List of usage examples for org.apache.commons.httpclient URI equals
@Override public boolean equals(Object obj)
From source file:org.glite.slcs.shibclient.ShibbolethClient.java
/** * Processes the response of the IdP SSO and dispatches to the Browser/POST * or the Artificate processor./*from w ww. j a va 2 s . c om*/ * * @param idp * The {@link IdentityProvider}. * @param idpSSOResponseURI * The IdP SSO response {@link URI}. * @return * @throws RemoteException */ private URI processIdPSSOResponse(IdentityProvider idp, URI idpSSOResponseURI) throws HttpException, IOException, RemoteException { URI idpResponseURI = null; String idpSSOResponseURL = idpSSOResponseURI.getURI(); GetMethod getIdPSSOResponseMethod = new GetMethod(idpSSOResponseURL); // BUG FIX: set the JSESSIONID and IdP 2.X _idp_session // cookies by hand. // Because default CookiePolicy is RFC2109 and doesn't handle // correctly FQDN hostname as cookie domain. /* * String host = getIdPSSOResponseMethod.getURI().getHost(); String path * = getIdPSSOResponseMethod.getURI().getPath(); Cookie cookies[] = * getMatchingCookies(host, path); for (int j = 0; j < cookies.length; * j++) { if (LOG.isDebugEnabled()) { LOG.debug("setting Cookie: " + * cookies[j]); } getIdPSSOResponseMethod.addRequestHeader("Cookie", * cookies[j].toString()); } */ // BUG FIX: check if url have a SAML/Artifact endpoint boolean isPossiblyUsingArtifact = false; if (matchesSAMLArtifact(idpSSOResponseURL)) { isPossiblyUsingArtifact = true; LOG.info("The SP try to use a SAML/Artifact profile"); } LOG.info("GET IdPSSOResponse: " + idpSSOResponseURL); int idpSSOResponseStatus = executeMethod(getIdPSSOResponseMethod); LOG.debug(getIdPSSOResponseMethod.getStatusLine()); // SAML/Artifact are already processed. if (isPossiblyUsingArtifact) { // check if there is a loop. if so the SSO failed for some reason... if (idpSSOResponseURI.equals(getIdPSSOResponseMethod.getURI())) { String htmlBody = inputStreamToString(getIdPSSOResponseMethod.getResponseBodyAsStream()); LOG.error("Something went wrong with the IdP SAML/Artifact response: " + htmlBody); throw new RemoteException("The Identity Provider SAML/Artifact response failed: " + idp.getUrl() + ". Please see the log file."); } idpResponseURI = getIdPSSOResponseMethod.getURI(); } else { // try to parse the Browser/POST profile in the HTML source InputStream htmlStream = getIdPSSOResponseMethod.getResponseBodyAsStream(); idpResponseURI = processIdPBrowserPOST(idp, idpSSOResponseURI, htmlStream); } LOG.debug("getIdPSSOResponseMethod.releaseConnection()"); getIdPSSOResponseMethod.releaseConnection(); return idpResponseURI; }
From source file:org.glite.slcs.shibclient.ShibbolethClient.java
/** * @param idp/*w w w .j a v a2 s .co m*/ * @param query * @throws URIException * @throws HttpException * @throws IOException * @throws AuthException * @throws RemoteException * @throws ServiceException */ private URI processIdPSSO(IdentityProvider idp, URI spResponseURI) throws URIException, HttpException, IOException, AuthException, RemoteException, ServiceException { String idpSSOURL = idp.getUrl(); LOG.debug("IdP SSO URL: " + idpSSOURL); String spResponseURL = spResponseURI.getEscapedURI(); LOG.debug("spResponseURL=" + spResponseURL); // check if the spResponseURL is not already the IdP SSO url if (spResponseURL.startsWith(idpSSOURL)) { idpSSOURL = spResponseURL; } else { // if not, build it // BUG FIX: Shib SP 2.0 send the ?service=... in the query String query = spResponseURI.getEscapedQuery(); LOG.debug("IdP SSO Query: " + query); if (query != null) { if (query.startsWith("service=")) { int i = query.indexOf("shire"); if (i > 0) { query = query.substring(i); LOG.debug( "IdP SSO Query contains the 'service=...' part, cutting up to 'shire=': " + query); } else { LOG.error( "IdP SSO Query contains the 'service=' parameter, but not the 'shire=' parameter: " + query); throw new RemoteException( "IdP SSO Query contains the 'service=' parameter, but not the 'shire=' parameter: " + query); } } // getIdpSSOMethod.setQueryString(query); idpSSOURL += "?" + query; } LOG.debug("IdP SSO URL (with query): " + idpSSOURL); } // create HttpMethod GetMethod getIdpSSOMethod = new GetMethod(idpSSOURL); URI idpSSOURI = getIdpSSOMethod.getURI(); // set credential for basic or ntlm int authType = idp.getAuthType(); LOG.debug("IdP authType: " + idp.getAuthTypeName()); if (authType == IdentityProvider.SSO_AUTHTYPE_BASIC || authType == IdentityProvider.SSO_AUTHTYPE_NTLM) { // enable BASIC or NTLM authN AuthScope scope = new AuthScope(idpSSOURI.getHost(), idpSSOURI.getPort(), idp.getAuthRealm()); LOG.info("Enable " + idp.getAuthTypeName() + " authentication: " + credentials_ + ", scope: " + scope); httpClient_.getState().setCredentials(scope, credentials_); getIdpSSOMethod.setDoAuthentication(true); } // execute the method LOG.info("GET IdpSSOMethod: " + idpSSOURI); int idpSSOResponseStatus = executeMethod(getIdpSSOMethod); String idpSSOResponseStatusLine = getIdpSSOMethod.getStatusLine().toString(); LOG.debug(idpSSOResponseStatusLine); URI idpSSOResponseURI = getIdpSSOMethod.getURI(); LOG.debug("idpSSOResponseURI=" + idpSSOResponseURI); String idpSSOResponseQuery = idpSSOResponseURI.getEscapedQuery(); LOG.debug("idpSSOResponseQuery=" + idpSSOResponseQuery); // XXX dumpHttpClientCookies(); LOG.debug("idpSSOResponseStatus=" + idpSSOResponseStatus); // BASIC or NTLM response handling if (idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_BASIC || idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_NTLM) { // !200 and same URL as before: if BASIC or NTLM failed on IdP LOG.debug("idpSSOURI=" + idpSSOURI); LOG.debug("idpSSOResponseURI=" + idpSSOResponseURI); if (idpSSOResponseStatus != 200 && idpSSOResponseURI.equals(idpSSOURI)) { LOG.trace("getIdpSSOMethod.releaseConnection()"); getIdpSSOMethod.releaseConnection(); LOG.error("BASIC or NTLM authentication was required for " + idpSSOURL); throw new AuthException( idp.getAuthTypeName() + " authentication failed: " + idpSSOResponseStatusLine + " URL: " + idpSSOResponseURI + " Credentials: " + this.credentials_); } else { // SAML/Artifact: idpSSOResponseURI is already SP login and the // XML <SLCSLoginResponse> is already there // XXX: resend to same IdP SSO page once again LOG.info("IdP BASIC or NTLM authN: resend again to the same IdP SSO URI: " + idpSSOURL); idpSSOResponseURI = new URI(idpSSOURL, false); } } // CAS sends 200 + Cookies and the login form directly else if (idpSSOResponseStatus == 200 && (idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_CAS || idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_FORM)) { LOG.debug("Process " + idp.getAuthTypeName() + " login form..."); // process CAS login form InputStream idpLoginForm = getIdpSSOMethod.getResponseBodyAsStream(); LOG.debug("idpSSOURI Query=" + idpSSOURI.getQuery()); idpSSOResponseURI = processIdPLoginForm(idp, idpSSOResponseURI, idpSSOURI.getQuery(), idpLoginForm); LOG.debug(idp.getAuthTypeName() + " idpSSOResponseURI=" + idpSSOResponseURI); } // FIXME: ETHZ use a new PubCookie // PUBCOOKIE sends 200 + onload form with hidden fields to post else if (idpSSOResponseStatus == 200 && idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_PUBCOOKIE) { // parse <form> and extract hidden fields, then post PostMethod postPubcookieFormMethod = null; InputStream pubcookieFormStream = getIdpSSOMethod.getResponseBodyAsStream(); Source source = new Source(pubcookieFormStream); List<Element> forms = source.findAllElements(Tag.FORM); for (Element form : forms) { String formAction = form.getAttributeValue("ACTION"); LOG.debug("PubCookie form action=" + formAction); if (!idp.getAuthUrl().equalsIgnoreCase(formAction)) { // TODO: ERROR throw new RemoteException( "form action: " + formAction + " doesn't match IdP authN url: " + idp.getAuthUrl()); } // create PubCookie POST postPubcookieFormMethod = new PostMethod(formAction); // add all HIDDEN fields to POST List<FormControl> formControls = form.findFormControls(); for (FormControl control : formControls) { FormControlType type = control.getFormControlType(); if (type.equals(FormControlType.HIDDEN)) { String name = control.getName(); Collection<String> values = control.getValues(); for (String value : values) { LOG.debug("add hidden: " + name + "=" + value); // add all hidden fields postPubcookieFormMethod.addParameter(name, value); } } } } // for all forms LOG.trace("getIdpSSOMethod.releaseConnection()"); getIdpSSOMethod.releaseConnection(); if (postPubcookieFormMethod == null) { // ERROR LOG.error("PubCookie form not found"); throw new RemoteException("PubCookie form not found"); } // LOG.debug("POST " + postPubcookieFormMethod.getURI()); int postPubcookieFormStatus = executeMethod(postPubcookieFormMethod); LOG.debug(postPubcookieFormMethod.getStatusLine()); // XXX dumpHttpClientCookies(); // process pubcookie login form InputStream loginFormStream = postPubcookieFormMethod.getResponseBodyAsStream(); idpSSOResponseURI = processIdPLoginForm(idp, idpSSOResponseURI, idpSSOURI.getQuery(), loginFormStream); LOG.debug("Pubcookie idpSSOResponseURI=" + idpSSOResponseURI); LOG.trace("postPubcookieFormMethod.releaseConnection()"); postPubcookieFormMethod.releaseConnection(); } else { // error handling InputStream htmlStream = getIdpSSOMethod.getResponseBodyAsStream(); String htmlBody = inputStreamToString(htmlStream); LOG.error("Unexpected IdP SSO reponse: URL: " + idpSSOResponseURI + " Status: " + idpSSOResponseStatusLine + " AuthType: " + idp.getAuthTypeName() + " HTML:\n" + htmlBody); LOG.debug("getIdpSSOMethod.releaseConnection()"); getIdpSSOMethod.releaseConnection(); throw new RemoteException("Unexprected IdP SSO reponse: URL: " + idpSSOResponseURI + " Status: " + idpSSOResponseStatusLine + ". Please see the log file."); } LOG.debug("getIdpSSOMethod.releaseConnection()"); getIdpSSOMethod.releaseConnection(); return idpSSOResponseURI; }