public AuthenticationInfo extractCredentials()

in src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java [191:225]

• 25 lines of code
• 8 McCabe index (conditional complexity)

    public AuthenticationInfo extractCredentials(final HttpServletRequest httpServletRequest,
                                                 final HttpServletResponse httpServletResponse)  {
// 0. if disabled return null
        if(!this.getSaml2SPEnabled()){
            return null;
        }

// 1. If the request is POST to the ACS URL, it needs to extract the Auth Info from the SAML data POST'ed
        final String reqURI = httpServletRequest.getRequestURI();
        if (reqURI.equals(this.getAcsPath())) {
            return processAssertionConsumerService(httpServletRequest);
        }
// else, RequestURI is not the ACS path

// 2.  try credentials from the session
        if ( !this.getSaml2Path().isEmpty() && reqURI.startsWith(this.getSaml2Path())) {
            final String authData = getStorageAuthInfo().getString(httpServletRequest);
            if (authData != null) {
                if (tokenStore.isValid(authData)) {
                    return buildAuthInfo(authData);
                } else {
                    // clear the token from the session, its invalid and we should get rid of it
                    // so that the invalid cookie isn't present on the authN operation.
                    clearSessionAttributes(httpServletRequest);

                    if ( AuthUtil.isValidateRequest(httpServletRequest)) {
                        // signal the requestCredentials method a previous login failure
                        httpServletRequest.setAttribute(FAILURE_REASON, SamlReason.TIMEOUT);
                        return AuthenticationInfo.FAIL_AUTH;
                    }
                }
            }
        }
        return null;
    }