.getResponseToken());
}
FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(config.getProtocol());
try {
wfRes = wfProc.processRequest(wfReq, config);
} catch (ProcessingException ex) {
LOG.warn("Federation processing failed: " + ex.getMessage());
return null;
}
// Validate the AudienceRestriction in Security Token (e.g. SAML)
// against the configured list of audienceURIs
if (wfRes.getAudience() != null) {
List<String> audienceURIs = config.getAudienceUris();
boolean validAudience = false;
for (String a : audienceURIs) {
if (wfRes.getAudience().startsWith(a)) {
validAudience = true;
break;
}
}
if (!validAudience) {
LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
+ "] doesn't match with specified list of URIs.");
return null;
}
}
// Add "Authenticated" role
List<String> roles = wfRes.getRoles();
if (roles == null || roles.isEmpty()) {
roles = Collections.singletonList("Authenticated");
} else if (config.isAddAuthenticatedRole()) {
roles = new ArrayList<>(roles);
roles.add("Authenticated");
}
FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(), wfRes);
Subject subject = new Subject();
subject.getPrincipals().add(user);
String[] aRoles = new String[roles.size()];
roles.toArray(aRoles);
return identityService.newUserIdentity(subject, user, aRoles);
} catch (Exception ex) {
LOG.warn(ex);
}
return null;
}