cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Fixing the CXF plugin to work with the last refactor
Date Fri, 29 Aug 2014 13:41:33 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 1dbf270b6 -> e266cd527


Fixing the CXF plugin to work with the last refactor


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e266cd52
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e266cd52
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e266cd52

Branch: refs/heads/master
Commit: e266cd5274d2e85899bf77f81f30e45aa848749a
Parents: 1dbf270
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Aug 29 14:41:04 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Aug 29 14:41:04 2014 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/fediz/core/RequestState.java |  20 +-
 .../fediz/core/processor/SAMLProcessorImpl.java |   6 +-
 .../samlsso/SAMLResponseConformanceTest.java    |  48 +--
 .../fediz/core/samlsso/SAMLResponseTest.java    |  73 ++---
 .../plugin/AbstractServiceProviderFilter.java   |  39 ++-
 .../cxf/plugin/FedizRedirectBindingFilter.java  | 296 +++++++++++++++++++
 .../cxf/plugin/SamlRedirectBindingFilter.java   | 269 -----------------
 .../cxf/plugin/state/EHCacheSPStateManager.java | 177 +++++++++++
 .../fediz/cxf/plugin/state/ResponseState.java   | 120 ++++++++
 .../fediz/cxf/plugin/state/SPStateManager.java  |  46 +++
 10 files changed, 741 insertions(+), 353 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
index efcbdb0..2a54a61 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
@@ -32,31 +32,36 @@ public class RequestState implements Serializable {
     
     private String targetAddress;
     private String idpServiceAddress;
-    private String samlRequestId;
+    private String requestId;
     private String issuerId;
     private String webAppContext;
     private String webAppDomain;
     private long createdAt;
+    private String state;
  
     public RequestState() {
         
     }
     
+    // CHECKSTYLE:OFF
     public RequestState(String targetAddress,
                         String idpServiceAddress,
-                        String samlRequestId,
+                        String requestId,
                         String issuerId,
                         String webAppContext,
                         String webAppDomain,
+                        String state,
                         long createdAt) {
         this.targetAddress = targetAddress;
         this.idpServiceAddress = idpServiceAddress;
-        this.samlRequestId = samlRequestId;
+        this.requestId = requestId;
         this.issuerId = issuerId;
         this.webAppContext = webAppContext;
         this.webAppDomain = webAppDomain;
+        this.state  = state;
         this.createdAt = createdAt;
     }
+    // CHECKSTYLE:ON
 
     public String getTargetAddress() {
         return targetAddress;
@@ -66,8 +71,8 @@ public class RequestState implements Serializable {
         return idpServiceAddress;
     }
 
-    public String getSamlRequestId() {
-        return samlRequestId;
+    public String getRequestId() {
+        return requestId;
     }
 
     public String getIssuerId() {
@@ -85,4 +90,9 @@ public class RequestState implements Serializable {
     public String getWebAppDomain() {
         return webAppDomain;
     }
+
+    public String getState() {
+        return state;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 0fe7ff4..1546cc2 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -255,7 +255,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             ssoResponseValidator.setClientAddress(request.getRemoteAddr());
 
             ssoResponseValidator.setIssuerIDP(requestState.getIdpServiceAddress());
-            ssoResponseValidator.setRequestId(requestState.getSamlRequestId());
+            ssoResponseValidator.setRequestId(requestState.getRequestId());
             ssoResponseValidator.setSpIdentifier(requestState.getIssuerId());
             ssoResponseValidator.setEnforceAssertionsSigned(true);
             ssoResponseValidator.setEnforceKnownIssuer(true);
@@ -305,16 +305,16 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
             
             String webAppDomain = ((SAMLProtocol)config.getProtocol()).getWebAppDomain();
+            String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
             RequestState requestState = new RequestState(requestURL,
                                                          redirectURL,
                                                          authnRequest.getID(),
                                                          realm,
                                                          authnRequest.getIssuer().getValue(),
                                                          webAppDomain,
+                                                         relayState,
                                                          System.currentTimeMillis());
             
-            String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-            
             String urlEncodedRequest = 
                 URLEncoder.encode(authnRequestEncoded, "UTF-8");
             

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
index a126129..08c3090 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
@@ -139,16 +139,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -213,16 +213,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -287,16 +287,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
@@ -353,16 +353,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -417,16 +417,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -484,16 +484,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -551,16 +551,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -618,16 +618,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -685,16 +685,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -752,16 +752,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -820,16 +820,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -886,16 +886,16 @@ public class SAMLResponseConformanceTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
index 68bcf87..8fc10a5 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
@@ -154,16 +154,16 @@ public class SAMLResponseTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         String responseStr = createSamlResponseStr(requestId);
         
@@ -200,16 +200,16 @@ public class SAMLResponseTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         Document doc = STSUtil.toSOAPPart(SAMLSSOTestUtils.SAMPLE_EMPTY_SAML_RESPONSE);
         
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
@@ -247,6 +247,7 @@ public class SAMLResponseTest {
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     null,
                                                      System.currentTimeMillis());
         
         // Create SAML Response
@@ -283,16 +284,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -335,16 +336,16 @@ public class SAMLResponseTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -389,16 +390,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -444,16 +445,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -498,16 +499,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -554,16 +555,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -609,16 +610,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -680,16 +681,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -742,16 +743,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -795,16 +796,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -846,16 +847,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -924,16 +925,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -1005,16 +1006,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -1055,16 +1056,16 @@ public class SAMLResponseTest {
 
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
 
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
 
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -1104,16 +1105,16 @@ public class SAMLResponseTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -1206,16 +1207,16 @@ public class SAMLResponseTest {
         
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         
+        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
                                                      TEST_REQUEST_URL,
                                                      (String)config.getProtocol().getIssuer(),
                                                      null,
+                                                     relayState,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
         // Create SAML Response
         String responseStr = createSamlResponseStr(requestId);
         

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
index 7177886..3468216 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
@@ -44,8 +44,10 @@ import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
 import org.apache.cxf.fediz.core.config.SAMLProtocol;
-import org.apache.cxf.fediz.core.samlsso.ResponseState;
 import org.apache.cxf.fediz.core.util.CookieUtils;
+import org.apache.cxf.fediz.cxf.plugin.state.EHCacheSPStateManager;
+import org.apache.cxf.fediz.cxf.plugin.state.ResponseState;
+import org.apache.cxf.fediz.cxf.plugin.state.SPStateManager;
 import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
 import org.apache.cxf.jaxrs.impl.UriInfoImpl;
 import org.apache.cxf.message.Message;
@@ -64,12 +66,12 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
         BundleUtils.getBundle(AbstractServiceProviderFilter.class);
     private static final Logger LOG = LoggerFactory.getLogger(AbstractServiceProviderFilter.class);
     
-    private String webAppDomain;
     private boolean addWebAppContext = true;
     private boolean addEndpointAddressToContext;
     
     private FedizConfigurator configurator;
     private String configFile;
+    private SPStateManager stateManager;
     
     public String getConfigFile() {
         return configFile;
@@ -105,10 +107,14 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
                 throw e;
             }
         }
+        
+        if (stateManager == null) {
+            stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
+        } 
     }
     
     @PreDestroy
-    public synchronized void cleanup() {
+    public synchronized void cleanup() throws IOException {
         if (configurator != null) {
             List<FedizContext> fedContextList = configurator.getFedizContextList();
             if (fedContextList != null) {
@@ -121,6 +127,8 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
                 }
             }
         }
+        
+        stateManager.close();
     }
     
     protected boolean checkSecurityContext(Message m) {
@@ -186,7 +194,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
         FedizContext fedizConfig = getFedizContext(m);
         
         SAMLProtocol protocol = (SAMLProtocol)fedizConfig.getProtocol();
-        ResponseState responseState = protocol.getStateManager().getResponseState(contextKey);
+        ResponseState responseState = stateManager.getResponseState(contextKey);
         
         if (responseState == null) {
             reportError("MISSING_RESPONSE_STATE");
@@ -196,17 +204,17 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
         if (CookieUtils.isStateExpired(responseState.getCreatedAt(), responseState.getExpiresAt(), 
                                     protocol.getStateTimeToLive())) {
             reportError("EXPIRED_RESPONSE_STATE");
-            protocol.getStateManager().removeResponseState(contextKey);
+            stateManager.removeResponseState(contextKey);
             return null;
         }
         
         String webAppContext = getWebAppContext(m);
-        if (webAppDomain != null 
+        if (protocol.getWebAppDomain() != null 
             && (responseState.getWebAppDomain() == null 
-                || !webAppDomain.equals(responseState.getWebAppDomain()))
+                || !protocol.getWebAppDomain().equals(responseState.getWebAppDomain()))
                 || responseState.getWebAppContext() == null
                 || !webAppContext.equals(responseState.getWebAppContext())) {
-            protocol.getStateManager().removeResponseState(contextKey);
+            stateManager.removeResponseState(contextKey);
             reportError("INVALID_RESPONSE_STATE");
             return null;
         }
@@ -269,16 +277,15 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
         }
     }
   
-    public String getWebAppDomain() {
-        return webAppDomain;
-    }
-
-    public void setWebAppDomain(String webAppDomain) {
-        this.webAppDomain = webAppDomain;
-    }
-
     public void setAddWebAppContext(boolean addWebAppContext) {
         this.addWebAppContext = addWebAppContext;
     }
         
+    public SPStateManager getStateManager() {
+        return stateManager;
+    }
+
+    public void setStateManager(SPStateManager stateManager) {
+        this.stateManager = stateManager;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
new file mode 100644
index 0000000..ea61177
--- /dev/null
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -0,0 +1,296 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.cxf.plugin;
+
+import java.io.IOException;
+import java.net.URI;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
+import org.apache.cxf.fediz.core.config.FederationProtocol;
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.config.SAMLProtocol;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
+import org.apache.cxf.fediz.core.processor.FedizRequest;
+import org.apache.cxf.fediz.core.processor.FedizResponse;
+import org.apache.cxf.fediz.core.processor.RedirectionResponse;
+import org.apache.cxf.fediz.core.util.CookieUtils;
+import org.apache.cxf.fediz.cxf.plugin.state.ResponseState;
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.impl.UriInfoImpl;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.wss4j.common.util.DOM2Writer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter {
+    
+    private static final Logger LOG = LoggerFactory.getLogger(FedizRedirectBindingFilter.class);
+    
+    @Context 
+    private MessageContext messageContext;
+    
+    public void filter(ContainerRequestContext context) {
+        Message m = JAXRSUtils.getCurrentMessage();
+        
+        if (checkSecurityContext(m)) {
+            return;
+        } else {
+            try {
+                FedizContext fedConfig = getFedizContext(m);
+                
+                String httpMethod = context.getMethod();
+                MultivaluedMap<String, String> params = null;
+                if (HttpMethod.GET.equals(httpMethod)) {
+                    params = context.getUriInfo().getQueryParameters();
+                } else if (HttpMethod.POST.equals(httpMethod)) {
+                    String strForm = IOUtils.toString(context.getEntityStream());
+                    params = JAXRSUtils.getStructuredParams(strForm, "&", false, false);
+                }
+                
+                if (isSignInRequired(fedConfig, params)) {
+                    // Unauthenticated -> redirect
+                    FedizProcessor processor = 
+                        FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
+
+                    HttpServletRequest request = messageContext.getHttpServletRequest();
+                    RedirectionResponse redirectionResponse = 
+                        processor.createSignInRequest(request, fedConfig);
+                    String redirectURL = redirectionResponse.getRedirectionURL();
+                    if (redirectURL != null) {
+                        ResponseBuilder response = Response.seeOther(new URI(redirectURL));
+                        Map<String, String> headers = redirectionResponse.getHeaders();
+                        if (!headers.isEmpty()) {
+                            for (String headerName : headers.keySet()) {
+                                response.header(headerName, headers.get(headerName));
+                            }
+                        }
+
+                        // Save the RequestState
+                        RequestState requestState = redirectionResponse.getRequestState();
+                        if (requestState != null && requestState.getState() != null) {
+                            getStateManager().setRequestState(requestState.getState(), requestState);
+                        }
+                        
+                        context.abortWith(response.build());
+                    } else {
+                        LOG.warn("Failed to create SignInRequest.");
+                        throw ExceptionUtils.toInternalServerErrorException(null, null);
+                    }
+                } else if (isSignInRequest(fedConfig, params)) {
+                    String responseToken = getResponseToken(fedConfig, params);
+                    if (responseToken == null) {
+                        if (LOG.isDebugEnabled()) {
+                            LOG.debug("SignIn request must contain a response token from the IdP");
+                        }
+                        throw ExceptionUtils.toBadRequestException(null, null);
+                    } else {
+                        // processSignInRequest
+                        if (LOG.isDebugEnabled()) {
+                            LOG.debug("Process SignIn request");
+                            LOG.debug("token=\n" + responseToken);
+                        }
+
+                        FedizResponse wfRes = 
+                            validateSignInRequest(fedConfig, params, responseToken);
+                        
+                        // Validate AudienceRestriction
+                        List<String> audienceURIs = fedConfig.getAudienceUris();
+                        HttpServletRequest request = messageContext.getHttpServletRequest();
+                        validateAudienceRestrictions(wfRes, audienceURIs, request);
+
+                        // Set the security context
+                        String securityContextKey = UUID.randomUUID().toString();
+                           
+                        SAMLProtocol protocol = (SAMLProtocol)fedConfig.getProtocol();
+                        
+                        long currentTime = System.currentTimeMillis();
+                        Date notOnOrAfter = wfRes.getTokenExpires();
+                        long expiresAt = 0;
+                        if (notOnOrAfter != null) {
+                            expiresAt = notOnOrAfter.getTime();
+                        } else {
+                            expiresAt = currentTime + protocol.getStateTimeToLive();
+                        }
+                           
+                        String webAppDomain = protocol.getWebAppDomain();
+                        String token = DOM2Writer.nodeToString(wfRes.getToken());
+                        List<String> roles = wfRes.getRoles();
+                        if (roles == null || roles.size() == 0) {
+                            roles = Collections.singletonList("Authenticated");
+                        }
+                        
+                        String webAppContext = getWebAppContext(m);
+                        
+                        ResponseState responseState = 
+                            new ResponseState(token,
+                                              params.getFirst("RelayState"), 
+                                              webAppContext,
+                                              webAppDomain,
+                                              currentTime, 
+                                              expiresAt);
+                        responseState.setClaims(wfRes.getClaims());
+                        responseState.setRoles(roles);
+                        responseState.setIssuer(wfRes.getIssuer());
+                        responseState.setSubject(wfRes.getUsername());
+                        getStateManager().setResponseState(securityContextKey, responseState);
+                           
+                        long stateTimeToLive = protocol.getStateTimeToLive();
+                        String contextCookie = CookieUtils.createCookie(SECURITY_CONTEXT_TOKEN,
+                                                            securityContextKey,
+                                                            webAppContext,
+                                                            webAppDomain,
+                                                            stateTimeToLive);
+                        
+                        // Redirect with cookie set
+                        ResponseBuilder response = 
+                            Response.seeOther(new UriInfoImpl(m).getAbsolutePath());
+                        response.header("Set-Cookie", contextCookie);
+
+                        context.abortWith(response.build());
+                    }
+                    
+                } else {
+                    LOG.error("SignIn parameter is incorrect or not supported");
+                    throw ExceptionUtils.toBadRequestException(null, null);
+                }
+            } catch (Exception ex) {
+                LOG.debug(ex.getMessage(), ex);
+                throw ExceptionUtils.toInternalServerErrorException(ex, null);
+            }
+        }
+    }
+    
+    private boolean isSignInRequired(FedizContext fedConfig, MultivaluedMap<String, String> params) {
+        if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
+            && params.getFirst(FederationConstants.PARAM_ACTION) == null) {
+            return true;
+        } else if (params != null && fedConfig.getProtocol() instanceof SAMLProtocol
+            && params.getFirst(SAMLSSOConstants.RELAY_STATE) == null) {
+            return true;
+        }
+        
+        return false;
+    }
+    
+    private boolean isSignInRequest(FedizContext fedConfig, MultivaluedMap<String, String> params) { 
+        if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
+            && FederationConstants.ACTION_SIGNIN.equals(
+                params.getFirst(FederationConstants.PARAM_ACTION))) {
+            return true;
+        } else if (params != null && fedConfig.getProtocol() instanceof SAMLProtocol
+            && params.getFirst(SAMLSSOConstants.RELAY_STATE) != null) {
+            return true;
+        }
+        
+        return false;
+    }
+    
+    private String getResponseToken(FedizContext fedConfig, MultivaluedMap<String, String> params) 
+        throws IOException {
+        if (params != null && fedConfig.getProtocol() instanceof FederationProtocol) {
+            return params.getFirst(FederationConstants.PARAM_RESULT);
+        } else if (params != null && fedConfig.getProtocol() instanceof SAMLProtocol) {
+            return params.getFirst(SAMLSSOConstants.SAML_RESPONSE);
+        }
+        
+        return null;
+    }
+    
+    private FedizResponse validateSignInRequest(
+        FedizContext fedConfig,
+        MultivaluedMap<String, String> params,
+        String responseToken
+    ) {
+        FedizRequest wfReq = new FedizRequest();
+        wfReq.setAction(params.getFirst(FederationConstants.PARAM_ACTION));
+        wfReq.setResponseToken(responseToken);
+        String relayState = params.getFirst("RelayState");
+        wfReq.setState(relayState);
+        if (relayState != null) {
+            wfReq.setRequestState(getStateManager().removeRequestState(relayState));
+        }
+
+        HttpServletRequest request = messageContext.getHttpServletRequest();
+        wfReq.setRequest(request);
+
+        X509Certificate certs[] = 
+            (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
+        wfReq.setCerts(certs);
+
+        FedizProcessor wfProc = 
+            FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
+        try {
+            return wfProc.processRequest(wfReq, fedConfig);
+        } catch (ProcessingException ex) {
+            LOG.error("Federation processing failed: " + ex.getMessage());
+            throw ExceptionUtils.toNotAuthorizedException(ex, null);
+        }
+    }
+    
+    private void validateAudienceRestrictions(
+        FedizResponse wfRes, 
+        List<String> audienceURIs,
+        HttpServletRequest request
+    ) {
+        // Validate the AudienceRestriction in Security Token (e.g. SAML) 
+        // against the configured list of audienceURIs
+        if (wfRes.getAudience() != null) {
+            boolean validAudience = false;
+            for (String a : audienceURIs) {
+                if (wfRes.getAudience().startsWith(a)) {
+                    validAudience = true;
+                    break;
+                }
+            }
+            
+            if (!validAudience) {
+                LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
+                         + "] doesn't match with specified list of URIs.");
+                throw ExceptionUtils.toForbiddenException(null, null);
+            }
+            
+            if (LOG.isDebugEnabled() && request.getRequestURL().indexOf(wfRes.getAudience()) == -1) {
+                LOG.debug("Token AudienceRestriction doesn't match with request URL ["
+                        + wfRes.getAudience() + "]  ["
+                        + request.getRequestURL() + "]");
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/SamlRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/SamlRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/SamlRedirectBindingFilter.java
deleted file mode 100644
index 64e1d71..0000000
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/SamlRedirectBindingFilter.java
+++ /dev/null
@@ -1,269 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.cxf.plugin;
-
-import java.net.URI;
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-
-import org.apache.cxf.fediz.core.FederationConstants;
-import org.apache.cxf.fediz.core.SAMLSSOConstants;
-import org.apache.cxf.fediz.core.config.FederationProtocol;
-import org.apache.cxf.fediz.core.config.FedizContext;
-import org.apache.cxf.fediz.core.config.SAMLProtocol;
-import org.apache.cxf.fediz.core.exception.ProcessingException;
-import org.apache.cxf.fediz.core.processor.FedizProcessor;
-import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
-import org.apache.cxf.fediz.core.processor.FedizRequest;
-import org.apache.cxf.fediz.core.processor.FedizResponse;
-import org.apache.cxf.fediz.core.processor.RedirectionResponse;
-import org.apache.cxf.fediz.core.samlsso.ResponseState;
-import org.apache.cxf.fediz.core.util.CookieUtils;
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.jaxrs.impl.UriInfoImpl;
-import org.apache.cxf.jaxrs.utils.ExceptionUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.message.Message;
-import org.apache.wss4j.common.util.DOM2Writer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
-    
-    private static final Logger LOG = LoggerFactory.getLogger(SamlRedirectBindingFilter.class);
-    
-    @Context 
-    private MessageContext messageContext;
-    
-    public void filter(ContainerRequestContext context) {
-        Message m = JAXRSUtils.getCurrentMessage();
-        
-        if (checkSecurityContext(m)) {
-            return;
-        } else {
-            try {
-                FedizContext fedConfig = getFedizContext(m);
-                if (isSignInRequired(context, fedConfig)) {
-                    // Unauthenticated -> redirect
-                    FedizProcessor processor = 
-                        FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-
-                    HttpServletRequest request = messageContext.getHttpServletRequest();
-                    RedirectionResponse redirectionResponse = 
-                        processor.createSignInRequest(request, fedConfig);
-                    String redirectURL = redirectionResponse.getRedirectionURL();
-                    if (redirectURL != null) {
-                        ResponseBuilder response = Response.seeOther(new URI(redirectURL));
-                        Map<String, String> headers = redirectionResponse.getHeaders();
-                        if (!headers.isEmpty()) {
-                            for (String headerName : headers.keySet()) {
-                                response.header(headerName, headers.get(headerName));
-                            }
-                        }
-
-                        context.abortWith(response.build());
-                    } else {
-                        LOG.warn("Failed to create SignInRequest.");
-                        throw ExceptionUtils.toInternalServerErrorException(null, null);
-                    }
-                } else if (isSignInRequest(context, fedConfig)) {
-                    String responseToken = getResponseToken(context, fedConfig);
-                    
-                    if (responseToken == null) {
-                        if (LOG.isDebugEnabled()) {
-                            LOG.debug("SignIn request must contain a response token from the IdP");
-                        }
-                        throw ExceptionUtils.toBadRequestException(null, null);
-                    } else {
-                        // processSignInRequest
-                        if (LOG.isDebugEnabled()) {
-                            LOG.debug("Process SignIn request");
-                            LOG.debug("token=\n" + responseToken);
-                        }
-
-                        FedizRequest wfReq = new FedizRequest();
-                        MultivaluedMap<String, String> params = context.getUriInfo().getQueryParameters();
-                        wfReq.setAction(params.getFirst(FederationConstants.PARAM_ACTION));
-                        wfReq.setResponseToken(responseToken);
-                        wfReq.setState(params.getFirst("RelayState"));
-                        HttpServletRequest request = messageContext.getHttpServletRequest();
-                        wfReq.setRequest(request);
-                        
-                        X509Certificate certs[] = 
-                            (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
-                        wfReq.setCerts(certs);
-
-                        FedizProcessor wfProc = 
-                            FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-                        FedizResponse wfRes = null;
-                        try {
-                            wfRes = wfProc.processRequest(wfReq, fedConfig);
-                        } catch (ProcessingException ex) {
-                            LOG.error("Federation processing failed: " + ex.getMessage());
-                            throw ExceptionUtils.toNotAuthorizedException(ex, null);
-                        }
-                        
-                        // Validate AudienceRestriction
-                        List<String> audienceURIs = fedConfig.getAudienceUris();
-                        validateAudienceRestrictions(wfRes, audienceURIs, request);
-
-                        // Set the security context
-                        String securityContextKey = UUID.randomUUID().toString();
-                           
-                        SAMLProtocol protocol = (SAMLProtocol)fedConfig.getProtocol();
-                        
-                        long currentTime = System.currentTimeMillis();
-                        Date notOnOrAfter = wfRes.getTokenExpires();
-                        long expiresAt = 0;
-                        if (notOnOrAfter != null) {
-                            expiresAt = notOnOrAfter.getTime();
-                        } else {
-                            expiresAt = currentTime + protocol.getStateTimeToLive();
-                        }
-                           
-                        String webAppDomain = protocol.getWebAppDomain();
-                        String token = DOM2Writer.nodeToString(wfRes.getToken());
-                        List<String> roles = wfRes.getRoles();
-                        if (roles == null || roles.size() == 0) {
-                            roles = Collections.singletonList("Authenticated");
-                        }
-                        
-                        String webAppContext = getWebAppContext(m);
-                        
-                        ResponseState responseState = 
-                            new ResponseState(token,
-                                              params.getFirst("RelayState"), 
-                                              webAppContext,
-                                              webAppDomain,
-                                              currentTime, 
-                                              expiresAt);
-                        responseState.setClaims(wfRes.getClaims());
-                        responseState.setRoles(roles);
-                        responseState.setIssuer(wfRes.getIssuer());
-                        responseState.setSubject(wfRes.getUsername());
-                        protocol.getStateManager().setResponseState(securityContextKey, responseState);
-                           
-                        long stateTimeToLive = protocol.getStateTimeToLive();
-                        String contextCookie = CookieUtils.createCookie(SECURITY_CONTEXT_TOKEN,
-                                                            securityContextKey,
-                                                            webAppContext,
-                                                            webAppDomain,
-                                                            stateTimeToLive);
-                        
-                        // Redirect with cookie set
-                        ResponseBuilder response = 
-                            Response.seeOther(new UriInfoImpl(m).getAbsolutePath());
-                        response.header("Set-Cookie", contextCookie);
-
-                        context.abortWith(response.build());
-                    }
-                    
-                } else {
-                    LOG.error("SignIn parameter is incorrect or not supported");
-                    throw ExceptionUtils.toBadRequestException(null, null);
-                }
-            } catch (Exception ex) {
-                LOG.debug(ex.getMessage(), ex);
-                throw ExceptionUtils.toInternalServerErrorException(ex, null);
-            }
-        }
-    }
-    
-    private boolean isSignInRequired(ContainerRequestContext context, FedizContext fedConfig) {
-        
-        MultivaluedMap<String, String> params = context.getUriInfo().getQueryParameters();
-        if (fedConfig.getProtocol() instanceof FederationProtocol
-            && params.getFirst(FederationConstants.PARAM_ACTION) == null) {
-            return true;
-        } else if (fedConfig.getProtocol() instanceof SAMLProtocol
-            && params.getFirst(SAMLSSOConstants.RELAY_STATE) == null) {
-            return true;
-        }
-        
-        return false;
-    }
-    
-    private boolean isSignInRequest(ContainerRequestContext context, FedizContext fedConfig) {
-        
-        MultivaluedMap<String, String> params = context.getUriInfo().getQueryParameters();
-        if (fedConfig.getProtocol() instanceof FederationProtocol
-            && FederationConstants.ACTION_SIGNIN.equals(
-                params.getFirst(FederationConstants.PARAM_ACTION))) {
-            return true;
-        } else if (fedConfig.getProtocol() instanceof SAMLProtocol
-            && params.getFirst(SAMLSSOConstants.RELAY_STATE) != null) {
-            return true;
-        }
-        
-        return false;
-    }
-    
-    private String getResponseToken(ContainerRequestContext context, FedizContext fedConfig) {
-        
-        MultivaluedMap<String, String> params = context.getUriInfo().getQueryParameters();
-        if (fedConfig.getProtocol() instanceof FederationProtocol) {
-            return params.getFirst(FederationConstants.PARAM_RESULT);
-        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
-            return params.getFirst(SAMLSSOConstants.SAML_RESPONSE);
-        }
-        
-        return null;
-    }
-    
-    private void validateAudienceRestrictions(
-        FedizResponse wfRes, 
-        List<String> audienceURIs,
-        HttpServletRequest request
-    ) {
-        // Validate the AudienceRestriction in Security Token (e.g. SAML) 
-        // against the configured list of audienceURIs
-        if (wfRes.getAudience() != null) {
-            boolean validAudience = false;
-            for (String a : audienceURIs) {
-                if (wfRes.getAudience().startsWith(a)) {
-                    validAudience = true;
-                    break;
-                }
-            }
-            
-            if (!validAudience) {
-                LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
-                         + "] doesn't match with specified list of URIs.");
-                throw ExceptionUtils.toForbiddenException(null, null);
-            }
-            
-            if (LOG.isDebugEnabled() && request.getRequestURL().indexOf(wfRes.getAudience()) == -1) {
-                LOG.debug("Token AudienceRestriction doesn't match with request URL ["
-                        + wfRes.getAudience() + "]  ["
-                        + request.getRequestURL() + "]");
-            }
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
new file mode 100644
index 0000000..5b886ba
--- /dev/null
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
@@ -0,0 +1,177 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.cxf.plugin.state;
+
+import java.io.IOException;
+import java.net.URL;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+import net.sf.ehcache.Element;
+import net.sf.ehcache.config.CacheConfiguration;
+
+import org.apache.cxf.fediz.core.RequestState;
+import org.apache.wss4j.common.cache.EHCacheManagerHolder;
+import org.apache.wss4j.common.util.Loader;
+
+/**
+ * An in-memory EHCache implementation of the SPStateManager interface. 
+ * The default TTL is 5 minutes.
+ */
+public class EHCacheSPStateManager implements SPStateManager {
+
+    public static final long DEFAULT_TTL = 60L * 5L;
+    public static final String REQUEST_CACHE_KEY = "cxf.fediz.samlp.request.state.cache";
+    public static final String RESPONSE_CACHE_KEY = "cxf.fediz.samlp.response.state.cache";
+    
+    private Ehcache requestCache;
+    private Ehcache responseCache;
+    private CacheManager cacheManager;
+    private long ttl = DEFAULT_TTL;
+    
+    public EHCacheSPStateManager(String configFile) {
+        this(getConfigFileURL(configFile));
+    }
+    
+    public EHCacheSPStateManager(URL configFileURL) {
+        this(EHCacheManagerHolder.getCacheManager("", configFileURL));
+    }
+    
+    public EHCacheSPStateManager(CacheManager cacheManager) {
+        this.cacheManager = cacheManager;
+        
+        CacheConfiguration requestCC = EHCacheManagerHolder.getCacheConfiguration(REQUEST_CACHE_KEY, cacheManager);
+
+        Ehcache newCache = new Cache(requestCC);
+        requestCache = cacheManager.addCacheIfAbsent(newCache);
+        
+        CacheConfiguration responseCC = EHCacheManagerHolder.getCacheConfiguration(RESPONSE_CACHE_KEY, cacheManager);
+        
+        newCache = new Cache(responseCC);
+        responseCache = cacheManager.addCacheIfAbsent(newCache);
+    }
+    
+    private static URL getConfigFileURL(Object o) {
+        if (o instanceof String) {
+            try {
+                URL url = Loader.getResource((String)o);
+                if (url == null) {
+                    url = new URL((String)o);
+                }
+                return url;
+            } catch (IOException e) {
+                // Do nothing
+            }
+        } else if (o instanceof URL) {
+            return (URL)o;        
+        }
+        return null;
+    }
+    
+    /**
+     * Set a new (default) TTL value in seconds
+     * @param newTtl a new (default) TTL value in seconds
+     */
+    public void setTTL(long newTtl) {
+        ttl = newTtl;
+    }
+    
+    /**
+     * Get the (default) TTL value in seconds
+     * @return the (default) TTL value in seconds
+     */
+    public long getTTL() {
+        return ttl;
+    }
+    
+    public void setRequestState(String relayState, RequestState state) {
+        if (relayState == null || "".equals(relayState)) {
+            return;
+        }
+        
+        int parsedTTL = (int)ttl;
+        if (ttl != (long)parsedTTL) {
+            // Fall back to 60 minutes if the default TTL is set incorrectly
+            parsedTTL = 3600;
+        }
+        
+        Element element = new Element(relayState, state);
+        element.setTimeToLive(parsedTTL);
+        element.setTimeToIdle(parsedTTL);
+        requestCache.put(element);
+    }
+
+    public RequestState removeRequestState(String relayState) {
+        Element element = requestCache.get(relayState);
+        if (element != null) {
+            requestCache.remove(relayState);
+            return (RequestState)element.getObjectValue();
+        }
+        return null;
+    }
+    
+    public ResponseState getResponseState(String securityContextKey) {
+        Element element = responseCache.get(securityContextKey);
+        if (element != null) {
+            if (responseCache.isExpired(element)) {
+                responseCache.remove(securityContextKey);
+                return null;
+            }
+            return (ResponseState)element.getObjectValue();
+        }
+        return null;
+    }
+
+    public ResponseState removeResponseState(String securityContextKey) {
+        Element element = responseCache.get(securityContextKey);
+        if (element != null) {
+            responseCache.remove(securityContextKey);
+            return (ResponseState)element.getObjectValue();
+        }
+        return null;
+    }
+
+    public void setResponseState(String securityContextKey, ResponseState state) {
+        if (securityContextKey == null || "".equals(securityContextKey)) {
+            return;
+        }
+        
+        int parsedTTL = (int)ttl;
+        if (ttl != (long)parsedTTL) {
+            // Fall back to 5 minutes if the default TTL is set incorrectly
+            parsedTTL = 60 * 5;
+        }
+        Element element = new Element(securityContextKey, state);
+        element.setTimeToLive(parsedTTL);
+        element.setTimeToIdle(parsedTTL);
+        
+        responseCache.put(element);
+    }
+    
+    public void close() throws IOException {
+        if (cacheManager != null) {
+            cacheManager.shutdown();
+            cacheManager = null;
+            requestCache = null;
+            responseCache = null;
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
new file mode 100644
index 0000000..22f1ced
--- /dev/null
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.cxf.plugin.state;
+
+import java.io.Serializable;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.cxf.fediz.core.Claim;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ResponseState implements Serializable {
+
+    private static final long serialVersionUID = -3247188797004342462L;
+    
+    private String assertion;
+    private String relayState;
+    private String webAppContext;
+    private String webAppDomain;
+    private long createdAt;
+    private long expiresAt;
+    private List<String> roles;
+    private String issuer;
+    private List<Claim> claims;
+    private String subject;
+    
+    public ResponseState() {
+        
+    }
+    
+    public ResponseState(String assertion,
+                         String relayState,
+                         String webAppContext,
+                         String webAppDomain,
+                         long createdAt, 
+                         long expiresAt) {
+        this.assertion = assertion;
+        this.relayState = relayState;
+        this.webAppContext = webAppContext;
+        this.webAppDomain = webAppDomain;
+        this.createdAt = createdAt;
+        this.expiresAt = expiresAt;
+    }
+
+    public long getCreatedAt() {
+        return createdAt;
+    }
+    
+    public long getExpiresAt() {
+        return expiresAt;
+    }
+
+    public String getRelayState() {
+        return relayState;
+    }
+    
+    public String getWebAppContext() {
+        return webAppContext;
+    }
+
+    public String getWebAppDomain() {
+        return webAppDomain;
+    }
+    
+    public String getAssertion() {
+        return assertion;
+    }
+
+    public List<String> getRoles() {
+        return roles;
+    }
+
+    public void setRoles(List<String> roles) {
+        this.roles = roles;
+    }
+
+    public List<Claim> getClaims() {
+        return claims;
+    }
+
+    public void setClaims(List<Claim> claims) {
+        this.claims = claims;
+    }
+
+    public String getIssuer() {
+        return issuer;
+    }
+
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+
+    public String getSubject() {
+        return subject;
+    }
+
+    public void setSubject(String subject) {
+        this.subject = subject;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e266cd52/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
new file mode 100644
index 0000000..5ed5a47
--- /dev/null
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.cxf.plugin.state;
+
+import java.io.Closeable;
+import java.io.IOException;
+
+import org.apache.cxf.fediz.core.RequestState;
+
+/**
+ * SSO Service Provider State Manager.
+ * 
+ * TODO: review the possibility of working with the Servlet HTTPSession
+ * instead; in that case it can be tricky to configure various containers 
+ * (Tomcat, Jetty) to make sure the cookies are shared across multiple 
+ * war contexts which will be needed if RequestAssertionConsumerService
+ * needs to be run in its own war file instead of having every application 
+ * war on the SP side have a dedicated RequestAssertionConsumerService endpoint   
+ */
+public interface SPStateManager extends Closeable {
+    
+    void setRequestState(String relayState, RequestState state);
+    RequestState removeRequestState(String relayState);
+    
+    void setResponseState(String contextKey, ResponseState state);
+    ResponseState getResponseState(String contextKey);
+    ResponseState removeResponseState(String contextKey);
+    
+    void close() throws IOException;
+}


Mime
View raw message