cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: Updating RACS filter to ignore requests without expected parameters and let authentication filters deal with it
Date Tue, 01 Apr 2014 20:43:22 GMT
Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes a946e7080 -> 69e44ccf3


Updating RACS filter to ignore requests without expected parameters and let authentication
filters deal with it


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/69e44ccf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/69e44ccf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/69e44ccf

Branch: refs/heads/2.7.x-fixes
Commit: 69e44ccf3e49945b498fa0c25a6201db0d42ea07
Parents: a946e70
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Apr 1 21:39:38 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Apr 1 21:42:35 2014 +0100

----------------------------------------------------------------------
 .../saml/sso/AbstractServiceProviderFilter.java        | 13 ++++++++-----
 .../saml/sso/RequestAssertionConsumerFilter.java       |  7 ++++++-
 .../apache/cxf/rs/security/saml/sso/SSOConstants.java  |  4 +++-
 3 files changed, 17 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/69e44ccf/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
index b2e627c..4b9d158 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
@@ -51,6 +51,7 @@ import org.apache.cxf.jaxrs.ext.RequestHandler;
 import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
 import org.apache.cxf.jaxrs.impl.UriInfoImpl;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.saml.SAMLUtils;
 import org.apache.cxf.rs.security.saml.assertion.Subject;
@@ -298,11 +299,13 @@ public abstract class AbstractServiceProviderFilter extends AbstractSSOSpHandler
     protected abstract void signAuthnRequest(AuthnRequest authnRequest) throws Exception;
     
     private String getAbsoluteAssertionServiceAddress(Message m) {
-        if (assertionConsumerServiceAddress == null) {    
-            //TODO: Review the possibility of using this filter
-            //for validating SAMLResponse too
-            reportError("MISSING_ASSERTION_SERVICE_URL");
-            throw ExceptionUtils.toInternalServerErrorException(null, null);
+        if (assertionConsumerServiceAddress == null) {
+            if (Boolean.TRUE.equals(JAXRSUtils.getCurrentMessage().get(SSOConstants.RACS_IS_COLLOCATED)))
{
+                assertionConsumerServiceAddress = new UriInfoImpl(m).getAbsolutePath().toString();
   
+            } else {
+                reportError("MISSING_ASSERTION_SERVICE_URL");
+                throw ExceptionUtils.toInternalServerErrorException(null, null);
+            }
         }
         if (!assertionConsumerServiceAddress.startsWith("http")) {
             String httpBasePath = (String)m.get("http.base.path");

http://git-wip-us.apache.org/repos/asf/cxf/blob/69e44ccf/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java
index 2a9cc39..db8fb61 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java
@@ -60,7 +60,12 @@ public class RequestAssertionConsumerFilter extends AbstractRequestAssertionCons
                                  MultivaluedMap<String, String> params, 
                                  boolean postBinding) {
         String encodedSamlResponse = params.getFirst(SSOConstants.SAML_RESPONSE);
-        String relayState = params.getFirst(SSOConstants.RELAY_STATE); 
+        String relayState = params.getFirst(SSOConstants.RELAY_STATE);
+        if (relayState == null && encodedSamlResponse == null) { 
+            // initial redirect to IDP has not happened yet, let the SAML authentication
filter do it
+            JAXRSUtils.getCurrentMessage().put(SSOConstants.RACS_IS_COLLOCATED, Boolean.TRUE);
+            return;
+        }
         RequestState requestState = processRelayState(relayState);
         String targetUri = requestState.getTargetAddress();
         if (targetUri != null 

http://git-wip-us.apache.org/repos/asf/cxf/blob/69e44ccf/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
index 7596a76..076c887 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
@@ -26,13 +26,15 @@ public final class SSOConstants {
     public static final String RELAY_STATE = "RelayState";
     public static final String SIG_ALG = "SigAlg";
     public static final String SIGNATURE = "Signature";
-    public static final String SECURITY_CONTEXT_TOKEN = "org.apache.cxf.websso.context";
     public static final long DEFAULT_STATE_TIME = 2L * 60L * 1000L;
     
     public static final String RSA_SHA1 = WSConstants.RSA_SHA1;
     public static final String DSA_SHA1 = WSConstants.DSA;
     
     
+    public static final String SECURITY_CONTEXT_TOKEN = "org.apache.cxf.websso.context";
+    public static final String RACS_IS_COLLOCATED = "org.apache.cxf.racs.is.collocated";
+    
     private SSOConstants() {
     }
 }


Mime
View raw message