001/* 002 * (C) Copyright 2014 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nelson Silva <nelson.silva@inevo.pt> 018 */ 019package org.nuxeo.ecm.platform.auth.saml.binding; 020 021import org.opensaml.common.SAMLException; 022import org.opensaml.common.binding.SAMLMessageContext; 023import org.opensaml.common.xml.SAMLConstants; 024import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; 025import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; 026import org.opensaml.ws.message.encoder.MessageEncodingException; 027import org.opensaml.ws.transport.InTransport; 028import org.opensaml.ws.transport.OutTransport; 029import org.opensaml.ws.transport.http.HTTPInTransport; 030import org.opensaml.ws.transport.http.HTTPOutTransport; 031import org.opensaml.ws.transport.http.HTTPTransport; 032 033/** 034 * HTTP Redirect Binding 035 * 036 * @since 6.0 037 */ 038public class HTTPRedirectBinding extends SAMLBinding { 039 040 /** 041 * Extends {@link HTTPRedirectDeflateEncoder} to allow building the redirect URL 042 */ 043 private static class DeflateEncoder extends HTTPRedirectDeflateEncoder { 044 public String buildRedirectURL(SAMLMessageContext context, String endpointURL) throws SAMLException { 045 removeSignature(context); 046 try { 047 String encodedMessage = deflateAndBase64Encode(context.getOutboundSAMLMessage()); 048 return buildRedirectURL(context, endpointURL, encodedMessage); 049 } catch (MessageEncodingException e) { 050 throw new SAMLException("Failed to build redirect URL", e); 051 } 052 } 053 } 054 055 public static final String SAML_REQUEST = "SAMLRequest"; 056 057 public static final String SAML_RESPONSE = "SAMLResponse"; 058 059 public HTTPRedirectBinding() { 060 super(new HTTPRedirectDeflateDecoder(), new DeflateEncoder()); 061 } 062 063 @Override 064 public String getBindingURI() { 065 return SAMLConstants.SAML2_REDIRECT_BINDING_URI; 066 } 067 068 @Override 069 public boolean supports(InTransport transport) { 070 if (transport instanceof HTTPInTransport) { 071 HTTPTransport t = (HTTPTransport) transport; 072 return "GET".equalsIgnoreCase(t.getHTTPMethod()) 073 && (t.getParameterValue(SAML_REQUEST) != null || t.getParameterValue(SAML_RESPONSE) != null); 074 } else { 075 return false; 076 } 077 } 078 079 @Override 080 public boolean supports(OutTransport transport) { 081 return transport instanceof HTTPOutTransport; 082 } 083 084 public String buildRedirectURL(SAMLMessageContext context, String endpointURL) throws SAMLException { 085 return ((DeflateEncoder) encoder).buildRedirectURL(context, endpointURL); 086 } 087}