org.picketlink.identity.federation.web.filters

Class SPFilter

java.lang.Object

org.picketlink.identity.federation.web.filters.SPFilter

All Implemented Interfaces:

Filter

public class SPFilter
extends Object
implements Filter

A service provider filter for web container agnostic providers

Since:

Aug 21, 2009

Author:

Anil.Saldhana@redhat.com

Field Summary

Fields

Modifier and Type	Field and Description
protected String	canonicalizationMethod
protected String	configFile
protected String	identityURL
protected boolean	ignoreSignatures
protected PicketLinkType	picketLinkConfiguration
protected String	serviceURL
protected SPType	spConfiguration

Constructor Summary

Constructors

Constructor and Description
SPFilter()

Method Summary

Modifier and Type	Method and Description
protected ResponseType	decryptAssertion(ResponseType responseType)
void	destroy() Called by the web container to indicate to a filter that it is being taken out of service.
void	doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
Principal	handleSAMLResponse(HttpServletRequest request, ResponseType responseType) Handle the SAMLResponse from the IDP
void	init(FilterConfig filterConfig) Called by the web container to indicate to a filter that it is being placed into service.
protected void	isTrusted(String issuer)
protected void	sendRequestToIDP(AuthnRequestType authnRequest, String relayState, HttpServletResponse response)
protected void	sendToDestination(Document samlDocument, String relayState, String destination, HttpServletResponse response, boolean request)
protected boolean	validate(HttpServletRequest request)
protected boolean	verifySignature(SAMLDocumentHolder samlDocumentHolder)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

spConfiguration

protected SPType spConfiguration

picketLinkConfiguration

protected PicketLinkType picketLinkConfiguration

configFile

protected String configFile

serviceURL

protected String serviceURL

identityURL

protected String identityURL

ignoreSignatures

protected boolean ignoreSignatures

canonicalizationMethod

protected String canonicalizationMethod

Constructor Detail

SPFilter

public SPFilter()

Method Detail

destroy

public void destroy()

Description copied from interface: Filter

Called by the web container to indicate to a filter that it is being taken out of service.

This method is only called once all threads within the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the doFilter method again on this instance of the filter.

This method gives the filter an opportunity to clean up any resources that are being held (for example, memory, file handles, threads) and make sure that any persistent state is synchronized with the filter's current state in memory.

Specified by:

destroy in interface Filter

doFilter

public void doFilter(ServletRequest servletRequest,
                     ServletResponse servletResponse,
                     FilterChain filterChain)
              throws IOException,
                     ServletException

Description copied from interface: Filter

The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.

A typical implementation of this method would follow the following pattern:

1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. • Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
   • or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.

Specified by:

doFilter in interface Filter

Throws:

IOException

ServletException

init

public void init(FilterConfig filterConfig)
          throws ServletException

Description copied from interface: Filter

Called by the web container to indicate to a filter that it is being placed into service.

The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.

The web container cannot place the filter into service if the init method either

1. Throws a ServletException
2. Does not return within a time period defined by the web container

Specified by:

init in interface Filter

Throws:

ServletException

sendRequestToIDP

protected void sendRequestToIDP(AuthnRequestType authnRequest,
                                String relayState,
                                HttpServletResponse response)
                         throws IOException,
                                SAXException,
                                GeneralSecurityException

Throws:

IOException

SAXException

GeneralSecurityException

sendToDestination

protected void sendToDestination(Document samlDocument,
                                 String relayState,
                                 String destination,
                                 HttpServletResponse response,
                                 boolean request)
                          throws IOException,
                                 SAXException,
                                 GeneralSecurityException

Throws:

IOException

SAXException

GeneralSecurityException

validate

protected boolean validate(HttpServletRequest request)
                    throws IOException,
                           GeneralSecurityException

Throws:

IOException

GeneralSecurityException

verifySignature

protected boolean verifySignature(SAMLDocumentHolder samlDocumentHolder)
                           throws IssuerNotTrustedException

Throws:

IssuerNotTrustedException

isTrusted

protected void isTrusted(String issuer)
                  throws IssuerNotTrustedException

Throws:

IssuerNotTrustedException

decryptAssertion

protected ResponseType decryptAssertion(ResponseType responseType)

handleSAMLResponse

public Principal handleSAMLResponse(HttpServletRequest request,
                                    ResponseType responseType)
                             throws ConfigurationException,
                                    AssertionExpiredException

Handle the SAMLResponse from the IDP

Parameters:

request - entire request from IDP

responseType - ResponseType that has been generated

serverEnvironment - tomcat,jboss etc

Returns:

Throws:

AssertionExpiredException

ConfigurationException