cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: [FEDIZ-153] - Some refactoring
Date Tue, 23 Feb 2016 17:04:22 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master a700f7ae2 -> 72f0c939b


[FEDIZ-153] - Some refactoring


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/72f0c939
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/72f0c939
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/72f0c939

Branch: refs/heads/master
Commit: 72f0c939b51c81ff6575d41f406c0f6ec0d5d25b
Parents: a700f7a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Feb 23 17:04:00 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Feb 23 17:04:00 2016 +0000

----------------------------------------------------------------------
 .../idp/beans/TrustedIdpProtocolAction.java     | 29 --------
 .../TrustedIdpOIDCProtocolHandler.java          | 76 +++-----------------
 .../TrustedIdpSAMLProtocolHandler.java          |  5 --
 .../TrustedIdpWSFedProtocolHandler.java         |  5 --
 .../idp/spi/TrustedIdpProtocolHandler.java      |  3 -
 .../flows/federation-signin-response.xml        | 12 ----
 .../flows/federation-validate-request.xml       |  1 -
 7 files changed, 9 insertions(+), 122 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/72f0c939/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
index 63f8b8c..2369bae 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
@@ -73,35 +73,6 @@ public class TrustedIdpProtocolAction {
         return redirectUrl.toString();
     }
     
-    public String processSignInResponse(RequestContext requestContext) {
-        String trustedIdpRealm = requestContext.getFlowScope().getString("whr");
-        
-        Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
-        
-        TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
-        if (trustedIdp == null) {
-            LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
-            throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
-        }
-        
-        String protocol = trustedIdp.getProtocol();
-        LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);
-        
-        TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
-        if (protocolHandler == null) {
-            LOG.error("No ProtocolHandler found for {}", protocol);
-            throw new IllegalStateException("No ProtocolHandler found for '" + protocol +
"'");
-        }
-        URL redirectUrl = protocolHandler.processSignInResponse(requestContext, idpConfig,
trustedIdp);
-        LOG.info("Redirect required? {}", redirectUrl != null);
-        if (redirectUrl != null) {
-            String redirectUrlStr = redirectUrl.toString();
-            LOG.info("Redirect URL: {}", redirectUrlStr);
-            return redirectUrlStr;
-        }
-        return null;
-    }
-    
     public SecurityToken mapSignInResponse(RequestContext requestContext) {
         String trustedIdpRealm = requestContext.getFlowScope().getString("whr");
         LOG.info("Prepare validate SignInResponse of Trusted IDP '{}'", trustedIdpRealm);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/72f0c939/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
index c6ebeba..eef38ea 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
@@ -74,7 +74,6 @@ import org.apache.wss4j.common.saml.bean.ConditionsBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.apache.wss4j.common.util.DOM2Writer;
 import org.apache.xml.security.exceptions.Base64DecodingException;
 import org.apache.xml.security.utils.Base64;
 import org.joda.time.DateTime;
@@ -144,50 +143,6 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
     }
     
     @Override
-    public URL processSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
-        /*
-        String code = (String) WebUtils.getAttributeFromFlowScope(context,
-                                                                 OAuthConstants.CODE_RESPONSE_TYPE);
-        if (code == null) {
-            return null;
-        }
-        
-        try {
-            StringBuilder sb = new StringBuilder();
-            // sb.append(trustedIdp.getUrl());
-            sb.append("http://localhost:8080/auth/realms/realmb/protocol/openid-connect/token");
// TODO
-            sb.append("?");
-            sb.append("grant_type").append('=');
-            sb.append("authorization_code");
-            sb.append("&");
-            sb.append("code").append('=');
-            sb.append(code);
-            sb.append("&");
-            sb.append("redirect_uri").append('=');
-            sb.append(URLEncoder.encode(idp.getIdpUrl().toString(), "UTF-8"));
-            sb.append("&");
-            sb.append("client_id").append('=');
-            sb.append("consumer-id"); //TODO
-            // sb.append("&");
-            
-            // TODOString state = (String) WebUtils.getAttributeFromFlowScope(context,
-            //                                                          OAuthConstants.STATE);
-            // sb.append("state").append('=');
-            // sb.append(state);
-            
-            return new URL(sb.toString());
-        } catch (MalformedURLException ex) {
-            LOG.error("Invalid Redirect URL for Trusted Idp", ex);
-            throw new IllegalStateException("Invalid Redirect URL for Trusted Idp");
-        } catch (UnsupportedEncodingException ex) {
-            LOG.error("Invalid Redirect URL for Trusted Idp", ex);
-            throw new IllegalStateException("Invalid Redirect URL for Trusted Idp");
-        }
-        */
-        return null;
-    }
-
-    @Override
     public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
 
         String code = (String) WebUtils.getAttributeFromFlowScope(context,
@@ -230,28 +185,17 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
                     return null;
                 }
                 
-                /*String whr = (String) WebUtils.getAttributeFromFlowScope(context,
+                String whr = (String) WebUtils.getAttributeFromFlowScope(context,
                                                                          FederationConstants.PARAM_HOME_REALM);
                 if (whr == null) {
                     LOG.warn("Home realm is null");
                     throw new IllegalStateException("Home realm is null");
                 }
         
-                String wresult = (String) WebUtils.getAttributeFromFlowScope(context,
-                                                                             FederationConstants.PARAM_RESULT);
-                if (wresult == null) {
-                    LOG.warn("Parameter wresult not found");
-                    throw new IllegalStateException("No security token issued");
-                }*/
-        
                 // Parse the received Token
                 JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
                 JwtToken jwt = jwtConsumer.getJwtToken();
                 
-                for (String claim : jwt.getClaims().asMap().keySet()) {
-                    System.out.println("CLAIM: " + claim + " " + jwt.getClaim(claim));
-                }
-                
                 if (!jwtConsumer.verifySignatureWith(validatingCert, SignatureAlgorithm.RS256))
{
                     LOG.warn("Signature does not validate");
                     return null;
@@ -261,30 +205,28 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
                 if (jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT) != null) {
                     created = new Date((long)jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT) *
1000L);
                 }
+                if (jwt.getClaim(JwtConstants.CLAIM_EXPIRY) == null) {
+                    LOG.warn("No expiry in the token");
+                    return null;
+                }
                 Date expires = new Date((long)jwt.getClaim(JwtConstants.CLAIM_EXPIRY) * 1000L);
-                System.out.println("IAT: " + created);
-                System.out.println("EXP: " + expires);
                 
                 // Convert into a SAML Token
                 SamlAssertionWrapper assertion = createSamlAssertion(idp, jwt, created, expires);
                 Document doc = DOMUtils.createDocument();
                 Element token = assertion.toDOM(doc);
-                System.out.println("TOK: " + DOM2Writer.nodeToString(token));
         
                 // Create new Security token with new id. 
                 // Parameters for freshness computation are copied from original IDP_TOKEN
                 SecurityToken idpToken = new SecurityToken(assertion.getId(), created, expires);
                 idpToken.setToken(token);
         
-                // idpToken.setToken(e);
-                // LOG.info("[IDP_TOKEN={}] for user '{}' created from [RP_TOKEN={}] issued
by home realm [{}/{}]",
-                //         id, wfResp.getUsername(), wfResp.getUniqueTokenId(), whr, wfResp.getIssuer());
+                LOG.info("[IDP_TOKEN={}] for user '{}' created from [RP_TOKEN={}] issued
by home realm [{}/{}]",
+                         assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(),

+                         jwt.getClaim(JwtConstants.CLAIM_JWT_ID), whr, jwt.getClaim(JwtConstants.CLAIM_ISSUER));
                 LOG.debug("Created date={}", created);
                 LOG.debug("Expired date={}", expires);
-                if (LOG.isDebugEnabled()) {
-                    //LOG.debug("Validated 'wresult' : "
-                    //    + System.getProperty("line.separator") + wresult);
-                }
+                
                 return idpToken;
             } catch (IllegalStateException ex) {
                 throw ex;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/72f0c939/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 950d0ce..adc85d1 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -191,11 +191,6 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
     }
 
     @Override
-    public URL processSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
-        return null;
-    }
-
-    @Override
     public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
 
         try {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/72f0c939/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
index 9c9b192..c694b9d 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
@@ -118,11 +118,6 @@ public class TrustedIdpWSFedProtocolHandler implements TrustedIdpProtocolHandler
     }
     
     @Override
-    public URL processSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
-        return null;
-    }
-
-    @Override
     public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
 
         try {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/72f0c939/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
index 45dfa1f..a33591b 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
@@ -34,9 +34,6 @@ public interface TrustedIdpProtocolHandler extends ProtocolHandler {
     // Only supports HTTP GET SignIn Requests
     URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp);
     
-    // Allow for processing of the Response + redirect again (required by some protocols)
-    URL processSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp);
-    
     //Hook in <action-state id="validateToken"> of federation-signin-response.xml
     SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp);
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/72f0c939/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
index a66d0b8..f424edc 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
@@ -37,16 +37,6 @@
         <evaluate expression="signinParametersCacheAction.restore(flowRequestContext)"
/>
     </on-start>
     
-    <!-- See whether a further sign in request is required after processing -->
-    <action-state id="isFurtherSignInRedirectRequired">
-        <evaluate expression="trustedIdpProtocolAction.processSignInResponse(flowRequestContext)"

-                      result="flowScope.remoteIdpUrl"/>
-        <evaluate expression="flowScope.remoteIdpUrl != null" />
-        <transition on="yes" to="redirectToTrustedIDP" />
-        <transition on="no" to="validateToken" />
-        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
-    </action-state>
-    
     <!-- validate token issued by requestor IDP ('wresult') given its 'whr' -->
     <action-state id="validateToken">
         <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext)"
@@ -81,6 +71,4 @@
     <!-- abnormal exit point : Http 500 Internal Server Error -->
     <end-state id="scInternalServerError" />
     
-    <end-state id="redirectToTrustedIDP" />
-
 </flow>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/72f0c939/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 6622ac3..4a9e20f 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -132,7 +132,6 @@
         </transition>
         <transition on="viewBadRequest" to="viewBadRequest" />
         <transition on="scInternalServerError" to="scInternalServerError" />
-        <transition on="redirectToTrustedIDP" to="redirectToTrustedIDP" />
     </subflow-state>
 
     <!-- produce RP security token (as String type) -->


Mime
View raw message