[jboss-cvs] Picketlink SVN: r159 - in federation/trunk: picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2 and 1 other directory.

[jboss-cvs-commits at lists.jboss.org]

Author: anil.saldhana at jboss.com
Date: 2010-03-03 16:10:37 -0500 (Wed, 03 Mar 2010)
New Revision: 159

Modified:
   federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
   federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
Log:
PLFED-46: handler assertion expired situation

Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java	2010-03-03 20:34:15 UTC (rev 158)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java	2010-03-03 21:10:37 UTC (rev 159)
@@ -48,6 +48,7 @@
 import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
 import org.picketlink.identity.federation.core.exceptions.ParsingException;
 import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
 import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
 import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
 import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
@@ -206,9 +207,27 @@
                new ServiceProviderSAMLResponseProcessor(false, serviceURL);
             initializeSAMLProcessor(responseProcessor);
             
-            SAML2HandlerResponse saml2HandlerResponse = 
-               responseProcessor.process(samlResponse, httpContext, handlers, chainLock);
-
+            SAML2HandlerResponse saml2HandlerResponse = null;
+            
+            try
+            {
+               saml2HandlerResponse = responseProcessor.process(samlResponse, httpContext, handlers, chainLock);               
+            }
+            catch(ProcessingException pe)
+            {
+               Throwable te = pe.getCause();
+               if(te instanceof AssertionExpiredException)
+               {
+                  //We need to reissue redirect to IDP
+                  ServiceProviderBaseProcessor baseProcessor = new ServiceProviderBaseProcessor(false, serviceURL);
+                  initializeSAMLProcessor(baseProcessor);
+                  
+                  saml2HandlerResponse = baseProcessor.process(httpContext, handlers, chainLock);
+                  saml2HandlerResponse.setDestination(identityURL); 
+               }
+               else
+                  throw pe;
+            }
             Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
             relayState = saml2HandlerResponse.getRelayState();
 

Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java	2010-03-03 20:34:15 UTC (rev 158)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java	2010-03-03 21:10:37 UTC (rev 159)
@@ -39,6 +39,7 @@
 import org.picketlink.identity.federation.core.exceptions.ProcessingException;
 import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
 import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
 import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
 import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
 import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
@@ -351,7 +352,8 @@
          }
          if(expiredAssertion)
          {
-            throw new ProcessingException("Assertion has expired");
+            AssertionExpiredException aee = new AssertionExpiredException();
+            throw new ProcessingException("Assertion has expired",aee);
          } 
          
          SubjectType subject = assertion.getSubject();