Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 9BE62200BC5 for ; Tue, 22 Nov 2016 16:15:58 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 9A6E4160B0C; Tue, 22 Nov 2016 15:15:58 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id ACF8F160B0A for ; Tue, 22 Nov 2016 16:15:56 +0100 (CET) Received: (qmail 53441 invoked by uid 500); 22 Nov 2016 15:15:55 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 53432 invoked by uid 99); 22 Nov 2016 15:15:55 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Nov 2016 15:15:55 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id C47B1DFF75; Tue, 22 Nov 2016 15:15:55 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: <604b75faa7af4f8f8f6e469ba01d1aed@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf-fediz git commit: Fixing findbugs problems identified in the plugins Date: Tue, 22 Nov 2016 15:15:55 +0000 (UTC) archived-at: Tue, 22 Nov 2016 15:15:58 -0000 Repository: cxf-fediz Updated Branches: refs/heads/master fcdc6efce -> 4944104ee Fixing findbugs problems identified in the plugins Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/4944104e Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/4944104e Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/4944104e Branch: refs/heads/master Commit: 4944104eeda72faa70fc1148550b9b7892148164 Parents: fcdc6ef Author: Colm O hEigeartaigh Authored: Tue Nov 22 15:15:42 2016 +0000 Committer: Colm O hEigeartaigh Committed: Tue Nov 22 15:15:42 2016 +0000 ---------------------------------------------------------------------- .../cxf/fediz/core/TokenValidatorRequest.java | 12 +++++-- .../cxf/fediz/core/TokenValidatorResponse.java | 22 +++++++++--- .../org/apache/cxf/fediz/core/config/Claim.java | 13 +++++++- .../fediz/core/config/FedizConfigurator.java | 9 +++-- .../cxf/fediz/core/config/FedizContext.java | 14 ++++---- .../apache/cxf/fediz/core/config/Protocol.java | 15 +++++++-- .../cxf/fediz/core/config/TrustManager.java | 18 +++++++--- .../cxf/fediz/core/config/TrustedIssuer.java | 16 ++++++++- .../cxf/fediz/core/handler/LogoutHandler.java | 8 +++-- .../cxf/fediz/core/handler/SigninHandler.java | 4 +-- .../core/processor/FederationProcessorImpl.java | 35 ++++++++++++++------ .../cxf/fediz/core/processor/FedizRequest.java | 14 ++++++-- .../cxf/fediz/core/processor/FedizResponse.java | 20 ++++++++--- .../fediz/core/processor/SAMLProcessorImpl.java | 5 +++ .../cxf/fediz/core/saml/SAMLTokenValidator.java | 4 ++- .../core/samlsso/SSOValidatorResponse.java | 11 ++++-- .../samlsso/SamlpRequestComponentBuilder.java | 7 ---- .../plugin/AbstractServiceProviderFilter.java | 2 +- .../cxf/plugin/FedizRedirectBindingFilter.java | 9 ++--- .../fediz/jetty8/FederationAuthenticator.java | 12 +++---- .../fediz/jetty8/FederationUserIdentity.java | 5 ++- .../fediz/jetty9/FederationAuthenticator.java | 15 +++++---- .../fediz/jetty9/FederationUserIdentity.java | 5 ++- ...erationPreAuthenticatedProcessingFilter.java | 10 +++--- .../web/FederationAuthenticationEntryPoint.java | 5 +-- .../FederationAuthenticationFailureHandler.java | 5 +-- .../web/FederationLogoutSuccessHandler.java | 5 +-- ...erationPreAuthenticatedProcessingFilter.java | 10 +++--- .../web/FederationAuthenticationEntryPoint.java | 5 +-- .../web/FederationAuthenticationFilter.java | 5 +-- .../fediz/tomcat7/FederationAuthenticator.java | 14 ++++---- .../fediz/tomcat8/FederationAuthenticator.java | 14 ++++---- 32 files changed, 241 insertions(+), 107 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java index 828b8e9..05178bb 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorRequest.java @@ -20,6 +20,7 @@ package org.apache.cxf.fediz.core; import java.security.cert.Certificate; +import java.util.Arrays; import org.w3c.dom.Element; @@ -30,7 +31,11 @@ public class TokenValidatorRequest { public TokenValidatorRequest(Element token, Certificate[] certs) { this.token = token; - this.certs = certs; + if (certs != null) { + this.certs = Arrays.copyOf(certs, certs.length); + } else { + this.certs = null; + } } public Element getToken() { @@ -38,7 +43,10 @@ public class TokenValidatorRequest { } public Certificate[] getCerts() { - return certs; + if (certs != null) { + return Arrays.copyOf(certs, certs.length); + } + return null; } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java index a52638f..11a2740 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java @@ -66,21 +66,35 @@ public class TokenValidatorResponse { } public Date getExpires() { - return expires; + if (expires != null) { + return new Date(expires.getTime()); + } + return null; } public void setExpires(Date expires) { - this.expires = expires; + if (expires != null) { + this.expires = new Date(expires.getTime()); + } else { + this.expires = null; + } } public Date getCreated() { - return created; + if (created != null) { + return new Date(created.getTime()); + } + return null; } public void setCreated(Date created) { - this.created = created; + if (created != null) { + this.created = new Date(created.getTime()); + } else { + this.created = null; + } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java index 657890d..080d2ae 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java @@ -59,7 +59,18 @@ public class Claim { } public boolean equals(Object obj) { - return claimType.equals(obj); + if (!(obj instanceof Claim)) { + return false; + } + + Claim that = (Claim)obj; + if (claimType != null && !claimType.equals(that.getClaimType())) { + return false; + } else if (claimType == null && that.getClaimType() != null) { + return false; + } + + return true; } public String toString() { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java index 3e19f57..3e86805 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java @@ -21,7 +21,8 @@ package org.apache.cxf.fediz.core.config; import java.io.File; import java.io.FileInputStream; -import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; import java.io.Reader; import java.io.Writer; import java.util.ArrayList; @@ -41,8 +42,10 @@ public class FedizConfigurator { private List fedizContextList; - public FedizConfig loadConfig(File f) throws JAXBException, FileNotFoundException { - rootConfig = (FedizConfig) getJaxbContext().createUnmarshaller().unmarshal(new FileInputStream(f)); + public FedizConfig loadConfig(File f) throws JAXBException, IOException { + try (InputStream input = new FileInputStream(f)) { + rootConfig = (FedizConfig) getJaxbContext().createUnmarshaller().unmarshal(input); + } parseFedizContextList(); return rootConfig; } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java index fc8ef33..537b137 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java @@ -134,11 +134,7 @@ public class FedizContext implements Closeable { } public BigInteger getMaximumClockSkew() { - if (config.getMaximumClockSkew() == null) { - return BigInteger.valueOf(5L); - } else { - return config.getMaximumClockSkew(); - } + return config.getMaximumClockSkew(); } public void setMaximumClockSkew(BigInteger maximumClockSkew) { @@ -296,7 +292,9 @@ public class FedizContext implements Closeable { // WSS4J will re-load the resource anyway trustStoreFile = ks.getResource(); } - } else { + } + + if (trustStoreFile == null) { throw new IllegalStateException("No certificate store configured"); } File f = new File(trustStoreFile); @@ -334,7 +332,9 @@ public class FedizContext implements Closeable { // WSS4J will re-load the resource anyway keyStoreFile = ks.getResource(); } - } else { + } + + if (keyStoreFile == null) { throw new IllegalStateException("No certificate store configured"); } File f = new File(keyStoreFile); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java index f72a574..3eeaf54 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java @@ -78,7 +78,18 @@ public abstract class Protocol { } public boolean equals(Object obj) { - return protocolType.equals(obj); + if (!(obj instanceof Protocol)) { + return false; + } + + Protocol that = (Protocol)obj; + if (protocolType != null && !protocolType.equals(that.getProtocolType())) { + return false; + } else if (protocolType == null && that.getProtocolType() != null) { + return false; + } + + return true; } public String toString() { @@ -168,7 +179,7 @@ public abstract class Protocol { return null; } if (cbt.getType() == null || cbt.getType().equals(ArgumentType.STRING)) { - return new String(cbt.getValue()); + return cbt.getValue(); } else if (cbt.getType().equals(ArgumentType.CLASS)) { List handler = new ArrayList(); String[] cbtHandler = cbt.getValue().split(","); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java index cb94615..c82b719 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java @@ -74,11 +74,18 @@ public class TrustManager { } public boolean equals(Object obj) { - if (trustManagerType == null) { - return super.equals(obj); - } else { - return trustManagerType.equals(obj); + if (!(obj instanceof TrustManager)) { + return false; + } + + TrustManager that = (TrustManager)obj; + if (trustManagerType != null && !trustManagerType.equals(that.getTrustManagersType())) { + return false; + } else if (trustManagerType == null && that.getTrustManagersType() != null) { + return false; } + + return true; } public String toString() { @@ -89,5 +96,8 @@ public class TrustManager { } } + public TrustManagersType getTrustManagersType() { + return trustManagerType; + } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java index 697fa87..322a451 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java @@ -98,12 +98,26 @@ public class TrustedIssuer { } public boolean equals(Object obj) { - return trustedIssuerType.equals(obj); + if (!(obj instanceof TrustedIssuer)) { + return false; + } + + TrustedIssuer that = (TrustedIssuer)obj; + if (trustedIssuerType != null && !trustedIssuerType.equals(that.getTrustedIssuerType())) { + return false; + } else if (trustedIssuerType == null && that.getTrustedIssuerType() != null) { + return false; + } + + return true; } public String toString() { return trustedIssuerType.toString(); } + public TrustedIssuerType getTrustedIssuerType() { + return trustedIssuerType; + } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java index af532ae..79d6fce 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java @@ -20,7 +20,9 @@ package org.apache.cxf.fediz.core.handler; import java.io.IOException; import java.io.InputStream; +import java.net.URLEncoder; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; @@ -90,7 +92,7 @@ public class LogoutHandler implements RequestHandler { if (wreply != null && !wreply.isEmpty()) { try { LOG.debug("Redirecting user after logout to: {}", wreply); - response.sendRedirect(wreply); + response.sendRedirect(URLEncoder.encode(wreply, "UTF-8")); } catch (IOException e) { LOG.error("Error redirecting user after logout: {}", e.getMessage()); } @@ -119,8 +121,8 @@ public class LogoutHandler implements RequestHandler { if (redirectURL != null) { Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } response.sendRedirect(redirectURL); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java index 19a61b8..f84e83b 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java @@ -144,12 +144,12 @@ public class SigninHandler implements RequestHandler { if (fedizContext.getProtocol() instanceof FederationProtocol) { token = request.getParameter(FederationConstants.PARAM_RESULT); if (token == null) { - new RuntimeException("Missing required parameter 'wresult'"); + throw new RuntimeException("Missing required parameter 'wresult'"); } } else if (fedizContext.getProtocol() instanceof SAMLProtocol) { token = request.getParameter(SAMLSSOConstants.SAML_RESPONSE); if (token == null) { - new RuntimeException("Missing required parameter 'SAMLResponse'"); + throw new RuntimeException("Missing required parameter 'SAMLResponse'"); } } return token; http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java index 1695f57..f874044 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java @@ -32,6 +32,7 @@ import java.util.Collections; import java.util.Date; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.UUID; import javax.security.auth.callback.Callback; @@ -314,22 +315,36 @@ public class FederationProcessorImpl extends AbstractFedizProcessor { } } - public class LifeTime { + public static class LifeTime { - private Date created; - private Date expires; + private final Date created; + private final Date expires; public LifeTime(Date created, Date expires) { - this.created = created; - this.expires = expires; + if (created != null) { + this.created = new Date(created.getTime()); + } else { + this.created = null; + } + if (expires != null) { + this.expires = new Date(expires.getTime()); + } else { + this.expires = null; + } } public Date getCreated() { - return created; + if (created != null) { + return new Date(created.getTime()); + } + return null; } public Date getExpires() { - return expires; + if (expires != null) { + return new Date(expires.getTime()); + } + return null; } } @@ -455,7 +470,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor { redirectURL = redirectURL + "?" + sb.toString(); } catch (Exception ex) { LOG.error("Failed to create SignInRequest", ex); - throw new ProcessingException("Failed to create SignInRequest"); + throw new ProcessingException("Failed to create SignInRequest", ex); } RedirectionResponse response = new RedirectionResponse(); @@ -527,11 +542,11 @@ public class FederationProcessorImpl extends AbstractFedizProcessor { }); Map signInQueryMap = callback.getSignInQueryParamMap(); StringBuilder sbQuery = new StringBuilder(); - for (String key : signInQueryMap.keySet()) { + for (Entry entry : signInQueryMap.entrySet()) { if (sbQuery.length() > 0) { sbQuery.append("&"); } - sbQuery.append(key).append('=').append(URLEncoder.encode(signInQueryMap.get(key), "UTF-8")); + sbQuery.append(entry.getKey()).append('=').append(URLEncoder.encode(entry.getValue(), "UTF-8")); } signInQuery = sbQuery.toString(); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java index bce07ee..e71c0cb 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java @@ -21,6 +21,7 @@ package org.apache.cxf.fediz.core.processor; import java.io.Serializable; import java.security.cert.Certificate; +import java.util.Arrays; import javax.servlet.http.HttpServletRequest; @@ -35,14 +36,21 @@ public class FedizRequest implements Serializable { private String freshness; private String state; private Certificate[] certs; - private HttpServletRequest request; + private transient HttpServletRequest request; private RequestState requestState; public Certificate[] getCerts() { - return certs; + if (certs != null) { + return Arrays.copyOf(certs, certs.length); + } + return null; } public void setCerts(Certificate[] certs) { - this.certs = certs; + if (certs != null) { + this.certs = Arrays.copyOf(certs, certs.length); + } else { + this.certs = null; + } } public String getResponseToken() { return responseToken; http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java index e1a1e01..255765d 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java @@ -37,7 +37,7 @@ public class FedizResponse implements Serializable { private List roles; private String issuer; private List claims; - private Element token; + private transient Element token; private String uniqueTokenId; /** @@ -58,8 +58,12 @@ public class FedizResponse implements Serializable { this.roles = roles; this.claims = claims; this.audience = audience; - this.tokenCreated = created; - this.tokenExpires = expires; + if (created != null) { + this.tokenCreated = new Date(created.getTime()); + } + if (expires != null) { + this.tokenExpires = new Date(expires.getTime()); + } this.token = token; this.uniqueTokenId = uniqueTokenId; } @@ -95,11 +99,17 @@ public class FedizResponse implements Serializable { } public Date getTokenCreated() { - return tokenCreated; + if (tokenCreated != null) { + return new Date(tokenCreated.getTime()); + } + return null; } public Date getTokenExpires() { - return tokenExpires; + if (tokenExpires != null) { + return new Date(tokenExpires.getTime()); + } + return null; } public Element getToken() { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java index f93a9ad..6fb50fa 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java @@ -202,6 +202,11 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor { } } + if (validatorResponse == null) { + LOG.warn("No token validation response was available"); + throw new ProcessingException(TYPE.BAD_REQUEST); + } + // Check whether token already used for signin Date expires = validatorResponse.getExpires(); if (expires == null) { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java index 2344ecb..7f4eb66 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java @@ -195,8 +195,10 @@ public class SAMLTokenValidator implements TokenValidator { .equals(SAMLVersion.VERSION_11)) { claims = parseClaimsInAssertion(assertion.getSaml1()); audience = getAudienceRestriction(assertion.getSaml1()); + } else { + claims = Collections.emptyList(); } - + List roles = parseRoles(config, claims); SAMLTokenPrincipal p = new SAMLTokenPrincipalImpl(assertion); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java index 61e748d..b8b3969 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java @@ -40,11 +40,18 @@ public class SSOValidatorResponse { } public Date getSessionNotOnOrAfter() { - return sessionNotOnOrAfter; + if (sessionNotOnOrAfter != null) { + return new Date(sessionNotOnOrAfter.getTime()); + } + return null; } public void setSessionNotOnOrAfter(Date sessionNotOnOrAfter) { - this.sessionNotOnOrAfter = sessionNotOnOrAfter; + if (sessionNotOnOrAfter != null) { + this.sessionNotOnOrAfter = new Date(sessionNotOnOrAfter.getTime()); + } else { + this.sessionNotOnOrAfter = null; + } } public String getResponseId() { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java index 53d4d83..342f404 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java @@ -19,7 +19,6 @@ package org.apache.cxf.fediz.core.samlsso; -import java.util.ArrayList; import java.util.List; import java.util.UUID; @@ -185,17 +184,11 @@ public final class SamlpRequestComponentBuilder { if (authnCtxClassRefList != null) { List classRefList = authnCtx.getAuthnContextClassRefs(); - if (classRefList == null) { - classRefList = new ArrayList<>(); - } classRefList.addAll(authnCtxClassRefList); } if (authnCtxDeclRefList != null) { List declRefList = authnCtx.getAuthnContextDeclRefs(); - if (declRefList == null) { - declRefList = new ArrayList<>(); - } declRefList.addAll(authnCtxDeclRefList); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java ---------------------------------------------------------------------- diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java index 56f3c9d..eb807f7 100644 --- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java +++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java @@ -244,7 +244,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF return getContextConfiguration(contextName); } - protected FedizContext getContextConfiguration(String contextName) { + protected synchronized FedizContext getContextConfiguration(String contextName) { if (configurator == null) { throw new IllegalStateException("No Fediz configuration available"); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java ---------------------------------------------------------------------- diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java index 7bb8ab7..832d7bb 100644 --- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java +++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java @@ -27,6 +27,7 @@ import java.util.Collections; import java.util.Date; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.UUID; import javax.servlet.ServletOutputStream; @@ -228,8 +229,8 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter ResponseBuilder response = Response.seeOther(new URI(redirectURL)); Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.header(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.header(entry.getKey(), entry.getValue()); } } @@ -308,8 +309,8 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter ResponseBuilder response = Response.seeOther(new URI(redirectURL)); Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.header(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.header(entry.getKey(), entry.getValue()); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java index 6b206eb..3206871 100644 --- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java +++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java @@ -20,13 +20,13 @@ package org.apache.cxf.fediz.jetty8; import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletOutputStream; import javax.servlet.ServletRequest; @@ -116,7 +116,7 @@ public class FederationAuthenticator extends LoginAuthenticator { configurator = new FedizConfigurator(); configurator.loadConfig(f); LOG.debug("Fediz configuration read from " + f.getAbsolutePath()); - } catch (JAXBException | FileNotFoundException e) { + } catch (JAXBException | IOException e) { //[TODO] use other exception throw new RuntimeException("Failed to load Fediz configuration", e); @@ -465,8 +465,8 @@ public class FederationAuthenticator extends LoginAuthenticator { if (redirectURL != null) { Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } @@ -501,8 +501,8 @@ public class FederationAuthenticator extends LoginAuthenticator { if (redirectURL != null) { Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java ---------------------------------------------------------------------- diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java index 0c1f634..4c70ab4 100644 --- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java +++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java @@ -21,6 +21,7 @@ package org.apache.cxf.fediz.jetty8; import java.security.Principal; +import java.util.Arrays; import java.util.Date; import javax.security.auth.Subject; @@ -40,7 +41,9 @@ public class FederationUserIdentity implements UserIdentity { String[] roles, FedizResponse fedResponse) { this.subject = subject; this.principal = principal; - this.roles = roles; + if (roles != null) { + this.roles = Arrays.copyOf(roles, roles.length); + } this.fedResponse = fedResponse; } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java index d25eced..a08754b 100644 --- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java +++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java @@ -20,13 +20,13 @@ package org.apache.cxf.fediz.jetty9; import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletOutputStream; import javax.servlet.ServletRequest; @@ -115,7 +115,7 @@ public class FederationAuthenticator extends LoginAuthenticator { configurator = new FedizConfigurator(); configurator.loadConfig(f); LOG.debug("Fediz configuration read from " + f.getAbsolutePath()); - } catch (JAXBException | FileNotFoundException e) { + } catch (JAXBException | IOException e) { //[TODO] use other exception throw new RuntimeException("Failed to load Fediz configuration", e); @@ -357,7 +357,8 @@ public class FederationAuthenticator extends LoginAuthenticator { } session.setAttribute(J_URI, buf.toString()); - if (MimeTypes.Type.FORM_ENCODED.equals(req.getContentType()) && HttpMethod.POST.equals(request.getMethod())) + if (MimeTypes.Type.FORM_ENCODED.asString().equals(req.getContentType()) + && HttpMethod.POST.asString().equals(request.getMethod())) { Request base_request = (Request)req; //(req instanceof Request)?(Request)req:HttpConnection.getCurrentConnection().getRequest(); @@ -466,8 +467,8 @@ public class FederationAuthenticator extends LoginAuthenticator { if (redirectURL != null) { Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } @@ -502,8 +503,8 @@ public class FederationAuthenticator extends LoginAuthenticator { if (redirectURL != null) { Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java ---------------------------------------------------------------------- diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java index 5c57a89..5102fb8 100644 --- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java +++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java @@ -21,6 +21,7 @@ package org.apache.cxf.fediz.jetty9; import java.security.Principal; +import java.util.Arrays; import java.util.Date; import javax.security.auth.Subject; @@ -40,7 +41,9 @@ public class FederationUserIdentity implements UserIdentity { String[] roles, FedizResponse fedResponse) { this.subject = subject; this.principal = principal; - this.roles = roles; + if (roles != null) { + this.roles = Arrays.copyOf(roles, roles.length); + } this.fedResponse = fedResponse; } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java ---------------------------------------------------------------------- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java index ddd0d83..55c628e 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java @@ -19,6 +19,8 @@ package org.apache.cxf.fediz.spring.preauth; +import java.security.Principal; + import javax.servlet.http.HttpServletRequest; import org.apache.cxf.fediz.core.FedizPrincipal; @@ -38,10 +40,10 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe * Return the J2EE user name. */ protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) { - Object principal = httpRequest.getUserPrincipal(); + Principal principal = httpRequest.getUserPrincipal(); if (logger.isDebugEnabled()) { logger.debug("PreAuthenticated J2EE principal: " - + httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName()); + + principal == null ? null : principal.getName()); } return principal; } @@ -52,7 +54,7 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe * value. */ protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) { - Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal(); + Principal principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal(); if (principal instanceof FedizPrincipal) { Object obj = httpRequest.getSession(false).getAttribute(SECURITY_TOKEN_ATTR); if (obj != null) { @@ -62,7 +64,7 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe throw new IllegalStateException("Session must contain Federation response"); } } else { - logger.error("Principal must be instance of FedizPrincipal: " + principal.toString()); + logger.error("Principal must be instance of FedizPrincipal: " + principal); throw new IllegalStateException("Principal must be instance of FedizPrincipal"); } //return "N/A"; http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java index c62e56e..c4c9010 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java @@ -21,6 +21,7 @@ package org.apache.cxf.fediz.spring.web; import java.io.IOException; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -100,8 +101,8 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java ---------------------------------------------------------------------- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java index 0b9069a..c1dd134 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java @@ -21,6 +21,7 @@ package org.apache.cxf.fediz.spring.web; import java.io.IOException; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -72,8 +73,8 @@ public class FederationAuthenticationFailureHandler extends SimpleUrlAuthenticat Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java ---------------------------------------------------------------------- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java index 8d6c5fe..e803e4b 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java @@ -20,6 +20,7 @@ package org.apache.cxf.fediz.spring.web; import java.io.IOException; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -65,8 +66,8 @@ public class FederationLogoutSuccessHandler implements LogoutSuccessHandler { if (redirectURL != null) { Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java ---------------------------------------------------------------------- diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java index 7aae276..39ea329 100644 --- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java +++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java @@ -19,6 +19,8 @@ package org.apache.cxf.fediz.spring.preauth; +import java.security.Principal; + import javax.servlet.http.HttpServletRequest; import org.apache.cxf.fediz.core.FedizPrincipal; @@ -39,10 +41,10 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe * Return the J2EE user name. */ protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) { - Object principal = httpRequest.getUserPrincipal(); + Principal principal = httpRequest.getUserPrincipal(); if (logger.isDebugEnabled()) { logger.debug("PreAuthenticated J2EE principal: " - + httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal().getName()); + + principal == null ? null : principal.getName()); } return principal; } @@ -53,7 +55,7 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe * value. */ protected Object getPreAuthenticatedCredentials(HttpServletRequest httpRequest) { - Object principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal(); + Principal principal = httpRequest.getUserPrincipal() == null ? null : httpRequest.getUserPrincipal(); if (principal instanceof FedizPrincipal) { Object obj = httpRequest.getSession(false).getAttribute(SECURITY_TOKEN_ATTR); if (obj != null) { @@ -63,7 +65,7 @@ public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthe throw new IllegalStateException("Session must contain Federation response"); } } else { - logger.error("Principal must be instance of FedizPrincipal: " + principal.toString()); + logger.error("Principal must be instance of FedizPrincipal: " + principal); throw new IllegalStateException("Principal must be instance of FedizPrincipal"); } //return "N/A"; http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java index 0a732d2..a4b58e3 100644 --- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java +++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java @@ -21,6 +21,7 @@ package org.apache.cxf.fediz.spring.web; import java.io.IOException; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletException; import javax.servlet.ServletRequest; @@ -123,8 +124,8 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - hresponse.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + hresponse.addHeader(entry.getKey(), entry.getValue()); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java index 106dc49..9a1373b 100644 --- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java +++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java @@ -23,6 +23,7 @@ import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; @@ -153,8 +154,8 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter { Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java index c58bccb..ba33b53 100644 --- a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java +++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java @@ -20,12 +20,12 @@ package org.apache.cxf.fediz.tomcat7; import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.security.Principal; import java.util.Date; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -124,7 +124,7 @@ public class FederationAuthenticator extends FormAuthenticator { configurator = new FedizConfigurator(); configurator.loadConfig(f); LOG.debug("Fediz configuration read from " + f.getAbsolutePath()); - } catch (JAXBException | FileNotFoundException e) { + } catch (JAXBException | IOException e) { throw new LifecycleException("Failed to load Fediz configuration", e); } super.startInternal(); @@ -148,7 +148,7 @@ public class FederationAuthenticator extends FormAuthenticator { super.stopInternal(); } - protected FedizContext getContextConfiguration(String contextName) { + protected synchronized FedizContext getContextConfiguration(String contextName) { if (configurator == null) { throw new IllegalStateException("No Fediz configuration available"); } @@ -299,8 +299,8 @@ public class FederationAuthenticator extends FormAuthenticator { if (redirectURL != null) { Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } @@ -343,7 +343,9 @@ public class FederationAuthenticator extends FormAuthenticator { protected void saveRequest(Request request, String contextId) throws IOException { String uri = request.getDecodedRequestURI(); Session session = request.getSessionInternal(true); - LOG.debug("Save request in session '{}'", session.getIdInternal()); + if (session != null) { + LOG.debug("Save request in session '{}'", session.getIdInternal()); + } if (session != null && uri != null) { SavedRequest saved; synchronized (session) { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4944104e/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java index 6bcdeb8..dbd1f4c 100644 --- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java +++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java @@ -20,12 +20,12 @@ package org.apache.cxf.fediz.tomcat8; import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.security.Principal; import java.util.Date; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -115,7 +115,7 @@ public class FederationAuthenticator extends FormAuthenticator { configurator = new FedizConfigurator(); configurator.loadConfig(f); LOG.debug("Fediz configuration read from " + f.getAbsolutePath()); - } catch (JAXBException | FileNotFoundException e) { + } catch (JAXBException | IOException e) { throw new LifecycleException("Failed to load Fediz configuration", e); } super.startInternal(); @@ -139,7 +139,7 @@ public class FederationAuthenticator extends FormAuthenticator { super.stopInternal(); } - protected FedizContext getContextConfiguration(String contextName) { + protected synchronized FedizContext getContextConfiguration(String contextName) { if (configurator == null) { throw new IllegalStateException("No Fediz configuration available"); } @@ -289,8 +289,8 @@ public class FederationAuthenticator extends FormAuthenticator { if (redirectURL != null) { Map headers = redirectionResponse.getHeaders(); if (!headers.isEmpty()) { - for (String headerName : headers.keySet()) { - response.addHeader(headerName, headers.get(headerName)); + for (Entry entry : headers.entrySet()) { + response.addHeader(entry.getKey(), entry.getValue()); } } @@ -333,7 +333,9 @@ public class FederationAuthenticator extends FormAuthenticator { protected void saveRequest(Request request, String contextId) throws IOException { String uri = request.getDecodedRequestURI(); Session session = request.getSessionInternal(true); - LOG.debug("Save request in session '{}'", session.getIdInternal()); + if (session != null) { + LOG.debug("Save request in session '{}'", session.getIdInternal()); + } if (session != null && uri != null) { SavedRequest saved; synchronized (session) {