cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1333008 - in /cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso: ./ filter/ state/
Date Wed, 02 May 2012 12:06:17 GMT
Author: sergeyb
Date: Wed May  2 12:06:16 2012
New Revision: 1333008

URL: http://svn.apache.org/viewvc?rev=1333008&view=rev
Log:
[CXF-3589] Prototyping the code for managing the SP session data

Added:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
  (with props)
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
  (with props)
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
  (with props)
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
  (with props)
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
  (with props)
Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties?rev=1333008&r1=1333007&r2=1333008&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/Messages.properties
Wed May  2 12:06:16 2012
@@ -18,7 +18,10 @@
 #    under the License.
 #
 #
+MISSING_TARGET_URI=Target URI is missing
+INVALID_TARGET_URI=Target URI is invalid
 MISSING_RELAY_STATE=RelayState parameter is missing
-INVALID_RELAY_STATE=RelayState parameter is invalid
+MISSING_REQUEST_STATE=Request State is not available
+EXPIRED_REQUEST_STATE=Request State has expired
 MISSING_SAML_RESPONSE=SamlResponse parameter is missing
 INVALID_SAML_RESPONSE=SamlResponse parameter is invalid
\ No newline at end of file

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1333008&r1=1333007&r2=1333008&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
Wed May  2 12:06:16 2012
@@ -21,12 +21,14 @@ package org.apache.cxf.rs.security.saml.
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
 import java.net.URI;
+import java.util.Date;
 import java.util.ResourceBundle;
+import java.util.UUID;
 import java.util.logging.Logger;
 import java.util.zip.DataFormatException;
 
-import javax.ws.rs.Encoded;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -45,7 +47,11 @@ import org.apache.cxf.common.util.Base64
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxrs.utils.HttpUtils;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
+import org.apache.cxf.rs.security.saml.sso.state.RequestState;
+import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
+import org.apache.cxf.rs.security.saml.sso.state.SPStateManager;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 import org.opensaml.xml.XMLObject;
@@ -57,40 +63,73 @@ public class RequestAssertionConsumerSer
     private static final ResourceBundle BUNDLE = 
         BundleUtils.getBundle(RequestAssertionConsumerService.class);
     
-    private static final String SAML_RESPONSE = "SAMLResponse"; 
-    private static final String RELAY_STATE = "RelayState";
+    private boolean supportDeflateEncoding = true;
+    private boolean supportBase64Encoding = true;
 
-    private boolean useDeflateEncoding = true;
+    private SPStateManager stateProvider;
+    private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
     
-    public void setUseDeflateEncoding(boolean deflate) {
-        useDeflateEncoding = deflate;
+    public void setSupportDeflateEncoding(boolean deflate) {
+        supportDeflateEncoding = deflate;
     }
-    public boolean useDeflateEncoding() {
-        return useDeflateEncoding;
+    public boolean isSupportDeflateEncoding() {
+        return supportDeflateEncoding;
+    }
+    
+    public void setSupportBase64Encoding(boolean supportBase64Encoding) {
+        this.supportBase64Encoding = supportBase64Encoding;
+    }
+    public boolean isSupportBase64Encoding() {
+        return supportBase64Encoding;
     }
     
     @POST
     @Produces(MediaType.APPLICATION_FORM_URLENCODED)
-    public Response processSamlResponse(@Encoded @FormParam(RELAY_STATE) String relayState,
-                                     @Encoded @FormParam(SAML_RESPONSE) String encodedSamlResponse)
{
+    public Response processSamlResponse(@FormParam(SSOConstants.SAML_RESPONSE) String encodedSamlResponse,
+                                        @FormParam(SSOConstants.RELAY_STATE) String relayState)
{
+        if (relayState == null) {
+            reportError("MISSING_RELAY_STATE");
+            throw new WebApplicationException(400);
+        }
+        RequestState requestState = stateProvider.removeRequestState(relayState);
+        if (requestState == null) {
+            reportError("MISSING_REQUEST_STATE");
+            throw new WebApplicationException(400);
+        }
+        long stateCreatedAt = requestState.getCreatedAt();
+        if (new Date().after(new Date(stateCreatedAt + stateTimeToLive))) {
+            reportError("EXPIRED_REQUEST_STATE");
+            throw new WebApplicationException(400);
+        }
         
-        URI relayURI = getRelayURI(relayState);
+        URI targetURI = getTargetURI(requestState.getTargetAddress());
         
         org.opensaml.saml2.core.Response samlResponse = 
             readSAMLResponse(encodedSamlResponse);
 
-        validateSamlResponse(samlResponse);
+        validateSamlResponse(samlResponse, requestState);
         
-        // TODO: set the security context
+        // Set the security context
+        String securityContextKey = UUID.randomUUID().toString();
+        
+        long currentTime = System.currentTimeMillis();
+        ResponseState responseState = new ResponseState(currentTime);
+        stateProvider.setResponseState(securityContextKey, responseState);
+        
+        String contextCookie = 
+            SSOConstants.SECURITY_CONTEXT_TOKEN + "=" + securityContextKey;
+        Date expiresDate = new Date(currentTime + stateTimeToLive);
+        String cookieExpires = HttpUtils.getHttpDateFormat().format(expiresDate);
+        contextCookie += ";Expires=" + cookieExpires;
                 
-        // finally, redirect to the service provider endpoint
-        return Response.seeOther(relayURI).build();
+        // Finally, redirect to the service provider endpoint
+        return Response.seeOther(targetURI).header("Set-Cookie", contextCookie).build();
         
     }
     
     @GET
-    public Response getSamlResponse(@Encoded @QueryParam(RELAY_STATE) String relayState,
-                                    @Encoded @QueryParam(SAML_RESPONSE) String samlResponse)
{
+    public Response getSamlResponse(@QueryParam(SSOConstants.SAML_RESPONSE) String samlResponse,
+                                    @QueryParam(SSOConstants.RELAY_STATE) String relayState)
{
         return processSamlResponse(relayState, samlResponse);       
     }
     
@@ -100,16 +139,24 @@ public class RequestAssertionConsumerSer
             throw new WebApplicationException(400);
         }
         InputStream tokenStream = null;
-        try {
-            byte[] deflatedToken = Base64Utility.decode(samlResponse);
-            tokenStream = useDeflateEncoding() 
-                ? new DeflateEncoderDecoder().inflateToken(deflatedToken)
-                : new ByteArrayInputStream(deflatedToken); 
-        } catch (Base64Exception ex) {
-            throw new WebApplicationException(400);
-        } catch (DataFormatException ex) {
-            throw new WebApplicationException(400);
-        }    
+        if (isSupportBase64Encoding()) {
+            try {
+                byte[] deflatedToken = Base64Utility.decode(samlResponse);
+                tokenStream = isSupportDeflateEncoding() 
+                    ? new DeflateEncoderDecoder().inflateToken(deflatedToken)
+                    : new ByteArrayInputStream(deflatedToken); 
+            } catch (Base64Exception ex) {
+                throw new WebApplicationException(400);
+            } catch (DataFormatException ex) {
+                throw new WebApplicationException(400);
+            }
+        } else {
+            try {
+                tokenStream = new ByteArrayInputStream(samlResponse.getBytes("UTF-8"));
+            } catch (UnsupportedEncodingException ex) {
+                throw new WebApplicationException(400);
+            }
+        }
         
         Document responseDoc = null;
         try {
@@ -129,7 +176,8 @@ public class RequestAssertionConsumerSer
         return (org.opensaml.saml2.core.Response)responseObject;
     }
     
-    protected void validateSamlResponse(org.opensaml.saml2.core.Response samlResponse) {
+    protected void validateSamlResponse(org.opensaml.saml2.core.Response samlResponse,
+                                        RequestState requestState) {
         SAMLProtocolResponseValidator protocolValidator = 
                 new SAMLProtocolResponseValidator();
         // TODO Configure Crypto & CallbackHandler object here to validate signatures
@@ -141,15 +189,15 @@ public class RequestAssertionConsumerSer
         }
     }
     
-    private URI getRelayURI(String relayState) {
-        if (relayState != null) {
+    private URI getTargetURI(String targetAddress) {
+        if (targetAddress != null) {
             try {
-                return URI.create(relayState);
+                return URI.create(targetAddress);
             } catch (IllegalArgumentException ex) {
-                reportError("INVALID_RELAY_STATE");
+                reportError("INVALID_TARGET_URI");
             }
         } else {
-            reportError("MISSING_RELAY_STATE");
+            reportError("MISSING_TARGET_URI");
         }
         throw new WebApplicationException(400);
     }
@@ -159,4 +207,12 @@ public class RequestAssertionConsumerSer
             new org.apache.cxf.common.i18n.Message(code, BUNDLE);
         LOG.warning(errorMsg.toString());
     }
+    
+    public void setStateTimeToLive(long stateTime) {
+        this.stateTimeToLive = stateTime;
+    }
+    
+    public void setStateProvider(SPStateManager provider) {
+        this.stateProvider = provider;
+    }
 }

Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java?rev=1333008&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
(added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
Wed May  2 12:06:16 2012
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.sso;
+
+public final class SSOConstants {
+    public static final String SAML_REQUEST = "SAMLRequest";
+    public static final String SAML_RESPONSE = "SAMLResponse"; 
+    public static final String RELAY_STATE = "RelayState";
+    public static final String SECURITY_CONTEXT_TOKEN = "org.apache.cxf.websso.context";
+    public static final long DEFAULT_STATE_TIME = 2 * 60 * 1000;
+    
+    
+    private SSOConstants() {
+    }
+}

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java?rev=1333008&r1=1333007&r2=1333008&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
Wed May  2 12:06:16 2012
@@ -21,10 +21,15 @@ package org.apache.cxf.rs.security.saml.
 import java.io.IOException;
 import java.net.URLEncoder;
 import java.util.Collections;
+import java.util.Date;
+import java.util.Map;
 import java.util.ResourceBundle;
+import java.util.UUID;
 import java.util.logging.Logger;
 
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Cookie;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.UriBuilder;
 
 import org.w3c.dom.Document;
@@ -35,8 +40,13 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
+import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
+import org.apache.cxf.rs.security.saml.sso.SSOConstants;
+import org.apache.cxf.rs.security.saml.sso.state.RequestState;
+import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
+import org.apache.cxf.rs.security.saml.sso.state.SPStateManager;
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 import org.apache.ws.security.util.DOM2Writer;
 import org.opensaml.common.SAMLVersion;
@@ -50,8 +60,6 @@ import org.opensaml.xml.io.MarshallingEx
 
 public abstract class AbstractServiceProviderFilter implements RequestHandler {
     
-    protected static final String SAML_REQUEST = "SAMLRequest"; 
-    protected static final String RELAY_STATE = "RelayState";
     protected static final Logger LOG = 
         LogUtils.getL7dLogger(AbstractServiceProviderFilter.class);
     protected static final ResourceBundle BUNDLE = 
@@ -60,6 +68,9 @@ public abstract class AbstractServicePro
     private String idpServiceAddress;
     private String issuerId;
     private String assertionConsumerServiceAddress;
+    private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
+    
+    private SPStateManager stateProvider;
     
     public void setAssertionConsumerServiceAddress(
             String assertionConsumerServiceAddress) {
@@ -79,7 +90,29 @@ public abstract class AbstractServicePro
     }
 
     protected boolean checkSecurityContext(Message m) {
-        return false;
+        HttpHeaders headers = new HttpHeadersImpl(m);
+        Map<String, Cookie> cookies = headers.getCookies();
+        
+        Cookie securityContextCookie = cookies.get(SSOConstants.SECURITY_CONTEXT_TOKEN);
+        if (securityContextCookie == null) {
+            reportError("MISSING_RESPONSE_STATE");
+            return false;
+        }
+        String contextKey = securityContextCookie.getValue();
+        ResponseState responseState = stateProvider.getResponseState(contextKey);
+        if (responseState == null) {
+            reportError("MISSING_RESPONSE_STATE");
+            return false;
+        }
+        long stateCreatedAt = responseState.getCreatedAt();
+        if (new Date().after(new Date(stateCreatedAt + stateTimeToLive))) {
+            reportError("EXPIRED_RESPONSE_STATE");
+            stateProvider.removeResponseState(contextKey);
+            return false;
+        }
+        //TODO: use ResponseState to set up a proper SecurityContext 
+        //      on the current message
+        return true;
     }
     
     protected AuthnRequest createAuthnRequest(Message m, Document doc) throws Exception {
@@ -137,7 +170,16 @@ public abstract class AbstractServicePro
         info.setEncodedSamlRequest(authnRequestEncoded);
         
         String originalRequestURI = (String)m.get(Message.REQUEST_URI);
-        info.setRelayState(originalRequestURI);
+        RequestState requestState = new RequestState(originalRequestURI,
+                                                     idpServiceAddress,
+                                                     authnRequest.getID(),
+                                                     issuerId,
+                                                     System.currentTimeMillis());
+        
+        String relayState = UUID.randomUUID().toString();
+        stateProvider.setRequestState(relayState, requestState);
+        info.setRelayState(relayState);
+        
         return info;
     }
     
@@ -164,4 +206,13 @@ public abstract class AbstractServicePro
             new org.apache.cxf.common.i18n.Message(code, BUNDLE);
         LOG.warning(errorMsg.toString());
     }
+    
+    public void setStateTimeToLive(long stateTime) {
+        this.stateTimeToLive = stateTime;
+    }
+
+    public void setStateProvider(SPStateManager provider) {
+        this.stateProvider = provider;
+    }
+    
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties?rev=1333008&r1=1333007&r2=1333008&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
Wed May  2 12:06:16 2012
@@ -19,3 +19,5 @@
 #
 #
 MISSING_ASSERTION_SERVICE_URL=RequestAssertionConsumerService URI is not set
+MISSING_RESPONSE_STATE=Response State is not available
+EXPIRED_RESPONSE_STATE=Response State has expired
\ No newline at end of file

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java?rev=1333008&r1=1333007&r2=1333008&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
Wed May  2 12:06:16 2012
@@ -38,7 +38,9 @@ public class SamlPostBindingFilter exten
                 // in the XHTML form using SamlResponseInfo
                 // in principle we could've built the XHTML form right here
                 // but it will be cleaner to get that done in JSP
-                return Response.ok(info).type("text/html").build();
+                return Response.ok(info)
+                               .type("text/html")
+                               .build();
                 
             } catch (Exception ex) {
                 throw new WebApplicationException(ex);

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java?rev=1333008&r1=1333007&r2=1333008&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
Wed May  2 12:06:16 2012
@@ -19,11 +19,13 @@
 package org.apache.cxf.rs.security.saml.sso.filter;
 
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.saml.sso.SSOConstants;
 
 public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
     
@@ -34,11 +36,13 @@ public class SamlRedirectBindingFilter e
             try {
                 SamlRequestInfo info = createSamlRequestInfo(m);
                 UriBuilder ub = UriBuilder.fromUri(getIdpServiceAddress());
-                ub.queryParam(SAML_REQUEST, info.getEncodedSamlRequest());
-                if (info.getRelayState() != null) {
-                    ub.queryParam(RELAY_STATE, info.getRelayState());    
-                }
-                return Response.seeOther(ub.build()).build();
+                ub.queryParam(SSOConstants.SAML_REQUEST, info.getEncodedSamlRequest());
+                ub.queryParam(SSOConstants.RELAY_STATE, info.getRelayState());    
+                
+                return Response.seeOther(ub.build())
+                               .header(HttpHeaders.CACHE_CONTROL, "no-store")
+                               .header("Pragma", "no-cache") 
+                               .build();
             } catch (Exception ex) {
                 throw new WebApplicationException(ex);
             }

Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java?rev=1333008&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
(added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
Wed May  2 12:06:16 2012
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.sso.state;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class MemorySPStateManager implements SPStateManager {
+
+    private final Map<String, RequestState> requestStateMap = 
+        new ConcurrentHashMap<String, RequestState>(16, 0.75f, 4);
+    
+    private final Map<String, ResponseState> responseStateMap = 
+        new ConcurrentHashMap<String, ResponseState>(16, 0.75f, 4);
+    
+    public ResponseState getResponseState(String securityContextKey) {
+        return responseStateMap.get(securityContextKey);
+    }
+
+    public ResponseState removeResponseState(String securityContextKey) {
+        return responseStateMap.remove(securityContextKey);
+    }
+
+    public void setResponseState(String securityContextKey, ResponseState state) {
+        responseStateMap.put(securityContextKey, state);
+    }
+    
+    public void setRequestState(String relayState, RequestState state) {
+        requestStateMap.put(relayState, state);
+    }
+
+    public RequestState removeRequestState(String relayState) {
+        return requestStateMap.remove(relayState);
+    }
+    
+    public RequestState getRequestState(String relayState) {
+        return requestStateMap.get(relayState);
+    }
+
+    public void close() {
+        // complete
+    }
+
+}

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java?rev=1333008&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
(added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
Wed May  2 12:06:16 2012
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.sso.state;
+
+public class RequestState {
+
+    private String targetAddress;
+    private String idpServiceAddress;
+    private String samlRequestId;
+    private String issuerId;
+    private long createdAt;
+ 
+    public RequestState(String targetAddress,
+                        String idpServiceAddress,
+                        String samlRequestId,
+                        String issuerId,
+                        long createdAt) {
+        this.targetAddress = targetAddress;
+        this.idpServiceAddress = idpServiceAddress;
+        this.samlRequestId = samlRequestId;
+        this.issuerId = issuerId;
+        this.createdAt = createdAt;
+    }
+
+    public String getTargetAddress() {
+        return targetAddress;
+    }
+
+    public String getIdpServiceAddress() {
+        return idpServiceAddress;
+    }
+
+    public String getSamlRequestId() {
+        return samlRequestId;
+    }
+
+    public String getIssuerId() {
+        return issuerId;
+    }
+
+    public long getCreatedAt() {
+        return createdAt;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java?rev=1333008&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
(added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
Wed May  2 12:06:16 2012
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.sso.state;
+
+public class ResponseState {
+
+    private long createdAt;
+    
+    public ResponseState(long createdAt) {
+        this.createdAt = createdAt;
+    }
+
+    public long getCreatedAt() {
+        return createdAt;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java?rev=1333008&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
(added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
Wed May  2 12:06:16 2012
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.sso.state;
+
+/**
+ * SSO Service Provider State Manager.
+ * 
+ * TODO: review the possibility of working with the Servlet HTTPSession
+ * instead; in that case it can be tricky to configure various containers 
+ * (Tomcat, Jetty) to make sure the cookies are shared across multiple 
+ * war contexts which will be needed if RequestAssertionConsumerService
+ * needs to be run in its own war file instead of having every application 
+ * war on the SP side have a dedicated RequestAssertionConsumerService endpoint   
+ */
+public interface SPStateManager {
+    
+    void setRequestState(String relayState, RequestState state);
+    RequestState getRequestState(String relayState);
+    RequestState removeRequestState(String relayState);
+    
+    void setResponseState(String contextKey, ResponseState state);
+    ResponseState getResponseState(String contextKey);
+    ResponseState removeResponseState(String contextKey);
+    
+    void close();
+}

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message