eu.eidas.node.service.ColleagueRequestServlet.java Source code

Java tutorial

Introduction

Here is the source code for eu.eidas.node.service.ColleagueRequestServlet.java

Source

/*
 * Copyright (c) 2015 by European Commission
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *
 */

package eu.eidas.node.service;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.google.common.collect.Sets;

import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import eu.eidas.auth.commons.EIDASStatusCode;
import eu.eidas.auth.commons.EIDASValues;
import eu.eidas.auth.commons.EidasErrorKey;
import eu.eidas.auth.commons.EidasParameterKeys;
import eu.eidas.auth.commons.IPersonalAttributeList;
import eu.eidas.auth.commons.IncomingRequest;
import eu.eidas.auth.commons.PersonalAttribute;
import eu.eidas.auth.commons.PersonalAttributeList;
import eu.eidas.auth.commons.WebRequest;
import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
import eu.eidas.auth.commons.protocol.stork.IStorkAuthenticationRequest;
import eu.eidas.auth.commons.tx.CorrelationMap;
import eu.eidas.auth.commons.tx.StoredAuthenticationRequest;
import eu.eidas.auth.engine.core.eidas.spec.EidasSpec;
import eu.eidas.node.NodeBeanNames;
import eu.eidas.node.NodeParameterNames;
import eu.eidas.node.NodeViewNames;
import eu.eidas.node.service.validation.NodeParameterValidator;
import eu.eidas.node.utils.EidasAttributesUtil;
import eu.eidas.node.utils.PropertiesUtil;
import eu.eidas.node.utils.SessionHolder;

public class ColleagueRequestServlet extends AbstractServiceServlet {

    private static final Logger LOG = LoggerFactory.getLogger(ColleagueRequestServlet.class.getName());

    @Override
    protected Logger getLogger() {
        return LOG;
    }

    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        if (acceptsHttpRedirect()) {
            doPost(request, response);
        } else {
            LOG.warn("BUSINESS EXCEPTION : redirect binding is not allowed");//TODO: send back an error?
        }
    }

    /**
     * Post method
     *
     * @param request
     * @param response
     * @throws ServletException
     * @throws IOException
     */
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        PropertiesUtil.checkProxyServiceActive();
        // Obtaining the assertion consumer url from SPRING context
        ServiceControllerService controllerService = (ServiceControllerService) getApplicationContext()
                .getBean(NodeBeanNames.EIDAS_SERVICE_CONTROLLER.toString());

        CorrelationMap<StoredAuthenticationRequest> requestCorrelationMap = controllerService
                .getProxyServiceRequestCorrelationMap();

        // Prevent cookies from being accessed through client-side script WITHOUT renew of session.
        setHTTPOnlyHeaderToSession(false, request, response);
        SessionHolder.setId(request.getSession());
        request.getSession().setAttribute(EidasParameterKeys.SAML_PHASE.toString(),
                EIDASValues.EIDAS_SERVICE_REQUEST);

        // Obtains the parameters from httpRequest
        WebRequest webRequest = new IncomingRequest(request);

        // Validating the only HTTP parameter: SAMLRequest.
        String samlRequest = webRequest.getEncodedLastParameterValue(EidasParameterKeys.SAML_REQUEST);
        NodeParameterValidator.paramName(EidasParameterKeys.SAML_REQUEST).paramValue(samlRequest)
                .eidasError(EidasErrorKey.COLLEAGUE_REQ_INVALID_SAML).validate();

        // Storing the Remote Address and Host for auditing proposes.
        String remoteIpAddress = webRequest.getRemoteIpAddress();

        // Validating the optional HTTP Parameter relayState.
        String relayState = webRequest.getEncodedLastParameterValue(NodeParameterNames.RELAY_STATE.toString());
        LOG.debug("Saving ProxyService relay state. " + relayState);

        // Obtaining the authData
        IAuthenticationRequest authData = controllerService.getProxyService()
                .processAuthenticationRequest(webRequest, relayState, requestCorrelationMap, remoteIpAddress);
        if (StringUtils.isNotBlank(relayState)) { // RelayState's HTTP Parameter is optional!
            NodeParameterValidator.paramName(NodeParameterNames.RELAY_STATE).paramValue(relayState)
                    .eidasError(EidasErrorKey.SPROVIDER_SELECTOR_INVALID_RELAY_STATE).validate();
        }
        // Validating the personal attribute list
        IPersonalAttributeList persAttrList = PersonalAttributeList.copyOf(authData.getRequestedAttributes());
        List<PersonalAttribute> attrList = new ArrayList<PersonalAttribute>();

        boolean hasEidasAttributes = !Sets.intersection(EidasSpec.REGISTRY.getAttributes(),
                authData.getRequestedAttributes().getDefinitions()).isEmpty();
        //ImmutablePersonalAttributeSet
        for (PersonalAttribute pa : persAttrList) {
            attrList.add(pa);
        }
        String redirectUrl = authData.getAssertionConsumerServiceURL();
        LOG.debug("RedirectUrl: " + redirectUrl);
        // Validating the citizenConsentUrl
        NodeParameterValidator.paramName(EidasParameterKeys.EIDAS_SERVICE_REDIRECT_URL)
                .paramValue(controllerService.getCitizenConsentUrl())
                .eidasError(EidasErrorKey.COLLEAGUE_REQ_INVALID_DEST_URL).validate();
        LOG.debug("sessionId is on cookies () or fromURL ", request.isRequestedSessionIdFromCookie(),
                request.isRequestedSessionIdFromURL());

        request.setAttribute(NodeParameterNames.SAML_TOKEN_FAIL.toString(),
                controllerService.getProxyService().generateSamlTokenFail(authData,
                        EIDASStatusCode.REQUESTER_URI.toString(), EidasErrorKey.CITIZEN_RESPONSE_MANDATORY,
                        remoteIpAddress));

        request.setAttribute(EidasParameterKeys.SP_ID.toString(), authData.getProviderName());
        if (authData instanceof IStorkAuthenticationRequest) {
            request.setAttribute(NodeParameterNames.QAA_LEVEL.toString(),
                    ((IStorkAuthenticationRequest) authData).getQaa());
        }

        request.setAttribute(NodeParameterNames.LOA_VALUE.toString(),
                EidasAttributesUtil.getUserFriendlyLoa(authData.getLevelOfAssurance()));
        request.setAttribute(NodeParameterNames.CITIZEN_CONSENT_URL.toString(),
                encodeURL(controllerService.getCitizenConsentUrl(), response)); // Correct URl redirect cookie implementation
        request.setAttribute(NodeParameterNames.ATTR_LIST.toString(), attrList);
        request.setAttribute(NodeParameterNames.REDIRECT_URL.toString(), encodeURL(redirectUrl, response));// Correct URl redirect cookie implementation
        request.setAttribute(NodeParameterNames.EIDAS_ATTRIBUTES_PARAM.toString(),
                Boolean.valueOf(hasEidasAttributes));

        request.setAttribute(NodeParameterNames.REQUEST_ID.toString(), authData.getId());
        request.setAttribute(NodeParameterNames.COLLEAGUE_REQUEST.toString(), authData);

        NodeViewNames forwardUrl;
        if (controllerService.isAskConsentType()) {
            forwardUrl = NodeViewNames.EIDAS_SERVICE_PRESENT_CONSENT;
        } else {
            forwardUrl = NodeViewNames.EIDAS_SERVICE_NO_CONSENT;
        }
        RequestDispatcher dispatcher = request.getRequestDispatcher(forwardUrl.toString());
        dispatcher.forward(request, response);
    }
}