cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1240127 - in /cxf/sandbox/fediz: fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Date Fri, 03 Feb 2012 12:24:31 GMT
Author: owulff
Date: Fri Feb  3 12:24:30 2012
New Revision: 1240127

URL: http://svn.apache.org/viewvc?rev=1240127&view=rev
Log:
Callback added to support resolving IDP

Added:
    cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java
Modified:
    cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java

Added: cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java?rev=1240127&view=auto
==============================================================================
--- cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java
(added)
+++ cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java
Fri Feb  3 12:24:30 2012
@@ -0,0 +1,47 @@
+package org.apache.cxf.fediz.core;
+
+import java.net.URL;
+
+import javax.security.auth.callback.Callback;
+import javax.servlet.http.HttpServletRequest;
+
+
+public class IDPCallback implements Callback {
+
+    private HttpServletRequest request = null;
+    private URL issuerUrl = null;
+    private String trustedIssuer = null;
+    
+    public IDPCallback(HttpServletRequest request) {
+        super();
+        this.request = request;
+    }
+    
+    public IDPCallback(HttpServletRequest request, URL issuerUrl,
+            String trustedIssuer) {
+        super();
+        this.request = request;
+        this.issuerUrl = issuerUrl;
+        this.trustedIssuer = trustedIssuer;      
+    }
+    
+    public HttpServletRequest getRequest() {
+        return request;
+    }
+    public void setRequest(HttpServletRequest request) {
+        this.request = request;
+    }
+    public URL getIssuerUrl() {
+        return issuerUrl;
+    }
+    public void setIssuerUrl(URL issuerUrl) {
+        this.issuerUrl = issuerUrl;
+    }
+    public String getTrustedIssuer() {
+        return trustedIssuer;
+    }
+    public void setTrustedIssuer(String trustedIssuer) {
+        this.trustedIssuer = trustedIssuer;
+    }
+    
+}

Modified: cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java?rev=1240127&r1=1240126&r2=1240127&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
(original)
+++ cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Fri Feb  3 12:24:30 2012
@@ -11,6 +11,8 @@ import java.util.Calendar;
 import java.util.Date;
 import java.util.List;
 
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletResponse;
 
@@ -27,6 +29,7 @@ import org.apache.cxf.fediz.core.Federat
 import org.apache.cxf.fediz.core.FederationProcessorImpl;
 import org.apache.cxf.fediz.core.FederationRequest;
 import org.apache.cxf.fediz.core.FederationResponse;
+import org.apache.cxf.fediz.core.IDPCallback;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 
@@ -47,6 +50,9 @@ public class FederationAuthenticator ext
 
     public static final String SECURITY_TOKEN =
         "org.apache.fediz.SECURITY_TOKEN";
+    
+    protected static final String TRUSTED_ISSUER =
+        "org.apache.cxf.fediz.tomcat.TRUSTED_ISSUER";
 
     /**
      * IssuerURL
@@ -87,6 +93,12 @@ public class FederationAuthenticator ext
      * Role delimiter in claim value
      */
     protected String roleDelimiter = ",";
+    
+    
+    /**
+     * Role delimiter in claim value
+     */
+    protected CallbackHandler issuerCallbackHandler = null;
 
 
     public FederationAuthenticator() {
@@ -103,6 +115,27 @@ public class FederationAuthenticator ext
 
 
     /**
+     * Return the callback handler to figure out the IDP url
+     */
+    public CallbackHandler getIssuerCallbackHandler() {
+        return issuerCallbackHandler;
+    }
+
+
+    /**
+     * Set the callback handler class to figure out the IDP url 
+     */
+    public void setIssuerCallbackHandler(String issuerCallbackHandler) {
+        
+        try {
+            this.issuerCallbackHandler = (CallbackHandler)Thread.currentThread().getContextClassLoader().loadClass(issuerCallbackHandler).newInstance();
+        } catch (Throwable ex) {
+            log.fatal("Callback handler not intialized: " + ex.getMessage());
+        }
+    }
+
+    
+    /**
      * Return the character encoding to use to read the username and password.
      */
     public String getIssuerURL() {
@@ -117,7 +150,6 @@ public class FederationAuthenticator ext
         this.issuerURL = issuerURL;
     }
 
-
     /**
      * Return the requested authentication type.
      */
@@ -347,7 +379,26 @@ public class FederationAuthenticator ext
                 //wfReq.setWtrealm(wtrealm);
 
                 FederationConfiguration fedConfig = new FederationConfiguration();
-                fedConfig.setTrustedIssuer(this.getTrustedIssuer());
+                
+                // Has the callback handler returned a trusted issuer, stored in session
+                session = request.getSessionInternal();
+                String trustedIssuer = null;
+                
+                if (session != null) {
+                    trustedIssuer = (String)session.getNote(TRUSTED_ISSUER);
+                    if ( trustedIssuer == null || trustedIssuer.length() == 0) {
+                        trustedIssuer = this.getTrustedIssuer();
+                    } else {
+                        log.debug("Trusted issuer cached in session");
+                        session.removeNote(TRUSTED_ISSUER);
+                    }
+                } else {
+                    log.debug("request session null");
+                }
+                              
+                fedConfig.setTrustedIssuer(trustedIssuer);
+                log.info("Trusted issuer: " + trustedIssuer);
+                
                 fedConfig.setRoleDelimiter(this.getRoleDelimiter());
                 if (this.getRoleClaimURI() == null || this.getRoleClaimURI().length() ==
0) {
                     fedConfig.setRoleURI(FederationConstants.DEFAULT_ROLE_URI);
@@ -526,10 +577,27 @@ public class FederationAuthenticator ext
     throws IOException {
 
         String redirectURL = null;
-        String issuerURL = getIssuerURL();
-        if (issuerURL != null && issuerURL.length() > 0) {
-            redirectURL = issuerURL;
+        if (this.getIssuerCallbackHandler() != null) {
+            IDPCallback callback = new IDPCallback(request);
+            try {
+                this.getIssuerCallbackHandler().handle(new Callback[]{callback});
+                redirectURL = callback.getIssuerUrl().toString();
+                String trustedIssuer = callback.getTrustedIssuer();
+                if (trustedIssuer != null && trustedIssuer.length() > 0) {
+                    request.getSessionInternal().setNote(TRUSTED_ISSUER, trustedIssuer);
+                }                
+            } catch (Exception ex) {
+                log.error("Failed to handle callback: " + ex.getMessage());
+            }            
+        } else {
+            String issuerURL = getIssuerURL();
+            if (issuerURL != null && issuerURL.length() > 0) {
+                redirectURL = issuerURL;
+            }
         }
+        log.info("Issuer url: " + redirectURL);
+        
+        
         String loginPage = config.getLoginPage();
         if (redirectURL == null) {
             if (loginPage != null &&  loginPage.length() > 0) {



Mime
View raw message