Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E222FC29D for ; Tue, 29 May 2012 15:23:17 +0000 (UTC) Received: (qmail 38171 invoked by uid 500); 29 May 2012 15:23:17 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 38126 invoked by uid 500); 29 May 2012 15:23:17 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 38117 invoked by uid 99); 29 May 2012 15:23:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 15:23:17 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 May 2012 15:23:15 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 7C62E2388962; Tue, 29 May 2012 15:22:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1343774 - in /cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso: ./ state/ Date: Tue, 29 May 2012 15:22:55 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120529152255.7C62E2388962@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Tue May 29 15:22:54 2012 New Revision: 1343774 URL: http://svn.apache.org/viewvc?rev=1343774&view=rev Log: Adding in a new default EhCache-based StateManager for Web SSO Added: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java?rev=1343774&r1=1343773&r2=1343774&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java (original) +++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java Tue May 29 15:22:54 2012 @@ -29,6 +29,7 @@ import java.util.UUID; import java.util.logging.Level; import java.util.logging.Logger; +import javax.annotation.PreDestroy; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Cookie; import javax.ws.rs.core.HttpHeaders; @@ -123,6 +124,13 @@ public abstract class AbstractServicePro return signatureUsername; } + @PreDestroy + public void close() throws IOException { + if (getStateProvider() != null) { + getStateProvider().close(); + } + } + private String getIssuerId(Message m) { if (issuerId == null) { return new UriInfoImpl(m).getBaseUri().toString(); Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java?rev=1343774&r1=1343773&r2=1343774&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java (original) +++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java Tue May 29 15:22:54 2012 @@ -19,7 +19,6 @@ package org.apache.cxf.rs.security.saml.sso; -import java.io.Closeable; import java.io.IOException; import java.net.URL; @@ -34,7 +33,7 @@ import org.apache.ws.security.util.Loade * An in-memory EHCache implementation of the TokenReplayCache interface. * The default TTL is 60 minutes and the max TTL is 12 hours. */ -public class EHCacheTokenReplayCache implements TokenReplayCache, Closeable { +public class EHCacheTokenReplayCache implements TokenReplayCache { public static final long DEFAULT_TTL = 3600L; public static final long MAX_TTL = DEFAULT_TTL * 12L; Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1343774&r1=1343773&r2=1343774&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java (original) +++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java Tue May 29 15:22:54 2012 @@ -19,6 +19,7 @@ package org.apache.cxf.rs.security.saml.sso; import java.io.ByteArrayInputStream; +import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.UnsupportedEncodingException; @@ -29,6 +30,7 @@ import java.util.UUID; import java.util.logging.Logger; import java.util.zip.DataFormatException; +import javax.annotation.PreDestroy; import javax.ws.rs.FormParam; import javax.ws.rs.GET; import javax.ws.rs.POST; @@ -121,6 +123,16 @@ public class RequestAssertionConsumerSer return doProcessSamlResponse(encodedSamlResponse, relayState, false); } + @PreDestroy + public void close() throws IOException { + if (replayCache != null) { + replayCache.close(); + } + if (getStateProvider() != null) { + getStateProvider().close(); + } + } + protected Response doProcessSamlResponse(String encodedSamlResponse, String relayState, boolean postBinding) { Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java?rev=1343774&r1=1343773&r2=1343774&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java (original) +++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java Tue May 29 15:22:54 2012 @@ -19,11 +19,16 @@ package org.apache.cxf.rs.security.saml.sso; -public interface TokenReplayCache { +import java.io.Closeable; +import java.io.IOException; + +public interface TokenReplayCache extends Closeable { T getId(T id); void putId(T id); void putId(T id, long timeToLive); + + void close() throws IOException; } \ No newline at end of file Added: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java?rev=1343774&view=auto ============================================================================== --- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java (added) +++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java Tue May 29 15:22:54 2012 @@ -0,0 +1,152 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.saml.sso.state; + +import java.io.IOException; +import java.net.URL; + +import net.sf.ehcache.Cache; +import net.sf.ehcache.CacheManager; +import net.sf.ehcache.Ehcache; +import net.sf.ehcache.Element; + +import org.apache.ws.security.util.Loader; + +/** + * An in-memory EHCache implementation of the SPStateManager interface. + * The default TTL is 5 minutes. + */ +public class EHCacheSPStateManager implements SPStateManager { + + public static final long DEFAULT_TTL = 60L * 5L; + private static final String REQUEST_CACHE_KEY = "cxf-samlp-request-state-cache"; + private static final String RESPONSE_CACHE_KEY = "cxf-samlp-response-state-cache"; + private Ehcache requestCache; + private Ehcache responseCache; + private CacheManager cacheManager; + private long ttl = DEFAULT_TTL; + + public EHCacheSPStateManager() { + String defaultConfigFile = "cxf-samlp-ehcache.xml"; + URL configFileURL = Loader.getResource(defaultConfigFile); + createCaches(configFileURL); + } + + public EHCacheSPStateManager(URL configFileURL) { + createCaches(configFileURL); + } + + private void createCaches(URL configFileURL) { + if (configFileURL == null) { + cacheManager = CacheManager.create(); + } else { + cacheManager = CacheManager.create(configFileURL); + } + + Ehcache newCache = new Cache(REQUEST_CACHE_KEY, 50000, true, false, DEFAULT_TTL, DEFAULT_TTL); + requestCache = cacheManager.addCacheIfAbsent(newCache); + + newCache = new Cache(RESPONSE_CACHE_KEY, 50000, true, false, DEFAULT_TTL, DEFAULT_TTL); + responseCache = cacheManager.addCacheIfAbsent(newCache); + } + + /** + * Set a new (default) TTL value in seconds + * @param newTtl a new (default) TTL value in seconds + */ + public void setTTL(long newTtl) { + ttl = newTtl; + } + + /** + * Get the (default) TTL value in seconds + * @return the (default) TTL value in seconds + */ + public long getTTL() { + return ttl; + } + + public ResponseState getResponseState(String securityContextKey) { + Element element = responseCache.get(securityContextKey); + if (element != null) { + if (responseCache.isExpired(element)) { + responseCache.remove(securityContextKey); + return null; + } + return (ResponseState)element.getObjectValue(); + } + return null; + } + + public ResponseState removeResponseState(String securityContextKey) { + Element element = responseCache.get(securityContextKey); + if (element != null) { + responseCache.remove(securityContextKey); + return (ResponseState)element.getObjectValue(); + } + return null; + } + + public void setResponseState(String securityContextKey, ResponseState state) { + if (securityContextKey == null || "".equals(securityContextKey)) { + return; + } + + int parsedTTL = (int)ttl; + if (ttl != (long)parsedTTL) { + // Fall back to 5 minutes if the default TTL is set incorrectly + parsedTTL = 60 * 5; + } + + responseCache.put(new Element(securityContextKey, state, false, parsedTTL, parsedTTL)); + } + + public void setRequestState(String relayState, RequestState state) { + if (relayState == null || "".equals(relayState)) { + return; + } + + int parsedTTL = (int)ttl; + if (ttl != (long)parsedTTL) { + // Fall back to 60 minutes if the default TTL is set incorrectly + parsedTTL = 3600; + } + + requestCache.put(new Element(relayState, state, false, parsedTTL, parsedTTL)); + } + + public RequestState removeRequestState(String relayState) { + Element element = requestCache.get(relayState); + if (element != null) { + requestCache.remove(relayState); + return (RequestState)element.getObjectValue(); + } + return null; + } + + public void close() throws IOException { + if (cacheManager != null) { + cacheManager.shutdown(); + cacheManager = null; + requestCache = null; + responseCache = null; + } + } + +} Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java?rev=1343774&r1=1343773&r2=1343774&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java (original) +++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java Tue May 29 15:22:54 2012 @@ -18,6 +18,7 @@ */ package org.apache.cxf.rs.security.saml.sso.state; +import java.io.IOException; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; @@ -49,8 +50,9 @@ public class MemorySPStateManager implem return requestStateMap.remove(relayState); } - public void close() { - // complete + public void close() throws IOException { + requestStateMap.clear(); + responseStateMap.clear(); } } Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java?rev=1343774&r1=1343773&r2=1343774&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java (original) +++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java Tue May 29 15:22:54 2012 @@ -18,6 +18,9 @@ */ package org.apache.cxf.rs.security.saml.sso.state; +import java.io.Closeable; +import java.io.IOException; + /** * SSO Service Provider State Manager. * @@ -28,7 +31,7 @@ package org.apache.cxf.rs.security.saml. * needs to be run in its own war file instead of having every application * war on the SP side have a dedicated RequestAssertionConsumerService endpoint */ -public interface SPStateManager { +public interface SPStateManager extends Closeable { void setRequestState(String relayState, RequestState state); RequestState removeRequestState(String relayState); @@ -37,5 +40,5 @@ public interface SPStateManager { ResponseState getResponseState(String contextKey); ResponseState removeResponseState(String contextKey); - void close(); + void close() throws IOException; }