public class IDPServlet extends HttpServlet
Modifier and Type | Class and Description |
---|---|
protected static class |
IDPServlet.SessionHolder |
Modifier and Type | Field and Description |
---|---|
protected DelegatedAttributeManager |
attribManager |
protected List<String> |
attributeKeys |
protected String |
canonicalizationMethod |
protected SAML2HandlerChain |
chain |
protected ServletContext |
context |
protected String |
identityParticipantStack
If the user wants to set a particular
IdentityParticipantStack |
protected String |
identityURL |
protected IDPType |
idpConfiguration |
protected Boolean |
ignoreIncomingSignatures |
protected TrustKeyManager |
keyManager |
protected PicketLinkType |
picketLinkConfiguration |
protected RoleGenerator |
roleGenerator |
protected Boolean |
signOutgoingMessages |
Constructor and Description |
---|
IDPServlet() |
Modifier and Type | Method and Description |
---|---|
protected void |
doGet(HttpServletRequest req,
HttpServletResponse resp)
Called by the server (via the
service method) to
allow a servlet to handle a GET request. |
protected void |
doPost(HttpServletRequest request,
HttpServletResponse response)
Called by the server (via the
service method)
to allow a servlet to handle a POST request. |
Boolean |
getIgnoreIncomingSignatures() |
void |
init(ServletConfig config)
Called by the servlet container to indicate to a servlet that the
servlet is being placed into service.
|
boolean |
isStrictPostBinding() |
protected void |
sendErrorResponseToSP(String referrer,
HttpServletResponse response,
String relayState,
IDPWebRequestUtil webRequestUtil) |
void |
setStrictPostBinding(boolean strictPostBinding) |
void |
testPost(HttpServletRequest request,
HttpServletResponse response) |
protected boolean |
validate(String remoteAddress,
String queryString,
IDPServlet.SessionHolder holder,
boolean isPost) |
doDelete, doHead, doOptions, doPut, doTrace, getLastModified, service, service
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
protected transient IDPType idpConfiguration
protected transient PicketLinkType picketLinkConfiguration
protected transient RoleGenerator roleGenerator
protected transient DelegatedAttributeManager attribManager
protected String identityURL
protected transient TrustKeyManager keyManager
protected Boolean ignoreIncomingSignatures
protected Boolean signOutgoingMessages
protected String canonicalizationMethod
protected transient ServletContext context
protected transient SAML2HandlerChain chain
protected String identityParticipantStack
IdentityParticipantStack
public boolean isStrictPostBinding()
public void setStrictPostBinding(boolean strictPostBinding)
public Boolean getIgnoreIncomingSignatures()
public void init(ServletConfig config) throws ServletException
GenericServlet
Servlet.init(javax.servlet.ServletConfig)
.
This implementation stores the ServletConfig
object it receives from the servlet container for later use.
When overriding this form of the method, call
super.init(config)
.
init
in interface Servlet
init
in class GenericServlet
config
- the ServletConfig
object
that contains configutation
information for this servletServletException
- if an exception occurs that
interrupts the servlet's normal
operationUnavailableException
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
HttpServlet
service
method)
to allow a servlet to handle a POST request.
The HTTP POST method allows the client to send
data of unlimited length to the Web server a single time
and is useful when posting information such as
credit card numbers.
When overriding this method, read the request data,
write the response headers, get the response's writer or output
stream object, and finally, write the response data. It's best
to include content type and encoding. When using a
PrintWriter
object to return the response, set the
content type before accessing the PrintWriter
object.
The servlet container must write the headers before committing the response, because in HTTP the headers must be sent before the response body.
Where possible, set the Content-Length header (with the
ServletResponse.setContentLength(int)
method),
to allow the servlet container to use a persistent connection
to return its response to the client, improving performance.
The content length is automatically set if the entire response fits
inside the response buffer.
When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
This method does not need to be either safe or idempotent. Operations requested through POST can have side effects for which the user can be held accountable, for example, updating stored data or buying items online.
If the HTTP POST request is incorrectly formatted,
doPost
returns an HTTP "Bad Request" message.
doPost
in class HttpServlet
request
- an HttpServletRequest
object that
contains the request the client has made
of the servletresponse
- an HttpServletResponse
object that
contains the response the servlet sends
to the clientServletException
- if the request for the POST
could not be handledIOException
- if an input or output error is
detected when the servlet handles
the requestServletOutputStream
,
ServletResponse.setContentType(java.lang.String)
protected void sendErrorResponseToSP(String referrer, HttpServletResponse response, String relayState, IDPWebRequestUtil webRequestUtil) throws ServletException, IOException, ConfigurationException
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
HttpServlet
service
method) to
allow a servlet to handle a GET request.
Overriding this method to support a GET request also automatically supports an HTTP HEAD request. A HEAD request is a GET request that returns no body in the response, only the request header fields.
When overriding this method, read the request data,
write the response headers, get the response's writer or
output stream object, and finally, write the response data.
It's best to include content type and encoding. When using
a PrintWriter
object to return the response,
set the content type before accessing the
PrintWriter
object.
The servlet container must write the headers before committing the response, because in HTTP the headers must be sent before the response body.
Where possible, set the Content-Length header (with the
ServletResponse.setContentLength(int)
method),
to allow the servlet container to use a persistent connection
to return its response to the client, improving performance.
The content length is automatically set if the entire response fits
inside the response buffer.
When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
The GET method should be safe, that is, without any side effects for which users are held responsible. For example, most form queries have no side effects. If a client request is intended to change stored data, the request should use some other HTTP method.
The GET method should also be idempotent, meaning that it can be safely repeated. Sometimes making a method safe also makes it idempotent. For example, repeating queries is both safe and idempotent, but buying a product online or modifying data is neither safe nor idempotent.
If the request is incorrectly formatted, doGet
returns an HTTP "Bad Request" message.
doGet
in class HttpServlet
req
- an HttpServletRequest
object that
contains the request the client has made
of the servletresp
- an HttpServletResponse
object that
contains the response the servlet sends
to the clientServletException
- if the request for the GET
could not be handledIOException
- if an input or output error is
detected when the servlet handles
the GET requestServletResponse.setContentType(java.lang.String)
protected boolean validate(String remoteAddress, String queryString, IDPServlet.SessionHolder holder, boolean isPost) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
public void testPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
ServletException
IOException
Copyright © 2017 JBoss by Red Hat. All rights reserved.