cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf-fediz git commit: More sign-in webflow consolidation
Date Tue, 13 Dec 2016 15:06:48 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master e43023cc9 -> 94cafcf36


More sign-in webflow consolidation


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a3477b2c
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a3477b2c
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a3477b2c

Branch: refs/heads/master
Commit: a3477b2c16099f3f6447bb3e11947e17eb2eb58a
Parents: e43023c
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Dec 13 14:37:50 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Dec 13 14:37:50 2016 +0000

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/IdpConstants.java     |  5 +++
 .../idp/beans/SigninParametersCacheAction.java  | 12 +++----
 .../WEB-INF/flows/federation-signin-request.xml | 20 ++++++------
 .../flows/federation-validate-request.xml       |  6 ++--
 .../WEB-INF/flows/saml-signin-request.xml       | 33 ++++++++------------
 .../WEB-INF/flows/saml-validate-request.xml     |  8 +++++
 .../webapp/WEB-INF/flows/signin-response.xml    |  2 +-
 7 files changed, 47 insertions(+), 39 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a3477b2c/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
index bcc5b6f..1e2969b 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
@@ -29,6 +29,11 @@ public final class IdpConstants {
     public static final String TRUSTED_IDP_CONTEXT = "trusted_idp_context";
 
     /**
+     * A key used to store the application realm for the given request.
+     */
+    public static final String REALM = "realm";
+
+    /**
      * A key used to store the home realm for the given request.
      */
     public static final String HOME_REALM = "home_realm";

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a3477b2c/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
index 5451508..4572bb5 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
@@ -56,9 +56,9 @@ public class SigninParametersCacheAction {
             if (value != null) {
                 signinParams.put(FederationConstants.PARAM_REPLY, value);
             }
-            value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_TREALM);
+            value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.REALM);
             if (value != null) {
-                signinParams.put(FederationConstants.PARAM_TREALM, value);
+                signinParams.put(IdpConstants.REALM, value);
             }
             value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
             if (value != null) {
@@ -97,16 +97,16 @@ public class SigninParametersCacheAction {
                 if (value != null) {
                     WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
                 }
+                value = (String)signinParams.get(IdpConstants.REALM);
+                if (value != null) {
+                    WebUtils.putAttributeInFlowScope(context, IdpConstants.REALM, value);
+                }
 
                 if ("wsfed".equals(protocol)) {
                     value = (String)signinParams.get(FederationConstants.PARAM_REPLY);
                     if (value != null) {
                         WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_REPLY,
value);
                     }
-                    value = (String)signinParams.get(FederationConstants.PARAM_TREALM);
-                    if (value != null) {
-                        WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_TREALM,
value);
-                    }
 
                     WebUtils.removeAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
                     LOG.info("SignIn parameters restored and " + FederationConstants.PARAM_CONTEXT
+ "["

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a3477b2c/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
index 785d6a8..5ba8f28 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
@@ -24,10 +24,10 @@
         http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
 
     <input name="idpConfig" />
-    <input name="wtrealm" />
     <input name="wctx" />
     <input name="wfresh" />
     <input name="wauth" />
+    <input name="realm" />
     <input name="home_realm" />
     <input name="protocol" />
     <input name="return_address" />
@@ -79,7 +79,16 @@
         <if test="flowScope.idpConfig.realm.equals(flowScope.home_realm)"
             then="checkWauthTypeSupported" else="checkRemoteIdpToken" />
     </decision-state>
-
+    
+    <!-- ===== Realm independent ===== -->
+    
+    <action-state id="validateReturnAddress">
+        <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.return_address)
+                              and passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address,
flowScope.realm)"/>
+        <transition on="yes" to="requestRpToken" />
+        <transition on="no" to="viewBadRequest" />
+    </action-state>
+    
     <!-- ===== Home Realm != this realm ===== -->
 
     <decision-state id="checkRemoteIdpToken">
@@ -98,13 +107,6 @@
         <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
     </action-state>
     
-    <action-state id="validateReturnAddress">
-        <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.return_address)
-                              and passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address,
flowScope.wtrealm)"/>
-        <transition on="yes" to="requestRpToken" />
-        <transition on="no" to="viewBadRequest" />
-    </action-state>
-    
     <!-- ===== Home Realm == this realm ===== -->
     
     <decision-state id="checkWauthTypeSupported">

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a3477b2c/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 1b0e3c2..81098a9 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -93,7 +93,7 @@
 
     <subflow-state id="signinRequest" subflow="signinRequest">
         <input name="idpConfig" value="flowScope.idpConfig" />
-        <input name="wtrealm" value="flowScope.wtrealm" />
+        <input name="realm" value="flowScope.wtrealm" />
         <input name="wctx" value="flowScope.wctx" />
         <input name="wfresh" value="flowScope.wfresh" />
         <input name="wauth" value="flowScope.wauth" />
@@ -132,7 +132,7 @@
         <input name="home_realm" value="flowScope.whr" />
         <input name="protocol" value="'wsfed'" />
 
-        <output name="wtrealm" />
+        <output name="realm" />
         <output name="wreply" />
         <output name="wctx" />
         <output name="home_realm" />
@@ -141,7 +141,7 @@
         <transition on="requestRpToken" to="requestRpToken">
             <set name="flowScope.whr" value="currentEvent.attributes.home_realm" />
             <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
-            <set name="flowScope.wtrealm" value="currentEvent.attributes.wtrealm" />
+            <set name="flowScope.wtrealm" value="currentEvent.attributes.realm" />
             <set name="flowScope.wreply" value="currentEvent.attributes.wreply" />
             <set name="flowScope.idpToken" value="currentEvent.attributes.idpToken" />
         </transition>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a3477b2c/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index 2ca686c..899cd31 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -25,9 +25,10 @@
 
     <input name="idpConfig" />
     <input name="RelayState" />
-    <input name="protocol" />
     <input name="saml_authn_request" />
+    <input name="realm" />
     <input name="home_realm" />
+    <input name="protocol" />
     <input name="return_address" />
     
     <!-- ===== Home Realm Discovery ===== -->
@@ -78,6 +79,15 @@
             then="homeRealmSignInEntryPoint" else="checkRemoteIdpToken" />
     </decision-state>
     
+    <!-- ===== Realm independent ===== -->
+    
+    <action-state id="validateReturnAddress">
+        <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.return_address)
+                              and passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address,
flowScope.realm)"/>
+        <transition on="yes" to="requestRpToken" />
+        <transition on="no" to="viewBadRequest" />
+    </action-state>
+    
     <!-- ===== Home Realm != this realm ===== -->
     
     <decision-state id="checkRemoteIdpToken">
@@ -96,13 +106,6 @@
         <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
     </action-state>
     
-    <action-state id="validateReturnAddress">
-        <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.return_address)
-                              and passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address,
flowScope.realm)"/>
-        <transition on="yes" to="requestRpToken" />
-        <transition on="no" to="viewBadRequest" />
-    </action-state>
-    
     <!-- ===== Home Realm == this realm ===== -->
     
     <decision-state id="homeRealmSignInEntryPoint">
@@ -122,7 +125,7 @@
             expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext)
                         or authnRequestParser.isForceAuthentication(flowRequestContext)"
/>
         <transition on="yes" to="redirectToLocalIDP" />
-        <transition on="no" to="validateEndpointAddress">
+        <transition on="no" to="validateReturnAddress">
             <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]"
/>
         </transition>
         <transition on-exception="java.lang.Throwable" to="viewBadRequest" />
@@ -138,21 +141,11 @@
     <action-state id="cacheSecurityToken">
         <secured attributes="IS_AUTHENTICATED_FULLY" />
         <evaluate expression="cacheSecurityToken.submit(flowRequestContext)" />
-        <transition to="validateEndpointAddress">
+        <transition to="validateReturnAddress">
             <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]"
/>
         </transition>
     </action-state>
     
-    <action-state id="validateEndpointAddress">
-        <on-entry>
-            <evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)"

-                          result="flowScope.realm"/>
-        </on-entry>
-        <evaluate expression="passiveRequestorValidator.isValid(flowRequestContext, flowScope.return_address,
flowScope.realm)"/>
-        <transition on="yes" to="requestRpToken" />
-        <transition on="no" to="viewBadRequest" />
-    </action-state>
-
     <!-- =============================================================================================================
-->
 
     <!-- normal exit point -->

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a3477b2c/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index 9d4288b..2e6cdad 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -85,6 +85,13 @@
     <action-state id="retrieveConsumerURL">
         <evaluate expression="authnRequestParser.retrieveConsumerURL(flowRequestContext)"

                   result="flowScope.consumerURL"/>
+        <transition to="retrieveRealm"/>
+        <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException"
to="viewBadRequest" />
+    </action-state>
+    
+    <action-state id="retrieveRealm">
+        <evaluate expression="authnRequestParser.retrieveRealm(flowRequestContext)" 
+                  result="flowScope.realm"/>
         <transition to="signinSAMLRequest"/>
         <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException"
to="viewBadRequest" />
     </action-state>
@@ -96,6 +103,7 @@
         <input name="Signature" value="flowScope.Signature" />
         <input name="protocol" value="'samlsso'" />
         <input name="saml_authn_request" value="flowScope.saml_authn_request" />
+        <input name="realm" value="flowScope.realm" />
         <input name="home_realm" value="null" />
         <input name="return_address" value="flowScope.consumerURL" />
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a3477b2c/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
index 9a5b123..09a9716 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
@@ -68,7 +68,7 @@ subflow to get a RP token from the STS.
         <output name="home_realm" value="flowScope.home_realm" />
         <output name="wctx" value="flowScope.wctx" />
         <output name="wreply" value="flowScope.wreply" />
-        <output name="wtrealm" value="flowScope.wtrealm" />
+        <output name="realm" value="flowScope.realm" />
         <output name="idpToken" value="flowScope.idpToken" />
         <output name="saml_authn_request" value="flowScope.saml_authn_request" />
         <output name="RelayState" value="flowScope.RelayState" />


Mime
View raw message