Add logout consume stub for HTTP-Redirect protocol

ce41a1a8 · michael.simon · d9b721d6 · ce41a1a8 · ce41a1a8 · ce41a1a8
Commit ce41a1a8 authored May 11, 2021 by michael.simon
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlSpLogoutService.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlSpLogoutService.java
@@ -3,9 +3,14 @@ package edu.kit.scc.webreg.service.saml;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
+
 public interface SamlSpLogoutService {

 	void redirectLogout(HttpServletRequest request, HttpServletResponse response, Long userId)
 					throws Exception;
+
+	void consumeRedirectLogout(HttpServletRequest request, HttpServletResponse response, SamlSpConfigurationEntity spConfig)
+			throws Exception;
 	
 }
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlSpLogoutServiceImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlSpLogoutServiceImpl.java
@@ -20,10 +20,13 @@ import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
 import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
 import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.criterion.RoleDescriptorCriterion;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder;
 import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
 import org.opensaml.saml.saml2.core.Issuer;
 import org.opensaml.saml.saml2.core.LogoutRequest;
 import org.opensaml.saml.saml2.core.NameID;
+import org.opensaml.saml.saml2.core.Response;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml.saml2.metadata.SingleLogoutService;
 import org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver;
@@ -45,6 +48,7 @@ import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
 import edu.kit.scc.webreg.entity.SamlUserEntity;
 import edu.kit.scc.webreg.entity.UserEntity;
 import edu.kit.scc.webreg.service.saml.exc.SamlAuthenticationException;
+import edu.kit.scc.webreg.service.saml.exc.SamlInvalidPostException;
 import edu.kit.scc.webreg.session.SessionManager;
 import net.shibboleth.utilities.java.support.resolver.CriteriaSet;

@@ -77,7 +81,20 @@ public class SamlSpLogoutServiceImpl implements SamlSpLogoutService {
 	
 	@Inject
 	private SessionManager session;
-	
+
+	@Override
+	public void consumeRedirectLogout(HttpServletRequest request, HttpServletResponse response, SamlSpConfigurationEntity spConfig)
+			throws Exception {
+		HTTPRedirectDeflateDecoder decoder = new HTTPRedirectDeflateDecoder();
+		decoder.setHttpServletRequest(request);
+
+		decoder.initialize();
+		decoder.decode();
+
+		SAMLObject obj = decoder.getMessageContext().getMessage();
+		logger.debug("Message decoded: {}", obj);
+	}
+
 	@Override
 	public void redirectLogout(HttpServletRequest request, HttpServletResponse response, Long userId)
 			throws Exception {

--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/Saml2SpLogoutHandler.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/Saml2SpLogoutHandler.java
+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.sec;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.servlet.Servlet;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+
+import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
+import edu.kit.scc.webreg.service.SamlSpConfigurationService;
+import edu.kit.scc.webreg.service.saml.SamlSpLogoutService;
+import edu.kit.scc.webreg.session.SessionManager;
+
+@Named
+@WebServlet(urlPatterns = {"/Shibboleth.sso/SLO/Redirect", "/saml/sp/logout/redirect"})
+public class Saml2SpLogoutHandler implements Servlet {
+
+	@Inject
+	private Logger logger;
+
+	@Inject
+	private SessionManager session;
+
+	@Inject 
+	private SamlSpConfigurationService spConfigService;
+
+	@Inject
+	private SamlSpLogoutService samlLogoutService;
+
+	@Override
+	public void service(ServletRequest servletRequest, ServletResponse servletResponse)
+			throws ServletException, IOException {
+
+		HttpServletRequest request = (HttpServletRequest) servletRequest;
+		HttpServletResponse response = (HttpServletResponse) servletResponse;
+
+		String context = request.getServletContext().getContextPath();
+		String path = request.getRequestURI().substring(
+				context.length());
+		
+		logger.debug("Dispatching request context '{}' path '{}'", context, path);
+		
+		SamlSpConfigurationEntity spConfig = spConfigService.findByHostname(request.getServerName());
+		
+		if (spConfig != null) {
+			logger.debug("Executing POST Handler for entity {}", spConfig.getEntityId());
+			service(request, response, spConfig);
+		}
+	}
+	
+	private void service(HttpServletRequest request, HttpServletResponse response, SamlSpConfigurationEntity spConfig)
+			throws ServletException, IOException {
+
+		if (session == null || session.getIdpId() == null || session.getSpId() == null) {
+			logger.debug("Client session from {} not established. Sending client back to welcome page",
+					request.getRemoteAddr());
+			response.sendRedirect("/welcome/index.xhtml");
+			return;
+		}
+		
+		logger.debug("attemp Logout, Consuming SAML Logout Request");
+		
+		try {
+			samlLogoutService.consumeRedirectLogout(request, response, spConfig);
+	
+		} catch (Exception e) {
+			throw new ServletException("Authentication problem", e);
+		}
+	}
+
+	@Override
+	public void init(ServletConfig config) throws ServletException {
+		
+	}
+	
+	@Override
+	public ServletConfig getServletConfig() {
+		return null;
+	}
+
+	@Override
+	public String getServletInfo() {
+		return null;
+	}
+
+	@Override
+	public void destroy() {
+	}	
+}