cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject [08/12] cxf-fediz git commit: Improve Logging
Date Fri, 20 Mar 2015 12:11:33 GMT
Improve Logging


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d95850ec
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d95850ec
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d95850ec

Branch: refs/heads/master
Commit: d95850ec5dc779cbb66a6912b00d8c9eb89e82e6
Parents: aeacfac
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Mon Mar 9 17:39:23 2015 +0100
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Thu Mar 19 17:26:51 2015 +0100

----------------------------------------------------------------------
 .../core/processor/FederationProcessorImpl.java | 14 +++----
 .../cxf/fediz/was/tai/FedizInterceptor.java     | 40 +++-----------------
 2 files changed, 12 insertions(+), 42 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d95850ec/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index c98486c..35a66ce 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -363,25 +363,25 @@ public class FederationProcessorImpl extends AbstractFedizProcessor
{
             }
             
             String issuerURL = resolveIssuer(request, config);
-            LOG.info("Issuer url: " + issuerURL);
+            LOG.debug("Issuer url: " + issuerURL);
             if (issuerURL != null && issuerURL.length() > 0) {
                 redirectURL = issuerURL;
             }
             
             String wAuth = resolveAuthenticationType(request, config);
-            LOG.info("WAuth: " + wAuth);
+            LOG.debug("WAuth: " + wAuth);
             
             String wReq = resolveRequest(request, config);
-            LOG.info("WReq: " + wReq);
+            LOG.debug("WReq: " + wReq);
             
             String homeRealm = resolveHomeRealm(request, config);
-            LOG.info("HomeRealm: " + homeRealm);
+            LOG.debug("HomeRealm: " + homeRealm);
             
             String freshness = resolveFreshness(request, config);
-            LOG.info("Freshness: " + freshness);
+            LOG.debug("Freshness: " + freshness);
             
             String signInQuery = resolveSignInQuery(request, config);
-            LOG.info("SignIn Query: " + signInQuery);
+            LOG.debug("SignIn Query: " + signInQuery);
             
             String wctx = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
             String requestURL = request.getRequestURL().toString();
@@ -487,7 +487,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
             }
 
             String issuerURL = resolveIssuer(request, config);
-            LOG.info("Issuer url: " + issuerURL);
+            LOG.debug("Issuer url: " + issuerURL);
             if (issuerURL != null && issuerURL.length() > 0) {
                 redirectURL = issuerURL;
             }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d95850ec/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
index 530c0bb..4707df3 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
@@ -23,7 +23,6 @@ import java.io.IOException;
 import java.rmi.RemoteException;
 import java.util.ArrayList;
 import java.util.Hashtable;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
@@ -38,10 +37,8 @@ import javax.servlet.http.HttpSession;
 import com.ibm.websphere.security.CustomRegistryException;
 import com.ibm.websphere.security.EntryNotFoundException;
 import com.ibm.websphere.security.UserRegistry;
-import com.ibm.websphere.security.WSSecurityException;
 import com.ibm.websphere.security.WebTrustAssociationException;
 import com.ibm.websphere.security.WebTrustAssociationFailedException;
-import com.ibm.websphere.security.auth.WSSubject;
 import com.ibm.wsspi.security.tai.TAIResult;
 import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
 import com.ibm.wsspi.security.token.AttributeNameConstants;
@@ -283,22 +280,9 @@ public class FedizInterceptor implements TrustAssociationInterceptor
{
             }
 
             // Check if user was authenticated previously and token is still valid
-            String user = req.getRemoteUser();
-            String principal = WSSubject.getCallerPrincipal();
-            Subject subject = null;
-            try {
-                subject = WSSubject.getCallerSubject();
-            } catch (WSSecurityException e) {
-                LOG.error("Could not read subject");
-            }
-            LOG.info("Remote User: {}, Principal: {}, Subject {}", user, principal, subject);
-            if (principal != null && subject != null) {
-                // return TAIResult.create(HttpServletResponse.SC_OK, principal, subject);
-            } else {
-                TAIResult taiResult = checkUserAuthentication(req);
-                if (taiResult != null) {
-                    return taiResult;
-                }
+            TAIResult taiResult = checkUserAuthentication(req);
+            if (taiResult != null) {
+                return taiResult;
             }
 
             LOG.info("No Subject found in existing session. Redirecting to IDP");
@@ -321,17 +305,15 @@ public class FedizInterceptor implements TrustAssociationInterceptor
{
             if (federationResponse != null) {
                 LOG.info("Security Token found in session: {}", federationResponse.getUsername());
 
-                // check that the target WebApp is properly configured for Token TTL enforcement
+                // validate Security Token and create User Principal
                 if (checkSecurityToken(federationResponse)) {
                     // proceed creating the JAAS Subject
-                    LOG.info("Security Filter properly configured - forwarding subject");
                     List<String> groupsIds = groupIdsFromTokenRoles(federationResponse);
+                    LOG.debug("Mapped group IDs: {}", groupsIds);
                     Subject subject = createSubject(federationResponse, groupsIds, session.getId());
 
                     result = TAIResult.create(HttpServletResponse.SC_OK, federationResponse.getUsername(),
subject);
                 }
-                // leave the Session untouched
-                // session.removeAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY);
             }
         }
         return result;
@@ -368,18 +350,6 @@ public class FedizInterceptor implements TrustAssociationInterceptor
{
         }
     }
 
-    protected FedizResponse getCachedFederationResponse(Subject subject) {
-        Iterator<?> i = subject.getPublicCredentials().iterator();
-        while (i.hasNext()) {
-            Object o = i.next();
-            if (o instanceof Hashtable) {
-                Map<?, ?> table = (Hashtable<?, ?>)o;
-                return (FedizResponse)table.get(Constants.SUBJECT_TOKEN_KEY);
-            }
-        }
-        return null;
-    }
-
     private boolean checkSecurityToken(FedizResponse response) {
         if (response == null) {
             return false;


Mime
View raw message