cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1330409 - in /cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso: Messages.properties RequestAssertionConsumerService.java filter/AbstractServiceProviderFilter.java
Date Wed, 25 Apr 2012 16:45:22 GMT
Author: sergeyb
Date: Wed Apr 25 16:45:22 2012
New Revision: 1330409

URL: http://svn.apache.org/viewvc?rev=1330409&view=rev
Log:
Updating RequestAssertionConsumerService to treat RelayState as the original target URI

Added:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
  (with props)
Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java

Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties?rev=1330409&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
(added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
Wed Apr 25 16:45:22 2012
@@ -0,0 +1,24 @@
+#
+#
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+#
+#
+MISSING_RELAY_STATE=RelayState parameter is missing
+INVALID_RELAY_STATE=RelayState parameter is invalid
+MISSING_SAML_RESPONSE=SamlResponse parameter is missing
+INVALID_SAML_RESPONSE=SamlResponse parameter is invalid
\ No newline at end of file

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1330409&r1=1330408&r2=1330409&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
Wed Apr 25 16:45:22 2012
@@ -21,6 +21,9 @@ package org.apache.cxf.rs.security.saml.
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.net.URI;
+import java.util.ResourceBundle;
+import java.util.logging.Logger;
 import java.util.zip.DataFormatException;
 
 import javax.ws.rs.Encoded;
@@ -33,10 +36,11 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriBuilder;
 
 import org.w3c.dom.Document;
 
+import org.apache.cxf.common.i18n.BundleUtils;
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
@@ -48,30 +52,39 @@ import org.opensaml.xml.XMLObject;
 
 @Path("sso")
 public class RequestAssertionConsumerService {
+    private static final Logger LOG = 
+        LogUtils.getL7dLogger(RequestAssertionConsumerService.class);
+    private static final ResourceBundle BUNDLE = 
+        BundleUtils.getBundle(RequestAssertionConsumerService.class);
+    
     private static final String SAML_RESPONSE = "SAMLResponse"; 
     private static final String RELAY_STATE = "RelayState";
 
     private boolean useDeflateEncoding = true;
     
+    public void setUseDeflateEncoding(boolean deflate) {
+        useDeflateEncoding = deflate;
+    }
+    public boolean useDeflateEncoding() {
+        return useDeflateEncoding;
+    }
+    
     @POST
     @Produces(MediaType.APPLICATION_FORM_URLENCODED)
     public Response processSamlResponse(@Encoded @FormParam(RELAY_STATE) String relayState,
                                      @Encoded @FormParam(SAML_RESPONSE) String encodedSamlResponse)
{
+        
+        URI relayURI = getRelayURI(relayState);
+        
         org.opensaml.saml2.core.Response samlResponse = 
             readSAMLResponse(encodedSamlResponse);
 
         validateSamlResponse(samlResponse);
         
-        // TODO: set the security context, 
-        // perhaps using the cookie or adding some query parameter 
-        // (relayState?) to the redirect URI
-        
+        // TODO: set the security context
+                
         // finally, redirect to the service provider endpoint
-        String responseTo = samlResponse.getInResponseTo();
-        UriBuilder builder = UriBuilder.fromPath(responseTo); 
-        // if needed: builder.queryParam("RelayState", relayState);
-        
-        return Response.seeOther(builder.build()).build();
+        return Response.seeOther(relayURI).build();
         
     }
     
@@ -83,6 +96,7 @@ public class RequestAssertionConsumerSer
     
     private org.opensaml.saml2.core.Response readSAMLResponse(String samlResponse) {
         if (StringUtils.isEmpty(samlResponse)) {
+            reportError("MISSING_SAML_RESPONSE");
             throw new WebApplicationException(400);
         }
         InputStream tokenStream = null;
@@ -122,14 +136,27 @@ public class RequestAssertionConsumerSer
         try {
             protocolValidator.validateSamlResponse(samlResponse, null, null);
         } catch (WSSecurityException ex) {
+            reportError("INVALID_SAML_RESPONSE");
             throw new WebApplicationException(400);
         }
     }
     
-    public void setUseDeflateEncoding(boolean deflate) {
-        useDeflateEncoding = deflate;
+    private URI getRelayURI(String relayState) {
+        if (relayState != null) {
+            try {
+                return URI.create(relayState);
+            } catch (IllegalArgumentException ex) {
+                reportError("INVALID_RELAY_STATE");
+            }
+        } else {
+            reportError("MISSING_RELAY_STATE");
+        }
+        throw new WebApplicationException(400);
     }
-    public boolean useDeflateEncoding() {
-        return useDeflateEncoding;
+    
+    private void reportError(String code) {
+        org.apache.cxf.common.i18n.Message errorMsg = 
+            new org.apache.cxf.common.i18n.Message(code, BUNDLE);
+        LOG.warning(errorMsg.toString());
     }
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java?rev=1330409&r1=1330408&r2=1330409&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
Wed Apr 25 16:45:22 2012
@@ -21,7 +21,6 @@ package org.apache.cxf.rs.security.saml.
 import java.io.IOException;
 import java.net.URLEncoder;
 import java.util.Collections;
-import java.util.UUID;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -125,7 +124,9 @@ public abstract class AbstractServicePro
         
         SamlRequestInfo info = new SamlRequestInfo();
         info.setEncodedSamlRequest(authnRequestEncoded);
-        info.setRelayState(UUID.randomUUID().toString());
+        
+        String originalRequestURI = (String)m.get(Message.REQUEST_URI);
+        info.setRelayState(originalRequestURI);
         return info;
     }
     



Mime
View raw message