cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1441503 - in /cxf/fediz/branches/1.0.x-fixes: ./ services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
Date Fri, 01 Feb 2013 16:07:32 GMT
Author: coheigea
Date: Fri Feb  1 16:07:32 2013
New Revision: 1441503

URL: http://svn.apache.org/viewvc?rev=1441503&view=rev
Log:
[FEDIZ-48] - Support wfresh properly in the IdP 

Modified:
    cxf/fediz/branches/1.0.x-fixes/   (props changed)
    cxf/fediz/branches/1.0.x-fixes/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java

Propchange: cxf/fediz/branches/1.0.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/fediz/trunk:r1441496

Modified: cxf/fediz/branches/1.0.x-fixes/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
URL: http://svn.apache.org/viewvc/cxf/fediz/branches/1.0.x-fixes/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java?rev=1441503&r1=1441502&r2=1441503&view=diff
==============================================================================
--- cxf/fediz/branches/1.0.x-fixes/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
(original)
+++ cxf/fediz/branches/1.0.x-fixes/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
Fri Feb  1 16:07:32 2013
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.service.idp
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import java.util.StringTokenizer;
@@ -205,10 +206,11 @@ public class IdpServlet extends HttpServ
                     if (idpToken.isExpired()) {
                         LOG.info("IDP token of '" + user + "' expired. Require authentication.");
                         authenticationRequired = idpToken.isExpired();
-                    } else if (wfresh != null && wfresh.equals("0")) {
-                        LOG.info("IDP token of '" + user + "' valid but relying party requested
new authentication");
-                        authenticationRequired = true;
-                    } else {
+                    } else if (wfresh != null) {
+                        authenticationRequired = parseWfresh(wfresh, user, idpToken);
+                    }
+                    
+                    if (!authenticationRequired) {
                         LOG.debug("Session found for '" + user + "'.");
                     }
                 }
@@ -261,7 +263,7 @@ public class IdpServlet extends HttpServ
                         }
                         
                         try {
-                            idpToken = requestSecurityTokenForIDP(username, password, "urn:fediz:idp",
wfresh);
+                            idpToken = requestSecurityTokenForIDP(username, password, "urn:fediz:idp");
                             session = request.getSession(true);
                             session.setAttribute(IDP_TOKEN, idpToken);
                             session.setAttribute(IDP_USER, username);
@@ -290,7 +292,7 @@ public class IdpServlet extends HttpServ
             }
 
             try {
-                wresult = requestSecurityTokenForRP(idpToken, wtrealm, wfresh);
+                wresult = requestSecurityTokenForRP(idpToken, wtrealm);
                 request.setAttribute("fed." + PARAM_WRESULT,
                                      StringEscapeUtils.escapeXml(wresult));
                 if (wctx != null) {
@@ -323,7 +325,7 @@ public class IdpServlet extends HttpServ
     }
     
     private SecurityToken requestSecurityTokenForIDP(
-        String username, String password, String appliesTo, String wfresh
+        String username, String password, String appliesTo
     ) throws Exception {
         Bus cxfBus = getBus();
         
@@ -350,16 +352,13 @@ public class IdpServlet extends HttpServ
             sts.setEnableLifetime(true);
             int ttl = Integer.parseInt(getInitParameter(S_PARAM_TOKEN_INTERNAL_LIFETIME));
             sts.setTtl(ttl);
-        } else {
-            // Set TTL on the request
-            configureTTL(sts, wfresh);
         }
         
         return sts.requestSecurityToken(appliesTo);
     }
 
     private String requestSecurityTokenForRP(SecurityToken onbehalfof,
-                                        String appliesTo, String wfresh) throws Exception
{
+                                        String appliesTo) throws Exception {
         try {
             Bus cxfBus = getBus();
             List<String> realmClaims = null;
@@ -399,9 +398,6 @@ public class IdpServlet extends HttpServ
             
             sts.setOnBehalfOf(onbehalfof.getToken());
             
-            // Set TTL on the request
-            configureTTL(sts, wfresh);
-
             Element claims = createClaimsElement(realmClaims);
             if (claims != null) {
                 sts.setClaims(claims);
@@ -448,18 +444,29 @@ public class IdpServlet extends HttpServ
         return writer.getDocument().getDocumentElement();
     }
     
-    private void configureTTL(IdpSTSClient sts, String wfresh) {
-        if (wfresh != null) {
-            try {
-                int ttl = Integer.parseInt(wfresh);
-                if (ttl > 0) {
-                    sts.setTtl(ttl * 60);                    
-                    sts.setEnableLifetime(true);
+    /*
+     * Return true if authentication is required after parsing wfresh
+     */
+    private boolean parseWfresh(String wfresh, String user, SecurityToken idpToken) {
+        if ("0".equals(wfresh)) {
+            LOG.info("IDP token of '" + user + "' valid but relying party requested new authentication");
+            return true;
+        } else {
+            long ttl = Long.parseLong(wfresh);
+            if (ttl > 0) {
+                Date createdDate = idpToken.getCreated();
+                Date expiryDate = new Date();
+                expiryDate.setTime(createdDate.getTime() + (ttl * 60L * 1000L));
+                if (expiryDate.before(new Date())) {
+                    LOG.info("IDP token of '" + user 
+                             + "' valid but relying party requested new authentication via
wfresh: " + wfresh);
+                    return true;
                 }
-            } catch (NumberFormatException ex) {
-                LOG.error("Invalid wfresh value '" + wfresh + "': "  + ex.getMessage());
+            } else {
+                LOG.info("wfresh value of " + wfresh + " is invalid");
             }
         }
+        return false;
     }
     
     private synchronized void setSTSWsdlUrl(String wsdlUrl) {



Mime
View raw message