cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject [01/12] cxf-fediz git commit: Plugin refactoring: Moving common code to core RequestHandler.
Date Fri, 20 Mar 2015 12:11:26 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 76f00d5e3 -> fe8f240fd


Plugin refactoring: Moving common code to core RequestHandler.


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/0f6a65de
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/0f6a65de
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/0f6a65de

Branch: refs/heads/master
Commit: 0f6a65debd2143339bdbea572b35ba94b2d8c368
Parents: 76f00d5
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Mon Mar 2 17:27:06 2015 +0100
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Thu Mar 19 17:26:07 2015 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/handler/LogoutHandler.java   | 168 +++++++++++++++++++
 .../cxf/fediz/core/handler/RequestHandler.java  |  40 +++++
 .../cxf/fediz/core/handler/SigninHandler.java   | 103 ++++++++++++
 .../core/metadata/MetadataDocumentHandler.java  |  91 ++++++++++
 .../core/processor/FederationProcessorImpl.java |   6 +-
 .../core/federation/FederationRequestTest.java  |   1 +
 .../fediz/tomcat/FederationAuthenticator.java   | 158 +++--------------
 systests/tomcat7/pom.xml                        |   4 +-
 8 files changed, 430 insertions(+), 141 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0f6a65de/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
new file mode 100644
index 0000000..d58de21
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
@@ -0,0 +1,168 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.core.handler;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
+import org.apache.cxf.fediz.core.processor.RedirectionResponse;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LogoutHandler implements RequestHandler {
+
+    private static final Logger LOG = LoggerFactory.getLogger(LogoutHandler.class);
+    protected final FedizContext fedizConfig;
+    private final String servletContextPath;
+    private Element token;
+
+    public LogoutHandler(FedizContext fedConfig) {
+        this(fedConfig, "/");
+    }
+
+    public LogoutHandler(FedizContext fedConfig, String servletContextPath) {
+        this.fedizConfig = fedConfig;
+        this.servletContextPath = servletContextPath;
+    }
+
+    @Override
+    public boolean canHandleRequest(HttpServletRequest request) {
+        String wa = request.getParameter(FederationConstants.PARAM_ACTION);
+        if (FederationConstants.ACTION_SIGNOUT.equals(wa) || FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(wa))
{
+            // Default WS-Federation logout action
+            return true;
+        }
+        //Check for custom logout URL
+        String logoutUrl = fedizConfig.getLogoutURL();
+        return logoutUrl != null && !logoutUrl.isEmpty() 
+            && servletContextPath != null && request.getRequestURI().equals(servletContextPath
+ logoutUrl);
+    }
+
+    @Override
+    public boolean handleRequest(HttpServletRequest request, HttpServletResponse response)
{
+        String wa = request.getParameter(FederationConstants.PARAM_ACTION);
+        if (FederationConstants.ACTION_SIGNOUT.equals(wa)) {
+            return signout(request, response);
+        } else if (FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(wa)) {
+            return signoutCleanup(request, response);
+        } else {
+            return customLogout(request, response);
+        }
+    }
+    
+    protected boolean customLogout(HttpServletRequest request, HttpServletResponse response)
{
+        LOG.info("Custom Logout URL was invoked.");
+        return signout(request, response);
+    }
+
+    protected boolean signoutCleanup(HttpServletRequest request, HttpServletResponse response)
{
+        LOG.info("SignOutCleanup request found. Terminating user session.");
+        request.getSession().invalidate();
+        String wreply = request.getParameter(FederationConstants.PARAM_REPLY);
+        if (wreply != null && !wreply.isEmpty()) {
+            try {
+                LOG.debug("Redirecting user after logout to: {}", wreply);
+                response.sendRedirect(wreply);
+            } catch (IOException e) {
+                LOG.error("Error redirecting user after logout: {}", e.getMessage());
+            }
+        } else {
+            LOG.debug("No wreply parameter was set in logout action. Returning logout image");
+            writeLogoutImage(response);
+        }
+        return true;
+    }
+
+    public void setToken(Element token) {
+        this.token = token;
+    }
+
+    protected boolean signout(HttpServletRequest request, HttpServletResponse response) {
+        LOG.debug("SignOut request found. Redirecting to IDP...");
+        //TODO make direct cleanup (session termination) optional via configuration
+        try {
+            SamlAssertionWrapper assertionToken = null;
+            if (token != null) {
+                assertionToken = new SamlAssertionWrapper(token);
+            }
+            FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedizConfig.getProtocol());
+            RedirectionResponse redirectionResponse = wfProc.createSignOutRequest(request,
assertionToken, fedizConfig);
+            String redirectURL = redirectionResponse.getRedirectionURL();
+            if (redirectURL != null) {
+                Map<String, String> headers = redirectionResponse.getHeaders();
+                if (!headers.isEmpty()) {
+                    for (String headerName : headers.keySet()) {
+                        response.addHeader(headerName, headers.get(headerName));
+                    }
+                }
+                response.sendRedirect(redirectURL);
+                return true;
+            } else {
+                LOG.warn("Failed to create SignOutRequest.");
+            }
+        } catch (Exception ex) {
+            LOG.warn("Failed to create SignOutRequest: " + ex.getMessage());
+            try {
+                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed
to create SignOutRequest.");
+            } catch (IOException e) {
+                LOG.error("Failed to send error response: {}", e.getMessage());
+            }
+        }
+        return false;
+    }
+
+    protected void writeLogoutImage(HttpServletResponse response) {
+        InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("logout.jpg");
+        if (inputStream == null) {
+            LOG.warn("Could not write logout.jpg");
+            return;
+        }
+        int read = 0;
+        byte[] buf = new byte[1024];
+        try {
+            response.setContentType("image/jpeg");
+            ServletOutputStream responseOutputStream = response.getOutputStream();
+            while ((read = inputStream.read(buf)) != -1) {
+                responseOutputStream.write(buf, 0, read);
+            }
+            responseOutputStream.flush();
+        } catch (IOException e) {
+            LOG.error("Could  not send logout image: {}", e.getMessage());
+        } finally {
+            try {
+                inputStream.close();
+            } catch (IOException e) {
+                // ignore
+            }
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0f6a65de/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/RequestHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/RequestHandler.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/RequestHandler.java
new file mode 100644
index 0000000..cc15e59
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/RequestHandler.java
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.core.handler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public interface RequestHandler {
+
+    /**
+     * @param request Check if handler can handle this given request
+     * @return Returns true if handler can handle provided request, otherwise handler returns
false.
+     */
+    boolean canHandleRequest(HttpServletRequest request);
+
+    /**
+     * After ensuring that this Handler can handle the given request this method will do
the actual handling.
+     *
+     * @param request Request to be handled.
+     * @param response Response to be populated.
+     * @return Returns true if request handling was successful.
+     */
+    boolean handleRequest(HttpServletRequest request, HttpServletResponse response);
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0f6a65de/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
new file mode 100644
index 0000000..e4cd349
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.core.handler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
+import org.apache.cxf.fediz.core.config.FederationProtocol;
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.config.SAMLProtocol;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.processor.FederationProcessorImpl;
+import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizRequest;
+import org.apache.cxf.fediz.core.processor.FedizResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public abstract class SigninHandler implements RequestHandler {
+
+    private static final Logger LOG = LoggerFactory.getLogger(SigninHandler.class);
+    protected final FedizContext fedizConfig;
+
+    public SigninHandler(FedizContext fedConfig) {
+        this.fedizConfig = fedConfig;
+    }
+
+    @Override
+    public boolean canHandleRequest(HttpServletRequest request) {
+        return FederationConstants.ACTION_SIGNIN.equals(request.getParameter(FederationConstants.PARAM_ACTION));
+    }
+
+    @Override
+    public boolean handleRequest(HttpServletRequest request, HttpServletResponse response)
{
+        if (request.getMethod().equals("POST")) {
+            LOG.debug("Sign-In-Response received");
+            String wresult = request.getParameter(FederationConstants.PARAM_RESULT);
+            String wctx = request.getParameter(FederationConstants.PARAM_CONTEXT);
+            if (wresult != null && wctx != null) {
+                LOG.debug("Validating RSTR...");
+                // process and validate the token
+                try {
+                    processSigninRequest(request, response);
+                    LOG.info("RSTR validated successfully");
+                    resumeRequest();
+                    return true;
+                } catch (ProcessingException e) {
+                    LOG.error("RSTR validated failed.");
+                }
+            } else {
+                throw new RuntimeException("Missing required parameter [wctx or wresult]");
+            }
+        } else {
+            throw new RuntimeException("Incorrect method GET for Sign-In-Response");
+        }
+        return false;
+    }
+
+    public abstract void resumeRequest();
+    
+    public FedizResponse processSigninRequest(HttpServletRequest req, HttpServletResponse
resp)
+        throws ProcessingException {
+        FedizRequest federationRequest = new FedizRequest();
+
+        String wa = req.getParameter(FederationConstants.PARAM_ACTION);
+        String responseToken = getResponseToken(req, fedizConfig);
+
+        federationRequest.setAction(wa);
+        federationRequest.setResponseToken(responseToken);
+        federationRequest.setState(req.getParameter("RelayState"));
+        federationRequest.setRequest(req);
+
+        FedizProcessor processor = new FederationProcessorImpl();
+        return processor.processRequest(federationRequest, fedizConfig);
+    }
+
+    public String getResponseToken(HttpServletRequest request, FedizContext fedConfig) {
+        if (fedConfig.getProtocol() instanceof FederationProtocol) {
+            return request.getParameter(FederationConstants.PARAM_RESULT);
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
+            return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
+        }
+        return null;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0f6a65de/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataDocumentHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataDocumentHandler.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataDocumentHandler.java
new file mode 100644
index 0000000..364bb22
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataDocumentHandler.java
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.core.metadata;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
+import org.apache.cxf.fediz.core.config.FederationProtocol;
+import org.apache.cxf.fediz.core.config.FedizContext;
+import org.apache.cxf.fediz.core.config.SAMLProtocol;
+import org.apache.cxf.fediz.core.handler.RequestHandler;
+import org.apache.cxf.fediz.core.processor.FedizProcessor;
+import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
+import org.apache.wss4j.common.util.DOM2Writer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MetadataDocumentHandler implements RequestHandler {
+
+    private static final Logger LOG = LoggerFactory.getLogger(MetadataDocumentHandler.class);
+    protected final FedizContext fedizConfig;
+
+    public MetadataDocumentHandler(FedizContext fedConfig) {
+        this.fedizConfig = fedConfig;
+    }
+
+    public static String getMetadataURI(FedizContext fedConfig) {
+        if (fedConfig.getProtocol().getMetadataURI() != null) {
+            return fedConfig.getProtocol().getMetadataURI();
+        } else if (fedConfig.getProtocol() instanceof FederationProtocol) {
+            return FederationConstants.METADATA_PATH_URI;
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
+            return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
+        }
+        return FederationConstants.METADATA_PATH_URI;
+    }
+
+    @Override
+    public boolean canHandleRequest(HttpServletRequest request) {
+        return request.getRequestURL().indexOf(MetadataDocumentHandler.getMetadataURI(fedizConfig))
!= -1;
+    }
+
+    @Override
+    public boolean handleRequest(HttpServletRequest request, HttpServletResponse response)
{
+        LOG.debug("Metadata document requested");
+        FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedizConfig.getProtocol());
+        PrintWriter out = null;
+        try {
+            out = response.getWriter();
+            Document metadata = wfProc.getMetaData(request, fedizConfig);
+            out.write(DOM2Writer.nodeToString(metadata));
+            response.setContentType("text/xml");
+            return true;
+        } catch (Exception ex) {
+            LOG.error("Failed to get metadata document: {}", ex.getMessage());
+            try {
+                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            } catch (IOException e) {
+                LOG.error("Failed to send error response: {}", e.getMessage());
+            }
+            return false;
+        } finally {
+            if (out != null) {
+                out.close();
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0f6a65de/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 40c3a93..c98486c 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -495,7 +495,10 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
             StringBuilder sb = new StringBuilder();
             sb.append(FederationConstants.PARAM_ACTION).append('=').append(FederationConstants.ACTION_SIGNOUT);
 
-            String logoutRedirectTo = config.getLogoutRedirectTo();
+            String logoutRedirectTo = request.getParameter(FederationConstants.PARAM_REPLY);
+            if (logoutRedirectTo != null && !logoutRedirectTo.isEmpty()) {
+                logoutRedirectTo = config.getLogoutRedirectTo();
+            }
             if (logoutRedirectTo != null && !logoutRedirectTo.isEmpty()) {
 
                 if (logoutRedirectTo.startsWith("/")) {
@@ -505,7 +508,6 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
                 }
 
                 LOG.debug("wreply=" + logoutRedirectTo);
-
                 sb.append('&').append(FederationConstants.PARAM_REPLY).append('=');
                 sb.append(URLEncoder.encode(logoutRedirectTo, "UTF-8"));
             }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0f6a65de/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java
index 51596a7..ebcd3a6 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java
@@ -145,6 +145,7 @@ public class FederationRequestTest {
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
         
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
+        EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(null);
         EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1,
2);
         EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
         EasyMock.replay(req);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0f6a65de/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
index 4e7bae9..a365235 100644
--- a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
+++ b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
@@ -21,8 +21,6 @@ package org.apache.cxf.fediz.tomcat;
 
 import java.io.File;
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.PrintWriter;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
@@ -31,14 +29,12 @@ import java.util.List;
 import java.util.Map;
 
 import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
 import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 import javax.xml.bind.JAXBException;
 
-import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.Session;
 import org.apache.catalina.authenticator.Constants;
@@ -55,6 +51,9 @@ import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
 import org.apache.cxf.fediz.core.config.SAMLProtocol;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.handler.LogoutHandler;
+import org.apache.cxf.fediz.core.handler.RequestHandler;
+import org.apache.cxf.fediz.core.metadata.MetadataDocumentHandler;
 import org.apache.cxf.fediz.core.processor.FedizProcessor;
 import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
 import org.apache.cxf.fediz.core.processor.FedizRequest;
@@ -62,9 +61,6 @@ import org.apache.cxf.fediz.core.processor.FedizResponse;
 import org.apache.cxf.fediz.core.processor.RedirectionResponse;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.util.DOM2Writer;
 
 
 public class FederationAuthenticator extends FormAuthenticator {
@@ -192,72 +188,34 @@ public class FederationAuthenticator extends FormAuthenticator {
             contextName = "/";
         }
         FedizContext fedConfig = getContextConfiguration(contextName);
-        
-        if (request.getRequestURL().indexOf(FederationConstants.METADATA_PATH_URI) != -1
-            || request.getRequestURL().indexOf(getMetadataURI(fedConfig)) != -1) {
-            if (LOG.isInfoEnabled()) {
-                LOG.info("Metadata document requested");
-            }
-            response.setContentType("text/xml");
-            PrintWriter out = response.getWriter();
-            
-            FedizProcessor wfProc = 
-                FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-            try {
-                Document metadata = wfProc.getMetaData(request, fedConfig);
-                out.write(DOM2Writer.nodeToString(metadata));
-                return;
-            } catch (Exception ex) {
-                LOG.error("Failed to get metadata document: " + ex.getMessage());
-                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-                return;
-            }            
+        RequestHandler mdHandler = new MetadataDocumentHandler(fedConfig);
+        if (mdHandler.canHandleRequest(request)) {
+            mdHandler.handleRequest(request, response);
+            return;
         }
 
-        String wa = request.getParameter(FederationConstants.PARAM_ACTION);
-        if (FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(wa)) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("SignOutCleanup request found");
-                LOG.debug("SignOutCleanup action...");
+        LogoutHandler logoutHandler = new LogoutHandler(fedConfig, contextName);
+        if (logoutHandler.canHandleRequest(request)) {
+            Element token = (Element)request.getSession().getAttribute(SECURITY_TOKEN);
+            logoutHandler.setToken(token);
+
+            //TODO: Check if this internal session cleanup is really needed
+            Session session = request.getSessionInternal();
+            // Cleanup session
+            if (session != null) {
+                session.removeNote(FEDERATION_NOTE);
+                session.setPrincipal(null);
             }
 
-            request.getSession().invalidate();
-            handleLogout(response.getOutputStream());
+            logoutHandler.handleRequest(request, response);
 
             return;
         }
         
         super.invoke(request, response);
-
-    }
-    
-    private void handleLogout(final ServletOutputStream responseOutputStream) throws IOException
{
-        InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("logout.jpg");
-        if (inputStream == null) {
-            LOG.warn("Could not write logout.jpg");
-            return;
-        }
-        int read = 0;
-        byte[] buf = new byte[1024];
-        while ((read = inputStream.read(buf)) != -1) {
-            responseOutputStream.write(buf, 0, read);
-        }
-        inputStream.close();
-        responseOutputStream.flush();
-    }
-    
-    private String getMetadataURI(FedizContext fedConfig) {
-        if (fedConfig.getProtocol().getMetadataURI() != null) {
-            return fedConfig.getProtocol().getMetadataURI();
-        } else if (fedConfig.getProtocol() instanceof FederationProtocol) {
-            return FederationConstants.METADATA_PATH_URI;
-        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
-            return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
-        }
-        
-        return FederationConstants.METADATA_PATH_URI;
     }
 
+
     //CHECKSTYLE:OFF
     @Override
     public boolean authenticate(Request request, HttpServletResponse response,
@@ -273,40 +231,6 @@ public class FederationAuthenticator extends FormAuthenticator {
         }
         FedizContext fedConfig = getContextConfiguration(contextName);
         
-        //logout
-        String logoutUrl = fedConfig.getLogoutURL();
-        if (logoutUrl != null && !logoutUrl.isEmpty()
-            && request.getRequestURI().equals(contextName + logoutUrl)) {
-            HttpSession httpSession = request.getSession(false);
-            if (httpSession != null) {
-                // Here the user is already logged in
-                session = request.getSessionInternal();
-                
-                Element token = 
-                    (Element)request.getSession().getAttribute(SECURITY_TOKEN);
-                
-                // Cleanup session
-                if (session != null) {
-                    session.removeNote(FEDERATION_NOTE);
-                    session.setPrincipal(null);
-                    request.getSession().removeAttribute(SECURITY_TOKEN);
-                }
-                httpSession.invalidate();
-
-                FedizProcessor wfProc = 
-                    FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-                signOutRedirectToIssuer(request, response, token, wfProc);
-
-                return false;
-            } else {
-                // The user is already logged out
-                handleLogout(response.getOutputStream());
-
-                return false;
-            }
-        }
-
-
         // Have we already authenticated someone?
         Principal principal = request.getUserPrincipal();
         // String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
@@ -692,45 +616,5 @@ public class FederationAuthenticator extends FormAuthenticator {
         }
     }
 
-    protected void signOutRedirectToIssuer(Request request, HttpServletResponse response,

-                                           Element token, FedizProcessor processor)
-            throws IOException {
 
-        String contextName = request.getServletContext().getContextPath();
-        if (contextName == null || contextName.isEmpty()) {
-            contextName = "/";
-        }
-        FedizContext fedCtx = this.configurator.getFedizContext(contextName);
-        try {
-            SamlAssertionWrapper assertionToken = null;
-            if (token != null) {
-                assertionToken = new SamlAssertionWrapper(token);
-            }
-            RedirectionResponse redirectionResponse = 
-                processor.createSignOutRequest(request, assertionToken, fedCtx);
-            String redirectURL = redirectionResponse.getRedirectionURL();
-            if (redirectURL != null) {
-                Map<String, String> headers = redirectionResponse.getHeaders();
-                if (!headers.isEmpty()) {
-                    for (String headerName : headers.keySet()) {
-                        response.addHeader(headerName, headers.get(headerName));
-                    }
-                }
-                
-                response.sendRedirect(redirectURL);
-            } else {
-                LOG.warn("Failed to create SignOutRequest.");
-                response.sendError(
-                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
-            }
-        } catch (ProcessingException ex) {
-            LOG.warn("Failed to create SignOutRequest: " + ex.getMessage());
-            response.sendError(
-                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
-        } catch (WSSecurityException ex) {
-            LOG.warn("Failed to create SignOutRequest: " + ex.getMessage());
-            response.sendError(
-                    HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
-        }
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0f6a65de/systests/tomcat7/pom.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/pom.xml b/systests/tomcat7/pom.xml
index b96a516..c7b696b 100644
--- a/systests/tomcat7/pom.xml
+++ b/systests/tomcat7/pom.xml
@@ -215,8 +215,8 @@
                             <includes>
                                 <include>**/integrationtests/**</include>
                             </includes>
-                            <argLine>-Xms512m -Xmx1024m
-                                -XX:MaxPermSize=256m</argLine>
+                            <argLine>-Xms512m -Xmx1024m -XX:MaxPermSize=256m </argLine>
+                            <!--argLine>-Xms512m -Xmx1024m -XX:MaxPermSize=256m -Xdebug
-Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=y</argLine-->
                         </configuration>
                     </execution>
                     <execution>


Mime
View raw message