cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: [FEDIZ-107] - CXF plugin support for configurable token validation
Date Tue, 01 Sep 2015 13:00:53 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.2.x-fixes b8e71c845 -> 3de9c77d7


[FEDIZ-107] - CXF plugin support for configurable token validation


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3de9c77d
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3de9c77d
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3de9c77d

Branch: refs/heads/1.2.x-fixes
Commit: 3de9c77d761f54009917a8e1a9fd212b5832eace
Parents: b8e71c8
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Sep 1 13:45:10 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Sep 1 13:45:42 2015 +0100

----------------------------------------------------------------------
 .../java/org/apache/cxf/fediz/core/util/CookieUtils.java    | 5 +++--
 .../cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java | 9 +++++----
 .../cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java    | 4 ++--
 3 files changed, 10 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3de9c77d/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java
index f1ac431..d99a9c2 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java
@@ -73,13 +73,14 @@ public final class CookieUtils  {
         return dateFormat;
     }
     
-    public static boolean isStateExpired(long stateCreatedAt, long expiresAt, long stateTTL)
{
+    public static boolean isStateExpired(long stateCreatedAt, boolean detectExpiredTokens,
+                                         long expiresAt, long stateTTL) {
         Date currentTime = new Date();
         if (currentTime.after(new Date(stateCreatedAt + stateTTL))) {
             return true;
         }
         
-        if (expiresAt > 0 && currentTime.after(new Date(expiresAt))) {
+        if (detectExpiredTokens && expiresAt > 0 && currentTime.after(new
Date(expiresAt))) {
             return true;
         }
         

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3de9c77d/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
index b63d95c..43cd8d3 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
@@ -134,13 +134,13 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
         stateManager.close();
     }
     
-    protected boolean checkSecurityContext(Message m) {
+    protected boolean checkSecurityContext(FedizContext fedConfig, Message m) {
         HttpHeaders headers = new HttpHeadersImpl(m);
         Map<String, Cookie> cookies = headers.getCookies();
         
         Cookie securityContextCookie = cookies.get(SECURITY_CONTEXT_TOKEN);
         
-        ResponseState responseState = getValidResponseState(securityContextCookie, m);
+        ResponseState responseState = getValidResponseState(securityContextCookie, fedConfig,
m);
         if (responseState == null) {
             return false;    
         }
@@ -183,6 +183,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
     }
     
     protected ResponseState getValidResponseState(Cookie securityContextCookie, 
+                                                  FedizContext fedConfig,
                                                   Message m) {
         if (securityContextCookie == null) {
             // most likely it means that the user has not been offered
@@ -200,8 +201,8 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
             return null;
         }
         
-        if (CookieUtils.isStateExpired(responseState.getCreatedAt(), responseState.getExpiresAt(),

-                                    getStateTimeToLive())) {
+        if (CookieUtils.isStateExpired(responseState.getCreatedAt(), fedConfig.isDetectExpiredTokens(),
+                                       responseState.getExpiresAt(), getStateTimeToLive()))
{
             reportError("EXPIRED_RESPONSE_STATE");
             stateManager.removeResponseState(contextKey);
             return null;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3de9c77d/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
index e8ad7ea..1f1e3c8 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -103,7 +103,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
{
         
         if (isSignoutCleanupRequest(fedConfig, m, params)) {
             return;
-        } else if (checkSecurityContext(m)) {
+        } else if (checkSecurityContext(fedConfig, m)) {
             return;
         } else {
             if (isSignInRequired(fedConfig, params)) {
@@ -434,7 +434,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
{
             throw ExceptionUtils.toBadRequestException(null, null);
         }
         
-        if (CookieUtils.isStateExpired(wfReq.getRequestState().getCreatedAt(), 0, 
+        if (CookieUtils.isStateExpired(wfReq.getRequestState().getCreatedAt(), false, 0,

                                        getStateTimeToLive())) {
             LOG.error("EXPIRED_REQUEST_STATE");
             throw ExceptionUtils.toBadRequestException(null, null);


Mime
View raw message