cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1342584 - in /cxf/trunk/rt/rs/security: sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/ xml/src/main/java/org/apache/cxf/rs/security/saml/
Date Fri, 25 May 2012 11:51:15 GMT
Author: coheigea
Date: Fri May 25 11:51:14 2012
New Revision: 1342584

URL: http://svn.apache.org/viewvc?rev=1342584&view=rev
Log:
Changing POST binding not to use Deflate encoding by default + changing deflate encoder to
also support gzip

Modified:
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java?rev=1342584&r1=1342583&r2=1342584&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
Fri May 25 11:51:14 2012
@@ -40,13 +40,11 @@ import org.w3c.dom.Element;
 import org.apache.cxf.common.i18n.BundleUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.security.SimplePrincipal;
-import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
 import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
 import org.apache.cxf.jaxrs.impl.UriInfoImpl;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
 import org.apache.cxf.rs.security.saml.SAMLUtils;
 import org.apache.cxf.rs.security.saml.assertion.Subject;
 import org.apache.cxf.rs.security.saml.sso.state.RequestState;
@@ -54,7 +52,6 @@ import org.apache.cxf.rs.security.saml.s
 import org.apache.cxf.security.SecurityContext;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.util.DOM2Writer;
 import org.opensaml.saml2.core.AuthnRequest;
 
 public abstract class AbstractServiceProviderFilter extends AbstractSSOSpHandler 
@@ -229,16 +226,6 @@ public abstract class AbstractServicePro
         return responseState;
     }
     
-    protected String deflateEncodeAuthnRequest(Element authnRequestElement)
-        throws IOException {
-        String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
-        
-        DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
-        byte[] deflatedBytes = encoder.deflateToken(requestMessage.getBytes("UTF-8"));
-        
-        return Base64Utility.encode(deflatedBytes);
-    }
-
     protected SamlRequestInfo createSamlRequestInfo(Message m) throws Exception {
         Document doc = DOMUtils.createDocument();
         doc.appendChild(doc.createElement("root"));
@@ -252,7 +239,7 @@ public abstract class AbstractServicePro
             signAuthnRequest(authnRequest);
         }
         Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
-        String authnRequestEncoded = deflateEncodeAuthnRequest(authnRequestElement);
+        String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
         
         SamlRequestInfo info = new SamlRequestInfo();
         info.setSamlRequest(authnRequestEncoded);
@@ -277,6 +264,8 @@ public abstract class AbstractServicePro
         return info;
     }
     
+    protected abstract String encodeAuthnRequest(Element authnRequest) throws IOException;
+    
     protected abstract void signAuthnRequest(AuthnRequest authnRequest) throws Exception;
     
     private String getAbsoluteAssertionServiceAddress(Message m) {

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1342584&r1=1342583&r2=1342584&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
Fri May 25 11:51:14 2012
@@ -23,7 +23,6 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
-import java.net.URLDecoder;
 import java.util.Date;
 import java.util.ResourceBundle;
 import java.util.UUID;
@@ -112,28 +111,29 @@ public class RequestAssertionConsumerSer
     @Produces(MediaType.APPLICATION_FORM_URLENCODED)
     public Response processSamlResponse(@FormParam(SSOConstants.SAML_RESPONSE) String encodedSamlResponse,
                                         @FormParam(SSOConstants.RELAY_STATE) String relayState)
{
-        return doProcessSamlResponse(encodedSamlResponse, relayState);
+        return doProcessSamlResponse(encodedSamlResponse, relayState, true);
         
     }
     
     @GET
     public Response getSamlResponse(@QueryParam(SSOConstants.SAML_RESPONSE) String encodedSamlResponse,
                                     @QueryParam(SSOConstants.RELAY_STATE) String relayState)
{
-        return doProcessSamlResponse(encodedSamlResponse, relayState);
+        return doProcessSamlResponse(encodedSamlResponse, relayState, false);
     }
     
     protected Response doProcessSamlResponse(String encodedSamlResponse,
-                                          String relayState) {
+                                          String relayState,
+                                          boolean postBinding) {
         RequestState requestState = processRelayState(relayState);
         URI targetURI = getTargetURI(requestState.getTargetAddress());
         
         org.opensaml.saml2.core.Response samlResponse = 
-            readSAMLResponse(true, encodedSamlResponse);
+            readSAMLResponse(postBinding, encodedSamlResponse);
 
         // Validate the Response
         validateSamlResponseProtocol(samlResponse);
         SSOValidatorResponse validatorResponse = 
-            validateSamlSSOResponse(true, samlResponse, requestState);
+            validateSamlSSOResponse(postBinding, samlResponse, requestState);
         
         // Set the security context
         String securityContextKey = UUID.randomUUID().toString();
@@ -197,6 +197,7 @@ public class RequestAssertionConsumerSer
         }
         
         String samlResponseDecoded = samlResponse;
+        /*
         // URL Decoding only applies for the re-direct binding
         if (!postBinding) {
             try {
@@ -205,11 +206,12 @@ public class RequestAssertionConsumerSer
                 throw new WebApplicationException(400);
             }
         }
+        */
         InputStream tokenStream = null;
         if (isSupportBase64Encoding()) {
             try {
                 byte[] deflatedToken = Base64Utility.decode(samlResponseDecoded);
-                tokenStream = isSupportDeflateEncoding() 
+                tokenStream = !postBinding && isSupportDeflateEncoding() 
                     ? new DeflateEncoderDecoder().inflateToken(deflatedToken)
                     : new ByteArrayInputStream(deflatedToken); 
             } catch (Base64Exception ex) {

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java?rev=1342584&r1=1342583&r2=1342584&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
Fri May 25 11:51:14 2012
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.rs.security.saml.sso;
 
+import java.io.IOException;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 
@@ -26,14 +27,19 @@ import javax.ws.rs.WebApplicationExcepti
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.jaxrs.ext.MessageContextImpl;
 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoType;
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.ws.security.util.DOM2Writer;
 import org.opensaml.common.SignableSAMLObject;
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.xml.security.x509.BasicX509Credential;
@@ -44,6 +50,12 @@ import org.opensaml.xml.signature.Signat
 
 public class SamlPostBindingFilter extends AbstractServiceProviderFilter {
     
+    private boolean useDeflateEncoding;
+    
+    public void setUseDeflateEncoding(boolean useDeflateEncoding) {
+        this.useDeflateEncoding = useDeflateEncoding;
+    }
+    
     public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
         if (checkSecurityContext(m)) {
             return null;
@@ -76,6 +88,21 @@ public class SamlPostBindingFilter exten
         }
     }
     
+    protected String encodeAuthnRequest(Element authnRequest) throws IOException {
+        String requestMessage = DOM2Writer.nodeToString(authnRequest);
+        
+        byte[] deflatedBytes = null;
+        // Not correct according to the spec but required by some IDPs.
+        if (useDeflateEncoding) {
+            DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
+            deflatedBytes = encoder.deflateToken(requestMessage.getBytes("UTF-8"));
+        } else {
+            deflatedBytes = requestMessage.getBytes("UTF-8");
+        }
+
+        return Base64Utility.encode(deflatedBytes);
+    }
+    
     protected void signAuthnRequest(AuthnRequest authnRequest) throws Exception {
         Crypto crypto = getSignatureCrypto();
         if (crypto == null) {

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java?rev=1342584&r1=1342583&r2=1342584&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
Fri May 25 11:51:14 2012
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.rs.security.saml.sso;
 
+import java.io.IOException;
 import java.net.URLEncoder;
 import java.security.PrivateKey;
 import java.security.Signature;
@@ -28,13 +29,18 @@ import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoType;
 import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.DOM2Writer;
 import org.opensaml.saml2.core.AuthnRequest;
 
 public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
@@ -77,6 +83,15 @@ public class SamlRedirectBindingFilter e
         // Do nothing as we sign the request in a different way for the redirect binding
     }
     
+    protected String encodeAuthnRequest(Element authnRequest) throws IOException {
+        String requestMessage = DOM2Writer.nodeToString(authnRequest);
+
+        DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
+        byte[] deflatedBytes = encoder.deflateToken(requestMessage.getBytes("UTF-8"));
+
+        return Base64Utility.encode(deflatedBytes);
+    }
+    
     /**
      * Sign a request according to the redirect binding spec for Web SSO
      */

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java?rev=1342584&r1=1342583&r2=1342584&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
Fri May 25 11:51:14 2012
@@ -28,11 +28,10 @@ import java.util.zip.Inflater;
 public class DeflateEncoderDecoder {
     public InputStream inflateToken(byte[] deflatedToken) 
         throws DataFormatException {
-        Inflater inflater = new Inflater();
+        Inflater inflater = new Inflater(true);
         inflater.setInput(deflatedToken);
         
         byte[] input = new byte[deflatedToken.length * 2];
-        
         int inflatedLen = 0;
         int inputLen = 0;
         byte[] inflatedToken = input;
@@ -53,7 +52,7 @@ public class DeflateEncoderDecoder {
     }
     
     public byte[] deflateToken(byte[] tokenBytes) {
-        Deflater compresser = new Deflater();
+        Deflater compresser = new Deflater(Deflater.DEFLATED, true);
         
         compresser.setInput(tokenBytes);
         compresser.finish();



Mime
View raw message