ucReauthorizeUser used to redirect user to a reauthentication server, if this is directed by the workflow of processing an issue.
User Authentication Methods
public boolean ucReauthorizeUser ( HttpServletRequest request, HttpServletResponse response, ProblemFormParam pfp, SesameSession session, int sshState )
It is currently used when the user’s permissions in an SSO environment are not sufficient to perform an action. This routine can be used to reauthenticate the user with a different permission set.
public boolean ucReauthorizeUser( HttpServletRequest request, HttpServletResponse response, ProblemFormParam pfp, SesameSession session, int sshState) throws Exception { // set up a signature handler object StatusSignatureHandler ssh; // first, is there a CHANGE: state var with one of the key fields? String sv = pfp.getString("stateVar"); // Log the state var Z.log.writeToLog(Z.log.DEBUG, "STATEVAR IN doReauth(): " + sv); // if you change this you also must change the list of esignature fields below. String fieldPat = "^CHANGE:" + "(P_RISK_SIG_REQUIRED)|" + "(P_GOVT_DCSNTREE_SIG_REQUIRED)|" + "(P_GOVT_DSCNTREE_RVW_SIG_REQ)|" + "(P_GOVT_MDR_DEC_SIG_REQ)|" + "(P_GOVT_REVIEW_SIG_REQ)|" + "(P_GOVT_OTH_DEC_SIG_REQ)|" + "(P_GOVT_AUS_DEC_SIG_REQ)|" + "(P_GOVT_CAN_DEC_SIG_REQ)|" + "(P_GOVT_VSR_DEC_SIG_REQ)|" + "(P_GOVT_VIGIL_REV_SIG_REQUIRED)|" + "(P_GOVT_MHLW_DEC_SIG_REQUIRED)|" + "(P_GOVT_MHLW_DEC_REV_SIG_REQ)" + "_\\d+$"; Regex fieldParser = new Regex(fieldPat); boolean reauthFieldExists = fieldParser.search(sv.toUpperCase()); // Is this refresh fired by a reauth field? Z.log.writeToLog(Z.log.DEBUG, "REFRESH FIRED BY A REAUTH FIELD: " + reauthFieldExists); // if no reauthFieldExists, there is no reason to do anything else, we // can return "false" immediately. if (!reauthFieldExists) { return false; } // next, is there a p_cached_req parameter? String cr = pfp.getString("CACHED_REQ"); boolean crFieldExists = TextManager.isStringVisible(cr); // did we get the cached request parameter? Z.log.writeToLog(Z.log.DEBUG, "CACHED REQUEST PARAMETER EXISTS: " + crFieldExists); Z.log.writeToLog(Z.log.DEBUG, "CACEHD REQUEST PARAMETER: " + cr); // if reauthFieldExists and no crFieldExists, we have not yet been // through reauthentication. we must create the ssh object, redirect to // the SSO server, and return a true (we are doing reauth). Otherwise, // reauthField and crField both exist, get cached ssh, then check the // SSO authorization status. if (reauthFieldExists && !crFieldExists) { // log that we are making a new StatusSignatureHandler Z.log.writeToLog(Z.log.DEBUG, "MAKING NEW StatusSignatureHandler."); ssh = new StatusSignatureHandler(request, session, sshState); if (TextManager.isStringVisible(sv)) { ssh.setStateVar(sv); } // ssh reauth status before cache Z.log.writeToLog(Z.log.DEBUG, "SSH REAUTH STATUS BEFORE CACHE: " + ssh.isReauthorizedCheck(session)); // cache ssh in session ssh.cache(); // ssh reauth status after cache Z.log.writeToLog(Z.log.DEBUG, "SSH REAUTH STATUS AFTER CACHE: " + ssh.isReauthorizedCheck(session)); } else { // we are retrieving a cached ssh Z.log.writeToLog(Z.log.DEBUG, "GETTING CACHED StatusSignatureHandler."); ssh = StatusSignatureHandler.getCached(cr, session); // check the cached ssh for reauthorization // if we are not using SSO, just reauthorize // them. otherwise, check the SSO reauth. boolean sso = "YES".equalsIgnoreCase( Z.appDefaults.getAttribute("SSO_STATE")); // log sso state Z.log.writeToLog(Z.log.DEBUG, "SSO_STATE IS ON: " + sso); if (!sso) { // log what we do with respect to SSO Z.log.writeToLog(Z.log.DEBUG, "SSO NOT ON, REAUTHORIZING."); ssh.reauthorize(); } else if (com.extraview.presentation.security.LoginDisplay. doSSOReAuthorization(request)) { // log what we do with respect to SSO Z.log.writeToLog(Z.log.DEBUG, "SSO ON, doSSOReAuthorization PASSED, REATHORIZING."); ssh.reauthorize(); } else { // log what we do with respect to SSO Z.log.writeToLog(Z.log.DEBUG, "SSO ON, doSSOReAuthorization FAILED, NOT REATHORIZING."); } } // Log wheter or not we are reauthorized Z.log.writeToLog(Z.log.DEBUG, "SSH SAYS WE ARE REAUTHORIZED: " + ssh.isReauthorizedCheck(session)); // if we are reauthorized, do NOT redirect and return a status of false, // otherwise redirect and return a status of true (for redirected). if (ssh.isReauthorized(session)) { return false; } else { String reloginUrl = ssh.reloginUrl(); // log reloginUrl Z.log.writeToLog(Z.log.DEBUG, "REAUTH URL WITH TARGET IMMEDIATELY BEFORE REDIRECTING: " + reloginUrl); response.sendRedirect(reloginUrl); return true; } }