cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/5] cxf-fediz git commit: Split getting the RP token from serializing it
Date Fri, 18 Mar 2016 17:06:36 GMT
Split getting the RP token from serializing it


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/5d8fb365
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/5d8fb365
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/5d8fb365

Branch: refs/heads/master
Commit: 5d8fb3652f55f1c5299f9f02cffea03d6efcf922
Parents: 86c268b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Mar 18 12:13:28 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Mar 18 12:13:28 2016 +0000

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/IdpSTSClient.java     | 29 ++-------
 .../service/idp/beans/STSClientAction.java      | 44 ++++++--------
 .../service/idp/beans/TokenSerializer.java      | 62 ++++++++++++++++++++
 .../flows/federation-validate-request.xml       |  2 +
 .../WEB-INF/flows/saml-validate-request.xml     |  2 +
 5 files changed, 90 insertions(+), 49 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5d8fb365/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
index c4b9346..b8450b4 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
@@ -18,33 +18,23 @@
  */
 package org.apache.cxf.fediz.service.idp;
 
-import java.io.StringWriter;
-
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.stream.StreamResult;
+import org.w3c.dom.Element;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 public class IdpSTSClient extends STSClient {
 
-    private static final Logger LOG = LoggerFactory.getLogger(IdpSTSClient.class);
-
     public IdpSTSClient(Bus b) {
         super(b);
     }
 
-    public String requestSecurityTokenResponse() throws Exception {
+    public Element requestSecurityTokenResponse() throws Exception {
         return requestSecurityTokenResponse(null);
     }
 
-    public String requestSecurityTokenResponse(String appliesTo) throws Exception {
+    public Element requestSecurityTokenResponse(String appliesTo) throws Exception {
         String action = null;
         if (isSecureConv) {
             action = namespace + "/RST/SCT";
@@ -52,20 +42,11 @@ public class IdpSTSClient extends STSClient {
         return requestSecurityTokenResponse(appliesTo, action, "/Issue", null);
     }
 
-    public String requestSecurityTokenResponse(String appliesTo, String action,
+    public Element requestSecurityTokenResponse(String appliesTo, String action,
             String requestType, SecurityToken target) throws Exception {
         STSResponse response = issue(appliesTo, null, "/Issue", null);
 
-        StringWriter sw = new StringWriter();
-        try {
-            Transformer t = TransformerFactory.newInstance().newTransformer();
-            t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
-            t.transform(response.getResponse(), new StreamResult(sw));
-        } catch (TransformerException te) {
-            LOG.warn("nodeToString Transformer Exception");
-        }
-        return sw.toString();
-
+        return getDocumentElement(response.getResponse());
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5d8fb365/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index 58a69f3..818c0e3 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -18,9 +18,7 @@
  */
 package org.apache.cxf.fediz.service.idp.beans;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
-import java.io.InputStream;
 import java.io.StringReader;
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -35,7 +33,6 @@ import javax.xml.stream.XMLStreamException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
-import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
 import org.apache.cxf.binding.soap.SoapFault;
@@ -48,7 +45,6 @@ import org.apache.cxf.fediz.service.idp.domain.Application;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
-import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
@@ -175,10 +171,10 @@ public class STSClientAction {
     /**
      * @param context the webflow request context
      * @param realm The client/application realm
-     * @return a serialized RP security token
+     * @return a RP security token
      * @throws Exception
      */
-    public String submit(RequestContext context, String realm, String homeRealm)
+    public Element submit(RequestContext context, String realm, String homeRealm)
         throws Exception {
         
         SecurityToken idpToken = getSecurityToken(context, homeRealm);
@@ -276,7 +272,7 @@ public class STSClientAction {
             throw new ProcessingException(TYPE.BAD_REQUEST);
         }
         
-        String rpToken = null;
+        Element rpToken = null;
         try {
             rpToken = sts.requestSecurityTokenResponse(realm);
         } catch (SoapFault ex) {
@@ -294,26 +290,24 @@ public class STSClientAction {
             LOG.info("[RP_TOKEN={}] successfully created for realm [{}] on behalf of [IDP_TOKEN={}]",
                      id, realm, idpToken.getId());
         }
-        return StringEscapeUtils.escapeXml11(rpToken);
+        return rpToken;
     }
     
-    private String getIdFromToken(String token) throws IOException, XMLStreamException {
-        Document doc = null;
-        try (InputStream is = new ByteArrayInputStream(token.getBytes())) {
-            doc = StaxUtils.read(is);
-        }
-        NodeList nd = doc.getElementsByTagNameNS(WSConstants.SAML2_NS, "Assertion");
-        
-        String identifier = "ID";
-        if (nd.getLength() == 0) {
-            nd = doc.getElementsByTagNameNS(WSConstants.SAML_NS, "Assertion");
-            identifier = "AssertionID";
-        }
-        
-        if (nd.getLength() > 0) {
-            Element e = (Element) nd.item(0);
-            if (e.hasAttributeNS(null, identifier)) {
-                return e.getAttributeNS(null, identifier);
+    private String getIdFromToken(Element token) throws IOException, XMLStreamException {
+        if (token != null) {
+            NodeList nd = token.getElementsByTagNameNS(WSConstants.SAML2_NS, "Assertion");
+            
+            String identifier = "ID";
+            if (nd.getLength() == 0) {
+                nd = token.getElementsByTagNameNS(WSConstants.SAML_NS, "Assertion");
+                identifier = "AssertionID";
+            }
+            
+            if (nd.getLength() > 0) {
+                Element e = (Element) nd.item(0);
+                if (e.hasAttributeNS(null, identifier)) {
+                    return e.getAttributeNS(null, identifier);
+                }
             }
         }
         

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5d8fb365/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
new file mode 100644
index 0000000..4665cb5
--- /dev/null
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.beans;
+
+import java.io.StringWriter;
+
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Element;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+import org.springframework.webflow.execution.RequestContext;
+
+/**
+ * Serialize the RP Token
+ */
+@Component
+public class TokenSerializer {
+
+    private static final Logger LOG = LoggerFactory.getLogger(TokenSerializer.class);
+
+    public String serialize(RequestContext context, Element rpToken) {
+        if (rpToken != null) {
+            StringWriter sw = new StringWriter();
+            try {
+                Transformer t = TransformerFactory.newInstance().newTransformer();
+                t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+                t.transform(new DOMSource(rpToken), new StreamResult(sw));
+            } catch (TransformerException te) {
+                LOG.warn("nodeToString Transformer Exception");
+            }
+            String serializedToken = sw.toString();
+    
+            return org.apache.commons.lang3.StringEscapeUtils.escapeXml11(serializedToken);
+        }
+        
+        return null;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5d8fb365/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 1d489df..a242c80 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -138,6 +138,8 @@
     <action-state id="requestRpToken">
         <on-entry>
             <evaluate expression="stsClientForRpAction.submit(flowRequestContext, flowScope.wtrealm,
flowScope.whr)"
+                      result="flowScope.rpTokenElement"/>
+            <evaluate expression="tokenSerializer.serialize(flowRequestContext, flowScope.rpTokenElement)"
                       result="flowScope.rpToken"/>
         </on-entry>
         <evaluate expression="signinParametersCacheAction.storeRPConfigInSession(flowRequestContext)"
/>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5d8fb365/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index df7db44..1054cbb 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -64,6 +64,8 @@
             <evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)"

                       result="flowScope.realm"/>
             <evaluate expression="stsClientForRpAction.submit(flowRequestContext, flowScope.realm,
flowScope.homerealm)"
+                      result="flowScope.rpTokenElement"/>
+            <evaluate expression="tokenSerializer.serialize(flowRequestContext, flowScope.rpTokenElement)"
                       result="flowScope.rpToken"/>
             <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"

                       result="flowScope.consumerURL"/>


Mime
View raw message