Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: jbernhardt@apache.org
To: commits@cxf.apache.org
Date: Wed, 20 Jan 2016 05:28:56 -0000
Message-Id: <39f35ddd87a74bb5afdae51cedc08ff5@git.apache.org>
Subject: [1/2] cxf-fediz git commit: [FEDIZ-144] Added Spring EL support for
 HomeRealm Discovery

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 94dc9ec91 -> 7b2f203e1


[FEDIZ-144] Added Spring EL support for HomeRealm Discovery


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7b2f203e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7b2f203e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7b2f203e

Branch: refs/heads/master
Commit: 7b2f203e13aedf9fbffeaae273222b7380f7e92b
Parents: 3a723af
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Tue Jan 19 12:19:48 2016 +0100
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Wed Jan 20 06:27:33 2016 +0100

----------------------------------------------------------------------
 .../idp/beans/ProcessHRDSExpressionAction.java  | 40 ++++++++++++++----
 .../idp/src/main/resources/entities-realma.xml  |  9 ++--
 .../WEB-INF/flows/federation-signin-request.xml | 44 +++++---------------
 3 files changed, 48 insertions(+), 45 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7b2f203e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
index e7a9296..088af6c 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
@@ -18,10 +18,17 @@
  */
 package org.apache.cxf.fediz.service.idp.beans;
 
+import javax.servlet.http.Cookie;
+
+import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.expression.Expression;
+import org.springframework.expression.ExpressionParser;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
 import org.springframework.stereotype.Component;
 import org.springframework.webflow.execution.RequestContext;
 
@@ -32,17 +39,36 @@ import org.springframework.webflow.execution.RequestContext;
 public class ProcessHRDSExpressionAction {
 
     private static final String IDP_CONFIG = "idpConfig";
+
     private static final Logger LOG = LoggerFactory.getLogger(ProcessHRDSExpressionAction.class);
 
+    @Autowired
+    private HomeRealmReminder homeRealmReminder;
+
     public String submit(RequestContext context) {
+        // Check if home realm is known already
+        Cookie whrCookie = homeRealmReminder.readCookie(context);
+        if (whrCookie != null) {
+            LOG.debug("WHR Cookie set: {}", whrCookie);
+            return whrCookie.getValue();
+        }
+
+        // Check if custom HRDS is defined
         Idp idpConfig = (Idp)WebUtils.getAttributeFromFlowScope(context, IDP_CONFIG);
         String hrds = idpConfig.getHrds();
-        //TODO
-        if (hrds == null) {
-            LOG.info("HRDS is null (Mock).");
-            return "";
+
+        if (hrds != null) {
+            LOG.debug("HomeRealmDiscoveryService EL: {}", hrds);
+            ExpressionParser parser = new SpelExpressionParser();
+            Expression exp = parser.parseExpression(hrds);
+            String result = exp.getValue(context, String.class);
+            LOG.info("Realm resolved by HomeRealmDiscoveryService: {}", result);
+            return result;
         }
-        LOG.info("HRDS is not null (Mock).");
-        return "some-whr-value";
+
+        // Return whr parameter unchanged
+        String whr = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_HOME_REALM);
+        LOG.debug("No custom homeRealm handling, using whr parameter as provided in request: {}", whr);
+        return whr;
     }
-}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7b2f203e/services/idp/src/main/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/entities-realma.xml b/services/idp/src/main/resources/entities-realma.xml
index a6b43d6..01969a6 100644
--- a/services/idp/src/main/resources/entities-realma.xml
+++ b/services/idp/src/main/resources/entities-realma.xml
@@ -38,10 +38,8 @@
         <property name="rpSingleSignOutConfirmation" value="true"/>
         <property name="supportedProtocols">
             <util:list>
-                <value>http://docs.oasis-open.org/wsfed/federation/200706
-                </value>
-                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
-                </value>
+                <value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+                <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
             </util:list>
         </property>
         <property name="tokenTypesOffered">
@@ -52,7 +50,8 @@
         </property>
         <property name="authenticationURIs">
             <util:map>
-                <entry key="default" value="federation/up" />
+                <entry key="default"
+                       value="federation/up" />
                 <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey" 
                        value="federation/krb" />
                 <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7b2f203e/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
index fc44654..094d393 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
@@ -32,51 +32,29 @@
     <input name="whr" />
 
     <decision-state id="checkHRDSEnabled">
-        <if test="true" then="checkWhrInSigninRequest" else="checkDefaultToThisIDP" />
+        <if test="true" then="processHRDSExpression" else="checkDefaultToThisIDP" />
     </decision-state>
 
-    <decision-state id="checkWhrInSigninRequest">
-        <if test="flowScope.whr == null or flowScope.whr.trim().isEmpty()"
-            then="checkHomeRealm" else="checkIsThisIDP" />
+    <decision-state id="checkDefaultToThisIDP">
+        <if test="flowScope.idpConfig.isUseCurrentIdp()" then="checkWauthTypeSupported"
+            else="viewBadRequest" />
     </decision-state>
 
-    <decision-state id="checkHomeRealm">
-        <if test="homeRealmReminder.readCookie(flowRequestContext) == null"
-            then="processHRDSExpression" else="restoreHomeRealm" />
+    <decision-state id="processHRDSExpression">
+        <on-entry>
+            <evaluate expression="processHRDSExpressionAction.submit(flowRequestContext)" result="flowScope.whr" />
+        </on-entry>
+        <if test="flowScope.whr == null or flowScope.whr.trim().isEmpty()"
+            then="provideIDPListForUser" else="checkIsThisIDP" />
     </decision-state>
 
-    <action-state id="restoreHomeRealm">
-        <evaluate
-            expression="homeRealmReminder.readCookie(flowRequestContext).value"
-            result="flowScope.whr" />
-        <transition to="checkIsThisIDP" />
-    </action-state>
-
-    <action-state id="processHRDSExpression">
-        <!-- TODO -->
-        <evaluate
-            expression="processHRDSExpressionAction.submit(flowRequestContext)"
-            result="flowScope.whr" />
-        <transition on="" to="provideIDPListForUser" />
-        <transition to="checkIsThisIDP">
-            <evaluate
-                expression="homeRealmReminder.addCookie(flowRequestContext, flowScope.whr)" />
-        </transition>
-    </action-state>
-
     <decision-state id="provideIDPListForUser">
-        <if
-            test="flowScope.idpConfig.trustedIdps == null or idpConfig.trustedIdps.isEmpty()"
+        <if test="flowScope.idpConfig.trustedIdps == null or idpConfig.trustedIdps.isEmpty()"
             then="checkDefaultToThisIDP" />
         <if test="flowScope.idpConfig.isProvideIdpList() == false"
             then="checkDefaultToThisIDP" else="showIDPList" />
     </decision-state>
 
-    <decision-state id="checkDefaultToThisIDP">
-        <if test="flowScope.idpConfig.isUseCurrentIdp()" then="checkWauthTypeSupported"
-            else="viewBadRequest" />
-    </decision-state>
-
     <view-state id="showIDPList" view="idplist" model="trustedIDPSelection">
         <var name="trustedIDPSelection"
             class="org.apache.cxf.fediz.service.idp.model.TrustedIDPSelection" />