cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Fixing some issues with the POST binding for SAML SSO
Date Tue, 19 Jan 2016 15:08:05 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 941e81db3 -> e4956f9ec


Fixing some issues with the POST binding for SAML SSO


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e4956f9e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e4956f9e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e4956f9e

Branch: refs/heads/master
Commit: e4956f9ecf58ebc40a1fc7232d89bd3f6c15a138
Parents: 941e81d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Jan 19 14:50:08 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Jan 19 14:50:54 2016 +0000

----------------------------------------------------------------------
 .../TrustedIdpSAMLProtocolHandler.java          | 24 ++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e4956f9e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 47200a1..a9448cc 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -57,10 +57,12 @@ import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
 import org.apache.cxf.rs.security.saml.sso.AuthnRequestBuilder;
 import org.apache.cxf.rs.security.saml.sso.DefaultAuthnRequestBuilder;
+import org.apache.cxf.rs.security.saml.sso.EHCacheTokenReplayCache;
 import org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator;
 import org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator;
 import org.apache.cxf.rs.security.saml.sso.SSOConstants;
 import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse;
+import org.apache.cxf.rs.security.saml.sso.TokenReplayCache;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.crypto.CertificateStore;
@@ -116,6 +118,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
     private static final String SAML_SSO_REQUEST_ID = "saml-sso-request-id";
 
     private AuthnRequestBuilder authnRequestBuilder = new DefaultAuthnRequestBuilder();
+    private TokenReplayCache<String> replayCache;
 
     static {
         OpenSAMLUtil.initSamlEngine();
@@ -430,14 +433,20 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
                 isPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS, true));
             ssoResponseValidator.setEnforceKnownIssuer(
                 isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true));
+            
+            HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
+            boolean post = "POST".equals(httpServletRequest.getMethod());
+            if (post) {
+                ssoResponseValidator.setReplayCache(getReplayCache());
+            }
 
-            return ssoResponseValidator.validateSamlResponse(samlResponse, false);
+            return ssoResponseValidator.validateSamlResponse(samlResponse, post);
         } catch (WSSecurityException ex) {
             LOG.debug(ex.getMessage(), ex);
             throw ExceptionUtils.toBadRequestException(ex, null);
         }
     }
-
+    
     // Is a property configured. Defaults to "true" if not
     private boolean isPropertyConfigured(TrustedIdp trustedIdp, String property, boolean
defaultValue) {
         Map<String, String> parameters = trustedIdp.getParameters();
@@ -448,4 +457,15 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
         
         return defaultValue;
     }
+    
+    public void setReplayCache(TokenReplayCache<String> replayCache) {
+        this.replayCache = replayCache;
+    }
+    
+    public TokenReplayCache<String> getReplayCache() {
+        if (replayCache == null) {
+            replayCache = new EHCacheTokenReplayCache();
+        }
+        return replayCache;
+    }
 }


Mime
View raw message