cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Added initial support for SAML SSO Metadata in the plugin core
Date Tue, 29 Jul 2014 14:30:15 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master abd1fe2c6 -> f15c92f65


Added initial support for SAML SSO Metadata in the plugin core


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f15c92f6
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f15c92f6
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f15c92f6

Branch: refs/heads/master
Commit: f15c92f653d2b63bec10d17129eed4be226beebb
Parents: abd1fe2
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Jul 29 15:09:37 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Jul 29 15:09:37 2014 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/FederationConstants.java     |   2 +
 .../fediz/core/config/FederationProtocol.java   |   9 -
 .../apache/cxf/fediz/core/config/Protocol.java  |   7 +
 .../cxf/fediz/core/metadata/MetadataWriter.java | 205 +++++++++++--------
 .../src/main/resources/schemas/FedizConfig.xsd  |   2 +-
 .../fediz/tomcat/FederationAuthenticator.java   |   5 +-
 6 files changed, 133 insertions(+), 97 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f15c92f6/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
index 767faf0..3ffa654 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
@@ -221,6 +221,8 @@ public final class FederationConstants {
     
     public static final String METADATA_PATH_URI = "FederationMetadata/2007-06/FederationMetadata.xml";
     
+    public static final String FEDIZ_SAML_METADATA_PATH_URI = "SAML/Metadata.xml";
+    
     private FederationConstants() {
         
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f15c92f6/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
index 4809a34..6b37505 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
@@ -56,15 +56,6 @@ public class FederationProtocol extends Protocol {
         super.setProtocolType(federationProtocol);
     }
 
-
-    public String getApplicationServiceURL() {
-        return getFederationProtocol().getApplicationServiceURL();
-    }
-
-    public void setApplicationServiceURL(String value) {
-        getFederationProtocol().setApplicationServiceURL(value);
-    }
-
     public Object getAuthenticationType() {
         if (this.authenticationType != null) {
             return this.authenticationType;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f15c92f6/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
index c9ff7ae..d49e24d 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
@@ -191,4 +191,11 @@ public abstract class Protocol {
         getProtocolType().setClaimTypesRequested(value);
     }
     
+    public String getApplicationServiceURL() {
+        return getProtocolType().getApplicationServiceURL();
+    }
+
+    public void setApplicationServiceURL(String value) {
+        getProtocolType().setApplicationServiceURL(value);
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f15c92f6/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index f7ef25c..af3a558 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -29,14 +29,15 @@ import java.util.List;
 import javax.security.auth.callback.CallbackHandler;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamWriter;
 
 import org.w3c.dom.Document;
-
 import org.apache.cxf.fediz.core.config.Claim;
 import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.config.FedizContext;
 import org.apache.cxf.fediz.core.config.Protocol;
+import org.apache.cxf.fediz.core.config.SAMLProtocol;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.fediz.core.util.SignatureUtils;
@@ -77,13 +78,10 @@ public class MetadataWriter {
             writer.writeAttribute("ID", referenceID);
             
             String audience = "_someID";
-            String serviceURL = null;
-            if (protocol instanceof FederationProtocol) {
-                serviceURL = ((FederationProtocol)protocol).getApplicationServiceURL();
-                List<String> audienceList = config.getAudienceUris();
-                if (audienceList != null && audienceList.size() > 0 &&
!"".equals(audienceList.get(0))) {
-                    audience = audienceList.get(0);
-                }
+            String serviceURL = protocol.getApplicationServiceURL();
+            List<String> audienceList = config.getAudienceUris();
+            if (audienceList != null && audienceList.size() > 0 && !"".equals(audienceList.get(0)))
{
+                audience = audienceList.get(0);
             }
             if (serviceURL == null) {
                 serviceURL = audience;
@@ -91,88 +89,16 @@ public class MetadataWriter {
             
             writer.writeAttribute("entityID", serviceURL);
 
-            writer.writeNamespace("fed", WS_FEDERATION_NS);
-            writer.writeNamespace("wsa", WS_ADDRESSING_NS);
-            writer.writeNamespace("auth", WS_FEDERATION_NS);
-            writer.writeNamespace("xsi", SCHEMA_INSTANCE_NS);
-
-            writer.writeStartElement("fed", "RoleDescriptor", WS_FEDERATION_NS);
-            writer.writeAttribute(SCHEMA_INSTANCE_NS, "type", "fed:ApplicationServiceType");
-            writer.writeAttribute("protocolSupportEnumeration", WS_FEDERATION_NS);
-
-            writer.writeStartElement("fed", "ApplicationServiceEndpoint", WS_FEDERATION_NS);
-            writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
-
-            writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
-            writer.writeCharacters(serviceURL);
-            
-            writer.writeEndElement(); // Address
-            writer.writeEndElement(); // EndpointReference
-            writer.writeEndElement(); // ApplicationServiceEndpoint
-
-            // create target scope element
-            writer.writeStartElement("fed", "TargetScope", WS_FEDERATION_NS);
-            writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
-            writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
-
-            Object realmObj = protocol.getRealm();
-            String realm = null;
-            if (realmObj instanceof String) {
-                realm = (String)realmObj;
-            } else if (realmObj instanceof CallbackHandler) {
-                //TODO
-                //If realm is resolved at runtime, metadata not updated
-            }
-
-            if (!(realm == null || "".equals(realm))) {
-                writer.writeCharacters(realm);
+            if (protocol instanceof FederationProtocol) {
+                writeFederationMetadata(writer, config, serviceURL);
+            } else if (protocol instanceof SAMLProtocol) {
+                writeSAMLMetadata(writer, config, serviceURL);
             }
             
-            // writer.writeCharacters("http://host:port/url from config");
-            writer.writeEndElement(); // Address
-            writer.writeEndElement(); // EndpointReference
-            writer.writeEndElement(); // TargetScope
-
-            List<Claim> claims = protocol.getClaimTypesRequested();
-            if (claims != null && claims.size() > 0) {
-
-                // create ClaimsType section
-                writer.writeStartElement("fed", "ClaimTypesRequested", WS_FEDERATION_NS);
-                for (Claim claim : claims) {
-
-                    writer.writeStartElement("auth", "ClaimType", WS_FEDERATION_NS);
-                    writer.writeAttribute("Uri", claim.getType());
-                    if (claim.isOptional()) {
-                        writer.writeAttribute("Optional", "true");
-                    } else {
-                        writer.writeAttribute("Optional", "false");
-                    }
-
-                    writer.writeEndElement(); // ClaimType
-
-                }
-                writer.writeEndElement(); // ClaimsTypeRequested
-            }
-            // create sign in endpoint section
-
-            writer.writeStartElement("fed", "PassiveRequestorEndpoint", WS_FEDERATION_NS);
-            writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
-            writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
-
-            Object issuer = protocol.getIssuer();
-            if (issuer instanceof String && !"".equals(issuer)) {
-                writer.writeCharacters((String)issuer);
-            }
-
-            // writer.writeCharacters("http://host:port/url Issuer from config");
-            writer.writeEndElement(); // Address
-            writer.writeEndElement(); // EndpointReference
-
-            writer.writeEndElement(); // PassiveRequestorEndpoint
-            writer.writeEndElement(); // RoleDescriptor
             writer.writeEndElement(); // EntityDescriptor
 
             writer.writeEndDocument();
+            
             streamWriter.flush();
             bout.flush();
             //
@@ -213,6 +139,115 @@ public class MetadataWriter {
 
     }
 
+    private void writeFederationMetadata(
+        XMLStreamWriter writer, 
+        FedizContext config,
+        String serviceURL
+    ) throws XMLStreamException {
+        writer.writeNamespace("fed", WS_FEDERATION_NS);
+        writer.writeNamespace("wsa", WS_ADDRESSING_NS);
+        writer.writeNamespace("auth", WS_FEDERATION_NS);
+        writer.writeNamespace("xsi", SCHEMA_INSTANCE_NS);
+
+        writer.writeStartElement("fed", "RoleDescriptor", WS_FEDERATION_NS);
+        writer.writeAttribute(SCHEMA_INSTANCE_NS, "type", "fed:ApplicationServiceType");
+        writer.writeAttribute("protocolSupportEnumeration", WS_FEDERATION_NS);
+
+        writer.writeStartElement("fed", "ApplicationServiceEndpoint", WS_FEDERATION_NS);
+        writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
+
+        writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
+        writer.writeCharacters(serviceURL);
+        
+        writer.writeEndElement(); // Address
+        writer.writeEndElement(); // EndpointReference
+        writer.writeEndElement(); // ApplicationServiceEndpoint
+
+        // create target scope element
+        writer.writeStartElement("fed", "TargetScope", WS_FEDERATION_NS);
+        writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
+        writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
+
+        FederationProtocol protocol = (FederationProtocol)config.getProtocol();
+        
+        Object realmObj = protocol.getRealm();
+        String realm = null;
+        if (realmObj instanceof String) {
+            realm = (String)realmObj;
+        } else if (realmObj instanceof CallbackHandler) {
+            //TODO
+            //If realm is resolved at runtime, metadata not updated
+        }
+
+        if (!(realm == null || "".equals(realm))) {
+            writer.writeCharacters(realm);
+        }
+        
+        // writer.writeCharacters("http://host:port/url from config");
+        writer.writeEndElement(); // Address
+        writer.writeEndElement(); // EndpointReference
+        writer.writeEndElement(); // TargetScope
+
+        List<Claim> claims = protocol.getClaimTypesRequested();
+        if (claims != null && claims.size() > 0) {
+
+            // create ClaimsType section
+            writer.writeStartElement("fed", "ClaimTypesRequested", WS_FEDERATION_NS);
+            for (Claim claim : claims) {
+
+                writer.writeStartElement("auth", "ClaimType", WS_FEDERATION_NS);
+                writer.writeAttribute("Uri", claim.getType());
+                if (claim.isOptional()) {
+                    writer.writeAttribute("Optional", "true");
+                } else {
+                    writer.writeAttribute("Optional", "false");
+                }
+
+                writer.writeEndElement(); // ClaimType
+
+            }
+            writer.writeEndElement(); // ClaimsTypeRequested
+        }
+        // create sign in endpoint section
+
+        writer.writeStartElement("fed", "PassiveRequestorEndpoint", WS_FEDERATION_NS);
+        writer.writeStartElement("wsa", "EndpointReference", WS_ADDRESSING_NS);
+        writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
+
+        Object issuer = protocol.getIssuer();
+        if (issuer instanceof String && !"".equals(issuer)) {
+            writer.writeCharacters((String)issuer);
+        }
+
+        // writer.writeCharacters("http://host:port/url Issuer from config");
+        writer.writeEndElement(); // Address
+        writer.writeEndElement(); // EndpointReference
+
+        writer.writeEndElement(); // PassiveRequestorEndpoint
+        writer.writeEndElement(); // RoleDescriptor
+    }
     
+    private void writeSAMLMetadata(
+        XMLStreamWriter writer, 
+        FedizContext config,
+        String serviceURL
+    ) throws XMLStreamException {
+        
+        SAMLProtocol protocol = (SAMLProtocol)config.getProtocol();
+        
+        writer.writeStartElement("", "SPSSODescriptor", SAML2_METADATA_NS);
+        writer.writeAttribute("AuthnRequestsSigned", Boolean.toString(protocol.isSignRequest()));
+        writer.writeAttribute("WantAssertionsSigned", "true");
+        writer.writeAttribute("protocolSupportEnumeration", "urn:oasis:names:tc:SAML:2.0:protocol");
+        
+        writer.writeStartElement("", "AssertionConsumerService", SAML2_METADATA_NS);
+        writer.writeAttribute("index", "0");
+        writer.writeAttribute("isDefault", "true");
+        writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+        writer.writeAttribute("Location", serviceURL);
+
+        writer.writeEndElement(); // AssertionConsumerService
+        writer.writeEndElement(); // SPSSODescriptor
+    }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f15c92f6/plugins/core/src/main/resources/schemas/FedizConfig.xsd
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index 7c7b91c..516e03d 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -99,7 +99,6 @@
 					<xs:element ref="reply" />
 					<xs:element ref="request" />
 					<xs:element ref="signInQuery" />
-					<xs:element ref="applicationServiceURL" />
 				</xs:sequence>
 				<xs:attribute name="version" use="required" type="xs:string" />
 			</xs:extension>
@@ -134,6 +133,7 @@
 	
 	<xs:complexType name="protocolType" abstract="true">
 	    <xs:sequence>
+	        <xs:element ref="applicationServiceURL" />
 	        <xs:element ref="roleDelimiter" />
 	        <xs:element ref="roleURI" />
 	        <xs:element ref="claimTypesRequested" />

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f15c92f6/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
index 5c64332..73c9d97 100644
--- a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
+++ b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
@@ -181,9 +181,10 @@ public class FederationAuthenticator extends FormAuthenticator {
         LOG.debug("WsFedAuthenticator:invoke()");
         request.setCharacterEncoding(this.encoding);
         
-        if (request.getRequestURL().indexOf(FederationConstants.METADATA_PATH_URI) != -1)
{
+        if (request.getRequestURL().indexOf(FederationConstants.METADATA_PATH_URI) != -1
+            || request.getRequestURL().indexOf(FederationConstants.FEDIZ_SAML_METADATA_PATH_URI)
!= -1) {
             if (LOG.isInfoEnabled()) {
-                LOG.info("WS-Federation Metadata document requested");
+                LOG.info("Metadata document requested");
             }
             response.setContentType("text/xml");
             PrintWriter out = response.getWriter();


Mime
View raw message