cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Abstracted WS-Federation code from the plugins
Date Tue, 15 Jul 2014 09:41:41 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 94a9a34b3 -> 75a8a1376


Abstracted WS-Federation code from the plugins


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/75a8a137
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/75a8a137
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/75a8a137

Branch: refs/heads/master
Commit: 75a8a13766cb612c3e0b020ef474776bddf0aeef
Parents: 94a9a34
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Jul 15 10:41:22 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Jul 15 10:41:22 2014 +0100

----------------------------------------------------------------------
 .../core/processor/FederationProcessorImpl.java |   6 +-
 .../cxf/fediz/core/processor/FedizRequest.java  |  40 ++--
 .../cxf/fediz/core/FederationProcessorTest.java | 100 +++++-----
 .../fediz/core/SAMLTokenValidatorOldTest.java   |  16 +-
 .../fediz/jetty/FederationAuthenticator.java    | 195 ++++++++++---------
 .../cxf/fediz/jetty/FederationLoginService.java |   2 +-
 .../web/FederationAuthenticationFilter.java     |  16 +-
 .../web/FederationAuthenticationFilter.java     |  17 +-
 .../fediz/tomcat/FederationAuthenticator.java   |  89 ++++++---
 .../TrustedIdpWSFedProtocolHandler.java         |   4 +-
 10 files changed, 267 insertions(+), 218 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 58a186a..01001a0 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -94,10 +94,10 @@ public class FederationProcessorImpl implements FedizProcessor {
             throw new IllegalStateException("Unsupported protocol");
         }
         FedizResponse response = null;
-        if (FederationConstants.ACTION_SIGNIN.equals(request.getWa())) {
+        if (FederationConstants.ACTION_SIGNIN.equals(request.getAction())) {
             response = this.processSignInRequest(request, config);
         } else {
-            LOG.error("Invalid action '" + request.getWa() + "'");
+            LOG.error("Invalid action '" + request.getAction() + "'");
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
         return response;
@@ -112,7 +112,7 @@ public class FederationProcessorImpl implements FedizProcessor {
             FedizRequest request, FedizContext config)
         throws ProcessingException {
         
-        byte[] wresult = request.getWresult().getBytes();
+        byte[] wresult = request.getResponseToken().getBytes();
 
         Document doc = null;
         Element el = null;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
index bf296e5..68c8675 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
@@ -26,36 +26,34 @@ public class FedizRequest implements Serializable {
 
     private static final long serialVersionUID = 1L;
     
-    private String wa;
-    private String wresult;
-    private String wct;
+    private String action;
+    private String responseToken;
+    private String freshness;
     private Certificate[] certs;
 
-
-    public String getWct() {
-        return wct;
+    public Certificate[] getCerts() {
+        return certs;
     }
-    public void setWct(String wct) {
-        this.wct = wct;
+    public void setCerts(Certificate[] certs) {
+        this.certs = certs;
     }
-
-    public String getWa() {
-        return wa;
+    public String getResponseToken() {
+        return responseToken;
     }
-    public void setWa(String wa) {
-        this.wa = wa;
+    public void setResponseToken(String responseToken) {
+        this.responseToken = responseToken;
     }
-    public String getWresult() {
-        return wresult;
+    public String getAction() {
+        return action;
     }
-    public void setWresult(String wresult) {
-        this.wresult = wresult;
+    public void setAction(String action) {
+        this.action = action;
     }
-    public Certificate[] getCerts() {
-        return certs;
+    public String getFreshness() {
+        return freshness;
     }
-    public void setCerts(Certificate[] certs) {
-        this.certs = certs;
+    public void setFreshness(String freshness) {
+        this.freshness = freshness;
     }
 
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
index 80c17e6..cc533a9 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
@@ -134,8 +134,8 @@ public class FederationProcessorTest {
         Document doc = STSUtil.toSOAPPart(STSUtil.SAMPLE_RSTR_COLL_MSG);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(DOM2Writer.nodeToString(doc));
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(DOM2Writer.nodeToString(doc));
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -159,8 +159,8 @@ public class FederationProcessorTest {
         Document doc = STSUtil.toSOAPPart(STSUtil.SAMPLE_RSTR_COLL_MSG);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa("gugus");
-        wfReq.setWresult(DOM2Writer.nodeToString(doc));
+        wfReq.setAction("gugus");
+        wfReq.setResponseToken(DOM2Writer.nodeToString(doc));
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -182,8 +182,8 @@ public class FederationProcessorTest {
     @org.junit.Test
     public void validateSignInInvalidWResult() throws Exception {
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult("gugus");
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken("gugus");
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -229,8 +229,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -272,8 +272,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_MSG);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -312,8 +312,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -352,8 +352,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");
@@ -392,8 +392,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");
@@ -431,8 +431,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -471,8 +471,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -512,8 +512,8 @@ public class FederationProcessorTest {
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_2005_02_MSG);
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -553,8 +553,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -594,8 +594,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -640,8 +640,8 @@ public class FederationProcessorTest {
         
         String rstr = createSamlToken(assertion, "mystskey", true);
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         // Load and update the config to enforce an error
         configurator = null;
@@ -683,8 +683,8 @@ public class FederationProcessorTest {
         
         String rstr = createSamlToken(assertion, "mystskey", false);
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         // Load and update the config to enforce an error
         configurator = null;
@@ -725,8 +725,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -773,8 +773,8 @@ public class FederationProcessorTest {
         
         String rstr = createSamlToken(assertion, "mystskey", true);
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         // Load and update the config to enforce an error
         configurator = null;
@@ -814,8 +814,8 @@ public class FederationProcessorTest {
         
         String rstr = createSamlToken(assertion, "mystskey", true);
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         // Load and update the config to enforce an error
         configurator = null;
@@ -860,8 +860,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -907,8 +907,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -948,8 +948,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("CUSTTOK");
@@ -991,8 +991,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("NOCLOCKSKEW");
@@ -1032,8 +1032,8 @@ public class FederationProcessorTest {
         String rstr = encryptAndSignToken(assertion);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = 
@@ -1099,8 +1099,8 @@ public class FederationProcessorTest {
         String rstr = DOM2Writer.nodeToString(doc);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = 
@@ -1176,8 +1176,8 @@ public class FederationProcessorTest {
         String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_MSG);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
                 
         FedizProcessor wfProc = new FederationProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, fedContext);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java
index 8c6d8e5..8785895 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java
@@ -133,8 +133,8 @@ public class SAMLTokenValidatorOldTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -180,8 +180,8 @@ public class SAMLTokenValidatorOldTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");
@@ -223,8 +223,8 @@ public class SAMLTokenValidatorOldTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");
@@ -267,8 +267,8 @@ public class SAMLTokenValidatorOldTest {
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-        wfReq.setWresult(rstr);
+        wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+        wfReq.setResponseToken(rstr);
         
         configurator = null;
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
index 223c954..e2d774d 100644
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
+++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
@@ -35,8 +35,10 @@ import javax.servlet.http.HttpSession;
 import javax.xml.bind.JAXBException;
 
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.config.SAMLProtocol;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.processor.FedizProcessor;
 import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
@@ -163,110 +165,106 @@ public class FederationAuthenticator extends LoginAuthenticator {
         }
 
         HttpSession session = request.getSession(true);
+        
+        String contextName = request.getSession().getServletContext().getContextPath();
+        if (contextName == null || contextName.isEmpty()) {
+            contextName = "/";
+        }
+        FedizContext fedConfig = getContextConfiguration(contextName);
 
         try {
-            String wa = request.getParameter("wa");
-            String wresult = request.getParameter("wresult");
+            String action = request.getParameter("wa");
+            String responseToken = getResponseToken(request, fedConfig);
             
             // Handle a request for authentication.
-            if (wa != null) {
+            if (isSignInRequest(request, fedConfig)) {
 
                 FedizResponse wfRes = null;
-                if (wa.equals(FederationConstants.ACTION_SIGNIN)) {
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("SignIn request found");
+                }
+
+                if (responseToken == null) {
                     if (LOG.isDebugEnabled()) {
-                        LOG.debug("SignIn request found");
+                        LOG.debug("SignIn request must contain a response token from the IdP");
                     }
+                    response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+                    return Authentication.SEND_FAILURE;
+                } else {
 
-                    if (wresult == null) {
-                        if (LOG.isDebugEnabled()) {
-                            LOG.debug("SignIn request must contain wresult");
-                        }
-                        response.sendError(HttpServletResponse.SC_BAD_REQUEST);
-                        return Authentication.SEND_FAILURE;
-                    } else {
-                        
-                        FedizRequest wfReq = new FedizRequest();
-                        wfReq.setWa(wa);
-                        wfReq.setWresult(wresult);
-                        
-                        X509Certificate certs[] = 
-                            (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
-                        wfReq.setCerts(certs);
-
-                        //Not supported in jetty 7.6
-                        //String contextName = request.getServletContext().getContextPath();
-                        String contextName = request.getSession().getServletContext().getContextPath();
-                        if (contextName == null || contextName.isEmpty()) {
-                            contextName = "/";
-                        }
-                        FedizContext fedConfig = getContextConfiguration(contextName);
-                        
-                        FederationLoginService fedLoginService = (FederationLoginService)this._loginService;
-                        UserIdentity user = fedLoginService.login(null, wfReq, fedConfig);
-                        if (user != null)
+                    FedizRequest wfReq = new FedizRequest();
+                    wfReq.setAction(action);
+                    wfReq.setResponseToken(responseToken);
+
+                    X509Certificate certs[] = 
+                        (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
+                    wfReq.setCerts(certs);
+
+                    FederationLoginService fedLoginService = (FederationLoginService)this._loginService;
+                    UserIdentity user = fedLoginService.login(null, wfReq, fedConfig);
+                    if (user != null)
+                    {
+                        session=renewSession(request,response);
+
+                        FederationUserIdentity  fui = (FederationUserIdentity)user;
+                        session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());
+
+                        // Redirect to original request
+                        String nuri;
+                        synchronized(session)
                         {
-                            session=renewSession(request,response);
-                            
-                            FederationUserIdentity  fui = (FederationUserIdentity)user;
-                            session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());
+                            nuri = (String) session.getAttribute(J_URI);
 
-                            // Redirect to original request
-                            String nuri;
-                            synchronized(session)
+                            if (nuri == null || nuri.length() == 0)
                             {
-                                nuri = (String) session.getAttribute(J_URI);
-
-                                if (nuri == null || nuri.length() == 0)
-                                {
-                                    nuri = request.getContextPath();
-                                    if (nuri.length() == 0) { 
-                                        nuri = URIUtil.SLASH;
-                                    }
+                                nuri = request.getContextPath();
+                                if (nuri.length() == 0) { 
+                                    nuri = URIUtil.SLASH;
                                 }
-                                Authentication cached=new SessionAuthentication(getAuthMethod(), user, wfRes);
-                                session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
                             }
-                            response.setContentLength(0);   
-                            response.sendRedirect(response.encodeRedirectURL(nuri));
-
-                            return new FederationAuthentication(getAuthMethod(), user);
-                        }
-
-                        // not authenticated
-                        if (LOG.isDebugEnabled()) {
-                            LOG.debug("WSFED authentication FAILED");
-                        }
-                        if (response != null) {
-                            response.sendError(HttpServletResponse.SC_FORBIDDEN);
+                            Authentication cached=new SessionAuthentication(getAuthMethod(), user, wfRes);
+                            session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
                         }
+                        response.setContentLength(0);   
+                        response.sendRedirect(response.encodeRedirectURL(nuri));
 
+                        return new FederationAuthentication(getAuthMethod(), user);
                     }
-                } else if (FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(wa)) {
-                    if (LOG.isDebugEnabled()) {
-                        LOG.debug("SignOutCleanup request found");
-                        LOG.debug("SignOutCleanup action...");
-                    }
-                    session.invalidate();
 
-                    final ServletOutputStream responseOutputStream = response.getOutputStream();
-                    InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("logout.jpg");
-                    if (inputStream == null) {
-                        LOG.warn("Could not write logout.jpg");
-                        return Authentication.SEND_FAILURE;
+                    // not authenticated
+                    if (LOG.isDebugEnabled()) {
+                        LOG.debug("WSFED authentication FAILED");
                     }
-                    int read = 0;
-                    byte[] buf = new byte[1024];
-                    while ((read = inputStream.read(buf)) != -1) {
-                        responseOutputStream.write(buf, 0, read);
+                    if (response != null) {
+                        response.sendError(HttpServletResponse.SC_FORBIDDEN);
                     }
-                    inputStream.close();
-                    responseOutputStream.flush();
-                    return Authentication.SEND_SUCCESS;
-                } else {
-                    LOG.warn("Not supported action found in parameter wa: " + wa);
-                    response.sendError(HttpServletResponse.SC_BAD_REQUEST);
-                    return Authentication.UNAUTHENTICATED;
+
+                }
+            } else if (FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(action)) {
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("SignOutCleanup request found");
+                    LOG.debug("SignOutCleanup action...");
+                }
+                session.invalidate();
+
+                final ServletOutputStream responseOutputStream = response.getOutputStream();
+                InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("logout.jpg");
+                if (inputStream == null) {
+                    LOG.warn("Could not write logout.jpg");
+                    return Authentication.SEND_FAILURE;
+                }
+                int read = 0;
+                byte[] buf = new byte[1024];
+                while ((read = inputStream.read(buf)) != -1) {
+                    responseOutputStream.write(buf, 0, read);
                 }
+                inputStream.close();
+                responseOutputStream.flush();
+                return Authentication.SEND_SUCCESS;
+            } else if (action != null) {
+                LOG.warn("Not supported action found in parameter wa: " + action);
+                response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+                return Authentication.UNAUTHENTICATED;
             }
 
             // Look for cached authentication
@@ -284,12 +282,6 @@ public class FederationAuthenticator extends LoginAuthenticator {
                 else
                 {
                     //logout
-                    String contextName = request.getSession().getServletContext().getContextPath();
-                    if (contextName == null || contextName.isEmpty()) {
-                        contextName = "/";
-                    }
-                    FedizContext fedConfig = getContextConfiguration(contextName);
-
                     String logoutUrl = fedConfig.getLogoutURL();
                     if (logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
                         session.invalidate();
@@ -361,12 +353,6 @@ public class FederationAuthenticator extends LoginAuthenticator {
                 }
             }
             
-            String contextName = request.getSession().getServletContext().getContextPath();
-            if (contextName == null || contextName.isEmpty()) {
-                contextName = "/";
-            }
-            FedizContext fedConfig = getContextConfiguration(contextName);
-            
             FedizProcessor wfProc = 
                 FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
             signInRedirectToIssuer(request, response, wfProc);
@@ -381,7 +367,26 @@ public class FederationAuthenticator extends LoginAuthenticator {
          */
     }
 
+    private boolean isSignInRequest(ServletRequest request, FedizContext fedConfig) {
+        if (fedConfig.getProtocol() instanceof FederationProtocol
+            && FederationConstants.ACTION_SIGNIN.equals(request.getParameter("wa"))) {
+            return true;
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol
+            && request.getParameter("RelayState") != null) {
+            return true;
+        }
 
+        return false;
+    }
+    
+    private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
+        if (fedConfig.getProtocol() instanceof FederationProtocol) {
+            return request.getParameter("wresult");
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
+            return request.getParameter("SAMLResponse");
+        }
+        return null;
+    }
 
     /* ------------------------------------------------------------ */
     public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
index 7c7e03a..d94bc4a 100644
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
+++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationLoginService.java
@@ -82,7 +82,7 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
             
             if (LOG.isDebugEnabled()) {
                 LOG.debug("Process SignIn request");
-                LOG.debug("wresult=\n" + wfReq.getWresult());
+                LOG.debug("token=\n" + wfReq.getResponseToken());
             }
             
             FedizProcessor wfProc = 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index c47377a..93491b6 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -22,6 +22,7 @@ package org.apache.cxf.fediz.spring.web;
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 
+import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -46,10 +47,10 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
 
         
         String wa = request.getParameter("wa");
-        String wresult = request.getParameter("wresult");
+        String responseToken = getResponseToken(request);
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(wa);
-        wfReq.setWresult(wresult);
+        wfReq.setAction(wa);
+        wfReq.setResponseToken(responseToken);
         
         X509Certificate certs[] = 
             (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
@@ -62,6 +63,15 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
         return this.getAuthenticationManager().authenticate(authRequest);
     }
   
+    private String getResponseToken(ServletRequest request) {
+        if (request.getParameter("wresult") != null) {
+            return request.getParameter("wresult");
+        } else if (request.getParameter("SAMLResponse") != null) {
+            return request.getParameter("SAMLResponse");
+        }
+        
+        return null;
+    }
 
     /**
      * 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index c46cac3..255a941 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.spring.web;
 
 import java.security.cert.X509Certificate;
 
+import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -59,10 +60,10 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
     @Override
     public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
         String wa = request.getParameter("wa");
-        String wresult = request.getParameter("wresult");
+        String responseToken = getResponseToken(request);
         FedizRequest wfReq = new FedizRequest();
-        wfReq.setWa(wa);
-        wfReq.setWresult(wresult);
+        wfReq.setAction(wa);
+        wfReq.setResponseToken(responseToken);
         
         X509Certificate certs[] = 
             (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
@@ -74,6 +75,16 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
 
         return this.getAuthenticationManager().authenticate(authRequest);
     }
+    
+    private String getResponseToken(ServletRequest request) {
+        if (request.getParameter("wresult") != null) {
+            return request.getParameter("wresult");
+        } else if (request.getParameter("SAMLResponse") != null) {
+            return request.getParameter("SAMLResponse");
+        }
+        
+        return null;
+    }
 
     @Override
     public String getDefaultFilterProcessesUrl() {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
index 8028c03..7a543a0 100644
--- a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
+++ b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
@@ -32,6 +32,7 @@ import java.util.Map;
 
 import javax.servlet.ServletException;
 import javax.servlet.ServletOutputStream;
+import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import javax.xml.bind.JAXBException;
@@ -46,8 +47,10 @@ import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.deploy.LoginConfig;
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.config.SAMLProtocol;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.processor.FedizProcessor;
 import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
@@ -263,6 +266,12 @@ public class FederationAuthenticator extends FormAuthenticator {
         LOG.debug("authenticate invoked");
         // References to objects we will need later
         Session session = null;
+        
+        String contextName = request.getServletContext().getContextPath();
+        if (contextName == null || contextName.isEmpty()) {
+            contextName = "/";
+        }
+        FedizContext fedConfig = getContextConfiguration(contextName);
 
         // Have we already authenticated someone?
         Principal principal = request.getUserPrincipal();
@@ -315,11 +324,6 @@ public class FederationAuthenticator extends FormAuthenticator {
                                 sm.getString("authenticator.requestBodyTooBig"));
                         return false;
                     }
-                    String contextName = request.getServletContext().getContextPath();
-                    if (contextName == null || contextName.isEmpty()) {
-                        contextName = "/";
-                    }
-                    FedizContext fedConfig = getContextConfiguration(contextName);
                     
                     FedizProcessor wfProc = 
                         FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
@@ -366,9 +370,8 @@ public class FederationAuthenticator extends FormAuthenticator {
         // String contextPath = request.getContextPath();
         String requestURI = request.getDecodedRequestURI();
 
-        String wa = request.getParameter("wa");
-        // Unauthenticated -> redirect
-        if (wa == null) {
+        if (isSignInRequired(request, fedConfig)) {
+            // Unauthenticated -> redirect
             session = request.getSessionInternal(true);
             if (LOG.isDebugEnabled()) {
                 LOG.debug("Save request in session '" + session.getIdInternal() + "'");
@@ -381,11 +384,6 @@ public class FederationAuthenticator extends FormAuthenticator {
                         sm.getString("authenticator.requestBodyTooBig"));
                 return false;
             }
-            String contextName = request.getServletContext().getContextPath();
-            if (contextName == null || contextName.isEmpty()) {
-                contextName = "/";
-            }
-            FedizContext fedConfig = getContextConfiguration(contextName);
             
             FedizProcessor wfProc = 
                 FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
@@ -395,17 +393,20 @@ public class FederationAuthenticator extends FormAuthenticator {
 
         // Check whether it is the signin request, validate the token.
         // If failed, redirect to the error page if they are not correct
-        String wresult = request.getParameter("wresult");
         FedizResponse wfRes = null;
-        if (wa.equals(FederationConstants.ACTION_SIGNIN)) {
+        String action = request.getParameter("wa");
+        String responseToken = getResponseToken(request, fedConfig);
+        
+        // Handle a request for authentication.
+        if (isSignInRequest(request, fedConfig)) {
             if (LOG.isDebugEnabled()) {
                 LOG.debug("SignIn request found");
                 LOG.debug("SignIn action...");
             }
 
-            if (wresult == null) {
+            if (responseToken == null) {
                 if (LOG.isDebugEnabled()) {
-                    LOG.debug("SignIn request must contain wresult");
+                    LOG.debug("SignIn request must contain a response token from the IdP");
                 }
                 response.sendError(HttpServletResponse.SC_BAD_REQUEST);
                 return false;
@@ -414,23 +415,17 @@ public class FederationAuthenticator extends FormAuthenticator {
                 // processSignInRequest
                 if (LOG.isDebugEnabled()) {
                     LOG.debug("Process SignIn request");
-                    LOG.debug("wresult=\n" + wresult);
+                    LOG.debug("token=\n" + responseToken);
                 }
 
                 FedizRequest wfReq = new FedizRequest();
-                wfReq.setWa(wa);
-                wfReq.setWresult(wresult);
+                wfReq.setAction(action);
+                wfReq.setResponseToken(responseToken);
                 
                 X509Certificate certs[] = 
                     (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
                 wfReq.setCerts(certs);
 
-                String contextName = request.getServletContext().getContextPath();
-                if (contextName == null || contextName.isEmpty()) {
-                    contextName = "/";
-                }
-                FedizContext fedConfig = getContextConfiguration(contextName);
-
                 FedizProcessor wfProc = 
                     FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
                 try {
@@ -477,8 +472,8 @@ public class FederationAuthenticator extends FormAuthenticator {
                 principal = new FederationPrincipalImpl(wfRes.getUsername(), roles,
                         wfRes.getClaims(), wfRes.getToken());
             }
-        }  else {
-            LOG.error("Not supported action found in parameter wa: " + wa);
+        } else if (action != null) {
+            LOG.error("SignIn parameter not supported: " + action);
             response.sendError(HttpServletResponse.SC_BAD_REQUEST);
             return false;
         }
@@ -492,10 +487,6 @@ public class FederationAuthenticator extends FormAuthenticator {
          * (log.isDebugEnabled()) log.debug("Authenticating username '" +
          * username + "'"); principal = realm.authenticate(username, password);
          */
-        if (principal == null) {
-            forwardToErrorPage(request, response, config);
-            return false;
-        }
 
         if (LOG.isDebugEnabled()) {
             LOG.debug("Authentication of '" + principal + "' was successful");
@@ -567,6 +558,40 @@ public class FederationAuthenticator extends FormAuthenticator {
         }
         return false;
     }
+    
+    private boolean isSignInRequired(Request request, FedizContext fedConfig) {
+        if (fedConfig.getProtocol() instanceof FederationProtocol
+            && request.getParameter("wa") == null) {
+            return true;
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol
+            && request.getParameter("RelayState") != null) {
+            return true;
+        }
+        
+        return false;
+    }
+    
+    private boolean isSignInRequest(Request request, FedizContext fedConfig) {
+        if (fedConfig.getProtocol() instanceof FederationProtocol
+            && FederationConstants.ACTION_SIGNIN.equals(request.getParameter("wa"))) {
+            return true;
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol
+            && request.getParameter("RelayState") != null) {
+            return true;
+        }
+        
+        return false;
+    }
+    
+    private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
+        if (fedConfig.getProtocol() instanceof FederationProtocol) {
+            return request.getParameter("wresult");
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
+            return request.getParameter("SAMLResponse");
+        }
+        
+        return null;
+    }
 
     @Override
     protected String getAuthMethod() {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/75a8a137/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
index 43ebde0..0572921 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
@@ -138,8 +138,8 @@ public class TrustedIdpWSFedProtocolHandler implements TrustedIdpProtocolHandler
             FedizContext fedContext = getFedizContext(idp, trustedIdp);
     
             FedizRequest wfReq = new FedizRequest();
-            wfReq.setWa(FederationConstants.ACTION_SIGNIN);
-            wfReq.setWresult(wresult);
+            wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+            wfReq.setResponseToken(wresult);
     
             FedizProcessor wfProc = new FederationProcessorImpl();
             FedizResponse wfResp = wfProc.processRequest(wfReq, fedContext);


Mime
View raw message