cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1333408 - in /cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso: ./ filter/ state/
Date Thu, 03 May 2012 11:42:59 GMT
Author: sergeyb
Date: Thu May  3 11:42:58 2012
New Revision: 1333408

URL: http://svn.apache.org/viewvc?rev=1333408&view=rev
Log:
[CXF-3589] Introducing a common SP handler, limiting cookies to specific apps that initiated
SAMLRequest

Added:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
  (with props)
Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java

Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java?rev=1333408&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
(added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
Thu May  3 11:42:58 2012
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.sso;
+
+import java.util.Date;
+
+import javax.ws.rs.Path;
+
+import org.apache.cxf.jaxrs.utils.HttpUtils;
+import org.apache.cxf.rs.security.saml.sso.state.SPStateManager;
+
+@Path("sso")
+public class AbstractSSOSpHandler {
+    private SPStateManager stateProvider;
+    private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
+    
+    protected String createCookie(String name, String value, String path) { 
+        
+        String contextCookie = name + "=" + value;
+        // Make sure all the SP application filters can get this token;
+        // Path property should be enough for a single container, Domain
+        // property may need to be used for more complex environments
+        if (path != null) {
+            contextCookie += ";Path=" + path;
+        }
+        // Keep the cookie across the browser restarts until it actually expires.
+        // Note that the Expires property has been deprecated but apparently is 
+        // supported better than 'max-age' property by different browsers 
+        // (Firefox, IE, etc)
+        Date expiresDate = new Date(System.currentTimeMillis() + stateTimeToLive);
+        String cookieExpires = HttpUtils.getHttpDateFormat().format(expiresDate);
+        contextCookie += ";Expires=" + cookieExpires;
+        //TODO: Consider adding an 'HttpOnly' attribute        
+        
+        return contextCookie;
+    }
+    
+    protected boolean isStateExpired(long stateCreatedAt) {
+        return new Date().after(new Date(stateCreatedAt + getStateTimeToLive()));
+    }
+    
+    public void setStateProvider(SPStateManager stateProvider) {
+        this.stateProvider = stateProvider;
+    }
+
+    public SPStateManager getStateProvider() {
+        return stateProvider;
+    }
+
+    public void setStateTimeToLive(long stateTimeToLive) {
+        this.stateTimeToLive = stateTimeToLive;
+    }
+
+    public long getStateTimeToLive() {
+        return stateTimeToLive;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
Thu May  3 11:42:58 2012
@@ -23,7 +23,6 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
-import java.util.Date;
 import java.util.ResourceBundle;
 import java.util.UUID;
 import java.util.logging.Logger;
@@ -49,18 +48,16 @@ import org.apache.cxf.common.util.Base64
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.jaxrs.utils.HttpUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
 import org.apache.cxf.rs.security.saml.sso.state.RequestState;
 import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
-import org.apache.cxf.rs.security.saml.sso.state.SPStateManager;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 import org.opensaml.xml.XMLObject;
 
 @Path("sso")
-public class RequestAssertionConsumerService {
+public class RequestAssertionConsumerService extends AbstractSSOSpHandler {
     private static final Logger LOG = 
         LogUtils.getL7dLogger(RequestAssertionConsumerService.class);
     private static final ResourceBundle BUNDLE = 
@@ -69,9 +66,6 @@ public class RequestAssertionConsumerSer
     private boolean supportDeflateEncoding = true;
     private boolean supportBase64Encoding = true;
 
-    private SPStateManager stateProvider;
-    private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
-    
     @Context 
     private MessageContext jaxrsContext;
     
@@ -97,13 +91,12 @@ public class RequestAssertionConsumerSer
             reportError("MISSING_RELAY_STATE");
             throw new WebApplicationException(400);
         }
-        RequestState requestState = stateProvider.removeRequestState(relayState);
+        RequestState requestState = getStateProvider().removeRequestState(relayState);
         if (requestState == null) {
             reportError("MISSING_REQUEST_STATE");
             throw new WebApplicationException(400);
         }
-        long stateCreatedAt = requestState.getCreatedAt();
-        if (new Date().after(new Date(stateCreatedAt + stateTimeToLive))) {
+        if (isStateExpired(requestState.getCreatedAt())) {
             reportError("EXPIRED_REQUEST_STATE");
             throw new WebApplicationException(400);
         }
@@ -119,15 +112,13 @@ public class RequestAssertionConsumerSer
         String securityContextKey = UUID.randomUUID().toString();
         
         long currentTime = System.currentTimeMillis();
-        ResponseState responseState = new ResponseState(currentTime);
-        stateProvider.setResponseState(securityContextKey, responseState);
+        ResponseState responseState = new ResponseState(relayState, currentTime);
+        getStateProvider().setResponseState(securityContextKey, responseState);
+        
+        String contextCookie = createCookie(SSOConstants.SECURITY_CONTEXT_TOKEN,
+                                            securityContextKey,
+                                            requestState.getWebAppContext());
         
-        String contextCookie = 
-            SSOConstants.SECURITY_CONTEXT_TOKEN + "=" + securityContextKey;
-        Date expiresDate = new Date(currentTime + stateTimeToLive);
-        String cookieExpires = HttpUtils.getHttpDateFormat().format(expiresDate);
-        contextCookie += ";Expires=" + cookieExpires;
-                
         // Finally, redirect to the service provider endpoint
         return Response.seeOther(targetURI).header("Set-Cookie", contextCookie).build();
         
@@ -223,11 +214,4 @@ public class RequestAssertionConsumerSer
         LOG.warning(errorMsg.toString());
     }
     
-    public void setStateTimeToLive(long stateTime) {
-        this.stateTimeToLive = stateTime;
-    }
-    
-    public void setStateProvider(SPStateManager provider) {
-        this.stateProvider = provider;
-    }
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
Thu May  3 11:42:58 2012
@@ -19,9 +19,9 @@
 package org.apache.cxf.rs.security.saml.sso.filter;
 
 import java.io.IOException;
+import java.net.URI;
 import java.net.URLEncoder;
 import java.util.Collections;
-import java.util.Date;
 import java.util.Map;
 import java.util.ResourceBundle;
 import java.util.UUID;
@@ -41,12 +41,13 @@ import org.apache.cxf.common.util.Base64
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
 import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
+import org.apache.cxf.jaxrs.impl.UriInfoImpl;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
+import org.apache.cxf.rs.security.saml.sso.AbstractSSOSpHandler;
 import org.apache.cxf.rs.security.saml.sso.SSOConstants;
 import org.apache.cxf.rs.security.saml.sso.state.RequestState;
 import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
-import org.apache.cxf.rs.security.saml.sso.state.SPStateManager;
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 import org.apache.ws.security.util.DOM2Writer;
 import org.opensaml.common.SAMLVersion;
@@ -58,7 +59,8 @@ import org.opensaml.saml2.core.NameIDPol
 import org.opensaml.saml2.core.RequestedAuthnContext;
 import org.opensaml.xml.io.MarshallingException;
 
-public abstract class AbstractServiceProviderFilter implements RequestHandler {
+public abstract class AbstractServiceProviderFilter extends AbstractSSOSpHandler 
+    implements RequestHandler {
     
     protected static final Logger LOG = 
         LogUtils.getL7dLogger(AbstractServiceProviderFilter.class);
@@ -68,9 +70,6 @@ public abstract class AbstractServicePro
     private String idpServiceAddress;
     private String issuerId;
     private String assertionConsumerServiceAddress;
-    private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
-    
-    private SPStateManager stateProvider;
     
     public void setAssertionConsumerServiceAddress(
             String assertionConsumerServiceAddress) {
@@ -89,6 +88,14 @@ public abstract class AbstractServicePro
         return idpServiceAddress;
     }
 
+    private String getIssuerId(Message m) {
+        if (issuerId == null) {
+            return new UriInfoImpl(m).getBaseUri().toString();
+        } else {
+            return issuerId;
+        }
+    }
+    
     protected boolean checkSecurityContext(Message m) {
         HttpHeaders headers = new HttpHeadersImpl(m);
         Map<String, Cookie> cookies = headers.getCookies();
@@ -99,15 +106,24 @@ public abstract class AbstractServicePro
             return false;
         }
         String contextKey = securityContextCookie.getValue();
-        ResponseState responseState = stateProvider.getResponseState(contextKey);
+        ResponseState responseState = getStateProvider().getResponseState(contextKey);
         if (responseState == null) {
             reportError("MISSING_RESPONSE_STATE");
             return false;
         }
-        long stateCreatedAt = responseState.getCreatedAt();
-        if (new Date().after(new Date(stateCreatedAt + stateTimeToLive))) {
+        if (isStateExpired(responseState.getCreatedAt())) {
             reportError("EXPIRED_RESPONSE_STATE");
-            stateProvider.removeResponseState(contextKey);
+            getStateProvider().removeResponseState(contextKey);
+            return false;
+        }
+        Cookie relayStateCookie = cookies.get(SSOConstants.RELAY_STATE);
+        if (relayStateCookie == null) {
+            reportError("MISSING_RELAY_COOKIE");
+            return false;
+        }
+        String originalRelayState = responseState.getRelayState();
+        if (!originalRelayState.equals(relayStateCookie.getValue())) {
+            reportError("INVALID_RELAY_STATE");
             return false;
         }
         //TODO: use ResponseState to set up a proper SecurityContext 
@@ -117,7 +133,7 @@ public abstract class AbstractServicePro
     
     protected AuthnRequest createAuthnRequest(Message m, Document doc) throws Exception {
         Issuer issuer =
-            SamlpRequestComponentBuilder.createIssuer(issuerId);
+            SamlpRequestComponentBuilder.createIssuer(getIssuerId(m));
         NameIDPolicy nameIDPolicy =
             SamlpRequestComponentBuilder.createNameIDPolicy(
                 true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer"
@@ -169,16 +185,21 @@ public abstract class AbstractServicePro
         SamlRequestInfo info = new SamlRequestInfo();
         info.setEncodedSamlRequest(authnRequestEncoded);
         
+        String httpBasePath = (String)m.get("http.base.path");
+        String webAppContext = URI.create(httpBasePath).getRawPath();
         String originalRequestURI = (String)m.get(Message.REQUEST_URI);
+        
         RequestState requestState = new RequestState(originalRequestURI,
-                                                     idpServiceAddress,
+                                                     getIdpServiceAddress(),
                                                      authnRequest.getID(),
-                                                     issuerId,
+                                                     getIssuerId(m),
+                                                     webAppContext,
                                                      System.currentTimeMillis());
         
         String relayState = UUID.randomUUID().toString();
-        stateProvider.setRequestState(relayState, requestState);
+        getStateProvider().setRequestState(relayState, requestState);
         info.setRelayState(relayState);
+        info.setWebAppContext(webAppContext);
         
         return info;
     }
@@ -206,13 +227,5 @@ public abstract class AbstractServicePro
             new org.apache.cxf.common.i18n.Message(code, BUNDLE);
         LOG.warning(errorMsg.toString());
     }
-    
-    public void setStateTimeToLive(long stateTime) {
-        this.stateTimeToLive = stateTime;
-    }
-
-    public void setStateProvider(SPStateManager provider) {
-        this.stateProvider = provider;
-    }
-    
+        
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
Thu May  3 11:42:58 2012
@@ -20,4 +20,6 @@
 #
 MISSING_ASSERTION_SERVICE_URL=RequestAssertionConsumerService URI is not set
 MISSING_RESPONSE_STATE=Response State is not available
+MISSING_RELAY_COOKIE=RelayState cookie is not available
+INVALID_RELAY_STATE=RelayState is invalid
 EXPIRED_RESPONSE_STATE=Response State has expired
\ No newline at end of file

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
Thu May  3 11:42:58 2012
@@ -38,6 +38,10 @@ public class SamlPostBindingFilter exten
                 // in the XHTML form using SamlResponseInfo
                 // in principle we could've built the XHTML form right here
                 // but it will be cleaner to get that done in JSP
+                
+                // Note the view handler will also need to set a RelayState 
+                // cookie
+                
                 return Response.ok(info)
                                .type("text/html")
                                .build();

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
Thu May  3 11:42:58 2012
@@ -39,9 +39,14 @@ public class SamlRedirectBindingFilter e
                 ub.queryParam(SSOConstants.SAML_REQUEST, info.getEncodedSamlRequest());
                 ub.queryParam(SSOConstants.RELAY_STATE, info.getRelayState());    
                 
+                String contextCookie = createCookie(SSOConstants.RELAY_STATE,
+                                                    info.getRelayState(),
+                                                    info.getWebAppContext());
+                
                 return Response.seeOther(ub.build())
                                .header(HttpHeaders.CACHE_CONTROL, "no-store")
                                .header("Pragma", "no-cache") 
+                               .header("Set-Cookie", contextCookie)
                                .build();
             } catch (Exception ex) {
                 throw new WebApplicationException(ex);

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
Thu May  3 11:42:58 2012
@@ -22,6 +22,7 @@ public class SamlRequestInfo {
     private String encodedSamlRequest;
     private String relayState;
     private String idpServiceAddress;
+    private String webAppContext;
     
     public void setEncodedSamlRequest(String encodedSaml) {
         this.encodedSamlRequest = encodedSaml;
@@ -41,4 +42,10 @@ public class SamlRequestInfo {
     public String getIdpServiceAddress() {
         return idpServiceAddress;
     }
+    public void setWebAppContext(String webAppContext) {
+        this.webAppContext = webAppContext;
+    }
+    public String getWebAppContext() {
+        return webAppContext;
+    }
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
Thu May  3 11:42:58 2012
@@ -49,10 +49,6 @@ public class MemorySPStateManager implem
         return requestStateMap.remove(relayState);
     }
     
-    public RequestState getRequestState(String relayState) {
-        return requestStateMap.get(relayState);
-    }
-
     public void close() {
         // complete
     }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
Thu May  3 11:42:58 2012
@@ -24,17 +24,20 @@ public class RequestState {
     private String idpServiceAddress;
     private String samlRequestId;
     private String issuerId;
+    private String webAppContext;
     private long createdAt;
  
     public RequestState(String targetAddress,
                         String idpServiceAddress,
                         String samlRequestId,
                         String issuerId,
+                        String webAppContext,
                         long createdAt) {
         this.targetAddress = targetAddress;
         this.idpServiceAddress = idpServiceAddress;
         this.samlRequestId = samlRequestId;
         this.issuerId = issuerId;
+        this.webAppContext = webAppContext;
         this.createdAt = createdAt;
     }
 
@@ -57,4 +60,8 @@ public class RequestState {
     public long getCreatedAt() {
         return createdAt;
     }
+
+    public String getWebAppContext() {
+        return webAppContext;
+    }
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
Thu May  3 11:42:58 2012
@@ -20,13 +20,19 @@ package org.apache.cxf.rs.security.saml.
 
 public class ResponseState {
 
+    private String relayState;
     private long createdAt;
     
-    public ResponseState(long createdAt) {
+    public ResponseState(String relayState, long createdAt) {
+        this.relayState = relayState;
         this.createdAt = createdAt;
     }
 
     public long getCreatedAt() {
         return createdAt;
     }
+
+    public String getRelayState() {
+        return relayState;
+    }
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
Thu May  3 11:42:58 2012
@@ -31,7 +31,6 @@ package org.apache.cxf.rs.security.saml.
 public interface SPStateManager {
     
     void setRequestState(String relayState, RequestState state);
-    RequestState getRequestState(String relayState);
     RequestState removeRequestState(String relayState);
     
     void setResponseState(String contextKey, ResponseState state);



Mime
View raw message