142 lines
6.3 KiB
Java
142 lines
6.3 KiB
Java
package net.gepafin.tendermanagement.config;
|
|
|
|
import java.io.ByteArrayInputStream;
|
|
import java.io.IOException;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
|
|
import javax.xml.parsers.DocumentBuilder;
|
|
import javax.xml.parsers.DocumentBuilderFactory;
|
|
|
|
import org.apache.commons.lang3.StringUtils;
|
|
import org.slf4j.Logger;
|
|
import org.slf4j.LoggerFactory;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.beans.factory.annotation.Value;
|
|
import org.springframework.security.core.Authentication;
|
|
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
|
|
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
|
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
|
import org.springframework.stereotype.Component;
|
|
import org.w3c.dom.Document;
|
|
import org.w3c.dom.Element;
|
|
|
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
|
|
import jakarta.servlet.http.HttpServletRequest;
|
|
import jakarta.servlet.http.HttpServletResponse;
|
|
import net.gepafin.tendermanagement.constants.GepafinConstant;
|
|
import net.gepafin.tendermanagement.entities.HubEntity;
|
|
import net.gepafin.tendermanagement.entities.SamlResponseEntity;
|
|
import net.gepafin.tendermanagement.entities.UserEntity;
|
|
import net.gepafin.tendermanagement.enums.SamlResponseStatusEnum;
|
|
import net.gepafin.tendermanagement.repositories.SamlResponseRepository;
|
|
import net.gepafin.tendermanagement.repositories.UserRepository;
|
|
import net.gepafin.tendermanagement.service.HubService;
|
|
import net.gepafin.tendermanagement.util.Utils;
|
|
import net.gepafin.tendermanagement.web.rest.api.errors.CustomValidationException;
|
|
import net.gepafin.tendermanagement.web.rest.api.errors.Status;
|
|
|
|
@Component
|
|
public class SamlSuccessHandler implements AuthenticationSuccessHandler {
|
|
|
|
private final Logger logger = LoggerFactory.getLogger(SamlSuccessHandler.class);
|
|
|
|
@Autowired
|
|
private SamlResponseRepository samlResponseLogRepository;
|
|
|
|
@Autowired
|
|
private UserRepository userRepository;
|
|
|
|
@Value("${fe.base.url}")
|
|
private String feBaseUrl;
|
|
|
|
@Autowired
|
|
private HubService hubService;
|
|
|
|
@Override
|
|
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
|
|
Authentication authentication) throws IOException {
|
|
try {
|
|
logger.info("SAML login in Authentication Success Handler");
|
|
Saml2Authentication samlAuth = (Saml2Authentication) authentication;
|
|
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) samlAuth.getPrincipal();
|
|
|
|
Map<String, List<Object>> userAttributes = principal.getAttributes();
|
|
String token = Utils.generateSecureSamlToken();
|
|
logger.info("SAML User Attributes: " + userAttributes);
|
|
|
|
// Extracting raw SAML response
|
|
String samlResponse = samlAuth.getSaml2Response();
|
|
logger.info("Raw SAML Response: " + samlResponse);
|
|
|
|
// If samlResponse is already in XML format, do not Base64 decode it
|
|
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
|
factory.setNamespaceAware(true);
|
|
DocumentBuilder builder = factory.newDocumentBuilder();
|
|
Document document = builder.parse(new ByteArrayInputStream(samlResponse.getBytes())); // Remove the Base64 decoding
|
|
|
|
// Extracting ID, InResponseTo, and IssueInstant from the Response element
|
|
Element responseElement = (Element) document.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:protocol", "Response").item(0);
|
|
String responseId = responseElement.getAttribute("ID");
|
|
String inResponseTo = responseElement.getAttribute("InResponseTo");
|
|
String issueInstant = responseElement.getAttribute("IssueInstant");
|
|
|
|
logger.info("SAML Response ID: " + responseId);
|
|
logger.info("InResponseTo: " + inResponseTo);
|
|
logger.info("IssueInstant: " + issueInstant);
|
|
|
|
SamlResponseEntity samlResponseLogEntity = samlResponseLogRepository
|
|
.findByInResponseToAndStatus(inResponseTo, SamlResponseStatusEnum.INITIATED.getValue())
|
|
.orElseThrow(() -> new CustomValidationException(Status.BAD_REQUEST,
|
|
Translator.toLocale(GepafinConstant.INVALID_REQUEST)));
|
|
ObjectMapper objectMapper = new ObjectMapper();
|
|
String userAttributesJson = objectMapper.writeValueAsString(userAttributes);
|
|
|
|
samlResponseLogEntity.setAuthenticationObject(userAttributesJson);
|
|
samlResponseLogEntity.setToken(token);
|
|
samlResponseLogEntity.setStatus(SamlResponseStatusEnum.SUCCESS.getValue());
|
|
samlResponseLogEntity.setInResponseTo(inResponseTo);
|
|
samlResponseLogEntity.setSamlId(responseId);
|
|
samlResponseLogEntity.setIssueInstant(issueInstant);
|
|
samlResponseLogRepository.save(samlResponseLogEntity);
|
|
|
|
HubEntity hub = hubService.getHubByUuid(samlResponseLogEntity.getHubUuid());
|
|
|
|
String redirectUrl = feBaseUrl;
|
|
if (Boolean.FALSE.equals(StringUtils.isEmpty(hub.getDomainName()))) {
|
|
redirectUrl = hub.getDomainName();
|
|
}
|
|
|
|
logger.info("SAML login successful for user: " + principal.getName());
|
|
String cf = userAttributes.get("CodiceFiscale").get(0).toString();
|
|
UserEntity userEntity = userRepository.findByBeneficiaryCodiceFiscaleAndHubId(cf, hub.getId()).orElse(null);
|
|
if (userEntity == null) {
|
|
redirectUrl += "/registration?temp_token=" + token;
|
|
} else {
|
|
redirectUrl += "/login?temp_token=" + token;
|
|
}
|
|
response.sendRedirect(redirectUrl);
|
|
logger.info("SAML redirect Url: " + redirectUrl);
|
|
} catch (Exception e) {
|
|
logger.error("Error processing SAML success handler", e);
|
|
}
|
|
}
|
|
|
|
public void validateToken(String token, String codiceFiscale, String hubUuid) {
|
|
SamlResponseEntity samlResponseLogEntity = samlResponseLogRepository.findByToken(token);
|
|
if (samlResponseLogEntity == null || Boolean.FALSE.equals(hubUuid.equals(samlResponseLogEntity.getHubUuid()))) {
|
|
throw new CustomValidationException(Status.VALIDATION_ERROR,
|
|
Translator.toLocale(GepafinConstant.INVALID_TOKEN_MSG));
|
|
}
|
|
Map<String, List<Object>> userAttributes = Utils
|
|
.convertStringIntoMap(samlResponseLogEntity.getAuthenticationObject());
|
|
String cf = userAttributes.get("CodiceFiscale").get(0).toString();
|
|
if (codiceFiscale == null || Boolean.FALSE.equals(codiceFiscale.equals(cf))) {
|
|
throw new CustomValidationException(Status.VALIDATION_ERROR,
|
|
Translator.toLocale(GepafinConstant.INVALID_TOKEN_MSG));
|
|
}
|
|
}
|
|
|
|
}
|