cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] git commit: Use session for caching various things for SAML SSO instead of a custom cache
Date Fri, 29 Aug 2014 10:42:29 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master e06a6a532 -> 1dbf270b6


Use session for caching various things for SAML SSO instead of a custom cache


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f06ced41
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f06ced41
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f06ced41

Branch: refs/heads/master
Commit: f06ced410445ca65a5e4a84ab0c553638625258d
Parents: e06a6a5
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Aug 29 11:39:25 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Aug 29 11:39:25 2014 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/fediz/core/RequestState.java |  88 ++++++++++
 .../cxf/fediz/core/config/FedizContext.java     |   4 -
 .../cxf/fediz/core/config/SAMLProtocol.java     |  29 ---
 .../cxf/fediz/core/processor/FedizRequest.java  |   9 +
 .../core/processor/RedirectionResponse.java     |  12 ++
 .../fediz/core/processor/SAMLProcessorImpl.java |  14 +-
 .../core/samlsso/EHCacheSPStateManager.java     | 176 -------------------
 .../cxf/fediz/core/samlsso/RequestState.java    |  88 ----------
 .../cxf/fediz/core/samlsso/ResponseState.java   | 120 -------------
 .../cxf/fediz/core/samlsso/SPStateManager.java  |  44 -----
 .../src/main/resources/schemas/FedizConfig.xsd  |   2 -
 .../cxf/fediz/core/samlsso/SAMLRequestTest.java |   8 +-
 .../samlsso/SAMLResponseConformanceTest.java    |  26 +--
 .../fediz/core/samlsso/SAMLResponseTest.java    |  90 +++-------
 14 files changed, 155 insertions(+), 555 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
new file mode 100644
index 0000000..efcbdb0
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.core;
+
+import java.io.Serializable;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RequestState implements Serializable {
+
+    private static final long serialVersionUID = 869323136115571943L;
+    
+    private String targetAddress;
+    private String idpServiceAddress;
+    private String samlRequestId;
+    private String issuerId;
+    private String webAppContext;
+    private String webAppDomain;
+    private long createdAt;
+ 
+    public RequestState() {
+        
+    }
+    
+    public RequestState(String targetAddress,
+                        String idpServiceAddress,
+                        String samlRequestId,
+                        String issuerId,
+                        String webAppContext,
+                        String webAppDomain,
+                        long createdAt) {
+        this.targetAddress = targetAddress;
+        this.idpServiceAddress = idpServiceAddress;
+        this.samlRequestId = samlRequestId;
+        this.issuerId = issuerId;
+        this.webAppContext = webAppContext;
+        this.webAppDomain = webAppDomain;
+        this.createdAt = createdAt;
+    }
+
+    public String getTargetAddress() {
+        return targetAddress;
+    }
+
+    public String getIdpServiceAddress() {
+        return idpServiceAddress;
+    }
+
+    public String getSamlRequestId() {
+        return samlRequestId;
+    }
+
+    public String getIssuerId() {
+        return issuerId;
+    }
+
+    public long getCreatedAt() {
+        return createdAt;
+    }
+
+    public String getWebAppContext() {
+        return webAppContext;
+    }
+
+    public String getWebAppDomain() {
+        return webAppDomain;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index 5212793..32fcdfe 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -272,10 +272,6 @@ public class FedizContext implements Closeable {
         if (replayCache != null) {
             replayCache.close();
         }
-        if (protocol instanceof SAMLProtocol
-            && ((SAMLProtocol)protocol).getStateManager() != null) {
-            ((SAMLProtocol)protocol).getStateManager().close();
-        }
     }
     
     private Properties createCryptoProperties(TrustManagersType tm) {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
index 5f1dcf1..377c71d 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
@@ -24,8 +24,6 @@ import org.apache.cxf.fediz.core.config.jaxb.SamlProtocolType;
 import org.apache.cxf.fediz.core.saml.SAMLTokenValidator;
 import org.apache.cxf.fediz.core.samlsso.AuthnRequestBuilder;
 import org.apache.cxf.fediz.core.samlsso.DefaultAuthnRequestBuilder;
-import org.apache.cxf.fediz.core.samlsso.EHCacheSPStateManager;
-import org.apache.cxf.fediz.core.samlsso.SPStateManager;
 import org.apache.wss4j.common.util.Loader;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -35,7 +33,6 @@ public class SAMLProtocol extends Protocol {
     private static final Logger LOG = LoggerFactory.getLogger(SAMLProtocol.class);
     
     private AuthnRequestBuilder authnRequestBuilder;
-    private SPStateManager stateManager;
     
     public SAMLProtocol(ProtocolType protocolType) {
         super(protocolType);
@@ -71,32 +68,6 @@ public class SAMLProtocol extends Protocol {
         getSAMLProtocol().setWebAppDomain(webAppDomain);
     }
     
-    public SPStateManager getStateManager() {
-        if (stateManager != null) {
-            return stateManager;
-        }
-        String stateManagerStr = getSAMLProtocol().getStateManager();
-        if (stateManagerStr == null || "".equals(stateManagerStr)) {
-            stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
-        } else {
-            try {
-                Class<?> stateManagerClass = Loader.loadClass(stateManagerStr);
-                stateManager = (SPStateManager) stateManagerClass.newInstance();
-            } catch (ClassNotFoundException e) {
-                stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
-            } catch (InstantiationException e) {
-                stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
-            } catch (IllegalAccessException e) {
-                stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
-            }
-        }
-        return stateManager;
-    }
-    
-    public void setStateManager(SPStateManager stateManager) {
-        this.stateManager = stateManager;
-    }
-
     public long getStateTimeToLive() {
         long ttl = getSAMLProtocol().getStateTimeToLive();
         if (ttl > 0) {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
index e413055..d86b840 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
@@ -24,6 +24,8 @@ import java.security.cert.Certificate;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.cxf.fediz.core.RequestState;
+
 public class FedizRequest implements Serializable {
 
     private static final long serialVersionUID = 1L;
@@ -34,6 +36,7 @@ public class FedizRequest implements Serializable {
     private String state;
     private Certificate[] certs;
     private HttpServletRequest request;
+    private RequestState requestState;
 
     public Certificate[] getCerts() {
         return certs;
@@ -71,6 +74,12 @@ public class FedizRequest implements Serializable {
     public void setRequest(HttpServletRequest request) {
         this.request = request;
     }
+    public RequestState getRequestState() {
+        return requestState;
+    }
+    public void setRequestState(RequestState requestState) {
+        this.requestState = requestState;
+    }
 
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
index 81d3787..c3358ee 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
@@ -23,6 +23,8 @@ import java.io.Serializable;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.cxf.fediz.core.RequestState;
+
 /**
  * Some parameters to redirect to a token issuer (either SignIn or SignOut)
  */
@@ -32,6 +34,7 @@ public class RedirectionResponse implements Serializable {
     
     private String redirectionURL;
     private Map<String, String> headers = new HashMap<String, String>();
+    private RequestState requestState;
     
     public String getRedirectionURL() {
         return redirectionURL;
@@ -48,4 +51,13 @@ public class RedirectionResponse implements Serializable {
     public void addHeader(String headerName, String headerValue) {
         headers.put(headerName, headerValue);
     }
+
+    public RequestState getRequestState() {
+        return requestState;
+    }
+
+    public void setRequestState(RequestState requestState) {
+        this.requestState = requestState;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 0272a10..0fe7ff4 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.TokenValidator;
 import org.apache.cxf.fediz.core.TokenValidatorRequest;
@@ -46,7 +47,6 @@ import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
 import org.apache.cxf.fediz.core.metadata.MetadataWriter;
 import org.apache.cxf.fediz.core.samlsso.AuthnRequestBuilder;
 import org.apache.cxf.fediz.core.samlsso.CompressionUtils;
-import org.apache.cxf.fediz.core.samlsso.RequestState;
 import org.apache.cxf.fediz.core.samlsso.SAMLProtocolResponseValidator;
 import org.apache.cxf.fediz.core.samlsso.SAMLSSOResponseValidator;
 import org.apache.cxf.fediz.core.samlsso.SSOValidatorResponse;
@@ -103,13 +103,13 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
         return new MetadataWriter().getMetaData(config);
     }
     
-    private RequestState processRelayState(String relayState, SAMLProtocol samlProtocol) 
-        throws ProcessingException {
+    private RequestState processRelayState(
+        String relayState, RequestState requestState, SAMLProtocol samlProtocol
+    ) throws ProcessingException {
         if (relayState.getBytes().length < 0 || relayState.getBytes().length > 80) {
             LOG.error("Invalid RelayState");
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
-        RequestState requestState = samlProtocol.getStateManager().removeRequestState(relayState);
         if (requestState == null) {
             LOG.error("Missing Request State");
             throw new ProcessingException(TYPE.INVALID_REQUEST);
@@ -126,7 +126,8 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             FedizRequest request, FedizContext config)
         throws ProcessingException {
         SAMLProtocol protocol = (SAMLProtocol)config.getProtocol();
-        RequestState requestState = processRelayState(request.getState(), protocol);
+        RequestState requestState = 
+            processRelayState(request.getState(), request.getRequestState(), protocol);
         
         InputStream tokenStream = null;
         try {
@@ -304,7 +305,6 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
             
             String webAppDomain = ((SAMLProtocol)config.getProtocol()).getWebAppDomain();
-            
             RequestState requestState = new RequestState(requestURL,
                                                          redirectURL,
                                                          authnRequest.getID(),
@@ -314,7 +314,6 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
                                                          System.currentTimeMillis());
             
             String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-            ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
             
             String urlEncodedRequest = 
                 URLEncoder.encode(authnRequestEncoded, "UTF-8");
@@ -338,6 +337,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             response.addHeader("Set-Cookie", contextCookie);
             response.addHeader("Cache-Control", "no-cache, no-store");
             response.addHeader("Pragma", "no-cache");
+            response.setRequestState(requestState);
             
             redirectURL = redirectURL + "?" + sb.toString();
             response.setRedirectionURL(redirectURL);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
deleted file mode 100644
index d6d9c5b..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.core.samlsso;
-
-import java.io.IOException;
-import java.net.URL;
-
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Ehcache;
-import net.sf.ehcache.Element;
-import net.sf.ehcache.config.CacheConfiguration;
-
-import org.apache.wss4j.common.cache.EHCacheManagerHolder;
-import org.apache.wss4j.common.util.Loader;
-
-/**
- * An in-memory EHCache implementation of the SPStateManager interface. 
- * The default TTL is 5 minutes.
- */
-public class EHCacheSPStateManager implements SPStateManager {
-
-    public static final long DEFAULT_TTL = 60L * 5L;
-    public static final String REQUEST_CACHE_KEY = "cxf.fediz.samlp.request.state.cache";
-    public static final String RESPONSE_CACHE_KEY = "cxf.fediz.samlp.response.state.cache";
-    
-    private Ehcache requestCache;
-    private Ehcache responseCache;
-    private CacheManager cacheManager;
-    private long ttl = DEFAULT_TTL;
-    
-    public EHCacheSPStateManager(String configFile) {
-        this(getConfigFileURL(configFile));
-    }
-    
-    public EHCacheSPStateManager(URL configFileURL) {
-        this(EHCacheManagerHolder.getCacheManager("", configFileURL));
-    }
-    
-    public EHCacheSPStateManager(CacheManager cacheManager) {
-        this.cacheManager = cacheManager;
-        
-        CacheConfiguration requestCC = EHCacheManagerHolder.getCacheConfiguration(REQUEST_CACHE_KEY, cacheManager);
-
-        Ehcache newCache = new Cache(requestCC);
-        requestCache = cacheManager.addCacheIfAbsent(newCache);
-        
-        CacheConfiguration responseCC = EHCacheManagerHolder.getCacheConfiguration(RESPONSE_CACHE_KEY, cacheManager);
-        
-        newCache = new Cache(responseCC);
-        responseCache = cacheManager.addCacheIfAbsent(newCache);
-    }
-    
-    private static URL getConfigFileURL(Object o) {
-        if (o instanceof String) {
-            try {
-                URL url = Loader.getResource((String)o);
-                if (url == null) {
-                    url = new URL((String)o);
-                }
-                return url;
-            } catch (IOException e) {
-                // Do nothing
-            }
-        } else if (o instanceof URL) {
-            return (URL)o;        
-        }
-        return null;
-    }
-    
-    /**
-     * Set a new (default) TTL value in seconds
-     * @param newTtl a new (default) TTL value in seconds
-     */
-    public void setTTL(long newTtl) {
-        ttl = newTtl;
-    }
-    
-    /**
-     * Get the (default) TTL value in seconds
-     * @return the (default) TTL value in seconds
-     */
-    public long getTTL() {
-        return ttl;
-    }
-    
-    public void setRequestState(String relayState, RequestState state) {
-        if (relayState == null || "".equals(relayState)) {
-            return;
-        }
-        
-        int parsedTTL = (int)ttl;
-        if (ttl != (long)parsedTTL) {
-            // Fall back to 60 minutes if the default TTL is set incorrectly
-            parsedTTL = 3600;
-        }
-        
-        Element element = new Element(relayState, state);
-        element.setTimeToLive(parsedTTL);
-        element.setTimeToIdle(parsedTTL);
-        requestCache.put(element);
-    }
-
-    public RequestState removeRequestState(String relayState) {
-        Element element = requestCache.get(relayState);
-        if (element != null) {
-            requestCache.remove(relayState);
-            return (RequestState)element.getObjectValue();
-        }
-        return null;
-    }
-    
-    public ResponseState getResponseState(String securityContextKey) {
-        Element element = responseCache.get(securityContextKey);
-        if (element != null) {
-            if (responseCache.isExpired(element)) {
-                responseCache.remove(securityContextKey);
-                return null;
-            }
-            return (ResponseState)element.getObjectValue();
-        }
-        return null;
-    }
-
-    public ResponseState removeResponseState(String securityContextKey) {
-        Element element = responseCache.get(securityContextKey);
-        if (element != null) {
-            responseCache.remove(securityContextKey);
-            return (ResponseState)element.getObjectValue();
-        }
-        return null;
-    }
-
-    public void setResponseState(String securityContextKey, ResponseState state) {
-        if (securityContextKey == null || "".equals(securityContextKey)) {
-            return;
-        }
-        
-        int parsedTTL = (int)ttl;
-        if (ttl != (long)parsedTTL) {
-            // Fall back to 5 minutes if the default TTL is set incorrectly
-            parsedTTL = 60 * 5;
-        }
-        Element element = new Element(securityContextKey, state);
-        element.setTimeToLive(parsedTTL);
-        element.setTimeToIdle(parsedTTL);
-        
-        responseCache.put(element);
-    }
-    
-    public void close() throws IOException {
-        if (cacheManager != null) {
-            cacheManager.shutdown();
-            cacheManager = null;
-            requestCache = null;
-            responseCache = null;
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/RequestState.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/RequestState.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/RequestState.java
deleted file mode 100644
index 9b0ec22..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/RequestState.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.core.samlsso;
-
-import java.io.Serializable;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-
-@XmlRootElement
-@XmlAccessorType(XmlAccessType.FIELD)
-public class RequestState implements Serializable {
-
-    private static final long serialVersionUID = 869323136115571943L;
-    
-    private String targetAddress;
-    private String idpServiceAddress;
-    private String samlRequestId;
-    private String issuerId;
-    private String webAppContext;
-    private String webAppDomain;
-    private long createdAt;
- 
-    public RequestState() {
-        
-    }
-    
-    public RequestState(String targetAddress,
-                        String idpServiceAddress,
-                        String samlRequestId,
-                        String issuerId,
-                        String webAppContext,
-                        String webAppDomain,
-                        long createdAt) {
-        this.targetAddress = targetAddress;
-        this.idpServiceAddress = idpServiceAddress;
-        this.samlRequestId = samlRequestId;
-        this.issuerId = issuerId;
-        this.webAppContext = webAppContext;
-        this.webAppDomain = webAppDomain;
-        this.createdAt = createdAt;
-    }
-
-    public String getTargetAddress() {
-        return targetAddress;
-    }
-
-    public String getIdpServiceAddress() {
-        return idpServiceAddress;
-    }
-
-    public String getSamlRequestId() {
-        return samlRequestId;
-    }
-
-    public String getIssuerId() {
-        return issuerId;
-    }
-
-    public long getCreatedAt() {
-        return createdAt;
-    }
-
-    public String getWebAppContext() {
-        return webAppContext;
-    }
-
-    public String getWebAppDomain() {
-        return webAppDomain;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
deleted file mode 100644
index a959f4c..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.core.samlsso;
-
-import java.io.Serializable;
-import java.util.List;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-
-import org.apache.cxf.fediz.core.Claim;
-
-@XmlRootElement
-@XmlAccessorType(XmlAccessType.FIELD)
-public class ResponseState implements Serializable {
-
-    private static final long serialVersionUID = -3247188797004342462L;
-    
-    private String assertion;
-    private String relayState;
-    private String webAppContext;
-    private String webAppDomain;
-    private long createdAt;
-    private long expiresAt;
-    private List<String> roles;
-    private String issuer;
-    private List<Claim> claims;
-    private String subject;
-    
-    public ResponseState() {
-        
-    }
-    
-    public ResponseState(String assertion,
-                         String relayState,
-                         String webAppContext,
-                         String webAppDomain,
-                         long createdAt, 
-                         long expiresAt) {
-        this.assertion = assertion;
-        this.relayState = relayState;
-        this.webAppContext = webAppContext;
-        this.webAppDomain = webAppDomain;
-        this.createdAt = createdAt;
-        this.expiresAt = expiresAt;
-    }
-
-    public long getCreatedAt() {
-        return createdAt;
-    }
-    
-    public long getExpiresAt() {
-        return expiresAt;
-    }
-
-    public String getRelayState() {
-        return relayState;
-    }
-    
-    public String getWebAppContext() {
-        return webAppContext;
-    }
-
-    public String getWebAppDomain() {
-        return webAppDomain;
-    }
-    
-    public String getAssertion() {
-        return assertion;
-    }
-
-    public List<String> getRoles() {
-        return roles;
-    }
-
-    public void setRoles(List<String> roles) {
-        this.roles = roles;
-    }
-
-    public List<Claim> getClaims() {
-        return claims;
-    }
-
-    public void setClaims(List<Claim> claims) {
-        this.claims = claims;
-    }
-
-    public String getIssuer() {
-        return issuer;
-    }
-
-    public void setIssuer(String issuer) {
-        this.issuer = issuer;
-    }
-
-    public String getSubject() {
-        return subject;
-    }
-
-    public void setSubject(String subject) {
-        this.subject = subject;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
deleted file mode 100644
index d55dce0..0000000
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.core.samlsso;
-
-import java.io.Closeable;
-import java.io.IOException;
-
-/**
- * SSO Service Provider State Manager.
- * 
- * TODO: review the possibility of working with the Servlet HTTPSession
- * instead; in that case it can be tricky to configure various containers 
- * (Tomcat, Jetty) to make sure the cookies are shared across multiple 
- * war contexts which will be needed if RequestAssertionConsumerService
- * needs to be run in its own war file instead of having every application 
- * war on the SP side have a dedicated RequestAssertionConsumerService endpoint   
- */
-public interface SPStateManager extends Closeable {
-    
-    void setRequestState(String relayState, RequestState state);
-    RequestState removeRequestState(String relayState);
-    
-    void setResponseState(String contextKey, ResponseState state);
-    ResponseState getResponseState(String contextKey);
-    ResponseState removeResponseState(String contextKey);
-    
-    void close() throws IOException;
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/main/resources/schemas/FedizConfig.xsd
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index dee904e..367fbab 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -113,7 +113,6 @@
 					<xs:element ref="stateTimeToLive" />
 					<xs:element ref="webAppDomain" />
 					<xs:element ref="authnRequestBuilder"/>
-					<xs:element ref="stateManager"/>
 				</xs:sequence>
 				<xs:attribute name="version" use="required" type="xs:string" />
 			</xs:extension>
@@ -130,7 +129,6 @@
 	<xs:element name="stateTimeToLive" type="xs:long" default="120000" />
 	<xs:element name="webAppDomain" type="xs:string" />
 	<xs:element name="authnRequestBuilder" type="xs:string" />
-	<xs:element name="stateManager" type="xs:string" />
 	
 	<xs:complexType name="protocolType" abstract="true">
 	    <xs:sequence>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
index cfbc8d2..1f93343 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
@@ -32,9 +32,9 @@ import javax.xml.parsers.DocumentBuilderFactory;
 import org.w3c.dom.Document;
 
 import org.apache.cxf.fediz.common.SecurityTestUtil;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
-import org.apache.cxf.fediz.core.config.SAMLProtocol;
 import org.apache.cxf.fediz.core.processor.FedizProcessor;
 import org.apache.cxf.fediz.core.processor.RedirectionResponse;
 import org.apache.cxf.fediz.core.processor.SAMLProcessorImpl;
@@ -141,11 +141,9 @@ public class SAMLRequestTest {
         String redirectionURL = response.getRedirectionURL();
         String relayState = 
             redirectionURL.substring(redirectionURL.indexOf("RelayState=") + "RelayState=".length());
+        Assert.assertNotNull(relayState);
         
-        // Now retrieve the RequestState corresponding to the RelayState
-        RequestState requestState = 
-            ((SAMLProtocol)config.getProtocol()).getStateManager().removeRequestState(relayState);
-        Assert.assertNotNull(requestState);
+        RequestState requestState = response.getRequestState();
         
         Assert.assertEquals(TEST_IDP_ISSUER, requestState.getIdpServiceAddress());
         Assert.assertEquals(TEST_REQUEST_URL, requestState.getIssuerId());

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
index f1028c3..a126129 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
@@ -37,10 +37,10 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.apache.cxf.fediz.common.SecurityTestUtil;
 import org.apache.cxf.fediz.core.KeystoreCallbackHandler;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.SAML2CallbackHandler;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
-import org.apache.cxf.fediz.core.config.SAMLProtocol;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
 import org.apache.cxf.fediz.core.processor.FedizProcessor;
@@ -148,7 +148,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -194,6 +193,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -222,7 +222,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -268,6 +267,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -296,7 +296,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -334,6 +333,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -362,7 +362,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -398,6 +397,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -426,7 +426,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -465,6 +464,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -493,7 +493,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -532,6 +531,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -560,7 +560,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -599,6 +598,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -627,7 +627,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -666,6 +665,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -694,7 +694,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -733,6 +732,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -761,7 +761,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -801,6 +800,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -829,7 +829,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -867,6 +866,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -895,7 +895,6 @@ public class SAMLResponseConformanceTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -962,6 +961,7 @@ public class SAMLResponseConformanceTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f06ced41/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
index e51b120..68bcf87 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
@@ -46,13 +46,13 @@ import org.apache.cxf.fediz.core.Claim;
 import org.apache.cxf.fediz.core.ClaimTypes;
 import org.apache.cxf.fediz.core.FedizConstants;
 import org.apache.cxf.fediz.core.KeystoreCallbackHandler;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.SAML1CallbackHandler;
 import org.apache.cxf.fediz.core.SAML2CallbackHandler;
 import org.apache.cxf.fediz.core.TokenValidator;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
 import org.apache.cxf.fediz.core.config.Protocol;
-import org.apache.cxf.fediz.core.config.SAMLProtocol;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
 import org.apache.cxf.fediz.core.processor.FedizProcessor;
@@ -163,7 +163,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         String responseStr = createSamlResponseStr(requestId);
@@ -177,6 +176,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -209,7 +209,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         Document doc = STSUtil.toSOAPPart(SAMLSSOTestUtils.SAMPLE_EMPTY_SAML_RESPONSE);
         
@@ -222,6 +221,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(DOM2Writer.nodeToString(doc));
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -249,9 +249,6 @@ public class SAMLResponseTest {
                                                      null,
                                                      System.currentTimeMillis());
         
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
-        
         // Create SAML Response
         String responseStr = createSamlResponseStr(requestId);
         
@@ -263,6 +260,7 @@ public class SAMLResponseTest {
         FedizRequest wfReq = new FedizRequest();
         wfReq.setResponseToken(responseStr);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -275,48 +273,6 @@ public class SAMLResponseTest {
         }
     }
     
-    @org.junit.Test
-    public void testNonMatchingRelayState() throws Exception {
-        // Mock up a Request
-        FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-        
-        String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
-        RequestState requestState = new RequestState(TEST_REQUEST_URL,
-                                                     TEST_IDP_ISSUER,
-                                                     requestId,
-                                                     TEST_REQUEST_URL,
-                                                     (String)config.getProtocol().getIssuer(),
-                                                     null,
-                                                     System.currentTimeMillis());
-        
-        String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
-        
-        // Create SAML Response
-        String responseStr = createSamlResponseStr(requestId);
-        
-        HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
-        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
-        EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
-        EasyMock.replay(req);
-        
-        FedizRequest wfReq = new FedizRequest();
-        wfReq.setResponseToken(responseStr);
-        wfReq.setState("XYZ=");
-        wfReq.setRequest(req);
-        
-        FedizProcessor wfProc = new SAMLProcessorImpl();
-        try {
-            wfProc.processRequest(wfReq, config);
-            fail("Failure expected on non matching relay state in response");
-        } catch (ProcessingException ex) {
-            if (!TYPE.INVALID_REQUEST.equals(ex.getType())) {
-                fail("Expected ProcessingException with BAD_REQUEST type");
-            }
-        }
-    }
-    
     /**
      * Validate SAML 1 token (this is not allowed / supported)
      */
@@ -336,7 +292,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
@@ -357,6 +312,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -388,7 +344,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -410,6 +365,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -442,7 +398,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -464,6 +419,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -497,7 +453,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -519,6 +474,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -551,7 +507,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -573,6 +528,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -607,7 +563,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -628,6 +583,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -662,7 +618,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -701,6 +656,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -733,7 +689,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -747,14 +702,15 @@ public class SAMLResponseTest {
         String responseStr = createSamlResponseStr(callbackHandler, requestId);
 
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
-        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
-        EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
+        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(2);
+        EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS).times(2);
         EasyMock.replay(req);
 
         FedizRequest wfReq = new FedizRequest();
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -768,7 +724,7 @@ public class SAMLResponseTest {
             wfProc.processRequest(wfReq, config);
             fail("Failure expected on a replay attack");
         } catch (ProcessingException ex) {
-            if (!TYPE.INVALID_REQUEST.equals(ex.getType())) {
+            if (!TYPE.TOKEN_REPLAY.equals(ex.getType())) {
                 fail("Expected ProcessingException with INVALID_REQUEST type");
             }
         }
@@ -795,7 +751,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -816,6 +771,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -848,7 +804,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -869,6 +824,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -899,7 +855,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -944,6 +899,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -977,7 +933,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1022,6 +977,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -1058,7 +1014,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1079,6 +1034,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -1108,7 +1064,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
 
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
 
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1129,6 +1084,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
@@ -1157,7 +1113,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1233,6 +1188,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
@@ -1259,7 +1215,6 @@ public class SAMLResponseTest {
                                                      System.currentTimeMillis());
         
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        ((SAMLProtocol)config.getProtocol()).getStateManager().setRequestState(relayState, requestState);
         
         // Create SAML Response
         String responseStr = createSamlResponseStr(requestId);
@@ -1273,6 +1228,7 @@ public class SAMLResponseTest {
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
+        wfReq.setRequestState(requestState);
         
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {


Mime
View raw message