Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C1333E74F for ; Sat, 22 Dec 2012 21:37:43 +0000 (UTC) Received: (qmail 70932 invoked by uid 500); 22 Dec 2012 21:37:43 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 70759 invoked by uid 500); 22 Dec 2012 21:37:43 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 70748 invoked by uid 99); 22 Dec 2012 21:37:42 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 22 Dec 2012 21:37:42 +0000 X-ASF-Spam-Status: No, hits=-1999.6 required=5.0 tests=ALL_TRUSTED,FILL_THIS_FORM_FRAUD_PHISH,T_FILL_THIS_FORM_SHORT X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 22 Dec 2012 21:37:39 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 24F9523888EA; Sat, 22 Dec 2012 21:37:19 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1425349 [1/3] - in /cxf/fediz/trunk: ./ plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/ plugins/jetty/src/test/resources/ systests/ systests/idp/ systests/idp/src/ systests/idp/src/main/ systests/idp/src/main/java/ systests/idp/src... Date: Sat, 22 Dec 2012 21:37:16 -0000 To: commits@cxf.apache.org From: owulff@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121222213719.24F9523888EA@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: owulff Date: Sat Dec 22 21:37:14 2012 New Revision: 1425349 URL: http://svn.apache.org/viewvc?rev=1425349&view=rev Log: [FEDIZ-37] Dynamically assign ports for unit testing to avoid port conflict Added: cxf/fediz/trunk/systests/ cxf/fediz/trunk/systests/idp/ cxf/fediz/trunk/systests/idp/pom.xml cxf/fediz/trunk/systests/idp/src/ cxf/fediz/trunk/systests/idp/src/main/ cxf/fediz/trunk/systests/idp/src/main/java/ cxf/fediz/trunk/systests/idp/src/main/java/org/ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java cxf/fediz/trunk/systests/idp/src/main/resources/ cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties cxf/fediz/trunk/systests/idp/src/main/resources/logging.properties cxf/fediz/trunk/systests/idp/src/main/resources/test.txt cxf/fediz/trunk/systests/idp/src/main/webapp/ cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/ cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/RPClaims.xml cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/applicationContext.xml cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/signinform.jsp cxf/fediz/trunk/systests/idp/src/main/webapp/WEB-INF/web.xml cxf/fediz/trunk/systests/idp/src/main/webapp/index.html cxf/fediz/trunk/systests/pom.xml cxf/fediz/trunk/systests/simpleWebapp/ cxf/fediz/trunk/systests/simpleWebapp/pom.xml cxf/fediz/trunk/systests/simpleWebapp/src/ cxf/fediz/trunk/systests/simpleWebapp/src/main/ cxf/fediz/trunk/systests/simpleWebapp/src/main/java/ cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/ cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/ cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/ cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/ cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/ cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationFilter.java cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java cxf/fediz/trunk/systests/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/SecurityTokenThreadLocal.java cxf/fediz/trunk/systests/simpleWebapp/src/main/resources/ cxf/fediz/trunk/systests/simpleWebapp/src/main/resources/log4j.properties cxf/fediz/trunk/systests/simpleWebapp/src/main/resources/logging.properties cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/ cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/META-INF/ cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/META-INF/context.xml cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/WEB-INF/ cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/WEB-INF/web.xml cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/index.html cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/secure/ cxf/fediz/trunk/systests/simpleWebapp/src/main/webapp/secure/test.html cxf/fediz/trunk/systests/sts/ cxf/fediz/trunk/systests/sts/pom.xml cxf/fediz/trunk/systests/sts/src/ cxf/fediz/trunk/systests/sts/src/main/ cxf/fediz/trunk/systests/sts/src/main/java/ cxf/fediz/trunk/systests/sts/src/main/java/org/ cxf/fediz/trunk/systests/sts/src/main/java/org/apache/ cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/ cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/ cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/ cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/sts/ cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java cxf/fediz/trunk/systests/sts/src/main/java/org/apache/cxf/fediz/service/sts/UsernamePasswordCallbackHandler.java cxf/fediz/trunk/systests/sts/src/main/resources/ cxf/fediz/trunk/systests/sts/src/main/resources/log4j.properties cxf/fediz/trunk/systests/sts/src/main/resources/logging.properties cxf/fediz/trunk/systests/sts/src/main/resources/stsKeystore.properties cxf/fediz/trunk/systests/sts/src/main/resources/stsstore.jks cxf/fediz/trunk/systests/sts/src/main/webapp/ cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/ cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-encrypted-ut.xml cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-servlet.xml cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-transport.xml cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-ut.xml cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/cxf-x509.xml cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/passwords.xml cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/userClaims.xml cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/web.xml cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/wsdl/ cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl cxf/fediz/trunk/systests/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4.wsdl cxf/fediz/trunk/systests/tests/ cxf/fediz/trunk/systests/tests/pom.xml cxf/fediz/trunk/systests/tests/src/ cxf/fediz/trunk/systests/tests/src/test/ cxf/fediz/trunk/systests/tests/src/test/java/ cxf/fediz/trunk/systests/tests/src/test/java/org/ cxf/fediz/trunk/systests/tests/src/test/java/org/apache/ cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/ cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/ cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/JettyTest.java - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java cxf/fediz/trunk/systests/tests/src/test/resources/ cxf/fediz/trunk/systests/tests/src/test/resources/fediz_config.xml - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml cxf/fediz/trunk/systests/tests/src/test/resources/jetty/ cxf/fediz/trunk/systests/tests/src/test/resources/jetty/idp-server.xml - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/idpserver.xml cxf/fediz/trunk/systests/tests/src/test/resources/jetty/rp-server.xml - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml cxf/fediz/trunk/systests/tests/src/test/resources/server.jks - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks cxf/fediz/trunk/systests/tests/src/test/resources/stsstore.jks - copied, changed from r1425109, cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks Removed: cxf/fediz/trunk/plugins/jetty/src/test/java/org/apache/cxf/fediz/jetty/BrowserTest.java cxf/fediz/trunk/plugins/jetty/src/test/resources/fediz_config.xml cxf/fediz/trunk/plugins/jetty/src/test/resources/fedizhelloworld.war cxf/fediz/trunk/plugins/jetty/src/test/resources/fedserver.xml cxf/fediz/trunk/plugins/jetty/src/test/resources/idpserver.xml cxf/fediz/trunk/plugins/jetty/src/test/resources/stsstore.jks cxf/fediz/trunk/plugins/jetty/src/test/resources/tomcat-idp.jks Modified: cxf/fediz/trunk/pom.xml Modified: cxf/fediz/trunk/pom.xml URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1425349&r1=1425348&r2=1425349&view=diff ============================================================================== --- cxf/fediz/trunk/pom.xml (original) +++ cxf/fediz/trunk/pom.xml Sat Dec 22 21:37:14 2012 @@ -208,6 +208,7 @@ services plugins + systests examples apache-fediz @@ -601,6 +602,11 @@ --> + + org.apache.maven.plugins + maven-war-plugin + 2.3 + Added: cxf/fediz/trunk/systests/idp/pom.xml URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/pom.xml?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/pom.xml (added) +++ cxf/fediz/trunk/systests/idp/pom.xml Sat Dec 22 21:37:14 2012 @@ -0,0 +1,118 @@ + + + + + 4.0.0 + + org.apache.cxf.fediz + systests + 1.1.0-SNAPSHOT + + org.apache.cxf.fediz.systests + systests-fediz-idp + Apache Fediz Systests IDP + war + + + + + + + + UTF-8 + + + + + + javax.servlet + servlet-api + 2.5 + provided + + + org.springframework + spring-web + ${spring.version} + + + org.slf4j + slf4j-api + ${slf4j.version} + + + org.slf4j + slf4j-jdk14 + ${slf4j.version} + + + org.apache.cxf + cxf-rt-ws-security + ${cxf.version} + + + org.apache.cxf + cxf-rt-transports-http + ${cxf.version} + + + org.apache.cxf + cxf-rt-ws-policy + ${cxf.version} + + + org.apache.commons + commons-lang3 + 3.0.1 + + + + + + + org.apache.maven.plugins + maven-war-plugin + + + + src/main/webapp + true + + **/web.xml + **/applicationContext.xml + + + + src/main/webapp + false + + **/web.xml + **/applicationContext.xml + + + + + + + + fedizidp + + + Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AbstractAuthFilter.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,183 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +public abstract class AbstractAuthFilter implements Filter { + + public static final String PRE_STATE = "pre-state"; + public static final String NEXT_STATE = "next-state"; + public static final String PROCESSING_STATE = "processing-state"; + + //@SuppressWarnings("PMD") + //protected static Logger LOG; + private static final Logger LOG = LoggerFactory.getLogger(AbstractAuthFilter.class); + + // String used because of custom states, state set during processing time are stored in AuthContext + private String preState; + private String nextState; + + enum ProcessingState { + CONTINUE, + SEND_RESPONSE + } + + public void setNextState(String state, AuthContext context) { + context.put(NEXT_STATE, state); + } + + public String getNextState(AuthContext context, boolean remove) { + String updatedNextState = (String)context.get(NEXT_STATE); + if (updatedNextState != null) { + if (LOG.isDebugEnabled()) { + LOG.debug("next-state [" + updatedNextState + "] overwritten by filter"); + } + if (remove) { + context.remove(NEXT_STATE); + } + return updatedNextState; + } else { + return nextState; + } + } + + public String getNextState(AuthContext context) { + return getNextState(context, false); + } + + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + preState = filterConfig.getInitParameter(PRE_STATE); + if (LOG.isDebugEnabled()) { + if (preState == null) { + LOG.debug("Parameter '" + PRE_STATE + "' not defined"); + } else { + LOG.debug("Parameter '" + PRE_STATE + "' set to [" + preState + "]"); + } + } + + nextState = filterConfig.getInitParameter(NEXT_STATE); + if (LOG.isDebugEnabled()) { + if (nextState == null) { + LOG.debug("Parameter '" + NEXT_STATE + "' not defined"); + } else { + LOG.debug("Parameter '" + NEXT_STATE + "' set to [" + nextState + "]"); + } + } + + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws IOException, ServletException { + + HttpServletRequest hrequest = null; + if (request instanceof HttpServletRequest) { + hrequest = (HttpServletRequest)request; + } else { + throw new IllegalStateException("ServletRequest not of type HttpServletRequest"); + } + HttpSession session = (HttpSession)hrequest.getSession(true); + AuthContext context = new AuthContext(session, hrequest); + + String currentState = null; + if (context.get(AuthContext.CURRENT_STATE) == null) { + currentState = States.NOT_AUTHENTICATED.toString(); + context.put(AuthContext.CURRENT_STATE, currentState); + LOG.info("No state defined. Defaulting to [" + States.NOT_AUTHENTICATED.toString() + "]"); + } else { + currentState = (String)context.get(AuthContext.CURRENT_STATE); + LOG.info("Current state: " + currentState); + } + if (preState == null) { + LOG.info("No pre-state defined. State condition ignored"); + //throw new IllegalStateException("No pre-state defined"); + } + if (preState == null || preState.equals(currentState)) { + if (preState == null) { + LOG.info("No pre-state defined. State condition ignored"); + } else { + LOG.info("State condition met for " + this.getClass().getName()); + } + try { + this.process(hrequest, (HttpServletResponse)response, context); + String resolvedNextState = getNextState(context, true); + if (resolvedNextState != null) { + context.put(AuthContext.CURRENT_STATE, resolvedNextState); + LOG.info("State changed to [" + resolvedNextState + "]"); + } else { + LOG.info("State remains at [" + currentState + "]"); + } + } catch (ProcessingException ex) { + LOG.info("ProcessingException occured. Sending repsonse."); + //response message prepared by underlying filter, error code + return; + } + } else { + LOG.debug("State condition not met for " + this.getClass().getName() + ". Ignored."); + } + if (context.get(PROCESSING_STATE) == null + || ProcessingState.CONTINUE.equals((ProcessingState)context.get(PROCESSING_STATE))) { + chain.doFilter(request, response); + } else { + LOG.info("Processing aborted. Invalidate session. Sending response."); + //session.invalidate(); //why??? + //context.remove(PROCESSING_STATE); //why??? + } + + if (hrequest.getSession(false) != null) { + context.put(AuthContext.CURRENT_STATE, context.get(AuthContext.CURRENT_STATE), true); + + if (context.get(AuthContext.INVALIDATE_SESSION) != null + && Boolean.TRUE.equals((Boolean)context.get(AuthContext.INVALIDATE_SESSION))) { + context.remove(AuthContext.INVALIDATE_SESSION); + session.invalidate(); + LOG.info("Session invalidated"); + } + } + + + } + + @Override + public void destroy() { + + } + + public abstract void process(HttpServletRequest request, HttpServletResponse response, AuthContext context) + throws IOException, ServletException, ProcessingException; + + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthContext.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,132 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.util.Collection; +import java.util.Map; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +public class AuthContext implements Map { + + public static final String CURRENT_STATE = "current-state"; + public static final String INVALIDATE_SESSION = "invalidate-session"; + public static final String IDP_PRINCIPAL = "IDP_PRINCIPAL"; + public static final String AUTH_USERNAME = "auth-username"; + public static final String AUTH_PASSWORD = "auth-password"; + + + private HttpSession session; + private HttpServletRequest request; + + public AuthContext(HttpSession session, HttpServletRequest request) { + this.session = session; + this.request = request; + } + + @Override + public int size() { + throw new UnsupportedOperationException("method 'size' not supported"); + } + + @Override + public boolean isEmpty() { + throw new UnsupportedOperationException("method 'isEmpty' not supported"); + } + + @Override + public boolean containsKey(Object key) { + throw new UnsupportedOperationException("method 'containsKey' not supported"); + } + + @Override + public boolean containsValue(Object value) { + throw new UnsupportedOperationException("method 'containsValue' not supported"); + } + + @Override + public Object get(Object key) { + Object value = request.getAttribute((String)key); + if (value != null) { + return value; + } + value = session.getAttribute((String)key); + return value; + } + + @Override + public Object put(String key, Object value) { + Object oldValue = request.getAttribute((String)key); + request.setAttribute(key, value); + return oldValue; + } + + public Object put(String key, Object value, boolean storeInSession) { + Object oldValue = null; + if (storeInSession) { + oldValue = session.getAttribute((String)key); + session.setAttribute(key, value); + } else { + oldValue = request.getAttribute((String)key); + request.setAttribute(key, value); + } + return oldValue; + } + + @Override + public Object remove(Object key) { + Object value = request.getAttribute((String)key); + if (value != null) { + request.removeAttribute((String)key); + } + value = session.getAttribute((String)key); + if (value != null) { + session.removeAttribute((String)key); + } + return value; + } + + @Override + public void putAll(Map m) { + throw new UnsupportedOperationException("method 'putAll' not supported"); + } + + @Override + public void clear() { + throw new UnsupportedOperationException("method 'clear' not supported"); + } + + @Override + public Set keySet() { + throw new UnsupportedOperationException("method 'keySet' not supported"); + } + + @Override + public Collection values() { + throw new UnsupportedOperationException("method 'values' not supported"); + } + + @Override + public Set> entrySet() { + throw new UnsupportedOperationException("method 'entrySet' not supported"); + } + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/AuthenticationFilter.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,50 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class AuthenticationFilter extends AbstractAuthFilter { + + private static final Logger LOG = LoggerFactory.getLogger(AuthenticationFilter.class); +// static { +// LOG = LoggerFactory.getLogger(AuthenticationFilter.class); +// } + + @Override + public void process(HttpServletRequest request, + HttpServletResponse response, AuthContext context) + throws IOException, ServletException, ProcessingException { + + //Only Username/password authentication supported + //otherwise parse wauth parameter + if (context.get(FederationFilter.PARAM_WAUTH) != null) { + LOG.warn("Parameter 'wauth' ignored"); + } + this.setNextState(States.USERNAME_PASSWORD_REQUIRED.toString(), context); + } + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/BasicAuthenticationFilter.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,100 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.IOException; +import java.util.StringTokenizer; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.cxf.common.util.Base64Utility; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class BasicAuthenticationFilter extends AbstractAuthFilter { + + public static final String AUTH_HEADER_NAME = "WWW-Authenticate"; + + private static final Logger LOG = LoggerFactory.getLogger(BasicAuthenticationFilter.class); + +// static { +// LOG = LoggerFactory.getLogger(BasicAuthenticationFilter.class); +// } + + @Override + public void process(HttpServletRequest request, + HttpServletResponse response, AuthContext context) + throws IOException, ServletException { + + String auth = request.getHeader("Authorization"); + LOG.debug("Authorization header: " + auth); + + if (auth == null) { + // request authentication from browser + StringBuilder value = new StringBuilder(16); + value.append("Basic realm=\"IDP\""); + response.setHeader(AUTH_HEADER_NAME, value.toString()); + response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, private"); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED); + this.setNextState(States.USERNAME_PASSWORD_REQUIRED.toString(), context); + // signal to send response to client or throw exception + // SEND_RESPONSE, CONTINUE + context.put(AbstractAuthFilter.PROCESSING_STATE, AbstractAuthFilter.ProcessingState.SEND_RESPONSE); + return; + + } else { + String username = null; + String password = null; + + try { + StringTokenizer st = new StringTokenizer(auth, " "); + String authType = st.nextToken(); + String encoded = st.nextToken(); + + if (!authType.equalsIgnoreCase("basic")) { + response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid Authorization header"); + return; + } + + String decoded = new String( + Base64Utility.decode(encoded)); + + int colon = decoded.indexOf(':'); + if (colon < 0) { + username = decoded; + } else { + username = decoded.substring(0, colon); + password = decoded.substring(colon + 1, + decoded.length()); + } + context.put(AuthContext.AUTH_USERNAME, username); + context.put(AuthContext.AUTH_PASSWORD, password); + + } catch (Exception ex) { + LOG.error("Invalid Authorization header", ex); + response.sendError(HttpServletResponse.SC_BAD_REQUEST, + "Invalid Authorization header"); + throw new ProcessingException("Invalid Authorization header"); + } + } + } + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationFilter.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,153 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.IOException; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class FederationFilter extends AbstractAuthFilter { + + public static final String PARAM_ACTION = "wa"; + + public static final String ACTION_SIGNIN = "wsignin1.0"; + + public static final String ACTION_SIGNOUT = "wsignout1.0"; + + public static final String ACTION_SIGNOUT_CLEANUP = "wsignoutcleanup1.0"; + + public static final String PARAM_WTREALM = "wtrealm"; + + public static final String PARAM_WREPLY = "wreply"; + + public static final String PARAM_WRESULT = "wresult"; + + public static final String PARAM_WCONTEXT = "wctx"; + + public static final String PARAM_WFRESH = "wfresh"; + + public static final String PARAM_WAUTH = "wauth"; + + public static final String PARAM_SESSION_TOKEN = "session.token"; + + private static final Logger LOG = LoggerFactory.getLogger(FederationFilter.class); + + + private String sessionToken; +// static { +// LOG = LoggerFactory.getLogger(FederationFilter.class); +// } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); + + sessionToken = filterConfig.getInitParameter(PARAM_SESSION_TOKEN); + if (sessionToken != null && sessionToken.length() > 0) { + LOG.info("Configured Session token: " + sessionToken); + } + } + + @Override + public void process(HttpServletRequest request, + HttpServletResponse response, AuthContext context) + throws IOException, ServletException, ProcessingException { + + + String action = request.getParameter(PARAM_ACTION); + String wtrealm = request.getParameter(PARAM_WTREALM); + String wctx = request.getParameter(PARAM_WCONTEXT); + String wreply = request.getParameter(PARAM_WREPLY); + String wfresh = request.getParameter(PARAM_WFRESH); + String wauth = request.getParameter(PARAM_WAUTH); + + if (action == null) { + //[TODO] should not fail because other filter might be relevant + //Initial session state (AUTHENTICATED) ignored, but STSClientFilter requires SECURITY_TOKEN_REQUIRED + LOG.info("Not a WS-Federation request"); + return; + /* LOG.error("Bad request. HTTP parameter '" + PARAM_ACTION + + "' missing"); + response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter " + + PARAM_ACTION + " missing"); + throw new ProcessingException("Bad request. HTTP parameter '" + PARAM_ACTION + + "' missing"); + */ + } + if (action.equals(ACTION_SIGNIN)) { + LOG.debug("Sign-In request [" + PARAM_ACTION + "=" + ACTION_SIGNIN + + "] ..."); + + if (wtrealm == null || wtrealm.length() == 0) { + LOG.error("Bad request. HTTP parameter '" + ACTION_SIGNIN + + "' missing"); + response.sendError(HttpServletResponse.SC_BAD_REQUEST, + "Parameter " + ACTION_SIGNIN + " missing"); + throw new ProcessingException("Bad request. HTTP parameter '" + ACTION_SIGNIN + + "' missing"); + } + boolean authenticationRequired = false; + + context.put(PARAM_WCONTEXT, wctx); + context.put(PARAM_WTREALM, wtrealm); + context.put(PARAM_WREPLY, wreply); + context.put(PARAM_WAUTH, wauth); + context.put(PARAM_ACTION, action); + + + SecurityToken idpToken = null; + idpToken = (SecurityToken)context.get(sessionToken); + String user = (String)context.get(AuthContext.IDP_PRINCIPAL); + if (idpToken == null) { + LOG.debug("IDP token not found"); + authenticationRequired = true; + } else { + if (idpToken.isExpired()) { + LOG.info("IDP token of '" + user + "' expired. Require authentication."); + authenticationRequired = idpToken.isExpired(); + } else if (wfresh != null && wfresh.equals("0")) { + LOG.info("IDP token of '" + user + "' valid but relying party requested new authentication"); + authenticationRequired = true; + } else { + LOG.debug("Session found for '" + user + "'."); + //Add it to the request context + context.put(sessionToken, idpToken); + context.put(AuthContext.IDP_PRINCIPAL, user); + } + } + if (authenticationRequired) { + context.remove(sessionToken); + this.setNextState(States.AUTHENTICATION_REQUIRED.toString(), context); + } else { + this.setNextState(States.SECURITY_TOKEN_REQUIRED.toString(), context); + } + + } + } + + + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/FederationPostFilter.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,136 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class FederationPostFilter extends AbstractAuthFilter { + + private static final String PARAM_TOKEN_STORE_NAME = "token.store.name"; + + private static final Logger LOG = LoggerFactory.getLogger(FederationPostFilter.class); + +// static { +// LOG = LoggerFactory.getLogger(FederationPostFilter.class); +// } + + protected String tokenStoreName; + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); + + tokenStoreName = filterConfig.getInitParameter(PARAM_TOKEN_STORE_NAME); + if (tokenStoreName == null) { + throw new ServletException( + "Parameter '" + PARAM_TOKEN_STORE_NAME + "' not configured"); + } + } + + @Override + public void process(HttpServletRequest request, + HttpServletResponse response, AuthContext context) + throws IOException, ServletException, ProcessingException { + + if (context.get(FederationFilter.PARAM_ACTION) == null) { + LOG.info("Not a WS-Federation request"); + return; + } + + try { + Object obj = context.get(tokenStoreName); + if (!(obj instanceof String)) { + LOG.error("Token in '" + tokenStoreName + "' not of type String/RSTR"); + throw new IllegalStateException("Token in '" + tokenStoreName + "' not of type String/RSTR"); + } + request.setAttribute("fed." + FederationFilter.PARAM_WRESULT, + StringEscapeUtils.escapeXml((String)obj)); + String wctx = (String)context.get(FederationFilter.PARAM_WCONTEXT); + if (wctx != null) { + request.setAttribute("fed." + FederationFilter.PARAM_WCONTEXT, + StringEscapeUtils.escapeXml(wctx)); + } + String wreply = (String)context.get(FederationFilter.PARAM_WREPLY); + String wtrealm = (String)context.get(FederationFilter.PARAM_WTREALM); + if (wreply == null) { + request.setAttribute("fed.action", wtrealm); + } else { + request.setAttribute("fed.action", wreply); + } + + } catch (Exception ex) { + LOG.warn("Requesting security token failed", ex); + response.sendError(HttpServletResponse.SC_FORBIDDEN, + "Requesting security token failed"); + throw new ProcessingException("Requesting security token failed"); + } + + setResponseBody(request, response); + context.put(AbstractAuthFilter.PROCESSING_STATE, AbstractAuthFilter.ProcessingState.SEND_RESPONSE); + + } + + private void setResponseBody(HttpServletRequest request, HttpServletResponse response) { + + try { + response.setContentType("text/html"); + PrintWriter out = response.getWriter(); + + out.println(""); + out.println("IDP SignIn Response Form"); + out.println(""); + out.println("
"); + out.println(""); + out.println(""); + out.println(""); + out.println(""); + out.println("
"); + out.println(""); + out.println(""); + out.println(""); + + } catch (IOException ex) { + LOG.error("Failed to create SignInResponse message", ex); + try { + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + "Failed to create SignInResponse message"); + } catch (IOException e) { + LOG.error("Failed to write error reponse", e); + } + } + + } +} + Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/HttpFormAuthenticationFilter.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,93 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.IOException; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class HttpFormAuthenticationFilter extends AbstractAuthFilter { + + public static final String PARAM_TAG = "cxf.fediz.loginform.tag"; + public static final String PARAM_USERNAME = "cxf.fediz.loginform.username"; + public static final String PARAM_PASSWORD = "cxf.fediz.loginform.password"; + public static final String FORM_LOGIN_PAGE_URI_DEFAULT = "/WEB-INF/signinform.jsp"; + + private static final Logger LOG = LoggerFactory.getLogger(HttpFormAuthenticationFilter.class); + + private static final String PARAM_FORM_LOGIN_PAGE = "form.login.page"; + + protected String formLoginPage; + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); + formLoginPage = filterConfig.getInitParameter(PARAM_FORM_LOGIN_PAGE); + if (formLoginPage != null && formLoginPage.length() > 0) { + LOG.info("Configured form login page: " + formLoginPage); + } + } + + @Override + public void process(HttpServletRequest request, + HttpServletResponse response, AuthContext context) + throws IOException, ServletException { + + String tag = request.getParameter(PARAM_TAG); + + if (tag == null) { + // request authentication from user + response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, private"); + + if (formLoginPage != null && formLoginPage.length() > 0) { + request.getRequestDispatcher(formLoginPage) + .forward(request, response); + } else { + request.getRequestDispatcher(FORM_LOGIN_PAGE_URI_DEFAULT) + .forward(request, response); + } + + setNextState(States.USERNAME_PASSWORD_REQUIRED.toString(), context); + context.put(AbstractAuthFilter.PROCESSING_STATE, + AbstractAuthFilter.ProcessingState.SEND_RESPONSE); + return; + + } else { + String username = request.getParameter(PARAM_USERNAME); + String password = request.getParameter(PARAM_PASSWORD); + + try { + context.put(AuthContext.AUTH_USERNAME, username); + context.put(AuthContext.AUTH_PASSWORD, password); + } catch (Exception ex) { + LOG.error("Invalid Authorization header", ex); + response.sendError(HttpServletResponse.SC_BAD_REQUEST, + "Invalid http form format"); + throw new ProcessingException("Invalid http form format"); + } + } + } + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,193 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.StringWriter; +import java.security.cert.X509Certificate; + +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.w3c.dom.Element; + +import org.apache.cxf.Bus; +import org.apache.cxf.binding.soap.SoapBindingConstants; +import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.service.model.BindingOperationInfo; +import org.apache.cxf.staxutils.StaxUtils; +import org.apache.cxf.staxutils.W3CDOMStreamWriter; +import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.cxf.ws.security.trust.STSClient; +import org.apache.cxf.ws.security.trust.STSUtils; +import org.apache.ws.security.components.crypto.Crypto; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class IdpSTSClient extends STSClient { + + private static final Logger LOG = LoggerFactory.getLogger(IdpSTSClient.class); + + public IdpSTSClient(Bus b) { + super(b); + } + + public String requestSecurityTokenResponse() throws Exception { + return requestSecurityTokenResponse(null); + } + + public String requestSecurityTokenResponse(String appliesTo) throws Exception { + String action = null; + if (isSecureConv) { + action = namespace + "/RST/SCT"; + } + return requestSecurityTokenResponse(appliesTo, action, "/Issue", null); + } + + public String requestSecurityTokenResponse(String appliesTo, String action, + String requestType, SecurityToken target) throws Exception { + createClient(); + BindingOperationInfo boi = findOperation("/RST/Issue"); + + client.getRequestContext().putAll(ctx); + if (action != null) { + client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, + action); + } else { + client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, + namespace + "/RST/Issue"); + } + + W3CDOMStreamWriter writer = new W3CDOMStreamWriter(); + writer.writeStartElement("wst", "RequestSecurityToken", namespace); + writer.writeNamespace("wst", namespace); + if (context != null) { + writer.writeAttribute(null, "Context", context); + } + + boolean wroteKeySize = false; + String keyTypeTemplate = null; + String sptt = null; + + if (template != null) { + if (this.useSecondaryParameters()) { + writer.writeStartElement("wst", "SecondaryParameters", + namespace); + } + + Element tl = DOMUtils.getFirstElement(template); + while (tl != null) { + StaxUtils.copy(tl, writer); + if ("KeyType".equals(tl.getLocalName())) { + keyTypeTemplate = DOMUtils.getContent(tl); + } else if ("KeySize".equals(tl.getLocalName())) { + wroteKeySize = true; + keySize = Integer.parseInt(DOMUtils.getContent(tl)); + } else if ("TokenType".equals(tl.getLocalName())) { + sptt = DOMUtils.getContent(tl); + } + tl = DOMUtils.getNextElement(tl); + } + + if (this.useSecondaryParameters()) { + writer.writeEndElement(); + } + } + + addRequestType(requestType, writer); + if (enableAppliesTo) { + addAppliesTo(writer, appliesTo); + } + + addClaims(writer); + + Element onBehalfOfToken = getOnBehalfOfToken(); + if (onBehalfOfToken != null) { + writer.writeStartElement("wst", "OnBehalfOf", namespace); + StaxUtils.copy(onBehalfOfToken, writer); + writer.writeEndElement(); + } + if (sptt == null) { + addTokenType(writer); + } + if (isSecureConv || enableLifetime) { + addLifetime(writer); + } + if (keyTypeTemplate == null) { + keyTypeTemplate = writeKeyType(writer, keyType); + } + + byte[] requestorEntropy = null; + X509Certificate cert = null; + Crypto crypto = null; + + if (keySize <= 0) { + keySize = 256; + } + if (keyTypeTemplate != null && keyTypeTemplate.endsWith("SymmetricKey")) { + requestorEntropy = writeElementsForRSTSymmetricKey(writer, + wroteKeySize); + } else if (keyTypeTemplate != null + && keyTypeTemplate.endsWith("PublicKey")) { + crypto = createCrypto(false); + cert = getCert(crypto); + writeElementsForRSTPublicKey(writer, cert); + } + + if (target != null) { + writer.writeStartElement("wst", "RenewTarget", namespace); + Element el = target.getUnattachedReference(); + if (el == null) { + el = target.getAttachedReference(); + } + StaxUtils.copy(el, writer); + writer.writeEndElement(); + } + + Element actAsSecurityToken = getActAsToken(); + if (actAsSecurityToken != null) { + writer.writeStartElement(STSUtils.WST_NS_08_02, "ActAs"); + StaxUtils.copy(actAsSecurityToken, writer); + writer.writeEndElement(); + } + + writer.writeEndElement(); + + Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument() + .getDocumentElement())); + + DOMSource rstr = (DOMSource) obj[0]; + + StringWriter sw = new StringWriter(); + try { + Transformer t = TransformerFactory.newInstance().newTransformer(); + t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + t.transform(rstr, new StreamResult(sw)); + } catch (TransformerException te) { + LOG.warn("nodeToString Transformer Exception"); + } + return sw.toString(); + + } + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/LogoutFilter.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,91 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.IOException; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class LogoutFilter extends AbstractAuthFilter { + + public static final String PARAM_LOGOUT_URI = "logout.uri"; + + private static final Logger LOG = LoggerFactory.getLogger(LogoutFilter.class); + + private String logoutUri; + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); + + logoutUri = filterConfig.getInitParameter(PARAM_LOGOUT_URI); + if (logoutUri != null && logoutUri.length() > 0) { + LOG.info("Configured logout URI: " + logoutUri); + } + } + + @Override + public void process(HttpServletRequest request, + HttpServletResponse response, AuthContext context) + throws IOException, ServletException, ProcessingException { + + if (request.getParameter(this.logoutUri) != null) { + HttpSession session = request.getSession(false); + if (session == null) { + LOG.info("Logout ignored. No session available."); + return; + } + + LOG.info("Logout session for '" + context.get(AuthContext.IDP_PRINCIPAL) + "'"); + context.put(AuthContext.INVALIDATE_SESSION, Boolean.TRUE); + //Session invalidation occurs in AbstractAuthFilter due to session access for + //State management + //session.invalidate(); + this.setNextState(States.NOT_AUTHENTICATED.toString(), context); + context.put(AbstractAuthFilter.PROCESSING_STATE, AbstractAuthFilter.ProcessingState.SEND_RESPONSE); + } + + } + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/ProcessingException.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,43 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import javax.servlet.ServletException; + +public class ProcessingException extends ServletException { + + private static final long serialVersionUID = -7826089555569489534L; + + public ProcessingException() { + super(); + } + + public ProcessingException(String message, Throwable rootCause) { + super(message, rootCause); + } + + public ProcessingException(String message) { + super(message); + } + + public ProcessingException(Throwable rootCause) { + super(rootCause); + } + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSClientFilter.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,347 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.IOException; +import java.util.List; +import java.util.Map; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.namespace.QName; + +import org.w3c.dom.Element; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.staxutils.W3CDOMStreamWriter; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.cxf.ws.security.trust.STSUtils; +import org.apache.ws.security.WSConstants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.ApplicationContext; + + +public class STSClientFilter extends AbstractAuthFilter { + + private static final String PARAM_TOKENTYPE = "tokentype"; + + private static final String PARAM_STS_WSDL_ENDPOINT = "sts.wsdl.endpoint"; + + private static final String PARAM_STS_WSDL_SERVICE = "sts.wsdl.service"; + + private static final String PARAM_STS_WSDL_URL = "sts.wsdl.url"; + + private static final String PARAM_STS_APPLIES_TO = "sts.applies-to"; + + private static final String PARAM_STS_CLAIMS_REQUIRED = "sts.claims.required"; + + private static final String PARAM_STS_AUTH_TYPE = "sts.auth-type"; + + private static final String PARAM_TOKEN_STORE_NAME = "token.store.name"; + + //private static final String PARAM_TOKEN_STORE_SESSION = "token.store.session"; + + private static final String PARAM_RSTR_CONTENT_TYPE = "sts.rstr.content-type"; + + private static final String PARAM_STS_ONBEHALFOF_TOKEN_NAME = "sts.onbehalfof.token.name"; + + private static final Logger LOG = LoggerFactory.getLogger(STSClientFilter.class); + +// static { +// LOG = LoggerFactory.getLogger(STSClientFilter.class); +// } + + enum AuthenticationType { + USERNAME_PASSWORD, + NONE + } + + protected String tokenType; + protected String stsWsdlEndpoint; + protected String stsWsdlService; + protected String stsWsdlUrl; + + protected String authenticationType; //Send UsernameToken + protected boolean claimsRequired; // = false; // + protected String onBehalfOfTokenName; //idp-token + //protected boolean storeTokenInSession; // = false; + protected String tokenStoreName; + protected String appliesTo; // $wtrealm + protected String contentType; //token, rstr + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); + tokenType = filterConfig.getInitParameter(PARAM_TOKENTYPE); + if (tokenType != null && tokenType.length() > 0) { + LOG.info("Configured Tokentype: " + tokenType); + } + + stsWsdlUrl = filterConfig.getInitParameter(PARAM_STS_WSDL_URL); + if (stsWsdlUrl == null) { + throw new ServletException( + "Parameter '" + PARAM_STS_WSDL_URL + "' not configured"); + } + + stsWsdlService = filterConfig.getInitParameter(PARAM_STS_WSDL_SERVICE); + if (stsWsdlService == null) { + throw new ServletException( + "Parameter '" + PARAM_STS_WSDL_SERVICE + "' not configured"); + } + + stsWsdlEndpoint = filterConfig.getInitParameter(PARAM_STS_WSDL_ENDPOINT); + if (stsWsdlEndpoint == null) { + throw new ServletException( + "Parameter '" + PARAM_STS_WSDL_ENDPOINT + "' not configured"); + } + + appliesTo = filterConfig.getInitParameter(PARAM_STS_APPLIES_TO); + if (appliesTo == null) { + throw new ServletException( + "Parameter '" + PARAM_STS_APPLIES_TO + "' not configured"); + } + + tokenStoreName = filterConfig.getInitParameter(PARAM_TOKEN_STORE_NAME); + if (tokenStoreName == null) { + throw new ServletException( + "Parameter '" + PARAM_TOKEN_STORE_NAME + "' not configured"); + } + + onBehalfOfTokenName = filterConfig.getInitParameter(PARAM_STS_ONBEHALFOF_TOKEN_NAME); + + try { + String claimsParam = filterConfig.getInitParameter(PARAM_STS_CLAIMS_REQUIRED); + if (claimsParam != null) { + claimsRequired = Boolean.valueOf(claimsParam).booleanValue(); + } else { + claimsRequired = false; + } + } catch (Exception ex) { + LOG.error("Failed to parse parameter '" + PARAM_STS_CLAIMS_REQUIRED + "': " + ex.toString()); + throw new ServletException( + "Failed to parse parameter '" + PARAM_STS_CLAIMS_REQUIRED + "'"); + } + + /* + try { + String storeSession = filterConfig.getInitParameter(PARAM_TOKEN_STORE_SESSION); + if (storeSession != null) { + storeTokenInSession = Boolean.valueOf(storeSession).booleanValue(); + } else { + storeTokenInSession = false; + } + } catch (Exception ex) { + LOG.error("Failed to parse parameter '" + PARAM_TOKEN_STORE_SESSION + "': " + ex.toString()); + throw new ServletException( + "Failed to parse parameter '" + PARAM_TOKEN_STORE_SESSION + "'"); + } + */ + + authenticationType = filterConfig.getInitParameter(PARAM_STS_AUTH_TYPE); + if (authenticationType == null) { + throw new ServletException( + "Parameter '" + PARAM_STS_AUTH_TYPE + "' not configured"); + } + + contentType = filterConfig.getInitParameter(PARAM_RSTR_CONTENT_TYPE); + if (PARAM_RSTR_CONTENT_TYPE == null) { + throw new ServletException( + "Parameter '" + PARAM_RSTR_CONTENT_TYPE + "' not configured"); + } + + + + } + + @Override + public void process(HttpServletRequest request, + HttpServletResponse response, AuthContext context) + throws IOException, ServletException, ProcessingException { + + + String resolvedAppliesTo = null; + try { + + if (context.get(tokenStoreName) != null) { + LOG.info("Security token '" + tokenStoreName + "' already created."); + return; + } + + Bus bus = BusFactory.getDefaultBus(); + + IdpSTSClient sts = new IdpSTSClient(bus); + sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing"); + if (tokenType != null && tokenType.length() > 0) { + sts.setTokenType(tokenType); + } else { + sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); + } + sts.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer"); + + sts.setWsdlLocation(stsWsdlUrl); + sts.setServiceQName(new QName( + "http://docs.oasis-open.org/ws-sx/ws-trust/200512/", + stsWsdlService)); + sts.setEndpointQName(new QName( + "http://docs.oasis-open.org/ws-sx/ws-trust/200512/", + stsWsdlEndpoint)); + String username = null; + if (authenticationType.equals(AuthenticationType.USERNAME_PASSWORD.toString())) { + username = (String)context.get(AuthContext.AUTH_USERNAME); + String password = (String)context.get(AuthContext.AUTH_PASSWORD); + context.remove(AuthContext.AUTH_USERNAME); + context.remove(AuthContext.AUTH_PASSWORD); + sts.getProperties().put(SecurityConstants.USERNAME, username); + sts.getProperties().put(SecurityConstants.PASSWORD, password); + } + + + /* + if (getInitParameter(S_PARAM_TOKEN_INTERNAL_LIFETIME) != null) { + sts.setEnableLifetime(true); + int ttl = Integer.parseInt(getInitParameter(S_PARAM_TOKEN_INTERNAL_LIFETIME)); + sts.setTtl(ttl); + } + */ + + + if (appliesTo.startsWith("$")) { + resolvedAppliesTo = (String)context.get(appliesTo.substring(1)); + if (resolvedAppliesTo == null) { + LOG.error("Parameter '" + appliesTo.substring(1) + "' not found in context"); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + "Parameter '" + appliesTo.substring(1) + "' not found in context"); + throw new ProcessingException("Parameter '" + appliesTo.substring(1) + "' not found in context"); + } + } else { + resolvedAppliesTo = appliesTo; + } + + if (this.claimsRequired) { + List realmClaims = null; + ApplicationContext ctx = (ApplicationContext) bus + .getExtension(ApplicationContext.class); + try { + @SuppressWarnings("unchecked") + Map> realmClaimsMap = (Map>) ctx + .getBean("realm2ClaimsMap"); + realmClaims = realmClaimsMap.get(resolvedAppliesTo); + if (realmClaims != null && realmClaims.size() > 0 && LOG.isDebugEnabled()) { + LOG.debug("claims for realm " + resolvedAppliesTo); + for (String item : realmClaims) { + LOG.debug(" " + item); + } + } + Element claims = createClaimsElement(realmClaims); + if (claims != null) { + sts.setClaims(claims); + } + + } catch (Exception ex) { + LOG.error("Failed to read bean 'realm2ClaimsMap'", ex); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + "Failed to read bean 'realm2ClaimsMap'"); + throw new ProcessingException("Failed to read bean 'realm2ClaimsMap'"); + } + } + + if (this.onBehalfOfTokenName != null) { + SecurityToken token = (SecurityToken)context.get(onBehalfOfTokenName); + if (token == null) { + LOG.error("Token '" + onBehalfOfTokenName + "' not found"); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + "Token '" + onBehalfOfTokenName + "' not found"); + throw new ProcessingException("Token '" + onBehalfOfTokenName + "' not found"); + } + sts.setOnBehalfOf(token.getToken()); + } + + Object token = null; + if (contentType != null && contentType.equalsIgnoreCase("TOKEN")) { + token = sts.requestSecurityToken(resolvedAppliesTo); + } else if (contentType != null && contentType.equalsIgnoreCase("RSTR")) { + token = sts.requestSecurityTokenResponse(resolvedAppliesTo); + } else { + LOG.error("Unknown content type '" + contentType + "'"); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + "Unknown content type '" + contentType + "'"); + throw new ProcessingException("Unknown content type '" + contentType + "'"); + } + + //[TODO] SessionCacheFilter, use this filter instead of code here + /* not needed anymore due to SessionCacheFilter + if (this.storeTokenInSession) { + request.getSession().setAttribute(tokenStoreName, token); + LOG.info("Token '" + tokenStoreName + "' stored in session."); + } else { + context.put(tokenStoreName, token); + LOG.info("Token '" + tokenStoreName + "' stored in request."); + }*/ + context.put(tokenStoreName, token); + LOG.info("Token '" + tokenStoreName + "' stored in request."); + + if (username != null) { + context.put(AuthContext.IDP_PRINCIPAL, username); + } + + + } catch (Exception ex) { + LOG.info("Requesting security token for '" + resolvedAppliesTo + "' failed", ex); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + "Requesting security token for '" + resolvedAppliesTo + "'failed"); + throw new ProcessingException("Requesting security token for '" + resolvedAppliesTo + "' failed"); + } + + } + + private Element createClaimsElement(List realmClaims) + throws Exception { + if (realmClaims == null || realmClaims.size() == 0) { + return null; + } + + W3CDOMStreamWriter writer = new W3CDOMStreamWriter(); + writer.writeStartElement("wst", "Claims", STSUtils.WST_NS_05_12); + writer.writeNamespace("wst", STSUtils.WST_NS_05_12); + writer.writeNamespace("ic", + "http://schemas.xmlsoap.org/ws/2005/05/identity"); + writer.writeAttribute("Dialect", + "http://schemas.xmlsoap.org/ws/2005/05/identity"); + + if (realmClaims != null && realmClaims.size() > 0) { + for (String item : realmClaims) { + LOG.debug("claim: " + item); + writer.writeStartElement("ic", "ClaimType", + "http://schemas.xmlsoap.org/ws/2005/05/identity"); + writer.writeAttribute("Uri", item); + writer.writeEndElement(); + } + } + + writer.writeEndElement(); + + return writer.getDocument().getDocumentElement(); + } + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/SessionCacheFilter.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,89 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class SessionCacheFilter extends AbstractAuthFilter { + + private static final Logger LOG = LoggerFactory.getLogger(SessionCacheFilter.class); + + protected List cacheAttributes = new ArrayList(); + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); + + Enumeration enumParams = filterConfig.getInitParameterNames(); + while (enumParams.hasMoreElements()) { + String paramName = (String)enumParams.nextElement(); + String paramValue = filterConfig.getInitParameter(paramName); + if (paramValue != null && paramValue.length() > 0 + && paramName.startsWith("item")) { + cacheAttributes.add(filterConfig.getInitParameter(paramName)); + if (LOG.isDebugEnabled()) { + LOG.debug("Attribute '" + paramValue + "' configured to be stored in session."); + } + } else { + if (LOG.isDebugEnabled()) { + LOG.debug("Attribute '" + paramName + "' is ignored, null or empty."); + } + } + + } + + } + + @Override + public void process(HttpServletRequest request, + HttpServletResponse response, AuthContext context) + throws IOException, ServletException, ProcessingException { + + if (LOG.isDebugEnabled()) { + Enumeration e = request.getAttributeNames(); + StringBuffer sb = new StringBuffer(); + sb.append("Cachable attributes:").append(System.getProperty("line.separator")); + while (e.hasMoreElements()) { + sb.append((String)e.nextElement()).append(System.getProperty("line.separator")); + } + LOG.debug(sb.toString()); + } + + for (String item : cacheAttributes) { + Object value = request.getAttribute(item); + request.getSession().setAttribute(item, value); + if (LOG.isInfoEnabled()) { + LOG.info("Attribute '" + item + "' [" + value + "] stored in session"); + } + } + + } + +} Added: cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java (added) +++ cxf/fediz/trunk/systests/idp/src/main/java/org/apache/cxf/fediz/service/idp/States.java Sat Dec 22 21:37:14 2012 @@ -0,0 +1,29 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp; + +public enum States { + NOT_AUTHENTICATED, + AUTHENTICATION_REQUIRED, + LOGOUT_REQUIRED, + USERNAME_PASSWORD_REQUIRED, + SECURITY_TOKEN_REQUIRED, + SECURITY_TOKEN_CACHED, //maybe replace by AUTHENTICATED + AUTHENTICATED, +} Added: cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks?rev=1425349&view=auto ============================================================================== Files cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks (added) and cxf/fediz/trunk/systests/idp/src/main/resources/idpstore.jks Sat Dec 22 21:37:14 2012 differ Added: cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties?rev=1425349&view=auto ============================================================================== --- cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties (added) +++ cxf/fediz/trunk/systests/idp/src/main/resources/log4j.properties Sat Dec 22 21:37:14 2012 @@ -0,0 +1,17 @@ +# Set root category priority to INFO and its only appender to CONSOLE. +log4j.rootCategory=FATAL, CONSOLE +#log4j.rootCategory=DEBUG, CONSOLE + +# CONSOLE is set to be a ConsoleAppender using a PatternLayout. +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.Threshold=DEBUG +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n + +# LOGFILE is set to be a File appender using a PatternLayout. +log4j.appender.LOGFILE=org.apache.log4j.FileAppender +log4j.appender.LOGFILE.File=target/wss4j.log +log4j.appender.LOGFILE.Append=false +log4j.appender.LOGFILE.Threshold=DEBUG +log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout +log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n