[jboss-cvs] Picketlink SVN: r159 - in federation/trunk: picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2 and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Mar 3 16:10:38 EST 2010
Author: anil.saldhana at jboss.com
Date: 2010-03-03 16:10:37 -0500 (Wed, 03 Mar 2010)
New Revision: 159
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
Log:
PLFED-46: handler assertion expired situation
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2010-03-03 20:34:15 UTC (rev 158)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2010-03-03 21:10:37 UTC (rev 159)
@@ -48,6 +48,7 @@
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
@@ -206,9 +207,27 @@
new ServiceProviderSAMLResponseProcessor(false, serviceURL);
initializeSAMLProcessor(responseProcessor);
- SAML2HandlerResponse saml2HandlerResponse =
- responseProcessor.process(samlResponse, httpContext, handlers, chainLock);
-
+ SAML2HandlerResponse saml2HandlerResponse = null;
+
+ try
+ {
+ saml2HandlerResponse = responseProcessor.process(samlResponse, httpContext, handlers, chainLock);
+ }
+ catch(ProcessingException pe)
+ {
+ Throwable te = pe.getCause();
+ if(te instanceof AssertionExpiredException)
+ {
+ //We need to reissue redirect to IDP
+ ServiceProviderBaseProcessor baseProcessor = new ServiceProviderBaseProcessor(false, serviceURL);
+ initializeSAMLProcessor(baseProcessor);
+
+ saml2HandlerResponse = baseProcessor.process(httpContext, handlers, chainLock);
+ saml2HandlerResponse.setDestination(identityURL);
+ }
+ else
+ throw pe;
+ }
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
relayState = saml2HandlerResponse.getRelayState();
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-03-03 20:34:15 UTC (rev 158)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2010-03-03 21:10:37 UTC (rev 159)
@@ -39,6 +39,7 @@
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
@@ -351,7 +352,8 @@
}
if(expiredAssertion)
{
- throw new ProcessingException("Assertion has expired");
+ AssertionExpiredException aee = new AssertionExpiredException();
+ throw new ProcessingException("Assertion has expired",aee);
}
SubjectType subject = assertion.getSubject();
More information about the jboss-cvs-commits
mailing list