cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: FEDIZ-159 - whr propagation can be disabled
Date Mon, 14 Mar 2016 16:17:41 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.2.x-fixes cc03d48de -> a45b3f994


FEDIZ-159 - whr propagation can be disabled


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a45b3f99
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a45b3f99
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a45b3f99

Branch: refs/heads/1.2.x-fixes
Commit: a45b3f9940667ca9c2cfe2d8f1b2a240270f3f1e
Parents: cc03d48
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Mar 14 16:05:01 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Mar 14 16:17:33 2016 +0000

----------------------------------------------------------------------
 .../AbstractTrustedIdpProtocolHandler.java      | 58 ++++++++++++++++++++
 .../TrustedIdpSAMLProtocolHandler.java          | 33 +++--------
 .../TrustedIdpWSFedProtocolHandler.java         | 23 ++++----
 3 files changed, 76 insertions(+), 38 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a45b3f99/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
new file mode 100644
index 0000000..2329eb2
--- /dev/null
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp.protocols;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
+import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
+
+public abstract class AbstractTrustedIdpProtocolHandler implements TrustedIdpProtocolHandler
{
+    
+    @Override
+    public boolean canHandleRequest(HttpServletRequest request) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    protected String getProperty(TrustedIdp trustedIdp, String property) {
+        Map<String, String> parameters = trustedIdp.getParameters();
+        
+        if (parameters != null && parameters.containsKey(property)) {
+            return parameters.get(property);
+        }
+        
+        return null;
+    }
+    
+    // Is a property configured. Defaults to the boolean "defaultValue" if not
+    protected boolean isBooleanPropertyConfigured(TrustedIdp trustedIdp, String property,
boolean defaultValue) {
+        Map<String, String> parameters = trustedIdp.getParameters();
+        
+        if (parameters != null && parameters.containsKey(property)) {
+            return Boolean.parseBoolean(parameters.get(property));
+        }
+        
+        return defaultValue;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a45b3f99/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index e153b18..7df53c4 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -32,7 +32,6 @@ import java.security.Signature;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.Map;
 import java.util.zip.DataFormatException;
 
 import javax.servlet.http.HttpServletRequest;
@@ -51,7 +50,6 @@ import org.apache.cxf.fediz.core.util.CertsUtils;
 import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
-import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
@@ -81,7 +79,7 @@ import org.springframework.stereotype.Component;
 import org.springframework.webflow.execution.RequestContext;
 
 @Component
-public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler {
+public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHandler {
     /**
      * Whether to sign the request or not. The default is "true".
      */
@@ -126,12 +124,6 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
     }
 
     @Override
-    public boolean canHandleRequest(HttpServletRequest request) {
-        // TODO Auto-generated method stub
-        return false;
-    }
-
-    @Override
     public String getProtocol() {
         return PROTOCOL;
     }
@@ -148,7 +140,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
                     null, idp.getRealm(), idp.getIdpUrl().toString()
                 );
             
-            boolean signRequest = isPropertyConfigured(trustedIdp, SIGN_REQUEST, true);
+            boolean signRequest = isBooleanPropertyConfigured(trustedIdp, SIGN_REQUEST, true);
             if (signRequest) {
                 authnRequest.setDestination(trustedIdp.getUrl());
             }
@@ -347,10 +339,10 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
         String samlResponseDecoded = samlResponse;
         
         InputStream tokenStream = null;
-        if (isPropertyConfigured(trustedIdp, SUPPORT_BASE64_ENCODING, true)) {
+        if (isBooleanPropertyConfigured(trustedIdp, SUPPORT_BASE64_ENCODING, true)) {
             try {
                 byte[] deflatedToken = Base64Utility.decode(samlResponseDecoded);
-                tokenStream = isPropertyConfigured(trustedIdp, SUPPORT_DEFLATE_ENCODING,
false)
+                tokenStream = isBooleanPropertyConfigured(trustedIdp, SUPPORT_DEFLATE_ENCODING,
false)
                     ? new DeflateEncoderDecoder().inflateToken(deflatedToken)
                     : new ByteArrayInputStream(deflatedToken); 
             } catch (Base64Exception ex) {
@@ -397,7 +389,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
         try {
             SAMLProtocolResponseValidator protocolValidator = new SAMLProtocolResponseValidator();
             protocolValidator.setKeyInfoMustBeAvailable(
-                isPropertyConfigured(trustedIdp, REQUIRE_KEYINFO, true));
+                isBooleanPropertyConfigured(trustedIdp, REQUIRE_KEYINFO, true));
             protocolValidator.validateSamlResponse(samlResponse, crypto, null);
         } catch (WSSecurityException ex) {
             LOG.debug(ex.getMessage(), ex);
@@ -429,9 +421,9 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
             ssoResponseValidator.setRequestId(requestId);
             ssoResponseValidator.setSpIdentifier(idp.getRealm());
             ssoResponseValidator.setEnforceAssertionsSigned(
-                isPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS, true));
+                isBooleanPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS, true));
             ssoResponseValidator.setEnforceKnownIssuer(
-                isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true));
+                isBooleanPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true));
             
             HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
             boolean post = "POST".equals(httpServletRequest.getMethod());
@@ -446,17 +438,6 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
         }
     }
     
-    // Is a property configured. Defaults to "true" if not
-    private boolean isPropertyConfigured(TrustedIdp trustedIdp, String property, boolean
defaultValue) {
-        Map<String, String> parameters = trustedIdp.getParameters();
-        
-        if (parameters != null && parameters.containsKey(property)) {
-            return Boolean.parseBoolean(parameters.get(property));
-        }
-        
-        return defaultValue;
-    }
-    
     public void setReplayCache(TokenReplayCache<String> replayCache) {
         this.replayCache = replayCache;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a45b3f99/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
index c0889ee..34d5be6 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
@@ -29,8 +29,6 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 
-import javax.servlet.http.HttpServletRequest;
-
 import org.w3c.dom.Element;
 import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.config.FedizContext;
@@ -51,7 +49,6 @@ import org.apache.cxf.fediz.core.processor.FedizRequest;
 import org.apache.cxf.fediz.core.processor.FedizResponse;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
-import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.crypto.CertificateStore;
@@ -64,19 +61,18 @@ import org.springframework.stereotype.Component;
 import org.springframework.webflow.execution.RequestContext;
 
 @Component
-public class TrustedIdpWSFedProtocolHandler implements TrustedIdpProtocolHandler {
+public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHandler {
+    
+    /**
+     * Whether to add the home realm parameter to the URL for redirection or not. The default
is "true".
+     */
+    public static final String ENABLE_HOME_REALM = "enable.home.realm";
     
     public static final String PROTOCOL = "http://docs.oasis-open.org/wsfed/federation/200706";
 
     private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpWSFedProtocolHandler.class);
 
     @Override
-    public boolean canHandleRequest(HttpServletRequest request) {
-        // TODO Auto-generated method stub
-        return false;
-    }
-
-    @Override
     public String getProtocol() {
         return PROTOCOL;
     }
@@ -93,8 +89,11 @@ public class TrustedIdpWSFedProtocolHandler implements TrustedIdpProtocolHandler
             sb.append(URLEncoder.encode(idp.getRealm(), "UTF-8"));
             sb.append("&").append(FederationConstants.PARAM_REPLY).append('=');
             sb.append(URLEncoder.encode(idp.getIdpUrl().toString(), "UTF-8"));
-            sb.append("&").append(FederationConstants.PARAM_HOME_REALM).append('=');
-            sb.append(trustedIdp.getRealm());
+            
+            if (isBooleanPropertyConfigured(trustedIdp, ENABLE_HOME_REALM, true)) {
+                sb.append("&").append(FederationConstants.PARAM_HOME_REALM).append('=');
+                sb.append(trustedIdp.getRealm());
+            }
             
             String wfresh = context.getFlowScope().getString(FederationConstants.PARAM_FRESHNESS);
             if (wfresh != null) {


Mime
View raw message