cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Started work on the CXF plugin
Date Wed, 30 Jul 2014 16:22:06 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 84a57eead -> 60325dc51


Started work on the CXF plugin


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/60325dc5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/60325dc5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/60325dc5

Branch: refs/heads/master
Commit: 60325dc516d10dbfce5e7f5a57f1451ec788361e
Parents: 84a57ee
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jul 30 17:21:52 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jul 30 17:21:52 2014 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/FederationConstants.java     | 24 ++----
 .../apache/cxf/fediz/core/FedizConstants.java   | 44 +++++++++++
 .../apache/cxf/fediz/core/SAMLSSOConstants.java | 42 ++++++++++
 .../cxf/fediz/core/metadata/MetadataWriter.java |  6 +-
 .../fediz/core/processor/SAMLProcessorImpl.java | 11 +--
 .../core/samlsso/EHCacheSPStateManager.java     | 45 +++++++++++
 .../cxf/fediz/core/samlsso/ResponseState.java   | 81 ++++++++++++++++++++
 .../cxf/fediz/core/samlsso/SPStateManager.java  |  4 +
 .../fediz/core/AbstractSAMLCallbackHandler.java |  2 +-
 .../fediz/core/samlsso/SAMLResponseTest.java    |  4 +-
 plugins/cxf/pom.xml                             | 12 +++
 .../fediz/jetty/FederationAuthenticator.java    | 12 +--
 .../web/FederationAuthenticationFilter.java     | 14 ++--
 .../web/FederationAuthenticationFilter.java     | 14 ++--
 .../fediz/tomcat/FederationAuthenticator.java   | 20 ++---
 15 files changed, 279 insertions(+), 56 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
index 3ffa654..1ca70b0 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
@@ -24,13 +24,13 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
-public final class FederationConstants {
+/**
+ * Constants specific to WS-Federation
+ */
+public final class FederationConstants extends FedizConstants {
    
     public static final String WSFED_METHOD = "WSFED";
 
-    public static final URI DEFAULT_ROLE_URI = URI
-        .create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
-
     /**
      * Constants defined in following spec:
      * http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html
@@ -207,23 +207,9 @@ public final class FederationConstants {
     public static final URI AUTH_TYPE_SMARTCARD = URI
         .create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard");
 
-    public static final String WS_TRUST_13_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
-    
-    public static final String WS_TRUST_2005_02_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
-    
-    public static final String SAML2_METADATA_NS = "urn:oasis:names:tc:SAML:2.0:metadata";
-    
-    public static final String WS_FEDERATION_NS = "http://docs.oasis-open.org/wsfed/federation/200706";
-    
-    public static final String WS_ADDRESSING_NS = "http://www.w3.org/2005/08/addressing";
-    
-    public static final String SCHEMA_INSTANCE_NS = "http://www.w3.org/2001/XMLSchema-instance";
-    
     public static final String METADATA_PATH_URI = "FederationMetadata/2007-06/FederationMetadata.xml";
     
-    public static final String FEDIZ_SAML_METADATA_PATH_URI = "SAML/Metadata.xml";
-    
     private FederationConstants() {
-        
+        super();
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
new file mode 100644
index 0000000..f5205f4
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import java.net.URI;
+
+public class FedizConstants {
+   
+    public static final URI DEFAULT_ROLE_URI = URI
+        .create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+
+    public static final String WS_TRUST_13_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
+    
+    public static final String WS_TRUST_2005_02_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+    
+    public static final String SAML2_METADATA_NS = "urn:oasis:names:tc:SAML:2.0:metadata";
+    
+    public static final String WS_FEDERATION_NS = "http://docs.oasis-open.org/wsfed/federation/200706";
+    
+    public static final String WS_ADDRESSING_NS = "http://www.w3.org/2005/08/addressing";
+    
+    public static final String SCHEMA_INSTANCE_NS = "http://www.w3.org/2001/XMLSchema-instance";
+    
+    protected FedizConstants() {
+        
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
new file mode 100644
index 0000000..e82bd7d
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+/**
+ * Constants specific to SAML SSO
+ */
+public final class SAMLSSOConstants extends FedizConstants {
+   
+    public static final String FEDIZ_SAML_METADATA_PATH_URI = "SAML/Metadata.xml";
+    
+    public static final String SAML_REQUEST = "SAMLRequest";
+    
+    public static final String SAML_RESPONSE = "SAMLResponse"; 
+    
+    public static final String RELAY_STATE = "RelayState";
+    
+    public static final String SIG_ALG = "SigAlg";
+    
+    public static final String SIGNATURE = "Signature";
+    
+    private SAMLSSOConstants() {
+        super();
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index 333d039..fe5efc3 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -48,10 +48,10 @@ import org.apache.xml.security.utils.Base64;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import static org.apache.cxf.fediz.core.FederationConstants.SAML2_METADATA_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.SCHEMA_INSTANCE_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.WS_ADDRESSING_NS;
 import static org.apache.cxf.fediz.core.FederationConstants.WS_FEDERATION_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SAML2_METADATA_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SCHEMA_INSTANCE_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
 
 public class MetadataWriter {
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 73404d7..1679da2 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -37,6 +37,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.TokenValidator;
 import org.apache.cxf.fediz.core.TokenValidatorRequest;
 import org.apache.cxf.fediz.core.TokenValidatorResponse;
@@ -333,15 +334,15 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
                 URLEncoder.encode(authnRequestEncoded, "UTF-8");
             
             StringBuilder sb = new StringBuilder();
-            sb.append("SAMLRequest").append('=').append(urlEncodedRequest);
-            sb.append("&RelayState").append('=').append(relayState);
+            sb.append(SAMLSSOConstants.SAML_REQUEST).append('=').append(urlEncodedRequest);
+            sb.append("&" + SAMLSSOConstants.RELAY_STATE).append('=').append(relayState);
             
             if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
                 String signature = signRequest(config, sb);
-                sb.append("&Signature").append('=').append(signature);
+                sb.append("&" + SAMLSSOConstants.SIGNATURE).append('=').append(signature);
             }
             
-            String contextCookie = createCookie("RelayState",
+            String contextCookie = createCookie(SAMLSSOConstants.RELAY_STATE,
                                                 relayState,
                                                 request.getRequestURI(),
                                                 webAppDomain,
@@ -405,7 +406,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
         Signature signature = Signature.getInstance(jceSigAlgo);
         signature.initSign(privateKey);
        
-        sb.append("&SigAlg").append('=').append(URLEncoder.encode(sigAlgo, "UTF-8"));
+        sb.append("&" + SAMLSSOConstants.SIG_ALG).append('=').append(URLEncoder.encode(sigAlgo,
"UTF-8"));
         String requestToSign = sb.toString();
 
         signature.update(requestToSign.getBytes("UTF-8"));

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
index 4ec8f8e..d6d9c5b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
@@ -41,6 +41,7 @@ public class EHCacheSPStateManager implements SPStateManager {
     public static final String RESPONSE_CACHE_KEY = "cxf.fediz.samlp.response.state.cache";
     
     private Ehcache requestCache;
+    private Ehcache responseCache;
     private CacheManager cacheManager;
     private long ttl = DEFAULT_TTL;
     
@@ -59,6 +60,11 @@ public class EHCacheSPStateManager implements SPStateManager {
 
         Ehcache newCache = new Cache(requestCC);
         requestCache = cacheManager.addCacheIfAbsent(newCache);
+        
+        CacheConfiguration responseCC = EHCacheManagerHolder.getCacheConfiguration(RESPONSE_CACHE_KEY,
cacheManager);
+        
+        newCache = new Cache(responseCC);
+        responseCache = cacheManager.addCacheIfAbsent(newCache);
     }
     
     private static URL getConfigFileURL(Object o) {
@@ -120,11 +126,50 @@ public class EHCacheSPStateManager implements SPStateManager {
         return null;
     }
     
+    public ResponseState getResponseState(String securityContextKey) {
+        Element element = responseCache.get(securityContextKey);
+        if (element != null) {
+            if (responseCache.isExpired(element)) {
+                responseCache.remove(securityContextKey);
+                return null;
+            }
+            return (ResponseState)element.getObjectValue();
+        }
+        return null;
+    }
+
+    public ResponseState removeResponseState(String securityContextKey) {
+        Element element = responseCache.get(securityContextKey);
+        if (element != null) {
+            responseCache.remove(securityContextKey);
+            return (ResponseState)element.getObjectValue();
+        }
+        return null;
+    }
+
+    public void setResponseState(String securityContextKey, ResponseState state) {
+        if (securityContextKey == null || "".equals(securityContextKey)) {
+            return;
+        }
+        
+        int parsedTTL = (int)ttl;
+        if (ttl != (long)parsedTTL) {
+            // Fall back to 5 minutes if the default TTL is set incorrectly
+            parsedTTL = 60 * 5;
+        }
+        Element element = new Element(securityContextKey, state);
+        element.setTimeToLive(parsedTTL);
+        element.setTimeToIdle(parsedTTL);
+        
+        responseCache.put(element);
+    }
+    
     public void close() throws IOException {
         if (cacheManager != null) {
             cacheManager.shutdown();
             cacheManager = null;
             requestCache = null;
+            responseCache = null;
         }
     }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
new file mode 100644
index 0000000..dfbf9ff
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.core.samlsso;
+
+import java.io.Serializable;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ResponseState implements Serializable {
+
+    private static final long serialVersionUID = -3247188797004342462L;
+    
+    private String assertion;
+    private String relayState;
+    private String webAppContext;
+    private String webAppDomain;
+    private long createdAt;
+    private long expiresAt;
+    
+    public ResponseState() {
+        
+    }
+    
+    public ResponseState(String assertion,
+                         String relayState,
+                         String webAppContext,
+                         String webAppDomain,
+                         long createdAt, 
+                         long expiresAt) {
+        this.assertion = assertion;
+        this.relayState = relayState;
+        this.webAppContext = webAppContext;
+        this.webAppDomain = webAppDomain;
+        this.createdAt = createdAt;
+        this.expiresAt = expiresAt;
+    }
+
+    public long getCreatedAt() {
+        return createdAt;
+    }
+    
+    public long getExpiresAt() {
+        return expiresAt;
+    }
+
+    public String getRelayState() {
+        return relayState;
+    }
+    
+    public String getWebAppContext() {
+        return webAppContext;
+    }
+
+    public String getWebAppDomain() {
+        return webAppDomain;
+    }
+    
+    public String getAssertion() {
+        return assertion;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
index d55c5d4..d55dce0 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
@@ -36,5 +36,9 @@ public interface SPStateManager extends Closeable {
     void setRequestState(String relayState, RequestState state);
     RequestState removeRequestState(String relayState);
     
+    void setResponseState(String contextKey, ResponseState state);
+    ResponseState getResponseState(String contextKey);
+    ResponseState removeResponseState(String contextKey);
+    
     void close() throws IOException;
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
index 78629b0..238a88c 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
@@ -88,7 +88,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler
{
     protected Map<String, String> claims;
     protected MultiValue multiValueType = MultiValue.MULTI_VALUE;
     protected String roleSeperator = ",";
-    protected String roleAttributeName = FederationConstants.DEFAULT_ROLE_URI.toString();
+    protected String roleAttributeName = FedizConstants.DEFAULT_ROLE_URI.toString();
     protected String countryClaimName = ClaimTypes.COUNTRY.toString();
     protected String customClaimName = CLAIM_TYPE_LANGUAGE.toString();
     protected String attributeNameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
index a4b2772..e51b120 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
@@ -44,7 +44,7 @@ import org.apache.cxf.fediz.core.AbstractSAMLCallbackHandler;
 import org.apache.cxf.fediz.core.AbstractSAMLCallbackHandler.MultiValue;
 import org.apache.cxf.fediz.core.Claim;
 import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.FedizConstants;
 import org.apache.cxf.fediz.core.KeystoreCallbackHandler;
 import org.apache.cxf.fediz.core.SAML1CallbackHandler;
 import org.apache.cxf.fediz.core.SAML2CallbackHandler;
@@ -187,7 +187,7 @@ public class SAMLResponseTest {
         Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                             .size());
         Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
-        assertClaims(wfRes.getClaims(), FederationConstants.DEFAULT_ROLE_URI.toString());
+        assertClaims(wfRes.getClaims(), FedizConstants.DEFAULT_ROLE_URI.toString());
     }
     
     /**

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/cxf/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/cxf/pom.xml b/plugins/cxf/pom.xml
index da898ab..e7a2ca6 100644
--- a/plugins/cxf/pom.xml
+++ b/plugins/cxf/pom.xml
@@ -50,6 +50,18 @@
             <version>${cxf.version}</version>
             <scope>provided</scope>  
         </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-core</artifactId>
+            <version>${cxf.version}</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+            <version>${cxf.version}</version>
+            <scope>compile</scope>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
index ebb40e3..ac09cc5 100644
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
+++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
@@ -35,6 +35,7 @@ import javax.servlet.http.HttpSession;
 import javax.xml.bind.JAXBException;
 
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
@@ -173,7 +174,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
         FedizContext fedConfig = getContextConfiguration(contextName);
 
         try {
-            String action = request.getParameter("wa");
+            String action = request.getParameter(FederationConstants.PARAM_ACTION);
             String responseToken = getResponseToken(request, fedConfig);
             
             // Handle a request for authentication.
@@ -371,10 +372,11 @@ public class FederationAuthenticator extends LoginAuthenticator {
 
     private boolean isSignInRequest(ServletRequest request, FedizContext fedConfig) {
         if (fedConfig.getProtocol() instanceof FederationProtocol
-            && FederationConstants.ACTION_SIGNIN.equals(request.getParameter("wa")))
{
+            && FederationConstants.ACTION_SIGNIN.equals(
+                request.getParameter(FederationConstants.PARAM_ACTION))) {
             return true;
         } else if (fedConfig.getProtocol() instanceof SAMLProtocol
-            && request.getParameter("RelayState") != null) {
+            && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
             return true;
         }
 
@@ -383,9 +385,9 @@ public class FederationAuthenticator extends LoginAuthenticator {
     
     private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
         if (fedConfig.getProtocol() instanceof FederationProtocol) {
-            return request.getParameter("wresult");
+            return request.getParameter(FederationConstants.PARAM_RESULT);
         } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
-            return request.getParameter("SAMLResponse");
+            return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
         }
         return null;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 2c6d85b..906246b 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -26,6 +26,8 @@ import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.processor.FedizRequest;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -46,12 +48,12 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
         throws AuthenticationException, IOException {
 
         
-        String wa = request.getParameter("wa");
+        String wa = request.getParameter(FederationConstants.PARAM_ACTION);
         String responseToken = getResponseToken(request);
         FedizRequest wfReq = new FedizRequest();
         wfReq.setAction(wa);
         wfReq.setResponseToken(responseToken);
-        wfReq.setState(request.getParameter("RelayState"));
+        wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
         wfReq.setRequest(request);
         
         X509Certificate certs[] = 
@@ -66,10 +68,10 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
     }
   
     private String getResponseToken(ServletRequest request) {
-        if (request.getParameter("wresult") != null) {
-            return request.getParameter("wresult");
-        } else if (request.getParameter("SAMLResponse") != null) {
-            return request.getParameter("SAMLResponse");
+        if (request.getParameter(FederationConstants.PARAM_RESULT) != null) {
+            return request.getParameter(FederationConstants.PARAM_RESULT);
+        } else if (request.getParameter(SAMLSSOConstants.SAML_RESPONSE) != null) {
+            return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
         }
         
         return null;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index eeb7190..8449b53 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -25,6 +25,8 @@ import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.processor.FedizRequest;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
@@ -59,12 +61,12 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter
{
 
     @Override
     public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException
{
-        String wa = request.getParameter("wa");
+        String wa = request.getParameter(FederationConstants.PARAM_ACTION);
         String responseToken = getResponseToken(request);
         FedizRequest wfReq = new FedizRequest();
         wfReq.setAction(wa);
         wfReq.setResponseToken(responseToken);
-        wfReq.setState(request.getParameter("RelayState"));
+        wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
         wfReq.setRequest(request);
         
         X509Certificate certs[] = 
@@ -79,10 +81,10 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter
{
     }
     
     private String getResponseToken(ServletRequest request) {
-        if (request.getParameter("wresult") != null) {
-            return request.getParameter("wresult");
-        } else if (request.getParameter("SAMLResponse") != null) {
-            return request.getParameter("SAMLResponse");
+        if (request.getParameter(FederationConstants.PARAM_RESULT) != null) {
+            return request.getParameter(FederationConstants.PARAM_RESULT);
+        } else if (request.getParameter(SAMLSSOConstants.SAML_RESPONSE) != null) {
+            return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
         }
         
         return null;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
index d99670e..a67a6d3 100644
--- a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
+++ b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
@@ -47,6 +47,7 @@ import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.deploy.LoginConfig;
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
@@ -224,7 +225,7 @@ public class FederationAuthenticator extends FormAuthenticator {
             }
         }
 
-        String wa = request.getParameter("wa");
+        String wa = request.getParameter(FederationConstants.PARAM_ACTION);
         if (FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(wa)) {
             if (LOG.isDebugEnabled()) {
                 LOG.debug("SignOutCleanup request found");
@@ -260,7 +261,7 @@ public class FederationAuthenticator extends FormAuthenticator {
         } else if (fedConfig.getProtocol() instanceof FederationProtocol) {
             return FederationConstants.METADATA_PATH_URI;
         } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
-            return FederationConstants.FEDIZ_SAML_METADATA_PATH_URI;
+            return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
         }
         
         return FederationConstants.METADATA_PATH_URI;
@@ -402,7 +403,7 @@ public class FederationAuthenticator extends FormAuthenticator {
         // Check whether it is the signin request, validate the token.
         // If failed, redirect to the error page if they are not correct
         FedizResponse wfRes = null;
-        String action = request.getParameter("wa");
+        String action = request.getParameter(FederationConstants.PARAM_ACTION);
         String responseToken = getResponseToken(request, fedConfig);
         
         // Handle a request for authentication.
@@ -569,10 +570,10 @@ public class FederationAuthenticator extends FormAuthenticator {
     
     private boolean isSignInRequired(Request request, FedizContext fedConfig) {
         if (fedConfig.getProtocol() instanceof FederationProtocol
-            && request.getParameter("wa") == null) {
+            && request.getParameter(FederationConstants.PARAM_ACTION) == null) {
             return true;
         } else if (fedConfig.getProtocol() instanceof SAMLProtocol
-            && request.getParameter("RelayState") == null) {
+            && request.getParameter(SAMLSSOConstants.RELAY_STATE) == null) {
             return true;
         }
         
@@ -581,10 +582,11 @@ public class FederationAuthenticator extends FormAuthenticator {
     
     private boolean isSignInRequest(Request request, FedizContext fedConfig) {
         if (fedConfig.getProtocol() instanceof FederationProtocol
-            && FederationConstants.ACTION_SIGNIN.equals(request.getParameter("wa")))
{
+            && FederationConstants.ACTION_SIGNIN.equals(
+                request.getParameter(FederationConstants.PARAM_ACTION))) {
             return true;
         } else if (fedConfig.getProtocol() instanceof SAMLProtocol
-            && request.getParameter("RelayState") != null) {
+            && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
             return true;
         }
         
@@ -593,9 +595,9 @@ public class FederationAuthenticator extends FormAuthenticator {
     
     private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
         if (fedConfig.getProtocol() instanceof FederationProtocol) {
-            return request.getParameter("wresult");
+            return request.getParameter(FederationConstants.PARAM_RESULT);
         } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
-            return request.getParameter("SAMLResponse");
+            return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
         }
         
         return null;


Mime
View raw message