cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] cxf-fediz git commit: Added an extension to the Fediz protocol handlers to be able to perform two-step processing of a sign-in response.
Date Fri, 19 Feb 2016 17:03:37 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 48b9eed7a -> 4df66f377


Added an extension to the Fediz protocol handlers to be able to perform two-step processing
of a sign-in response.


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/abff9ec2
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/abff9ec2
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/abff9ec2

Branch: refs/heads/master
Commit: abff9ec295f76377829a5bb073de21f4f88b3a62
Parents: 48b9eed
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Feb 19 16:00:47 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Feb 19 16:00:47 2016 +0000

----------------------------------------------------------------------
 .../idp/beans/TrustedIdpProtocolAction.java     | 27 ++++++++++++++++++++
 .../TrustedIdpSAMLProtocolHandler.java          |  4 +++
 .../TrustedIdpWSFedProtocolHandler.java         |  7 ++++-
 .../idp/spi/TrustedIdpProtocolHandler.java      |  3 +++
 .../flows/federation-signin-response.xml        | 12 ++++++++-
 5 files changed, 51 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/abff9ec2/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
index 2369bae..614d196 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
@@ -73,6 +73,33 @@ public class TrustedIdpProtocolAction {
         return redirectUrl.toString();
     }
     
+    public String processSignInResponse(RequestContext requestContext) {
+        String trustedIdpRealm = requestContext.getFlowScope().getString("whr");
+        
+        Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
+        
+        TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
+        if (trustedIdp == null) {
+            LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
+            throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
+        }
+        
+        String protocol = trustedIdp.getProtocol();
+        LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);
+        
+        TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
+        if (protocolHandler == null) {
+            LOG.error("No ProtocolHandler found for {}", protocol);
+            throw new IllegalStateException("No ProtocolHandler found for '" + protocol +
"'");
+        }
+        URL redirectUrl = protocolHandler.processSignInResponse(requestContext, idpConfig,
trustedIdp);
+        LOG.info("Redirect required?", (redirectUrl != null));
+        if (redirectUrl != null) {
+            return redirectUrl.toString();
+        }
+        return null;
+    }
+    
     public SecurityToken mapSignInResponse(RequestContext requestContext) {
         String trustedIdpRealm = requestContext.getFlowScope().getString("whr");
         LOG.info("Prepare validate SignInResponse of Trusted IDP '{}'", trustedIdpRealm);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/abff9ec2/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index be2333c..950d0ce 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -190,6 +190,10 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
         }
     }
 
+    @Override
+    public URL processSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
+        return null;
+    }
 
     @Override
     public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/abff9ec2/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
index 1f9da57..9c9b192 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
@@ -82,7 +82,7 @@ public class TrustedIdpWSFedProtocolHandler implements TrustedIdpProtocolHandler
     public String getProtocol() {
         return PROTOCOL;
     }
-
+    
     @Override
     public URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp) {
         
@@ -116,6 +116,11 @@ public class TrustedIdpWSFedProtocolHandler implements TrustedIdpProtocolHandler
             throw new IllegalStateException("Invalid Redirect URL for Trusted Idp");
         }
     }
+    
+    @Override
+    public URL processSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{
+        return null;
+    }
 
     @Override
     public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp)
{

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/abff9ec2/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
index a33591b..45dfa1f 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
@@ -34,6 +34,9 @@ public interface TrustedIdpProtocolHandler extends ProtocolHandler {
     // Only supports HTTP GET SignIn Requests
     URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp);
     
+    // Allow for processing of the Response + redirect again (required by some protocols)
+    URL processSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp);
+    
     //Hook in <action-state id="validateToken"> of federation-signin-response.xml
     SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp);
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/abff9ec2/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
index 9e6d342..46da2cb 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
@@ -34,7 +34,17 @@
         <!-- restore 'wreply','wtrealm','whr' for current 'wctx' -->
         <evaluate expression="signinParametersCacheAction.restore(flowRequestContext)"
/>
     </on-start>
-
+    
+    <!-- See whether a further sign in request is required after processing -->
+    <action-state id="isFurtherSignInRedirectRequired">
+        <evaluate expression="trustedIdpProtocolAction.processSignInResponse(flowRequestContext)"

+                      result="flowScope.remoteIdpUrl"/>
+        <evaluate expression="flowScope.remoteIdpUrl != null" />
+        <transition on="yes" to="redirectToTrustedIDP" />
+        <transition on="no" to="validateToken" />
+        <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
+    </action-state>
+    
     <!-- validate token issued by requestor IDP ('wresult') given its 'whr' -->
     <action-state id="validateToken">
         <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext)"


Mime
View raw message