Coverage Report

Coverage Report - org.kuali.student.security.filter.ProxyTicketRetrieverFilter

Classes in this File

0/48

0/12

 /**
  * Copyright 2010 The Kuali Foundation Licensed under the
  * Educational Community License, Version 2.0 (the "License"); you may
  * not use this file except in compliance with the License. You may
  * obtain a copy of the License at
  *
  * http://www.osedu.org/licenses/ECL-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an "AS IS"
  * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 
 package org.kuali.student.security.filter;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.jasig.cas.client.validation.Assertion;
 import org.kuali.student.security.saml.service.SamlIssuerService;
 import org.kuali.student.security.util.SamlUtils;
 import org.opensaml.SAMLAssertion;
 import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.security.providers.cas.CasAuthenticationToken;
 import org.springframework.security.ui.FilterChainOrder;
 import org.springframework.security.ui.SpringSecurityFilter;
 import org.w3c.dom.Document;
 
 public class ProxyTicketRetrieverFilter extends SpringSecurityFilter {
     
     private String proxyTargetService = null;
     private SamlIssuerService samlIssuerService;
     private boolean useCasProxyMechanism = false;
     
     @Override
     public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
 
         CasAuthenticationToken cat = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
         
         if(cat != null && !isSAMLInSecurityContext()){
             // This is not a SAML Assertion. It is CAS specific way to hold information about the authenticated user.
             // The information is returned from the CAS server as a response to a validation request.
             Assertion casAssertion = null;
             String proxyTicket = null;
             String principal = null;
             
             System.out.println("ProxyTicketRetrieverFilter : inside if");
             casAssertion = cat.getAssertion();
             if(casAssertion != null){
                 System.out.println("ProxyTicketRetrieverFilter : casAssertion is not null");
                 if(useCasProxyMechanism){
                     proxyTicket = casAssertion.getPrincipal().getProxyTicketFor(proxyTargetService);
                 } else {
                     principal = casAssertion.getPrincipal().getName();
                 }
             }
             
             Document signedSAMLDoc = null;
             SAMLAssertion samlAssertion = null;
             String signedSAMLRet = null;
             
             try{
                 System.out.println("ProxyTicketRetrieverFilter : Proxy Ticket Returned from CAS " + proxyTicket);
                 if(useCasProxyMechanism){
                     signedSAMLRet = samlIssuerService.validateCasProxyTicket(proxyTicket, proxyTargetService);
                 } else {
                     signedSAMLRet = samlIssuerService.getSamlPrincipal(principal);
                 }
                 
                 DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
                 dbf.setNamespaceAware(true);
                 
                 DocumentBuilder db = dbf.newDocumentBuilder();
                 ByteArrayInputStream bais = new ByteArrayInputStream(signedSAMLRet.getBytes());
              
                 signedSAMLDoc = db.parse(bais);
                 samlAssertion = SamlUtils.unsignAssertion(signedSAMLDoc);
                  
              } catch(Exception e){
                  throw new ServletException(e);
              }
              
              // place saml in security context
              cat.setDetails(samlAssertion);
         }
         filterChain.doFilter(request, response);
     }
     
     private boolean isSAMLInSecurityContext(){
         CasAuthenticationToken cat = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
         if(cat.getDetails() instanceof SAMLAssertion){
             return true;
         }
         return false;
     }
 
     @Override
     public int getOrder() {
         return FilterChainOrder.CAS_PROCESSING_FILTER + 2;
     }
 
     public String getProxyTargetService() {
         return proxyTargetService;
     }
 
     public void setProxyTargetService(String proxyTargetService) {
         this.proxyTargetService = proxyTargetService;
     }
 
     public SamlIssuerService getSamlIssuerService() {
         return samlIssuerService;
     }
 
     public void setSamlIssuerService(SamlIssuerService samlIssuerService) {
         this.samlIssuerService = samlIssuerService;
     }
 
     public boolean getUseCasProxyMechanism() {
         return useCasProxyMechanism;
     }
 
     public void setUseCasProxyMechanism(boolean useCasProxyMechanism) {
         this.useCasProxyMechanism = useCasProxyMechanism;
     }
 
 }

1		/**
2		* Copyright 2010 The Kuali Foundation Licensed under the
3		* Educational Community License, Version 2.0 (the "License"); you may
4		* not use this file except in compliance with the License. You may
5		* obtain a copy of the License at
6		*
7		* http://www.osedu.org/licenses/ECL-2.0
8		*
9		* Unless required by applicable law or agreed to in writing,
10		* software distributed under the License is distributed on an "AS IS"
11		* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12		* or implied. See the License for the specific language governing
13		* permissions and limitations under the License.
14		*/
15
16		package org.kuali.student.security.filter;
17
18		import java.io.ByteArrayInputStream;
19		import java.io.IOException;
20
21		import javax.servlet.FilterChain;
22		import javax.servlet.ServletException;
23		import javax.servlet.http.HttpServletRequest;
24		import javax.servlet.http.HttpServletResponse;
25		import javax.xml.parsers.DocumentBuilder;
26		import javax.xml.parsers.DocumentBuilderFactory;
27
28		import org.jasig.cas.client.validation.Assertion;
29		import org.kuali.student.security.saml.service.SamlIssuerService;
30		import org.kuali.student.security.util.SamlUtils;
31		import org.opensaml.SAMLAssertion;
32		import org.springframework.security.context.SecurityContextHolder;
33		import org.springframework.security.providers.cas.CasAuthenticationToken;
34		import org.springframework.security.ui.FilterChainOrder;
35		import org.springframework.security.ui.SpringSecurityFilter;
36		import org.w3c.dom.Document;
37
38	0	public class ProxyTicketRetrieverFilter extends SpringSecurityFilter {
39
40	0	private String proxyTargetService = null;
41		private SamlIssuerService samlIssuerService;
42	0	private boolean useCasProxyMechanism = false;
43
44		@Override
45		public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
46
47	0	CasAuthenticationToken cat = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
48
49	0	if(cat != null && !isSAMLInSecurityContext()){
50		// This is not a SAML Assertion. It is CAS specific way to hold information about the authenticated user.
51		// The information is returned from the CAS server as a response to a validation request.
52	0	Assertion casAssertion = null;
53	0	String proxyTicket = null;
54	0	String principal = null;
55
56	0	System.out.println("ProxyTicketRetrieverFilter : inside if");
57	0	casAssertion = cat.getAssertion();
58	0	if(casAssertion != null){
59	0	System.out.println("ProxyTicketRetrieverFilter : casAssertion is not null");
60	0	if(useCasProxyMechanism){
61	0	proxyTicket = casAssertion.getPrincipal().getProxyTicketFor(proxyTargetService);
62		} else {
63	0	principal = casAssertion.getPrincipal().getName();
64		}
65		}
66
67	0	Document signedSAMLDoc = null;
68	0	SAMLAssertion samlAssertion = null;
69	0	String signedSAMLRet = null;
70
71		try{
72	0	System.out.println("ProxyTicketRetrieverFilter : Proxy Ticket Returned from CAS " + proxyTicket);
73	0	if(useCasProxyMechanism){
74	0	signedSAMLRet = samlIssuerService.validateCasProxyTicket(proxyTicket, proxyTargetService);
75		} else {
76	0	signedSAMLRet = samlIssuerService.getSamlPrincipal(principal);
77		}
78
79	0	DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
80	0	dbf.setNamespaceAware(true);
81
82	0	DocumentBuilder db = dbf.newDocumentBuilder();
83	0	ByteArrayInputStream bais = new ByteArrayInputStream(signedSAMLRet.getBytes());
84
85	0	signedSAMLDoc = db.parse(bais);
86	0	samlAssertion = SamlUtils.unsignAssertion(signedSAMLDoc);
87
88	0	} catch(Exception e){
89	0	throw new ServletException(e);
90	0	}
91
92		// place saml in security context
93	0	cat.setDetails(samlAssertion);
94		}
95	0	filterChain.doFilter(request, response);
96	0	}
97
98		private boolean isSAMLInSecurityContext(){
99	0	CasAuthenticationToken cat = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
100	0	if(cat.getDetails() instanceof SAMLAssertion){
101	0	return true;
102		}
103	0	return false;
104		}
105
106		@Override
107		public int getOrder() {
108	0	return FilterChainOrder.CAS_PROCESSING_FILTER + 2;
109		}
110
111		public String getProxyTargetService() {
112	0	return proxyTargetService;
113		}
114
115		public void setProxyTargetService(String proxyTargetService) {
116	0	this.proxyTargetService = proxyTargetService;
117	0	}
118
119		public SamlIssuerService getSamlIssuerService() {
120	0	return samlIssuerService;
121		}
122
123		public void setSamlIssuerService(SamlIssuerService samlIssuerService) {
124	0	this.samlIssuerService = samlIssuerService;
125	0	}
126
127		public boolean getUseCasProxyMechanism() {
128	0	return useCasProxyMechanism;
129		}
130
131		public void setUseCasProxyMechanism(boolean useCasProxyMechanism) {
132	0	this.useCasProxyMechanism = useCasProxyMechanism;
133	0	}
134
135		}