Coverage Report

Coverage Report - org.kuali.student.security.filter.ProxyTicketRetrieverFilter

Classes in this File

Line Coverage

Branch Coverage

Complexity

ProxyTicketRetrieverFilter

0/50

0/16

2.222

 /**
  * Copyright 2010 The Kuali Foundation Licensed under the
  * Educational Community License, Version 2.0 (the "License"); you may
  * not use this file except in compliance with the License. You may
  * obtain a copy of the License at
  *
  * http://www.osedu.org/licenses/ECL-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an "AS IS"
  * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 
 package org.kuali.student.security.filter;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.jasig.cas.client.validation.Assertion;
 import org.kuali.student.security.saml.service.SamlIssuerService;
 import org.kuali.student.security.util.SamlUtils;
 import org.opensaml.SAMLAssertion;
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.GenericFilterBean;
 import org.w3c.dom.Document;
 
 public class ProxyTicketRetrieverFilter extends GenericFilterBean {
     
     private String proxyTargetService = null;
     private SamlIssuerService samlIssuerService;
     private boolean useCasProxyMechanism = false;
    
     public void doFilter(ServletRequest request, ServletResponse response,
                         FilterChain chain) throws IOException, ServletException {
                 if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) {
                         doFilterHttp((HttpServletRequest) request,
                                         (HttpServletResponse) response, chain);
                 } else {
                         // TODO: handle this
                 }
         }
         
     public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
 
         CasAuthenticationToken cat = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
         
         if(cat != null && !isSAMLInSecurityContext()){
             // This is not a SAML Assertion. It is CAS specific way to hold information about the authenticated user.
             // The information is returned from the CAS server as a response to a validation request.
             Assertion casAssertion = null;
             String proxyTicket = null;
             String principal = null;
             
             System.out.println("ProxyTicketRetrieverFilter : inside if");
             casAssertion = cat.getAssertion();
             if(casAssertion != null){
                 System.out.println("ProxyTicketRetrieverFilter : casAssertion is not null");
                 if(useCasProxyMechanism){
                     proxyTicket = casAssertion.getPrincipal().getProxyTicketFor(proxyTargetService);
                 } else {
                     principal = casAssertion.getPrincipal().getName();
                 }
             }
             
             Document signedSAMLDoc = null;
             SAMLAssertion samlAssertion = null;
             String signedSAMLRet = null;
             
             try{
                 System.out.println("ProxyTicketRetrieverFilter : Proxy Ticket Returned from CAS " + proxyTicket);
                 if(useCasProxyMechanism){
                     signedSAMLRet = samlIssuerService.validateCasProxyTicket(proxyTicket, proxyTargetService);
                 } else {
                     signedSAMLRet = samlIssuerService.getSamlPrincipal(principal);
                 }
                 
                 DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
                 dbf.setNamespaceAware(true);
                 
                 DocumentBuilder db = dbf.newDocumentBuilder();
                 ByteArrayInputStream bais = new ByteArrayInputStream(signedSAMLRet.getBytes());
              
                 signedSAMLDoc = db.parse(bais);
                 samlAssertion = SamlUtils.unsignAssertion(signedSAMLDoc);
                  
              } catch(Exception e){
                  throw new ServletException(e);
              }
              
              // place saml in security context
              cat.setDetails(samlAssertion);
         }
         filterChain.doFilter(request, response);
     }
     
     private boolean isSAMLInSecurityContext(){
         CasAuthenticationToken cat = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
         if(cat.getDetails() instanceof SAMLAssertion){
             return true;
         }
         return false;
     }
 
     /* I don't think we need this anymore
     @Override
     public int getOrder() {
         return FilterChainOrder.CAS_PROCESSING_FILTER + 2;
     }*/
 
     public String getProxyTargetService() {
         return proxyTargetService;
     }
 
     public void setProxyTargetService(String proxyTargetService) {
         this.proxyTargetService = proxyTargetService;
     }
 
     public SamlIssuerService getSamlIssuerService() {
         return samlIssuerService;
     }
 
     public void setSamlIssuerService(SamlIssuerService samlIssuerService) {
         this.samlIssuerService = samlIssuerService;
     }
 
     public boolean getUseCasProxyMechanism() {
         return useCasProxyMechanism;
     }
 
     public void setUseCasProxyMechanism(boolean useCasProxyMechanism) {
         this.useCasProxyMechanism = useCasProxyMechanism;
     }
 
 }

1		/**
2		* Copyright 2010 The Kuali Foundation Licensed under the
3		* Educational Community License, Version 2.0 (the "License"); you may
4		* not use this file except in compliance with the License. You may
5		* obtain a copy of the License at
6		*
7		* http://www.osedu.org/licenses/ECL-2.0
8		*
9		* Unless required by applicable law or agreed to in writing,
10		* software distributed under the License is distributed on an "AS IS"
11		* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12		* or implied. See the License for the specific language governing
13		* permissions and limitations under the License.
14		*/
15
16		package org.kuali.student.security.filter;
17
18		import java.io.ByteArrayInputStream;
19		import java.io.IOException;
20
21		import javax.servlet.FilterChain;
22		import javax.servlet.ServletException;
23		import javax.servlet.ServletRequest;
24		import javax.servlet.ServletResponse;
25		import javax.servlet.http.HttpServletRequest;
26		import javax.servlet.http.HttpServletResponse;
27		import javax.xml.parsers.DocumentBuilder;
28		import javax.xml.parsers.DocumentBuilderFactory;
29
30		import org.jasig.cas.client.validation.Assertion;
31		import org.kuali.student.security.saml.service.SamlIssuerService;
32		import org.kuali.student.security.util.SamlUtils;
33		import org.opensaml.SAMLAssertion;
34		import org.springframework.security.cas.authentication.CasAuthenticationToken;
35		import org.springframework.security.core.context.SecurityContextHolder;
36		import org.springframework.web.filter.GenericFilterBean;
37		import org.w3c.dom.Document;
38
39	0	public class ProxyTicketRetrieverFilter extends GenericFilterBean {
40
41	0	private String proxyTargetService = null;
42		private SamlIssuerService samlIssuerService;
43	0	private boolean useCasProxyMechanism = false;
44
45		public void doFilter(ServletRequest request, ServletResponse response,
46		FilterChain chain) throws IOException, ServletException {
47	0	if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) {
48	0	doFilterHttp((HttpServletRequest) request,
49		(HttpServletResponse) response, chain);
50		} else {
51		// TODO: handle this
52		}
53	0	}
54
55		public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
56
57	0	CasAuthenticationToken cat = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
58
59	0	if(cat != null && !isSAMLInSecurityContext()){
60		// This is not a SAML Assertion. It is CAS specific way to hold information about the authenticated user.
61		// The information is returned from the CAS server as a response to a validation request.
62	0	Assertion casAssertion = null;
63	0	String proxyTicket = null;
64	0	String principal = null;
65
66	0	System.out.println("ProxyTicketRetrieverFilter : inside if");
67	0	casAssertion = cat.getAssertion();
68	0	if(casAssertion != null){
69	0	System.out.println("ProxyTicketRetrieverFilter : casAssertion is not null");
70	0	if(useCasProxyMechanism){
71	0	proxyTicket = casAssertion.getPrincipal().getProxyTicketFor(proxyTargetService);
72		} else {
73	0	principal = casAssertion.getPrincipal().getName();
74		}
75		}
76
77	0	Document signedSAMLDoc = null;
78	0	SAMLAssertion samlAssertion = null;
79	0	String signedSAMLRet = null;
80
81		try{
82	0	System.out.println("ProxyTicketRetrieverFilter : Proxy Ticket Returned from CAS " + proxyTicket);
83	0	if(useCasProxyMechanism){
84	0	signedSAMLRet = samlIssuerService.validateCasProxyTicket(proxyTicket, proxyTargetService);
85		} else {
86	0	signedSAMLRet = samlIssuerService.getSamlPrincipal(principal);
87		}
88
89	0	DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
90	0	dbf.setNamespaceAware(true);
91
92	0	DocumentBuilder db = dbf.newDocumentBuilder();
93	0	ByteArrayInputStream bais = new ByteArrayInputStream(signedSAMLRet.getBytes());
94
95	0	signedSAMLDoc = db.parse(bais);
96	0	samlAssertion = SamlUtils.unsignAssertion(signedSAMLDoc);
97
98	0	} catch(Exception e){
99	0	throw new ServletException(e);
100	0	}
101
102		// place saml in security context
103	0	cat.setDetails(samlAssertion);
104		}
105	0	filterChain.doFilter(request, response);
106	0	}
107
108		private boolean isSAMLInSecurityContext(){
109	0	CasAuthenticationToken cat = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
110	0	if(cat.getDetails() instanceof SAMLAssertion){
111	0	return true;
112		}
113	0	return false;
114		}
115
116		/* I don't think we need this anymore
117		@Override
118		public int getOrder() {
119		return FilterChainOrder.CAS_PROCESSING_FILTER + 2;
120		}*/
121
122		public String getProxyTargetService() {
123	0	return proxyTargetService;
124		}
125
126		public void setProxyTargetService(String proxyTargetService) {
127	0	this.proxyTargetService = proxyTargetService;
128	0	}
129
130		public SamlIssuerService getSamlIssuerService() {
131	0	return samlIssuerService;
132		}
133
134		public void setSamlIssuerService(SamlIssuerService samlIssuerService) {
135	0	this.samlIssuerService = samlIssuerService;
136	0	}
137
138		public boolean getUseCasProxyMechanism() {
139	0	return useCasProxyMechanism;
140		}
141
142		public void setUseCasProxyMechanism(boolean useCasProxyMechanism) {
143	0	this.useCasProxyMechanism = useCasProxyMechanism;
144	0	}
145
146		}