cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1343774 - in /cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso: ./ state/
Date Tue, 29 May 2012 15:22:55 GMT
Author: coheigea
Date: Tue May 29 15:22:54 2012
New Revision: 1343774

URL: http://svn.apache.org/viewvc?rev=1343774&view=rev
Log:
Adding in a new default EhCache-based StateManager for Web SSO

Added:
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java
Modified:
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
Tue May 29 15:22:54 2012
@@ -29,6 +29,7 @@ import java.util.UUID;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import javax.annotation.PreDestroy;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Cookie;
 import javax.ws.rs.core.HttpHeaders;
@@ -123,6 +124,13 @@ public abstract class AbstractServicePro
         return signatureUsername;
     }
     
+    @PreDestroy
+    public void close() throws IOException {
+        if (getStateProvider() != null) {
+            getStateProvider().close();
+        }
+    }
+    
     private String getIssuerId(Message m) {
         if (issuerId == null) {
             return new UriInfoImpl(m).getBaseUri().toString();

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java
Tue May 29 15:22:54 2012
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.rs.security.saml.sso;
 
-import java.io.Closeable;
 import java.io.IOException;
 import java.net.URL;
 
@@ -34,7 +33,7 @@ import org.apache.ws.security.util.Loade
  * An in-memory EHCache implementation of the TokenReplayCache interface. 
  * The default TTL is 60 minutes and the max TTL is 12 hours.
  */
-public class EHCacheTokenReplayCache implements TokenReplayCache<String>, Closeable
{
+public class EHCacheTokenReplayCache implements TokenReplayCache<String> {
     
     public static final long DEFAULT_TTL = 3600L;
     public static final long MAX_TTL = DEFAULT_TTL * 12L;

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
Tue May 29 15:22:54 2012
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.saml.sso;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.UnsupportedEncodingException;
@@ -29,6 +30,7 @@ import java.util.UUID;
 import java.util.logging.Logger;
 import java.util.zip.DataFormatException;
 
+import javax.annotation.PreDestroy;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -121,6 +123,16 @@ public class RequestAssertionConsumerSer
         return doProcessSamlResponse(encodedSamlResponse, relayState, false);
     }
     
+    @PreDestroy
+    public void close() throws IOException {
+        if (replayCache != null) {
+            replayCache.close();
+        }
+        if (getStateProvider() != null) {
+            getStateProvider().close();
+        }
+    }
+    
     protected Response doProcessSamlResponse(String encodedSamlResponse,
                                           String relayState,
                                           boolean postBinding) {

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java
Tue May 29 15:22:54 2012
@@ -19,11 +19,16 @@
 
 package org.apache.cxf.rs.security.saml.sso;
 
-public interface TokenReplayCache<T> {
+import java.io.Closeable;
+import java.io.IOException;
+
+public interface TokenReplayCache<T> extends Closeable {
 
     T getId(T id);
 
     void putId(T id);
 
     void putId(T id, long timeToLive);
+    
+    void close() throws IOException;
 }
\ No newline at end of file

Added: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java?rev=1343774&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java
(added)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java
Tue May 29 15:22:54 2012
@@ -0,0 +1,152 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.sso.state;
+
+import java.io.IOException;
+import java.net.URL;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+import net.sf.ehcache.Element;
+
+import org.apache.ws.security.util.Loader;
+
+/**
+ * An in-memory EHCache implementation of the SPStateManager interface. 
+ * The default TTL is 5 minutes.
+ */
+public class EHCacheSPStateManager implements SPStateManager {
+
+    public static final long DEFAULT_TTL = 60L * 5L;
+    private static final String REQUEST_CACHE_KEY = "cxf-samlp-request-state-cache";
+    private static final String RESPONSE_CACHE_KEY = "cxf-samlp-response-state-cache";
+    private Ehcache requestCache;
+    private Ehcache responseCache;
+    private CacheManager cacheManager;
+    private long ttl = DEFAULT_TTL;
+    
+    public EHCacheSPStateManager() {
+        String defaultConfigFile = "cxf-samlp-ehcache.xml";
+        URL configFileURL = Loader.getResource(defaultConfigFile);
+        createCaches(configFileURL);
+    }
+    
+    public EHCacheSPStateManager(URL configFileURL) {
+        createCaches(configFileURL);
+    }
+    
+    private void createCaches(URL configFileURL) {
+        if (configFileURL == null) {
+            cacheManager = CacheManager.create();
+        } else {
+            cacheManager = CacheManager.create(configFileURL);
+        }
+        
+        Ehcache newCache = new Cache(REQUEST_CACHE_KEY, 50000, true, false, DEFAULT_TTL,
DEFAULT_TTL);
+        requestCache = cacheManager.addCacheIfAbsent(newCache);
+        
+        newCache = new Cache(RESPONSE_CACHE_KEY, 50000, true, false, DEFAULT_TTL, DEFAULT_TTL);
+        responseCache = cacheManager.addCacheIfAbsent(newCache);
+    }
+    
+    /**
+     * Set a new (default) TTL value in seconds
+     * @param newTtl a new (default) TTL value in seconds
+     */
+    public void setTTL(long newTtl) {
+        ttl = newTtl;
+    }
+    
+    /**
+     * Get the (default) TTL value in seconds
+     * @return the (default) TTL value in seconds
+     */
+    public long getTTL() {
+        return ttl;
+    }
+    
+    public ResponseState getResponseState(String securityContextKey) {
+        Element element = responseCache.get(securityContextKey);
+        if (element != null) {
+            if (responseCache.isExpired(element)) {
+                responseCache.remove(securityContextKey);
+                return null;
+            }
+            return (ResponseState)element.getObjectValue();
+        }
+        return null;
+    }
+
+    public ResponseState removeResponseState(String securityContextKey) {
+        Element element = responseCache.get(securityContextKey);
+        if (element != null) {
+            responseCache.remove(securityContextKey);
+            return (ResponseState)element.getObjectValue();
+        }
+        return null;
+    }
+
+    public void setResponseState(String securityContextKey, ResponseState state) {
+        if (securityContextKey == null || "".equals(securityContextKey)) {
+            return;
+        }
+        
+        int parsedTTL = (int)ttl;
+        if (ttl != (long)parsedTTL) {
+            // Fall back to 5 minutes if the default TTL is set incorrectly
+            parsedTTL = 60 * 5;
+        }
+        
+        responseCache.put(new Element(securityContextKey, state, false, parsedTTL, parsedTTL));
+    }
+    
+    public void setRequestState(String relayState, RequestState state) {
+        if (relayState == null || "".equals(relayState)) {
+            return;
+        }
+        
+        int parsedTTL = (int)ttl;
+        if (ttl != (long)parsedTTL) {
+            // Fall back to 60 minutes if the default TTL is set incorrectly
+            parsedTTL = 3600;
+        }
+        
+        requestCache.put(new Element(relayState, state, false, parsedTTL, parsedTTL));
+    }
+
+    public RequestState removeRequestState(String relayState) {
+        Element element = requestCache.get(relayState);
+        if (element != null) {
+            requestCache.remove(relayState);
+            return (RequestState)element.getObjectValue();
+        }
+        return null;
+    }
+    
+    public void close() throws IOException {
+        if (cacheManager != null) {
+            cacheManager.shutdown();
+            cacheManager = null;
+            requestCache = null;
+            responseCache = null;
+        }
+    }
+
+}

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
Tue May 29 15:22:54 2012
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.rs.security.saml.sso.state;
 
+import java.io.IOException;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -49,8 +50,9 @@ public class MemorySPStateManager implem
         return requestStateMap.remove(relayState);
     }
     
-    public void close() {
-        // complete
+    public void close() throws IOException {
+        requestStateMap.clear();
+        responseStateMap.clear();
     }
 
 }

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
Tue May 29 15:22:54 2012
@@ -18,6 +18,9 @@
  */
 package org.apache.cxf.rs.security.saml.sso.state;
 
+import java.io.Closeable;
+import java.io.IOException;
+
 /**
  * SSO Service Provider State Manager.
  * 
@@ -28,7 +31,7 @@ package org.apache.cxf.rs.security.saml.
  * needs to be run in its own war file instead of having every application 
  * war on the SP side have a dedicated RequestAssertionConsumerService endpoint   
  */
-public interface SPStateManager {
+public interface SPStateManager extends Closeable {
     
     void setRequestState(String relayState, RequestState state);
     RequestState removeRequestState(String relayState);
@@ -37,5 +40,5 @@ public interface SPStateManager {
     ResponseState getResponseState(String contextKey);
     ResponseState removeResponseState(String contextKey);
     
-    void close();
+    void close() throws IOException;
 }



Mime
View raw message