wsfederation/jsp/multi.jsp

	multi.jsp revision 9740fa737ef2ed9453ab46d145777dbbbf6a747b
2N/A<%--
2N/A   DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
2N/A
2N/A   Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
2N/A
2N/A   The contents of this file are subject to the terms
2N/A   of the Common Development and Distribution License
2N/A   (the License). You may not use this file except in
2N/A   compliance with the License.
2N/A
2N/A   You can obtain a copy of the License at
2N/A   https://opensso.dev.java.net/public/CDDLv1.0.html or
2N/A   opensso/legal/CDDLv1.0.txt
2N/A   See the License for the specific language governing
2N/A   permission and limitations under the License.
2N/A
2N/A   When distributing Covered Code, include this CDDL
2N/A   Header Notice in each file and include the License file
2N/A   at opensso/legal/CDDLv1.0.txt.
2N/A   If applicable, add the following below the CDDL Header,
2N/A   with the fields enclosed by brackets [] replaced by
2N/A   your own identifying information:
2N/A   "Portions Copyrighted [year] [name of copyright owner]"
2N/A
2N/A   $Id: multi.jsp,v 1.1 2009/07/02 22:00:17 exu Exp $
2N/A
2N/A--%>
2N/A
2N/A<%--
2N/A Portions Copyrighted 2013 ForgeRock AS
2N/A--%>
2N/A
2N/A<%@page
2N/A    import="com.sun.identity.wsfederation.common.WSFederationConstants"
2N/A    import="com.sun.identity.plugin.session.SessionManager"
2N/A    import="com.sun.identity.wsfederation.common.WSFederationUtils"
2N/A    import="org.owasp.esapi.ESAPI"
2N/A%><%
2N/A    // handle multi-federation protocol case
2N/A    Object uSession = null;
2N/A    try {
2N/A        uSession = SessionManager.getProvider().getSession(request);
2N/A    } catch (Exception e) {
2N/A    }
2N/A
2N/A    if ((uSession == null) || !SessionManager.getProvider().isValid(uSession)) {
2N/A        String wreply = request.getParameter(WSFederationConstants.LOGOUT_WREPLY);
2N/A        if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + wreply,
2N/A            wreply, "URL", 2000, true)){
2N/A                wreply = null;
2N/A        }
2N/A        if ((wreply != null) && (wreply.length() != 0)) {
2N/A            response.sendRedirect(wreply);
2N/A        }
2N/A    } else {
2N/A        String logout = request.getParameter(WSFederationConstants.LOGOUT_WREPLY);
2N/A        if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + logout,
2N/A            logout, "URL", 2000, true)){
2N/A                logout = null;
2N/A        }
2N/A        request.setAttribute(WSFederationConstants.LOGOUT_WREPLY, logout);
2N/A        String realm = request.getParameter(
2N/A            WSFederationConstants.REALM_PARAM);
2N/A        if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + realm,
2N/A            realm, "HTTPParameterValue", 2000, true)){
2N/A                realm = null;
2N/A        }
2N/A        request.setAttribute(WSFederationConstants.REALM_PARAM, realm);
2N/A        String entityID = request.getParameter(
2N/A            WSFederationConstants.ENTITYID_PARAM);
2N/A        if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + entityID,
2N/A            entityID, "HTTPParameterValue", 2000, true)){
2N/A                entityID = null;
2N/A        }
2N/A        request.setAttribute(WSFederationConstants.ENTITYID_PARAM, entityID);
2N/A
2N/A        WSFederationUtils.processMultiProtocolLogout(request, response, uSession);
2N/A    }
2N/A%>
2N/A