ucReauthorizeUser
Purpose
ucReauthorizeUser used to redirect user to a reauthentication server, if this is directed by the workflow of processing an issue.
Applies To
User Authentication Methods
Signature
public boolean ucReauthorizeUser (
HttpServletRequest request,
HttpServletResponse response,
ProblemFormParam pfp,
SesameSession session,
int sshState )
Notes
It is currently used when the user’s permissions in an SSO environment are not sufficient to perform an action. This routine can be used to reauthenticate the user with a different permission set.
Example
public boolean ucReauthorizeUser(
HttpServletRequest request,
HttpServletResponse response,
ProblemFormParam pfp,
SesameSession session,
int sshState) throws Exception {
// set up a signature handler object
StatusSignatureHandler ssh;
// first, is there a CHANGE: state var with one of the key fields?
String sv = pfp.getString("stateVar");
// Log the state var
Z.log.writeToLog(Z.log.DEBUG, "STATEVAR IN doReauth(): " + sv);
// if you change this you also must change the list of esignature fields below.
String fieldPat = "^CHANGE:" +
"(P_RISK_SIG_REQUIRED)|" +
"(P_GOVT_DCSNTREE_SIG_REQUIRED)|" +
"(P_GOVT_DSCNTREE_RVW_SIG_REQ)|" +
"(P_GOVT_MDR_DEC_SIG_REQ)|" +
"(P_GOVT_REVIEW_SIG_REQ)|" +
"(P_GOVT_OTH_DEC_SIG_REQ)|" +
"(P_GOVT_AUS_DEC_SIG_REQ)|" +
"(P_GOVT_CAN_DEC_SIG_REQ)|" +
"(P_GOVT_VSR_DEC_SIG_REQ)|" +
"(P_GOVT_VIGIL_REV_SIG_REQUIRED)|" +
"(P_GOVT_MHLW_DEC_SIG_REQUIRED)|" +
"(P_GOVT_MHLW_DEC_REV_SIG_REQ)" +
"_\\d+$";
Regex fieldParser = new Regex(fieldPat);
boolean reauthFieldExists = fieldParser.search(sv.toUpperCase());
// Is this refresh fired by a reauth field?
Z.log.writeToLog(Z.log.DEBUG,
"REFRESH FIRED BY A REAUTH FIELD: " + reauthFieldExists);
// if no reauthFieldExists, there is no reason to do anything else, we
// can return "false" immediately.
if (!reauthFieldExists) {
return false;
}
// next, is there a p_cached_req parameter?
String cr = pfp.getString("CACHED_REQ");
boolean crFieldExists = TextManager.isStringVisible(cr);
// did we get the cached request parameter?
Z.log.writeToLog(Z.log.DEBUG,
"CACHED REQUEST PARAMETER EXISTS: " + crFieldExists);
Z.log.writeToLog(Z.log.DEBUG,
"CACEHD REQUEST PARAMETER: " + cr);
// if reauthFieldExists and no crFieldExists, we have not yet been
// through reauthentication. we must create the ssh object, redirect to
// the SSO server, and return a true (we are doing reauth). Otherwise,
// reauthField and crField both exist, get cached ssh, then check the
// SSO authorization status.
if (reauthFieldExists && !crFieldExists) {
// log that we are making a new StatusSignatureHandler
Z.log.writeToLog(Z.log.DEBUG, "MAKING NEW StatusSignatureHandler.");
ssh = new StatusSignatureHandler(request, session, sshState);
if (TextManager.isStringVisible(sv)) {
ssh.setStateVar(sv);
}
// ssh reauth status before cache
Z.log.writeToLog(Z.log.DEBUG,
"SSH REAUTH STATUS BEFORE CACHE: " + ssh.isReauthorizedCheck(session));
// cache ssh in session
ssh.cache();
// ssh reauth status after cache
Z.log.writeToLog(Z.log.DEBUG,
"SSH REAUTH STATUS AFTER CACHE: " + ssh.isReauthorizedCheck(session));
} else {
// we are retrieving a cached ssh
Z.log.writeToLog(Z.log.DEBUG,
"GETTING CACHED StatusSignatureHandler.");
ssh = StatusSignatureHandler.getCached(cr, session);
// check the cached ssh for reauthorization
// if we are not using SSO, just reauthorize
// them. otherwise, check the SSO reauth.
boolean sso = "YES".equalsIgnoreCase(
Z.appDefaults.getAttribute("SSO_STATE"));
// log sso state
Z.log.writeToLog(Z.log.DEBUG, "SSO_STATE IS ON: " + sso);
if (!sso) {
// log what we do with respect to SSO
Z.log.writeToLog(Z.log.DEBUG, "SSO NOT ON, REAUTHORIZING.");
ssh.reauthorize();
} else if (com.extraview.presentation.security.LoginDisplay.
doSSOReAuthorization(request)) {
// log what we do with respect to SSO
Z.log.writeToLog(Z.log.DEBUG, "SSO ON,
doSSOReAuthorization PASSED, REATHORIZING.");
ssh.reauthorize();
} else {
// log what we do with respect to SSO
Z.log.writeToLog(Z.log.DEBUG,
"SSO ON, doSSOReAuthorization FAILED, NOT REATHORIZING.");
}
}
// Log wheter or not we are reauthorized
Z.log.writeToLog(Z.log.DEBUG,
"SSH SAYS WE ARE REAUTHORIZED: " + ssh.isReauthorizedCheck(session));
// if we are reauthorized, do NOT redirect and return a status of false,
// otherwise redirect and return a status of true (for redirected).
if (ssh.isReauthorized(session)) {
return false;
} else {
String reloginUrl = ssh.reloginUrl();
// log reloginUrl
Z.log.writeToLog(Z.log.DEBUG,
"REAUTH URL WITH TARGET IMMEDIATELY BEFORE REDIRECTING: "
+ reloginUrl);
response.sendRedirect(reloginUrl);
return true;
}
}