cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] cxf-fediz git commit: Refactor federation validation response to better handle multiple protocols
Date Fri, 25 Nov 2016 18:06:31 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 3197f65b5 -> f637eedfc


Refactor federation validation response to better handle multiple protocols


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1c0b2e87
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1c0b2e87
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1c0b2e87

Branch: refs/heads/master
Commit: 1c0b2e87e01787a9ab60585c26cbe7fadca6541a
Parents: 3197f65
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Nov 25 16:23:51 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Nov 25 16:23:51 2016 +0000

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/IdpConstants.java     |  5 +++
 .../flows/federation-signin-response.xml        |  7 +++-
 .../flows/federation-validate-request.xml       | 35 ++++++++++++--------
 3 files changed, 32 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1c0b2e87/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
index d33bbc1..5d9c0f2 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
@@ -38,6 +38,11 @@ public final class IdpConstants {
      */
     public static final String SAML_AUTHN_REQUEST = "saml_authn_request";
     
+    /**
+     * A Context variable associated with the request (independent of protocol)
+     */
+    public static final String CONTEXT = "context";
+    
     
     
     private IdpConstants() {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1c0b2e87/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
index d6e761d..3e459cd 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
@@ -17,6 +17,11 @@
   specific language governing permissions and limitations
   under the License.
 -->
+<!--
+Process a response from a trusted third party IdP. It starts by restoring the original request
parameters for the current context. 
+It then converts the response from the third party IdP into a SecurityToken via the TrustedIdPProtocolAction.
It then exits this 
+subflow to get a RP token from the STS.
+ -->
 <flow xmlns="http://www.springframework.org/schema/webflow"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="
@@ -34,7 +39,7 @@
     <input name="whr" />
 
     <on-start>
-        <!-- restore 'wreply','wtrealm','whr' for current 'wctx' -->
+        <!-- restore the original request parameters for the current context -->
         <evaluate expression="signinParametersCacheAction.restore(flowRequestContext)"
/>
     </on-start>
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1c0b2e87/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 35ce933..1ac194d 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -22,8 +22,19 @@
     xsi:schemaLocation="http://www.springframework.org/schema/webflow
                           http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
 
-    <!-- protocol check -->
-    <decision-state id="WSFederationRequestCheck">
+    <decision-state id="evaluateProtocol">
+        <on-entry>
+            <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())"
/>
+        </on-entry>
+        <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
+        <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
+            then="selectWsFedProcess" />
+        <if test="requestParameters.SAMLResponse != null" then="selectSAMLProcess"
+            else="selectOIDCAuthorizationCodeFlowProcess"
+        /> 
+    </decision-state>
+
+    <decision-state id="selectWsFedProcess">
         <on-entry>
             <set name="flowScope.wtrealm" value="requestParameters.wtrealm" />
             <set name="flowScope.wreply" value="requestParameters.wreply" />
@@ -32,23 +43,11 @@
             <set name="flowScope.whr" value="requestParameters.whr" />
             <set name="flowScope.wresult" value="requestParameters.wresult" />
             <set name="flowScope.wreq" value="requestParameters.wreq" />
-            <set name="flowScope.RelayState" value="requestParameters.RelayState" />
-            <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse"
/>
-            <set name="flowScope.state" value="requestParameters.state" />
-            <set name="flowScope.code" value="requestParameters.code" />
             <evaluate expression="requestScope.getString('wauth','default')"
                 result="flowScope.wauth" />
-            <set name="flowScope.idpConfig" value="config.getIDP(fedizEntryPoint.getRealm())"
/>
         </on-entry>
         <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
             then="validateWReplyForSignout" />
-        <if test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" />
-        <if test="requestParameters.SAMLResponse != null" then="selectSAMLProcess"
-            else="selectOIDCAuthorizationCodeFlowProcess"
-        /> 
-    </decision-state>
-
-    <decision-state id="selectWsFedProcess">
         <if test="requestParameters.wresult != null and !requestParameters.wresult.isEmpty()"
             then="signinResponse" />
         <if test="requestParameters.wtrealm != null and !requestParameters.wtrealm.isEmpty()"
@@ -56,6 +55,10 @@
     </decision-state>
     
     <decision-state id="selectSAMLProcess">
+        <on-entry>
+            <set name="flowScope.RelayState" value="requestParameters.RelayState" />
+            <set name="flowScope.SAMLResponse" value="requestParameters.SAMLResponse"
/>
+        </on-entry>
         <if test="requestParameters.RelayState == null or requestParameters.RelayState.length()
== 0"
             then="viewBadRequest" />
         <if test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.length()
== 0"
@@ -63,6 +66,10 @@
     </decision-state>
     
     <decision-state id="selectOIDCAuthorizationCodeFlowProcess">
+         <on-entry>
+            <set name="flowScope.state" value="requestParameters.state" />
+            <set name="flowScope.code" value="requestParameters.code" />
+        </on-entry>
         <if test="requestParameters.code == null or requestParameters.code.length() ==
0"
             then="viewBadRequest" />
         <if test="requestParameters.state == null or requestParameters.state.length()
== 0"


Mime
View raw message