cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1398122 - in /cxf/fediz/trunk: examples/simpleWebapp/src/main/config/ examples/wsclientWebapp/webapp/src/main/config/ plugins/core/src/main/java/org/apache/cxf/fediz/core/ plugins/core/src/main/java/org/apache/cxf/fediz/core/config/ plugin...
Date Sun, 14 Oct 2012 20:00:00 GMT
Author: owulff
Date: Sun Oct 14 19:59:59 2012
New Revision: 1398122

URL: http://svn.apache.org/viewvc?rev=1398122&view=rev
Log:
[FEDIZ-30] Relying Party can enforce re-authentication using wfresh parameter

Modified:
    cxf/fediz/trunk/examples/simpleWebapp/src/main/config/fediz_config.xml
    cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/config/fediz_config.xml
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
    cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java

Modified: cxf/fediz/trunk/examples/simpleWebapp/src/main/config/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/simpleWebapp/src/main/config/fediz_config.xml?rev=1398122&r1=1398121&r2=1398122&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/simpleWebapp/src/main/config/fediz_config.xml (original)
+++ cxf/fediz/trunk/examples/simpleWebapp/src/main/config/fediz_config.xml Sun Oct 14 19:59:59
2012
@@ -26,7 +26,7 @@
 			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
 			<!--<authenticationType type="String">some auth type</authenticationType>-->
 			<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
-			<freshness>10000</freshness>
+			<!--<freshness>0</freshness>-->
 			<!--<reply>reply value</reply>-->
 			<!--<request>REQUEST</request>-->
 			<claimTypesRequested>

Modified: cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/config/fediz_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/config/fediz_config.xml?rev=1398122&r1=1398121&r2=1398122&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/config/fediz_config.xml (original)
+++ cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/config/fediz_config.xml Sun Oct
14 19:59:59 2012
@@ -26,7 +26,7 @@
 			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
 			<!--<authenticationType type="String">some auth type</authenticationType>-->
 			<!--<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm</homeRealm>-->
-			<freshness>10000</freshness>
+			<!--<freshness>0</freshness>-->
 			<!--<reply>reply value</reply>-->
 			<!--<request>REQUEST</request>-->
 			<claimTypesRequested>

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1398122&r1=1398121&r2=1398122&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
Sun Oct 14 19:59:59 2012
@@ -39,6 +39,7 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
 import org.apache.cxf.fediz.core.metadata.MetadataWriter;
+import org.apache.cxf.fediz.core.spi.FreshnessCallback;
 import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
 import org.apache.cxf.fediz.core.spi.IDPCallback;
 import org.apache.cxf.fediz.core.spi.WAuthCallback;
@@ -65,6 +66,11 @@ public class FederationProcessorImpl imp
     public FederationResponse processRequest(FederationRequest request,
                                              FederationContext config)
         throws ProcessingException {
+        
+        if (!(config.getProtocol() instanceof FederationProtocol)) {
+            LOG.error("Unsupported protocol");
+            throw new IllegalStateException("Unsupported protocol");
+        }
         FederationResponse response = null;
         if (FederationConstants.ACTION_SIGNIN.equals(request.getWa())) {
             response = this.processSignInRequest(request, config);
@@ -263,6 +269,11 @@ public class FederationProcessorImpl imp
 
         String redirectURL = null;
         try {
+            if (!(config.getProtocol() instanceof FederationProtocol)) {
+                LOG.error("Unsupported protocol");
+                throw new IllegalStateException("Unsupported protocol");
+            }
+            
             Object issuerObj = ((FederationProtocol)config.getProtocol()).getIssuer();
             String issuerURL = null;
             if (issuerObj instanceof String) {
@@ -306,24 +317,27 @@ public class FederationProcessorImpl imp
             }
             LOG.info("HomeRealm: " + homeRealm);
             
+            Object freshnessObj = ((FederationProtocol)config.getProtocol()).getFreshness();
+            String freshness = null;
+            if (freshnessObj != null) {
+                if (freshnessObj instanceof String) {
+                    freshness = (String)freshnessObj;
+                } else if (freshnessObj instanceof CallbackHandler) {
+                    CallbackHandler frCB = (CallbackHandler)freshnessObj;
+                    FreshnessCallback callback = new FreshnessCallback(request);
+                    frCB.handle(new Callback[] {callback});
+                    freshness = callback.getFreshness();
+                }
+            }
+            LOG.info("Freshness: " + freshness);
+             
             StringBuilder sb = new StringBuilder();
-
             sb.append(FederationConstants.PARAM_ACTION).append('=').append(FederationConstants.ACTION_SIGNIN);
-
             sb.append('&').append(FederationConstants.PARAM_REPLY).append('=');
             sb.append(URLEncoder.encode(request.getRequestURL().toString(), "UTF-8"));
 
-            String realm = null;
-            FederationProtocol fp = null;
-            if (config.getProtocol() instanceof FederationProtocol) {
-                fp = (FederationProtocol)config.getProtocol();
-            } else {
-                LOG.error("Unsupported protocol");
-                throw new IllegalStateException("Unsupported protocol");
-            }
-            if (fp.getRealm() != null) {
-                realm = fp.getRealm();
-            } else {
+            String realm = ((FederationProtocol)config.getProtocol()).getRealm();
+            if (realm == null) {
                 String contextPath = request.getContextPath();
                 String requestUrl = request.getRequestURL().toString();
                 String requestPath = new URL(requestUrl).getPath();
@@ -358,6 +372,12 @@ public class FederationProcessorImpl imp
                     .append(URLEncoder.encode(homeRealm, "UTF-8"));
             }
             
+            // add freshness parameter wfresh if set
+            if (freshness != null && freshness.length() > 0) {
+                sb.append('&').append(FederationConstants.PARAM_FRESHNESS).append('=')
+                    .append(URLEncoder.encode(freshness, "UTF-8"));
+            }
+            
             // add current time parameter wct
             Date creationTime = new Date();
             XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java?rev=1398122&r1=1398121&r2=1398122&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
Sun Oct 14 19:59:59 2012
@@ -42,6 +42,7 @@ public class FederationProtocol extends 
     private Object authenticationType;
     private Object issuer;
     private Object homeRealm;
+    private Object freshness;
     private List<TokenValidator> validators = new ArrayList<TokenValidator>();
     
     public FederationProtocol(ProtocolType protocolType) {
@@ -228,12 +229,41 @@ public class FederationProtocol extends 
         }
     }
     
-    public String getFreshness() {
-        return getFederationProtocol().getFreshness();
+    public Object getFreshness() {
+        if (this.freshness != null) {
+            return this.freshness;
+        }
+        CallbackType cbt = getFederationProtocol().getFreshness();
+        if (cbt == null) {
+            return null;
+        }
+        if (cbt.getType() == null || cbt.getType().equals(ArgumentType.STRING)) {
+            this.freshness = new String(cbt.getValue());
+        } else if (cbt.getType().equals(ArgumentType.CLASS)) {
+            try {
+                this.freshness =
+                    Thread.currentThread().getContextClassLoader().loadClass(cbt.getValue()).newInstance();
+            } catch (Exception e) {
+                LOG.error("Failed to create instance of " + cbt.getValue(), e);
+                throw new IllegalStateException("Failed to create instance of " + cbt.getValue());
+            }            
+        } else {
+            LOG.error("Only String and Class are supported for 'Freshness'");
+            throw new IllegalStateException("Only String and Class are supported for 'Freshness'");
+        }
+        return this.freshness;
     }
 
-    public void setFreshness(String value) {
-        getFederationProtocol().setFreshness(value);
+    public void setFreshness(Object value) {
+        final boolean isString = value instanceof String;
+        final boolean isCallbackHandler = value instanceof CallbackHandler;
+        if (isString || isCallbackHandler) {
+            this.freshness = value;
+        } else {
+            LOG.error("Unsupported 'Freshness' object");
+            throw new IllegalArgumentException("Unsupported 'Freshness' object. Type must
be "
+                                               + "java.lang.String or javax.security.auth.callback.CallbackHandler.");
+        }
     }
 
     public String getReply() {

Modified: cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1398122&r1=1398121&r2=1398122&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd (original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Sun Oct 14 19:59:59
2012
@@ -107,7 +107,7 @@
 	<xs:element name="realm" type="xs:string" />
 	<xs:element name="applicationServiceURL" type="xs:string" />
 	
-	<xs:element name="freshness" type="xs:string" />
+	
 
 	<xs:complexType name="protocolType" abstract="true" />
  
@@ -122,6 +122,7 @@
 	<xs:element name="issuer" type="CallbackType" />
 	<xs:element name="homeRealm" type="CallbackType" />
 	<xs:element name="authenticationType" type="CallbackType" />
+	<xs:element name="freshness" type="CallbackType" />
 
 	<xs:simpleType name="argumentType">
 		<xs:restriction base="xs:string">

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java?rev=1398122&r1=1398121&r2=1398122&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
Sun Oct 14 19:59:59 2012
@@ -118,8 +118,11 @@ public class CallbackHandlerTest {
         claimType.setType(CLAIM_TYPE);
         claimTypeReq.getClaimType().add(claimType);
         protocol.setClaimTypesRequested(claimTypeReq);
-
-        protocol.setFreshness(FRESHNESS_VALUE);
+        
+        CallbackType freshness = new CallbackType();
+        freshness.setValue(FRESHNESS_VALUE);
+        protocol.setFreshness(freshness);
+        
         protocol.setRealm(TARGET_REALM);
         protocol.setReply(REPLY);
         protocol.setRequest("REQUEST");

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java?rev=1398122&r1=1398121&r2=1398122&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
Sun Oct 14 19:59:59 2012
@@ -180,7 +180,9 @@ public class FedizConfigurationTest {
 
         protocol.setClaimTypesRequested(claimTypeReq);
 
-        protocol.setFreshness(FRESHNESS_VALUE);
+        CallbackType freshness = new CallbackType();
+        freshness.setValue(FRESHNESS_VALUE);
+        protocol.setFreshness(freshness);
 
         CallbackType homeRealm = new CallbackType();
         homeRealm.setType(ArgumentType.CLASS);

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java?rev=1398122&r1=1398121&r2=1398122&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Sun Oct 14 19:59:59 2012
@@ -158,7 +158,9 @@ public class FedizConfigurationWriterTes
 
         protocol.setClaimTypesRequested(claimTypeReq);
 
-        protocol.setFreshness(FRESHNESS_VALUE);
+        CallbackType freshness = new CallbackType();
+        freshness.setValue(FRESHNESS_VALUE);
+        protocol.setFreshness(freshness);
 
         CallbackType homeRealm = new CallbackType();
         homeRealm.setType(ArgumentType.CLASS);

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java?rev=1398122&r1=1398121&r2=1398122&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
(original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
Sun Oct 14 19:59:59 2012
@@ -61,6 +61,8 @@ public class IdpServlet extends HttpServ
     public static final String PARAM_WRESULT = "wresult";
 
     public static final String PARAM_WCONTEXT = "wctx";
+    
+    public static final String PARAM_WFRESH = "wfresh";
 
     public static final String AUTH_HEADER_NAME = "WWW-Authenticate";
 
@@ -139,6 +141,7 @@ public class IdpServlet extends HttpServ
         String wtrealm = request.getParameter(PARAM_WTREALM);
         String wctx = request.getParameter(PARAM_WCONTEXT);
         String wreply = request.getParameter(PARAM_WREPLY);
+        String wfresh = request.getParameter(PARAM_WFRESH);
 
         if (action == null) {
             LOG.error("Bad request. HTTP parameter '" + PARAM_ACTION
@@ -173,6 +176,9 @@ public class IdpServlet extends HttpServ
                     if (idpToken.isExpired()) {
                         LOG.info("IDP token of '" + user + "' expired. Require authentication.");
                         authenticationRequired = idpToken.isExpired();
+                    } else if (wfresh != null && wfresh.equals("0")) {
+                        LOG.info("IDP token of '" + user + "' valid but relying party requested
new authentication");
+                        authenticationRequired = true;
                     } else {
                         LOG.debug("Session found for '" + user + "'.");
                     }
@@ -193,6 +199,7 @@ public class IdpServlet extends HttpServ
                     StringBuilder value = new StringBuilder(16);
                     value.append("Basic realm=\"IDP\"");
                     response.setHeader(AUTH_HEADER_NAME, value.toString());
+                    response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate,
private");
                     response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                     return;
                 } else {
@@ -274,6 +281,7 @@ public class IdpServlet extends HttpServ
             }
 
             LOG.debug("Forward to jsp...");
+            response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, private");
             this.getServletContext().getRequestDispatcher("/WEB-INF/signinresponse.jsp")
                 .forward(request, response);
             



Mime
View raw message