Commit ce8545fc authored by michael.simon's avatar michael.simon
Browse files

add classes to store Assertions, refactor Saml handler servlets

parent bed96860
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.dao;
import edu.kit.scc.webreg.entity.SamlAssertionEntity;
public interface SamlAssertionDao extends BaseDao<SamlAssertionEntity, Long> {
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.dao.jpa;
import java.io.Serializable;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Named;
import edu.kit.scc.webreg.dao.SamlAssertionDao;
import edu.kit.scc.webreg.entity.SamlAssertionEntity;
import edu.kit.scc.webreg.entity.SamlUserEntity;
@Named
@ApplicationScoped
public class JpaSamlAssertionDao extends JpaBaseDao<SamlAssertionEntity, Long> implements SamlAssertionDao, Serializable {
private static final long serialVersionUID = 1L;
@Override
public Class<SamlAssertionEntity> getEntityClass() {
return SamlAssertionEntity.class;
}
}
package edu.kit.scc.webreg.entity;
import java.util.Date;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Lob;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import org.hibernate.annotations.Type;
@Entity(name = "SamlAssertionEntity")
@Table(name = "samlassertion")
public class SamlAssertionEntity extends AbstractBaseEntity {
private static final long serialVersionUID = 1L;
@Column(name = "assertion_data")
@Basic(fetch = FetchType.LAZY)
@Lob
@Type(type = "org.hibernate.type.TextType")
private String assertionData;
@Column(name = "valid_until")
private Date validUntil;
@ManyToOne(targetEntity = SamlUserEntity.class)
private SamlUserEntity user;
public String getAssertionData() {
return assertionData;
}
public void setAssertionData(String assertionData) {
this.assertionData = assertionData;
}
public Date getValidUntil() {
return validUntil;
}
public void setValidUntil(Date validUntil) {
this.validUntil = validUntil;
}
public SamlUserEntity getUser() {
return user;
}
public void setUser(SamlUserEntity user) {
this.user = user;
}
}
package edu.kit.scc.webreg.entity;
import java.util.Date;
import javax.annotation.Generated;
import javax.persistence.metamodel.SingularAttribute;
import javax.persistence.metamodel.StaticMetamodel;
@Generated(value = "org.hibernate.jpamodelgen.JPAMetaModelEntityProcessor")
@StaticMetamodel(SamlAssertionEntity.class)
public abstract class SamlAssertionEntity_ extends edu.kit.scc.webreg.entity.AbstractBaseEntity_ {
public static volatile SingularAttribute<SamlMetadataEntity, String> assertionData;
public static volatile SingularAttribute<SamlMetadataEntity, Date> validUntil;
public static volatile SingularAttribute<SamlMetadataEntity, SamlUserEntity> user;
}
package edu.kit.scc.webreg.entity;
import java.util.Set;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
@Entity(name = "SamlUserEntity")
public class SamlUserEntity extends UserEntity {
......@@ -21,6 +24,9 @@ public class SamlUserEntity extends UserEntity {
@ManyToOne(targetEntity = SamlIdpMetadataEntity.class)
private SamlIdpMetadataEntity idp;
@OneToMany(targetEntity = SamlAssertionEntity.class, mappedBy="user")
private Set<SamlAssertionEntity> assertions;
public String getPersistentId() {
return persistentId;
}
......
......@@ -12,7 +12,8 @@ package edu.kit.scc.webreg.service;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.opensaml.saml.saml2.core.Assertion;
import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.SamlUserEntity;
......@@ -45,11 +46,11 @@ public interface UserService extends BaseService<UserEntity, Long> {
SamlUserEntity updateUserFromIdp(SamlUserEntity user, ServiceEntity service, String executor)
throws UserUpdateException;
SamlUserEntity updateUserFromAttribute(SamlUserEntity user,
Map<String, List<Object>> attributeMap, String executor)
throws UserUpdateException;
List<UserEntity> findByStatus(UserStatus status);
void checkOnHoldRegistries(UserEntity user);
SamlUserEntity updateUserFromAssertion(SamlUserEntity user, Assertion assertion, String executor)
throws UserUpdateException;
}
......@@ -13,11 +13,11 @@ package edu.kit.scc.webreg.service.impl;
import java.io.Serializable;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.ejb.Stateless;
import javax.inject.Inject;
import org.opensaml.saml.saml2.core.Assertion;
import org.slf4j.Logger;
import edu.kit.scc.webreg.dao.BaseDao;
......@@ -112,9 +112,9 @@ public class UserServiceImpl extends BaseServiceImpl<UserEntity, Long> implement
}
@Override
public SamlUserEntity updateUserFromAttribute(SamlUserEntity user, Map<String, List<Object>> attributeMap, String executor)
public SamlUserEntity updateUserFromAssertion(SamlUserEntity user, Assertion assertion, String executor)
throws UserUpdateException {
return userUpdater.updateUser(user, attributeMap, executor);
return userUpdater.updateUser(user, assertion, executor);
}
@Override
......
......@@ -29,6 +29,7 @@ import edu.kit.scc.webreg.audit.RegistryAuditor;
import edu.kit.scc.webreg.audit.UserUpdateAuditor;
import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
import edu.kit.scc.webreg.dao.RegistryDao;
import edu.kit.scc.webreg.dao.SamlAssertionDao;
import edu.kit.scc.webreg.dao.SamlIdpMetadataDao;
import edu.kit.scc.webreg.dao.SamlSpConfigurationDao;
import edu.kit.scc.webreg.dao.SamlUserDao;
......@@ -39,6 +40,7 @@ import edu.kit.scc.webreg.entity.EventType;
import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.RegistryEntity;
import edu.kit.scc.webreg.entity.RegistryStatus;
import edu.kit.scc.webreg.entity.SamlAssertionEntity;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntityStatus;
import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
......@@ -115,6 +117,9 @@ public class UserUpdater implements Serializable {
@Inject
private ASUserAttrDao asUserAttrDao;
@Inject
private SamlAssertionDao samlAsserionDao;
@Inject
private AttributeSourceQueryService attributeSourceQueryService;
......@@ -252,11 +257,27 @@ public class UserUpdater implements Serializable {
public SamlUserEntity updateUser(SamlUserEntity user, Assertion assertion, String executor, ServiceEntity service)
throws UserUpdateException {
SamlAssertionEntity samlAssertionEntity = samlAsserionDao.createNew();
samlAssertionEntity.setUser(user);
samlAssertionEntity.setAssertionData(samlHelper.prettyPrint(assertion));
samlAssertionEntity.setValidUntil(new Date(System.currentTimeMillis() + (4L * 60L * 60L * 1000L)));
samlAssertionEntity = samlAsserionDao.persist(samlAssertionEntity);
Map<String, List<Object>> attributeMap = saml2AssertionService.extractAttributes(assertion);
return updateUser(user, attributeMap, executor, service);
if (service != null)
return updateUser(user, attributeMap, executor, service);
else
return updateUser(user, attributeMap, executor);
}
public SamlUserEntity updateUser(SamlUserEntity user, Assertion assertion, String executor)
throws UserUpdateException {
return updateUser(user, assertion, executor, null);
}
public SamlUserEntity updateUserFromIdp(SamlUserEntity user, String executor)
throws UserUpdateException {
return updateUserFromIdp(user, null, executor);
......
......@@ -47,7 +47,7 @@ import edu.kit.scc.webreg.session.SessionManager;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
@ApplicationScoped
public class Saml2PostHandlerServlet {
public class Saml2PostHandler {
@Inject
private Logger logger;
......@@ -151,7 +151,7 @@ public class Saml2PostHandlerServlet {
logger.debug("Updating user {}", persistentId);
try {
user = userService.updateUserFromAttribute(user, attributeMap, "web-sso");
user = userService.updateUserFromAssertion(user, assertion, "web-sso");
} catch (UserUpdateException e) {
logger.warn("Could not update user {}: {}", e.getMessage(), user.getEppn());
throw new SamlAuthenticationException(e.getMessage());
......
......@@ -36,7 +36,7 @@ import edu.kit.scc.webreg.service.saml.Saml2RedirectService;
import edu.kit.scc.webreg.session.SessionManager;
@Named
@WebServlet(urlPatterns = {"/Shibboleth.sso/Login", "/saml/login"})
@WebServlet(urlPatterns = {"/Shibboleth.sso/Login", "/saml/sp/login"})
public class Saml2RedirectLoginHandlerServlet implements Servlet {
@Inject
......
package edu.kit.scc.webreg.sec;
import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
@Named
@WebServlet(urlPatterns = {"/saml/idp/*"})
public class SamlIdpDispatcherServlet implements Servlet {
@Inject
private Logger logger;
@Override
public void init(ServletConfig config) throws ServletException {
}
@Override
public void service(ServletRequest servletRequest, ServletResponse servletResponse)
throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String context = request.getServletContext().getContextPath();
String path = request.getRequestURI().substring(
context.length());
logger.debug("Dispatching request context '{}' path '{}'", context, path);
logger.info("No matching servlet for context '{}' path '{}'", context, path);
}
@Override
public ServletConfig getServletConfig() {
return null;
}
@Override
public String getServletInfo() {
return null;
}
@Override
public void destroy() {
}
}
......@@ -29,18 +29,14 @@ import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
import edu.kit.scc.webreg.service.SamlAAConfigurationService;
import edu.kit.scc.webreg.service.SamlSpConfigurationService;
import edu.kit.scc.webreg.session.SessionManager;
@Named
@WebServlet(urlPatterns = {"/Shibboleth.sso/*", "/saml/*"})
public class Saml2DispatcherServlet implements Servlet {
@WebServlet(urlPatterns = {"/Shibboleth.sso/*", "/saml/sp/*"})
public class SamlSpDispatcherServlet implements Servlet {
@Inject
private Logger logger;
@Inject
private SessionManager session;
@Inject
private SamlSpConfigurationService spConfigService;
......@@ -51,7 +47,7 @@ public class Saml2DispatcherServlet implements Servlet {
private Saml2AttributeQueryServlet attributeQueryServlet;
@Inject
private Saml2PostHandlerServlet postHandlerServlet;
private Saml2PostHandler postHandler;
@Override
public void init(ServletConfig config) throws ServletException {
......@@ -76,7 +72,7 @@ public class Saml2DispatcherServlet implements Servlet {
if (spConfig != null && spConfig.getAcs() != null &&
spConfig.getAcs().endsWith(context + path)) {
logger.debug("Executing POST Handler for entity {}", spConfig.getEntityId());
postHandlerServlet.service(servletRequest, servletResponse, spConfig);
postHandler.service(servletRequest, response, spConfig);
return;
}
......@@ -85,7 +81,7 @@ public class Saml2DispatcherServlet implements Servlet {
if (aaConfig != null && aaConfig.getAq() != null &&
aaConfig.getAq().endsWith(context + path)) {
logger.debug("Executing AttributeQuery Handler for entity {}", aaConfig.getEntityId());
attributeQueryServlet.service(servletRequest, servletResponse, aaConfig);
attributeQueryServlet.service(servletRequest, response, aaConfig);
return;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment