cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1338666 - in /cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso: ./ filter/ state/
Date Tue, 15 May 2012 12:17:50 GMT
Author: sergeyb
Date: Tue May 15 12:17:49 2012
New Revision: 1338666

URL: http://svn.apache.org/viewvc?rev=1338666&view=rev
Log:
Optional support for the cookie domains for sso tokens

Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
Tue May 15 12:17:49 2012
@@ -30,15 +30,27 @@ public class AbstractSSOSpHandler {
     private SPStateManager stateProvider;
     private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
     
-    protected String createCookie(String name, String value, String path) { 
+    //TODO: support attaching a signature to the cookie value
+    protected String createCookie(String name, 
+                                  String value, 
+                                  String path,
+                                  String domain) { 
         
         String contextCookie = name + "=" + value;
-        // Make sure all the SP application filters can get this token;
-        // Path property should be enough for a single container, Domain
-        // property may need to be used for more complex environments
+        // Setting a specific path restricts the browsers
+        // to return a cookie only to the web applications
+        // listening on that specific context path
         if (path != null) {
             contextCookie += ";Path=" + path;
         }
+        
+        // Setting a specific domain further restricts the browsers
+        // to return a cookie only to the web applications
+        // listening on the specific context path within a particular domain
+        if (domain != null) {
+            contextCookie += ";Domain=" + domain;
+        }
+        
         // Keep the cookie across the browser restarts until it actually expires.
         // Note that the Expires property has been deprecated but apparently is 
         // supported better than 'max-age' property by different browsers 

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
Tue May 15 12:17:49 2012
@@ -121,7 +121,8 @@ public class RequestAssertionConsumerSer
         
         String contextCookie = createCookie(SSOConstants.SECURITY_CONTEXT_TOKEN,
                                             securityContextKey,
-                                            requestState.getWebAppContext());
+                                            requestState.getWebAppContext(),
+                                            requestState.getWebAppDomain());
         
         // Finally, redirect to the service provider endpoint
         return Response.seeOther(targetURI).header("Set-Cookie", contextCookie).build();

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
Tue May 15 12:17:49 2012
@@ -70,6 +70,7 @@ public abstract class AbstractServicePro
     private String idpServiceAddress;
     private String issuerId;
     private String assertionConsumerServiceAddress;
+    private String webAppDomain;
     
     public void setAssertionConsumerServiceAddress(
             String assertionConsumerServiceAddress) {
@@ -194,12 +195,14 @@ public abstract class AbstractServicePro
                                                      authnRequest.getID(),
                                                      getIssuerId(m),
                                                      webAppContext,
+                                                     getWebAppDomain(),
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         getStateProvider().setRequestState(relayState, requestState);
         info.setRelayState(relayState);
         info.setWebAppContext(webAppContext);
+        info.setWebAppDomain(getWebAppDomain());
         
         return info;
     }
@@ -227,5 +230,13 @@ public abstract class AbstractServicePro
             new org.apache.cxf.common.i18n.Message(code, BUNDLE);
         LOG.warning(errorMsg.toString());
     }
+
+    public String getWebAppDomain() {
+        return webAppDomain;
+    }
+
+    public void setWebAppDomain(String webAppDomain) {
+        this.webAppDomain = webAppDomain;
+    }
         
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
Tue May 15 12:17:49 2012
@@ -41,7 +41,8 @@ public class SamlRedirectBindingFilter e
                 
                 String contextCookie = createCookie(SSOConstants.RELAY_STATE,
                                                     info.getRelayState(),
-                                                    info.getWebAppContext());
+                                                    info.getWebAppContext(),
+                                                    info.getWebAppDomain());
                 
                 return Response.seeOther(ub.build())
                                .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store")

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
Tue May 15 12:17:49 2012
@@ -23,6 +23,7 @@ public class SamlRequestInfo {
     private String relayState;
     private String idpServiceAddress;
     private String webAppContext;
+    private String webAppDomain;
     
     public void setEncodedSamlRequest(String encodedSaml) {
         this.encodedSamlRequest = encodedSaml;
@@ -48,4 +49,10 @@ public class SamlRequestInfo {
     public String getWebAppContext() {
         return webAppContext;
     }
+    public String getWebAppDomain() {
+        return webAppDomain;
+    }
+    public void setWebAppDomain(String webAppDomain) {
+        this.webAppDomain = webAppDomain;
+    }
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
Tue May 15 12:17:49 2012
@@ -25,6 +25,7 @@ public class RequestState {
     private String samlRequestId;
     private String issuerId;
     private String webAppContext;
+    private String webAppDomain;
     private long createdAt;
  
     public RequestState(String targetAddress,
@@ -32,12 +33,14 @@ public class RequestState {
                         String samlRequestId,
                         String issuerId,
                         String webAppContext,
+                        String webAppDomain,
                         long createdAt) {
         this.targetAddress = targetAddress;
         this.idpServiceAddress = idpServiceAddress;
         this.samlRequestId = samlRequestId;
         this.issuerId = issuerId;
         this.webAppContext = webAppContext;
+        this.webAppDomain = webAppDomain;
         this.createdAt = createdAt;
     }
 
@@ -64,4 +67,8 @@ public class RequestState {
     public String getWebAppContext() {
         return webAppContext;
     }
+
+    public String getWebAppDomain() {
+        return webAppDomain;
+    }
 }



Mime
View raw message