cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject [2/3] git commit: Support caching option for trusted Idp tokens
Date Tue, 18 Mar 2014 21:18:09 GMT
Support caching option for trusted Idp tokens


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f5ea1923
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f5ea1923
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f5ea1923

Branch: refs/heads/master
Commit: f5ea192342247a152f6013b65f377d307bd13f1d
Parents: 00a61f4
Author: Oliver Wulff <owulff@talend.com>
Authored: Tue Mar 18 22:09:24 2014 +0100
Committer: Oliver Wulff <owulff@talend.com>
Committed: Tue Mar 18 22:09:24 2014 +0100

----------------------------------------------------------------------
 .../service/idp/beans/STSClientAction.java      | 23 +++++++----------
 .../idp/service/jpa/ConfigServiceJPA.java       |  4 +--
 .../WEB-INF/federation-signin-request.xml       | 13 +++++++---
 .../WEB-INF/federation-signin-response.xml      | 27 +++++++-------------
 .../WEB-INF/federation-validate-request.xml     |  4 +++
 5 files changed, 34 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f5ea1923/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index b645dc7..2a03cb3 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -293,22 +293,17 @@ public class STSClientAction {
     private SecurityToken getSecurityToken(RequestContext context) throws ProcessingException
{
         String whr = (String) WebUtils.
             getAttributeFromFlowScope(context, FederationConstants.PARAM_HOME_REALM);
-        SecurityToken idpToken = null;
-        if (whr != null) {
-            idpToken = (SecurityToken) WebUtils.getAttributeFromExternalContext(context,
whr);
-            if (idpToken != null) {
-                if (LOG.isDebugEnabled()) {
-                    LOG.debug("[IDP_TOKEN="
-                            + idpToken.getId()
-                            + "] successfully retrieved from cache for home realm ["
-                            + whr + "]");
-                }
-            } else {
-                LOG.error("IDP_TOKEN not found");
-                throw new ProcessingException(TYPE.BAD_REQUEST);
+
+        SecurityToken idpToken = (SecurityToken) WebUtils.getAttributeFromFlowScope(context,
"idpToken");
+        if (idpToken != null) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("[IDP_TOKEN="
+                        + idpToken.getId()
+                        + "] successfully retrieved from cache for home realm ["
+                        + whr + "]");
             }
         } else {
-            LOG.error("Home realm not found");
+            LOG.error("IDP_TOKEN not found");
             throw new ProcessingException(TYPE.BAD_REQUEST);
         }
         return idpToken;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f5ea1923/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
index 2b481ff..fe1fac7 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
@@ -39,7 +39,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 
 public class ConfigServiceJPA implements ConfigService {
 
-    private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpDAOJPAImpl.class);
+    private static final Logger LOG = LoggerFactory.getLogger(ConfigServiceJPA.class);
     
     IdpService idpService;
 
@@ -62,7 +62,7 @@ public class ConfigServiceJPA implements ConfigService {
             }
         } finally {
             SecurityContextHolder.getContext().setAuthentication(currentAuthentication);
-            LOG.error("Old Spring security context restored");
+            LOG.info("Old Spring security context restored");
         }
     }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f5ea1923/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
index ca28ee3..48d876d 100644
--- a/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
@@ -115,7 +115,9 @@
         <evaluate
             expression="wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.whr,
flowRequestContext)" />
         <transition on="yes" to="redirectToTrustedIDP" />
-        <transition on="no" to="requestRpToken" />
+        <transition on="no" to="requestRpToken" >
+            <set name="flowScope.idpToken" value="externalContext.sessionMap[whr]" />
+        </transition>
         <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
     </action-state>
 
@@ -143,7 +145,9 @@
         <evaluate
             expression="wfreshParser.authenticationRequired(flowScope.wfresh, flowScope.whr,
flowRequestContext)" />
         <transition on="yes" to="redirectToLocalIDP" />
-        <transition on="no" to="requestRpToken" />
+        <transition on="no" to="requestRpToken">
+            <set name="flowScope.idpToken" value="externalContext.sessionMap[whr]" />
+        </transition>
         <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
     </action-state>
 
@@ -157,7 +161,9 @@
     <action-state id="cacheTokenForWauth">
         <secured attributes="IS_AUTHENTICATED_FULLY" />
         <evaluate expression="cacheTokenForWauthAction.submit(flowRequestContext)" />
-        <transition to="requestRpToken" />
+        <transition to="requestRpToken">
+            <set name="flowScope.idpToken" value="externalContext.sessionMap[whr]" />
+        </transition>
     </action-state>
 
     <!-- =============================================================================================================
-->
@@ -166,6 +172,7 @@
     <end-state id="requestRpToken">
         <output name="whr" value="flowScope.whr" />
         <output name="wctx" value="flowScope.wctx" />
+        <output name="idpToken" value="flowScope.idpToken" />
     </end-state>
 
     <!-- abnormal exit point : Http 400 Bad Request -->

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f5ea1923/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml b/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml
index ffee75e..3feef6e 100644
--- a/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml
+++ b/services/idp/src/main/webapp/WEB-INF/federation-signin-response.xml
@@ -34,33 +34,23 @@
     </on-start>
 
     <!-- validate token issued by requestor IDP ('wresult') given its 'whr' -->
-    <!--  
     <action-state id="validateToken">
-        <evaluate expression="validateTokenAction.submit(flowRequestContext)"
-            result="flowScope.rpIdpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken"
/>
-        <transition to="requestRpToken">
-            <set name="externalContext.sessionMap[flowScope.whr]"
-                value="flowScope.rpIdpToken" />
-        </transition>
+        <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext)"
+            result="flowScope.idpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken"
/>
+        <transition to="checkCacheTrustedIdpToken" />
         <transition
             on-exception="org.apache.cxf.fediz.core.exception.ProcessingException"
             to="viewBadRequest" />
         <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
     </action-state>
-    -->
     
-    <action-state id="validateToken">
-        <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext)"
-            result="flowScope.rpIdpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken"
/>
-        <transition to="requestRpToken">
-            <!-- cache validated token under key = requestor home realm -->
+    <action-state id="checkCacheTrustedIdpToken">
+        <evaluate expression="idpConfig.findTrustedIdp(flowScope.whr).cacheTokens" />
+        <transition on="yes" to="requestRpToken">
             <set name="externalContext.sessionMap[flowScope.whr]"
-                value="flowScope.rpIdpToken" />
+                    value="flowScope.idpToken" />
         </transition>
-        <transition
-            on-exception="org.apache.cxf.fediz.core.exception.ProcessingException"
-            to="viewBadRequest" />
-        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
+        <transition on="no" to="requestRpToken" />
     </action-state>
 
     <end-state id="requestRpToken">
@@ -68,6 +58,7 @@
         <output name="wctx" value="flowScope.wctx" />
         <output name="wreply" value="flowScope.wreply" />
         <output name="wtrealm" value="flowScope.wtrealm" />
+        <output name="idpToken" value="flowScope.idpToken" />
     </end-state>
 
     <!-- abnormal exit point : Http 400 Bad Request -->

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f5ea1923/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
index f517a81..6f7d232 100644
--- a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
@@ -73,10 +73,12 @@
 
         <output name="whr" />
         <output name="wctx" />
+        <output name="idpToken" />
 
         <transition on="requestRpToken" to="requestRpToken">
             <set name="flowScope.whr" value="currentEvent.attributes.whr" />
             <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
+            <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
         </transition>
         <transition on="viewBadRequest" to="viewBadRequest" />
         <transition on="scInternalServerError" to="scInternalServerError" />
@@ -100,12 +102,14 @@
         <output name="wreply" />
         <output name="wctx" />
         <output name="whr" />
+        <output name="idpToken" />
 
         <transition on="requestRpToken" to="requestRpToken">
             <set name="flowScope.whr" value="currentEvent.attributes.whr" />
             <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
             <set name="flowScope.wtrealm" value="currentEvent.attributes.wtrealm" />
             <set name="flowScope.wreply" value="currentEvent.attributes.wreply" />
+            <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
         </transition>
         <transition on="viewBadRequest" to="viewBadRequest" />
         <transition on="scInternalServerError" to="scInternalServerError" />


Mime
View raw message