wsfederation/servlet/WSFederationService.java

a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: WSFederationService.java,v 1.1 2009/12/14 23:42:49 mallas Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.wsfederation.servlet;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.ws.rs.core.Context;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.ws.rs.core.UriInfo;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.ws.rs.Path;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.ws.rs.QueryParam;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.ws.rs.GET;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.ws.rs.Produces;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.profile.SPCache;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The ws-federation service enables the applications to retrieve the user's
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * single sign-on SAML Assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster@Path("wsfederationservice")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class WSFederationService {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    @Context
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private UriInfo context;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final String RP = "RP";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final String IP = "IP";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Returns the cached SAML Assertion for a given user session. The user's
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * SAML Assertion here is retrieved through respective SP or the IDP Cache.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Currently only the SP stores the Assertion in the cache.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param token the user's session.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param entityID the entityID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param entityRole the entity role for e.g. RP or IP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return the SAML Assertion xml string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return null if there is a failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    @GET
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    @Produces("application/xml")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public String getAssertion(@QueryParam("token") String token,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            @QueryParam("entityID") String entityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            @QueryParam("entityRole") String entityRole) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            SessionProvider sessionProvider = SessionManager.getProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            Object session = sessionProvider.getSession(token);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if(!sessionProvider.isValid(session)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster               if(WSFederationUtils.debug.warningEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                  WSFederationUtils.debug.warning("WSFederationService." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                          "getAssertion: invalid session");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster               }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster               return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String[] assertionID =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    sessionProvider.getProperty(session, "AssertionID");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if(assertionID.length == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster               if(WSFederationUtils.debug.warningEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                  WSFederationUtils.debug.warning("WSFederationService." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                          "getAssertion: assertionID is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster               }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if(entityRole == null || entityRole.equals(RP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster               return (String)SPCache.assertionByIDCache.get(assertionID[0]);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster               // TODO: handle IP case later depending on the use case.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster               return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } catch (SessionException se) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            WSFederationUtils.debug.warning("WSFederationService." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                          "getAssertion: session exception", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}