RequestAssertionConsumerFilter.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.cxf.rs.security.saml.sso;

import java.io.ByteArrayInputStream;
import java.io.IOException;

import javax.annotation.Priority;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;

import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;

@PreMatching
@Priority(Priorities.AUTHENTICATION)
public class RequestAssertionConsumerFilter extends AbstractRequestAssertionConsumerHandler
    implements ContainerRequestFilter {

    private boolean supportPostBinding;

    @Override
    public void filter(ContainerRequestContext ct) throws IOException {
        String httpMethod = ct.getMethod();
        if (HttpMethod.GET.equals(httpMethod) && !supportPostBinding) {
            MultivaluedMap<String, String> params = ct.getUriInfo().getQueryParameters();
            processParams(ct, params, false);
        } else if (HttpMethod.POST.equals(httpMethod)
            && supportPostBinding
            && MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(ct.getMediaType())) {
            String strForm = IOUtils.toString(ct.getEntityStream());
            MultivaluedMap<String, String> params = JAXRSUtils.getStructuredParams(strForm, "&", false, false);
            if (!processParams(ct, params, true)) {
                // restore the stream
                ct.setEntityStream(new ByteArrayInputStream(strForm.getBytes()));
            }
        }

    }

    protected boolean processParams(ContainerRequestContext ct,
                                 MultivaluedMap<String, String> params,
                                 boolean postBinding) {
        String encodedSamlResponse = params.getFirst(SSOConstants.SAML_RESPONSE);
        String relayState = params.getFirst(SSOConstants.RELAY_STATE);
        if (relayState == null && encodedSamlResponse == null) {
            // initial redirect to IDP has not happened yet, let the SAML authentication filter do it
            JAXRSUtils.getCurrentMessage().put(SSOConstants.RACS_IS_COLLOCATED, Boolean.TRUE);
            return false;
        }
        ct.abortWith(doProcessSamlResponse(encodedSamlResponse, relayState, postBinding));
        return true;
    }
    public void setSupportPostBinding(boolean supportPostBinding) {
        this.supportPostBinding = supportPostBinding;
    }

}