cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Add support to specify sign out query parameters
Date Wed, 08 Feb 2017 15:59:36 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 325089aa2 -> e8aec20af


Add support to specify sign out query parameters


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e8aec20a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e8aec20a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e8aec20a

Branch: refs/heads/master
Commit: e8aec20af5e9f6ca5428dfb74ff1fd2c0e448298
Parents: 325089a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Feb 8 15:59:11 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Feb 8 15:59:11 2017 +0000

----------------------------------------------------------------------
 .../fediz/core/config/FederationProtocol.java   | 22 +++++++++
 .../core/processor/FederationProcessorImpl.java | 37 +++++++++++++++
 .../fediz/core/spi/SignOutQueryCallback.java    | 42 +++++++++++++++++
 .../src/main/resources/schemas/FedizConfig.xsd  |  2 +
 .../core/federation/FederationLogoutTest.java   | 25 ++++++++++
 .../core/federation/SignoutQueryHandler.java    | 49 ++++++++++++++++++++
 .../test/resources/fediz_test_config_logout.xml | 35 ++++++++++++++
 7 files changed, 212 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
index 614d811..b25795a 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
@@ -37,6 +37,7 @@ public class FederationProtocol extends Protocol {
     private Object homeRealm;
     private Object freshness;
     private Object signInQuery;
+    private Object signOutQuery;
     private Object reply;
     
     public FederationProtocol(ProtocolType protocolType) {
@@ -141,6 +142,27 @@ public class FederationProtocol extends Protocol {
         }
     }
     
+    public Object getSignOutQuery() {
+        if (this.signOutQuery != null) {
+            return this.signOutQuery;
+        }
+        CallbackType cbt = getFederationProtocol().getSignOutQuery();
+        this.signOutQuery = loadCallbackType(cbt, "SignOutQuery");
+        return this.signOutQuery;
+    }
+
+    public void setSignOutQuery(Object value) {
+        final boolean isString = value instanceof String;
+        final boolean isCallbackHandler = value instanceof CallbackHandler;
+        if (isString || isCallbackHandler) {
+            this.signOutQuery = value;
+        } else {
+            LOG.error("Unsupported 'SignOutQuery' object");
+            throw new IllegalArgumentException("Unsupported 'SignOutQuery' object. Type must
be "
+                                               + "java.lang.String or javax.security.auth.callback.CallbackHandler.");
+        }
+    }
+    
     public Object getRequest() {
         if (this.request != null) {
             return this.request;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index aecee13..fa8778e 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -59,6 +59,7 @@ import org.apache.cxf.fediz.core.spi.FreshnessCallback;
 import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
 import org.apache.cxf.fediz.core.spi.ReplyCallback;
 import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
+import org.apache.cxf.fediz.core.spi.SignOutQueryCallback;
 import org.apache.cxf.fediz.core.spi.WAuthCallback;
 import org.apache.cxf.fediz.core.spi.WReqCallback;
 import org.apache.cxf.fediz.core.util.DOMUtils;
@@ -539,7 +540,15 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
                     sb.append(URLEncoder.encode(logoutRedirectTo, "UTF-8"));
                 }
             }
+            
+            String signOutQuery = resolveSignOutQuery(request, config);
+            LOG.debug("SignIn Query: {}", signOutQuery);
 
+            // add signout query extensions
+            if (signOutQuery != null && signOutQuery.length() > 0) {
+                sb.append('&').append(signOutQuery);
+            }
+            
             redirectURL = redirectURL + "?" + sb.toString();
         } catch (Exception ex) {
             LOG.error("Failed to create SignInRequest", ex);
@@ -578,6 +587,34 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
         }
         return signInQuery;
     }
+    
+    private String resolveSignOutQuery(HttpServletRequest request, FedizContext config) throws
IOException,
+        UnsupportedCallbackException, UnsupportedEncodingException {
+        Object signOutQueryObj = ((FederationProtocol)config.getProtocol()).getSignOutQuery();
+        String signOutQuery = null;
+        if (signOutQueryObj != null) {
+            if (signOutQueryObj instanceof String) {
+                signOutQuery = (String)signOutQueryObj;
+            } else if (signOutQueryObj instanceof CallbackHandler) {
+                CallbackHandler frCB = (CallbackHandler)signOutQueryObj;
+                SignOutQueryCallback callback = new SignOutQueryCallback(request);
+                frCB.handle(new Callback[] {
+                    callback
+                });
+                Map<String, String> signInQueryMap = callback.getSignOutQueryParamMap();
+                StringBuilder sbQuery = new StringBuilder();
+                for (Entry<String, String> entry : signInQueryMap.entrySet()) {
+                    if (sbQuery.length() > 0) {
+                        sbQuery.append("&");
+                    }
+                    sbQuery.append(entry.getKey()).append('=').append(URLEncoder.encode(entry.getValue(),
"UTF-8"));
+                }
+                signOutQuery = sbQuery.toString();
+    
+            }
+        }
+        return signOutQuery;
+    }
 
     private String resolveFreshness(HttpServletRequest request, FedizContext config) throws
IOException,
         UnsupportedCallbackException {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignOutQueryCallback.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignOutQueryCallback.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignOutQueryCallback.java
new file mode 100644
index 0000000..ab19855
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignOutQueryCallback.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.spi;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class SignOutQueryCallback extends AbstractServletCallback {
+
+    private Map<String, String> signOutQueryParamMap;
+
+    public SignOutQueryCallback(HttpServletRequest request) {
+        super(request);
+    }
+
+    public Map<String, String> getSignOutQueryParamMap() {
+        return signOutQueryParamMap;
+    }
+
+    public void setSignOutQueryParamMap(Map<String, String> signOutQueryParamMap) {
+        this.signOutQueryParamMap = signOutQueryParamMap;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index 879e08d..7d95384 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -165,6 +165,7 @@
                     <xs:element ref="reply" />
                     <xs:element ref="request" />
                     <xs:element ref="signInQuery" />
+                    <xs:element ref="signOutQuery" />
                 </xs:sequence>
                 <xs:attribute name="version" use="required" type="xs:string" />
             </xs:extension>
@@ -225,6 +226,7 @@
     <xs:element name="request" type="CallbackType" />
     <xs:element name="freshness" type="CallbackType" />
     <xs:element name="signInQuery" type="CallbackType" />
+    <xs:element name="signOutQuery" type="CallbackType" />
     <xs:element name="reply" type="CallbackType" />
 
     <xs:simpleType name="argumentType">

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
index dedc9f4..67c01a5 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
@@ -354,4 +354,29 @@ public class FederationLogoutTest {
         EasyMock.replay(resp);
         logoutHandler.handleRequest(req, resp);
     }
+    
+    @org.junit.Test
+    public void testSignoutCustomQueryParameter() throws Exception {
+        FedizContext config = getFederationConfigurator().getFedizContext("ROOT3");
+        
+        HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
+        EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
+        EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(null);
+        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(LOGOUT_URL));
+        EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
+        EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
+        EasyMock.replay(req);
+        
+        LogoutHandler logoutHandler = new LogoutHandler(config);
+        Assert.assertTrue(logoutHandler.canHandleRequest(req));
+        
+        HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
+        String expectedRedirectToIdP = 
+            "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html"
+            + "&custom=param";
+        resp.sendRedirect(expectedRedirectToIdP);
+        EasyMock.expectLastCall();
+        EasyMock.replay(resp);
+        logoutHandler.handleRequest(req, resp);
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SignoutQueryHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SignoutQueryHandler.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SignoutQueryHandler.java
new file mode 100644
index 0000000..26c0c31
--- /dev/null
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SignoutQueryHandler.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.federation;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.fediz.core.spi.SignOutQueryCallback;
+
+public class SignoutQueryHandler implements CallbackHandler {
+
+    @Override
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+        if (callbacks != null) {
+            for (Callback callback : callbacks) {
+                if (callback instanceof SignOutQueryCallback) {
+                    SignOutQueryCallback signOutQueryCallback = (SignOutQueryCallback)callback;
+                    Map<String, String> signOutQueryMap = new HashMap<>();
+                    signOutQueryMap.put("custom", "param");
+                    signOutQueryCallback.setSignOutQueryParamMap(signOutQueryMap);
+                }
+            }
+        }
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/test/resources/fediz_test_config_logout.xml
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/fediz_test_config_logout.xml b/plugins/core/src/test/resources/fediz_test_config_logout.xml
index 030281e..8e8f5c0 100644
--- a/plugins/core/src/test/resources/fediz_test_config_logout.xml
+++ b/plugins/core/src/test/resources/fediz_test_config_logout.xml
@@ -85,4 +85,39 @@
         <logoutRedirectTo>/index.html</logoutRedirectTo>
 	</contextConfig>
 	
+	<contextConfig name="ROOT3">
+		<audienceUris>
+			<audienceItem>http://host_one:port/url</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="ststrust.jks" password="storepass"
+					type="JKS" />
+			</trustManager>		
+		</certificateStores>
+		<trustedIssuers>
+			<issuer certificateValidation="PeerTrust" />
+		</trustedIssuers>
+
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.2">
+			<realm>target realm</realm>
+			<issuer>http://url_to_the_issuer</issuer>
+			<roleDelimiter>;</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<authenticationType value="some auth type" type="String" />
+			<freshness>10000</freshness>
+			<reply>reply value</reply>
+			<request>REQUEST</request>
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+			</claimTypesRequested>
+			<signOutQuery type="Class">org.apache.cxf.fediz.core.federation.SignoutQueryHandler</signOutQuery>
+		</protocol>
+		<logoutURL>secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+        <logoutRedirectToConstraint>.*wreply.html</logoutRedirectToConstraint>
+	</contextConfig>
+	
 </FedizConfig>


Mime
View raw message