cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject cxf-fediz git commit: [FEDIZ-133] Imrove Logout Page handling
Date Fri, 23 Oct 2015 15:30:18 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master c78fff7f0 -> 73edea40e


[FEDIZ-133] Imrove Logout Page handling


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/73edea40
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/73edea40
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/73edea40

Branch: refs/heads/master
Commit: 73edea40e59d4ecfb6e8aab4c682c015d99797b9
Parents: c78fff7
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Fri Oct 23 17:29:30 2015 +0200
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Fri Oct 23 17:29:30 2015 +0200

----------------------------------------------------------------------
 .../idp/beans/SigninParametersCacheAction.java  | 81 ++++++++++++++++----
 .../flows/federation-validate-request.xml       | 16 ++--
 .../views/signoutconfirmationresponse.jsp       | 46 ++++++-----
 .../webapp/WEB-INF/views/signoutresponse.jsp    | 26 ++++---
 4 files changed, 116 insertions(+), 53 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/73edea40/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
index a822d1b..41cac31 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
@@ -37,7 +37,9 @@ public class SigninParametersCacheAction {
 
     //todo introduce constants class?
     public static final String IDP_CONFIG = "idpConfig";
+    @Deprecated
     public static final String REALM_URL_MAP = "realmUrlMap";
+    public static final String ACTIVE_APPLICATIONS = "realmConfigMap";
 
     private static final Logger LOG = LoggerFactory.getLogger(SigninParametersCacheAction.class);
 
@@ -108,6 +110,11 @@ public class SigninParametersCacheAction {
         }
     }
 
+    /**
+     * @deprecated use {@link #storeRPConfigInSession()} instead.  
+     * @param context
+     * @throws ProcessingException
+     */
     public void storeRPUrlInSession(RequestContext context) throws ProcessingException {
 
         String whr = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_HOME_REALM);
@@ -127,24 +134,12 @@ public class SigninParametersCacheAction {
         }
 
         if (url == null) {
-            url = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REPLY);
-            try {
-                //basic check if the url is correctly formed
-                new URL(url);
-            } catch (Exception e) {
-                url = null;
-            }
-            if (url == null) {
-                url = wtrealm;
-                try {
-                    //basic check if the url is correctly formed
-                    new URL(url);
-                } catch (Exception e) {
-                    throw new ProcessingException(e.getMessage(), e, ProcessingException.TYPE.INVALID_REQUEST);
-                }
+            url = guessPassiveRequestorURL(context, wtrealm);
+            if (serviceConfig != null) {
+                serviceConfig.setPassiveRequestorEndpoint(url);
             }
         }
-
+        
         @SuppressWarnings("unchecked")
         Map<String, String> rum =
                 (Map<String, String>)WebUtils
@@ -159,5 +154,59 @@ public class SigninParametersCacheAction {
         if (val == null) {
             rum.put(wtrealm, url);
         }
+        
+        storeRPConfigInSession(context);
+    }
+    
+    public void storeRPConfigInSession(RequestContext context) throws ProcessingException
{
+
+        String whr = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_HOME_REALM);
+        String wtrealm = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_TREALM);
+        Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, IDP_CONFIG);
+        if (whr == null || wtrealm == null || idpConfig == null) {
+            return;
+        }       
+        
+        Application serviceConfig = idpConfig.findApplication(wtrealm);
+        if (serviceConfig != null) {
+            if (serviceConfig.getPassiveRequestorEndpoint() == null) {
+                String url = guessPassiveRequestorURL(context, wtrealm);
+                serviceConfig.setPassiveRequestorEndpoint(url);
+            }
+            
+            @SuppressWarnings("unchecked")
+            Map<String, Application> realmConfigMap =
+                    (Map<String, Application>)WebUtils
+                            .getAttributeFromExternalContext(context, ACTIVE_APPLICATIONS);
+
+            if (realmConfigMap == null) {
+                realmConfigMap = new HashMap<>();
+                WebUtils.putAttributeInExternalContext(context, ACTIVE_APPLICATIONS, realmConfigMap);
+            }
+
+            if (realmConfigMap.get(wtrealm) == null) {
+                realmConfigMap.put(wtrealm, serviceConfig);
+            }
+        }
+    }
+
+    protected String guessPassiveRequestorURL(RequestContext context, String wtrealm) throws
ProcessingException {
+        String url = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REPLY);
+        try {
+            //basic check if the url is correctly formed
+            new URL(url);
+        } catch (Exception e) {
+            url = null;
+        }
+        if (url == null) {
+            url = wtrealm;
+            try {
+                //basic check if the url is correctly formed
+                new URL(url);
+            } catch (Exception e) {
+                throw new ProcessingException(e.getMessage(), e, ProcessingException.TYPE.INVALID_REQUEST);
+            }
+        }
+        return url;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/73edea40/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 6970a39..d8ebd2d 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -63,11 +63,8 @@
             test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.length()
== 0"
             then="viewBadRequest" else="signinResponse" />
     </decision-state>
-
+	
     <decision-state id="selectSignOutProcess">
-        <on-entry>
-            <evaluate expression="@org.apache.cxf.fediz.service.idp.util.WebUtils@getHttpHeader(flowRequestContext,
'Referer')" result="flowScope.wreply"/>
-        </on-entry>
         <if
             test="requestParameters.wa == 'wsignout1.0' and flowScope.idpConfig.rpSingleSignOutConfirmation
== true
             or requestParameters.wa == 'wsignoutcleanup1.0' and flowScope.idpConfig.rpSingleSignOutCleanupConfirmation
== true"
@@ -137,7 +134,7 @@
             <evaluate expression="stsClientForRpAction.submit(flowRequestContext)"
                       result="flowScope.rpToken"/>
         </on-entry>
-        <evaluate expression="signInParamCacheAction.storeRPUrlInSession(flowRequestContext)"
+        <evaluate expression="signInParamCacheAction.storeRPConfigInSession(flowRequestContext)"
                 result="flowScope.res"/>
         <transition to="isWReplyProvided" />
         <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException"
to="viewBadRequest" />
@@ -206,14 +203,15 @@
     <!-- normal exit point for logout -->
     <end-state id="invalidateSessionAction" view="signoutresponse">
         <on-entry>
-            <!-- store the realmUrlMap in the request map before we invalidate the session
below.
+            <!-- store the realmConfigMap in the request map before we invalidate the
session below.
             Its needed in the signoutresponse.jsp page -->
-            <set name="externalContext.requestMap.realmUrlMap" value="externalContext.sessionMap.realmUrlMap"/>
+            <set name="externalContext.requestMap.realmConfigMap" 
+                value="externalContext.sessionMap.realmConfigMap"/>
+            <set name="externalContext.requestMap.wreply" value="flowScope.wreply"/>
             <!-- there is no Saml token canceller in cxf STS...
             <evaluate expression="stsClientForRpAction.cancelTokens(flowRequestContext)"
/>
             -->
-            <evaluate
-                expression="homeRealmReminder.removeCookie(flowRequestContext)" />
+            <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)"
/>
             <evaluate expression="logoutAction.submit(flowRequestContext)" />
         </on-entry>
     </end-state>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/73edea40/services/idp/src/main/webapp/WEB-INF/views/signoutconfirmationresponse.jsp
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/views/signoutconfirmationresponse.jsp b/services/idp/src/main/webapp/WEB-INF/views/signoutconfirmationresponse.jsp
index cc9479a..607762e 100644
--- a/services/idp/src/main/webapp/WEB-INF/views/signoutconfirmationresponse.jsp
+++ b/services/idp/src/main/webapp/WEB-INF/views/signoutconfirmationresponse.jsp
@@ -1,5 +1,6 @@
 <%@ page import="java.util.Map" %>
 <%@ page import="org.apache.cxf.fediz.service.idp.beans.SigninParametersCacheAction" %>
+<%@ page import="org.apache.cxf.fediz.service.idp.domain.Application" %>
 <%@ page import="org.apache.cxf.fediz.core.FederationConstants" %>
 <%@ page import="java.util.List" %>
 <%@ page import="java.util.Iterator" %>
@@ -13,42 +14,49 @@
 <body>
     <%
         @SuppressWarnings("unchecked")
-        Map<String, String> rum =
-                (Map<String, String>) request.getSession().getAttribute(SigninParametersCacheAction.REALM_URL_MAP);
+        Map<String, Application> rcm =
+        (Map<String, Application>) request.getSession().getAttribute(SigninParametersCacheAction.ACTIVE_APPLICATIONS);
+    	String wreply = (String) request.getAttribute("wreply");
 
-        if (rum == null) {
+        if (rcm == null) {
     %>
 	        <p>You have already logged out</p>
     <%
         } else {
     %>
-	        <h1>Logout from the following realms?</h1>
-	   
+	        <h1>Logout from the following Applications?</h1>
+			<div>	   
     <%
-            Iterator<Map.Entry<String, String>> iterator = rum.entrySet().iterator();
+            Iterator<Map.Entry<String, Application>> iterator = rcm.entrySet().iterator();
                 
             while (iterator.hasNext()) {
-                Map.Entry<String, String> next = iterator.next();
-                String rpUri = next.getValue();
-                if (rpUri != null) {
+                Application next = iterator.next().getValue();
+                if (next != null) {
     %>
-                    <p>
-                    Will logout on RP: <%= rpUri%>
-                    </p>
+                    <%= next.getServiceDisplayName() %>
                     <br/>
     <%
                 }
             }
         }
         
-        if (rum != null && !rum.isEmpty()) {
+        if (rcm != null && !rcm.isEmpty()) {
     %>
-        <form:form method="POST" id="signoutconfirmationresponseform" name="signoutconfirmationresponseform">
-            <input type="hidden" name="wa" value="wsignout1.0" />
-            <input type="hidden" id="execution" name="execution" value="${flowExecutionKey}"
/>
-            <input type="submit" name="_eventId_submit" value="Logout" />
-            <input type="submit" name="_eventId_cancel" value="Cancel" />
-        </form:form>
+	    	</div>
+	    	<br/>
+	    	<br/>
+	        <form:form method="POST" id="signoutconfirmationresponseform" name="signoutconfirmationresponseform">
+	            <input type="hidden" name="wa" value="wsignout1.0" />
+	            <input type="hidden" id="execution" name="execution" value="${flowExecutionKey}"
/>
+	            <input type="submit" name="_eventId_submit" value="Logout" />
+			    <%     
+			        if (wreply != null && !wreply.isEmpty()) {
+			    %>        
+	            <input type="submit" name="_eventId_cancel" value="Cancel" />
+	            <%     
+			        }
+			    %>
+	        </form:form>
     <%     
         }
     %>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/73edea40/services/idp/src/main/webapp/WEB-INF/views/signoutresponse.jsp
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/views/signoutresponse.jsp b/services/idp/src/main/webapp/WEB-INF/views/signoutresponse.jsp
index 71110bf..429c026 100644
--- a/services/idp/src/main/webapp/WEB-INF/views/signoutresponse.jsp
+++ b/services/idp/src/main/webapp/WEB-INF/views/signoutresponse.jsp
@@ -1,5 +1,7 @@
+<%@page import="org.opensaml.soap.wsfed.WSFedConstants"%>
 <%@ page import="java.util.Map" %>
 <%@ page import="org.apache.cxf.fediz.service.idp.beans.SigninParametersCacheAction" %>
+<%@ page import="org.apache.cxf.fediz.service.idp.domain.Application" %>
 <%@ page import="org.apache.cxf.fediz.core.FederationConstants" %>
 <%@ page import="java.util.List" %>
 <%@ page import="java.util.Iterator" %>
@@ -13,10 +15,11 @@
 <body>
     <%
         @SuppressWarnings("unchecked")
-        Map<String, String> rum =
-                (Map<String, String>) request.getAttribute(SigninParametersCacheAction.REALM_URL_MAP);
+        Map<String, Application> apps =
+                (Map<String, Application>) request.getAttribute(SigninParametersCacheAction.ACTIVE_APPLICATIONS);
+    	String wreply = (String) request.getAttribute("wreply");
 
-        if (rum == null) {
+        if (apps == null) {
     %>
 	        <p>You have already logged out</p>
     <%
@@ -26,15 +29,15 @@
         
             <p>
     <%
-            Iterator<Map.Entry<String, String>> iterator = rum.entrySet().iterator();
+            Iterator<Map.Entry<String, Application>> iterator = apps.entrySet().iterator();
             
             while (iterator.hasNext()) {
-                Map.Entry<String, String> next = iterator.next();
-                String rpUri = next.getValue();
-                if (rpUri != null) {
+                Application next = iterator.next().getValue();
+                if (next != null) {
     %>
-                    Logout status of RP <%= rpUri%>:
-                    <img src="<%=rpUri + "?" + FederationConstants.PARAM_ACTION + "="
+ FederationConstants.ACTION_SIGNOUT_CLEANUP %>"/>
+                    <%= next.getServiceDisplayName() %> 
+                    <img src="<%=next.getPassiveRequestorEndpoint() + "?" + FederationConstants.PARAM_ACTION

+                        + "=" + FederationConstants.ACTION_SIGNOUT_CLEANUP %>"/>
                     <br/>
     <%
                 }
@@ -43,6 +46,11 @@
 	        </p>
     <%
         }
+        if (wreply != null && !wreply.isEmpty()) {
+    %>
+    <p><a href="<%= wreply%>">continue</a></p>
+    <%
+        }
     %>
 </body>
 </html>


Mime
View raw message