QueryHandlerServlet.java revision 0fdab8904a8fe223f6934b878769fe45e7651c60
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: QueryHandlerServlet.java,v 1.9 2009/09/22 22:49:28 madan_ranganath Exp $
*
*/
/*
* Portions Copyrighted 2012 ForgeRock Inc
*/
/**
* This class <code>QueryHandlerServlet</code> receives and processes
* SAMLv2 Queries.
*/
public class QueryHandlerServlet extends HttpServlet {
public void init() throws ServletException {
}
/**
* Handles the HTTP <code>POST</code> method.
*
* @param request the <code>HttpServletRequest</code> object.
* @param response the <code>HttpServletResponse</code> object.
* @exception ServletException if the request could not be
* handled.
* @exception IOException if an input or output error occurs.
*/
public void doPost(
throws ServletException, IOException {
}
/**
* Processes the <code>HttppServletRequest</code>.
*/
throws ServletException, IOException {
try {
// handle DOS attack
// Get PDP entity ID
if (debug.messageEnabled()) {
+ queryMetaAlias);
}
if (debug.messageEnabled()) {
+ ",queryMetaAlias=" + queryMetaAlias
+ ", pdpEntityID=" + pdpEntityID);
}
// Get all the headers from the HTTP request
// Get the body of the HTTP request
//create SOAPMessage
if (debug.messageEnabled()) {
}
if (reply.saveRequired()) {
reply.saveChanges();
}
} else {
// Error
}
// Write out the message on the response stream
} catch (SAML2Exception ex) {
return;
} catch (SOAPException soap) {
return;
}
}
/**
* Process the incoming SOAP message containing the Query Request and
* generates outgoing SOAP message containing the Query Response.
*
* @param soapMsg incoming SOAP message.
* @param request HTTP servlet request.
* @param response HTTP servlet response.
* @param realm realm of the Policy Decision Point (PDP).
* @param pdpEntityID Entity ID of the Policy Decision Point (PDP).
* @return SOAP message containing the outgoing Response.
*/
public SOAPMessage onMessage(
try {
if (debug.messageEnabled()) {
}
samlResponse.toXMLString(true,true), false);
} catch (SAML2Exception se) {
}
return soapMessage;
}
/**
* Signs an <code>Assertion</code>.
*
* @param realm the realm name of the Policy Decision Point (PDP).
* @param pdpEntityID the entity id of the policy decision provider.
* @param assertion the <code>Assertion</code> to be signed.
* @exception <code>SAML2Exception</code> it there is an error signing
* the assertion.
*/
// Don't load the KeyProvider object in static block as it can
if (keyProvider == null) {
"Unable to get a key provider instance.");
throw new SAML2Exception("nullKeyProvider");
}
if (pdpSignCertAlias == null) {
"Unable to get the hosted PDP signing certificate alias.");
throw new SAML2Exception("missingSigningCertAlias");
}
}
/**
* Returns the SAMLv2 <code>Response</code> received in response to
* the Request.
*
* @param realm the realm of the entity.
* @param pdpEntityID entity identifier of the Policy Decision Point.
* @param reqAbs the Document Element object.
* @param request the <code>HttpServletRequest</code> object.
* @param soapMsg the <code>SOAPMessage</code> object
* @return the <code>Response</code> object.
* @exception <code>SAML2Exception</code> if there is an error processing
* the request.
*/
throws SAML2Exception {
if (debug.messageEnabled()) {
}
}
if (debug.messageEnabled()) {
}
boolean isTrusted = false;
try {
} catch (SAML2MetaException sme) {
}
if (!isTrusted) {
if (debug.messageEnabled()) {
"Issuer in Request is not valid."+ pepEntityID);
}
args);
throw new SAML2Exception("invalidIssuerInRequest");
}
soapMsg);
}
}
return samlResponse;
}
/**
* Returns the received Response to the Requester.
* Validates the message signature if signed and invokes the
* Request Handler to pass the request for futher processing.
*
* @param realm realm of the entity.
* @param pdpEntityID entity identifier of Policy Decision Point (PDP).
* @param samlRequest the <code>RequestAbstract</code> object.
* @param request the <code>HttpServletRequest</code> object.
* @param soapMsg the <code>SOAPMessage</code> object.
* @exception <code>SAML2Exception</code> if there is an error processing
* the request and returning a response.
*/
if (debug.messageEnabled()) {
}
//Retreive metadata
boolean pdpWantAuthzQuerySigned =
if (debug.messageEnabled()) {
}
if (pdpWantAuthzQuerySigned) {
if (samlRequest.isSigned()) {
// error
throw new SAML2Exception("invalidQuerySignature");
} else {
}
} else {
throw new SAML2Exception("nullSig");
}
}
//getRequestHandlerClass
if (debug.messageEnabled()) {
}
// set response attributes
// end set Response Attributes
//set Assertion attributes
// end assertion set attributes
// check if assertion needs to be encrypted,signed.
if (debug.messageEnabled()) {
" wantAssertionSigned :" + wantAssertionSigned);
}
if (wantAssertionSigned) {
}
if (wantAssertionEncrypted != null
(SAML2Constants.TRUE)) {
// encrypt the Assertion
if (encryptedAssertion == null) {
throw new SAML2Exception("FailedToEncryptAssertion");
}
assertionList = new ArrayList();
//reset Assertion list
if (debug.messageEnabled()) {
}
} else {
}
} else {
// error - missing request handler.
throw new SAML2Exception("missingRequestHandler");
}
return samlResponse;
}
/**
* Signs the <code>Response</code>.
*
* @param response the <code>Response<code> object.
* @param realm the realm of the entity.
* @param pepEntityID Policy Enforcement Point Entity Identitifer.
* @param pdpEntityID Policy Decision Point Entity Identifier.
* @exception <code>SAML2Exception</code> if there is an exception.
*/
throws SAML2Exception {
if (wantResponseSigned == null ||
if (debug.messageEnabled()) {
"Response doesn't need to be signed.");
}
} else {
if (pdpSignCertAlias == null) {
throw new SAML2Exception("missingSigningCertAlias");
}
if (debug.messageEnabled()) {
}
// Don't load the KeyProvider object in static block as it can
if (keyProvider == null) {
"Unable to get a key provider instance.");
throw new SAML2Exception("nullKeyProvider");
}
if (signingKey != null) {
} else {
throw new SAML2Exception("metaDataError");
}
}
}
}