cxf-commits mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	cohei...@apache.org
Subject	[08/18] cxf-fediz git commit: Whitespace cleanup
Date	Mon, 13 Feb 2017 11:36:24 GMT
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java index 83444e5..bde582b 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java @@ -60,19 +60,19 @@ import org.springframework.webflow.execution.RequestContext; / @Component public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2ProtocolHandler { - + /* * The facebook API endpoint for querying claims (such as email address). If not specified * it defaults to "https://graph.facebook.com/v2.6". / public static final String API_ENDPOINT = "api.endpoint"; - + /* - * The Claim to use for the subject username to insert into the SAML Token. It defaults to + * The Claim to use for the subject username to insert into the SAML Token. It defaults to * "email". / public static final String SUBJECT_CLAIM = "subject.claim"; - + public static final String PROTOCOL = "facebook-connect"; private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpFacebookProtocolHandler.class); @@ -88,24 +88,24 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P String code = (String) WebUtils.getAttributeFromFlowScope(context, OAuthConstants.CODE_RESPONSE_TYPE); if (code != null && !code.isEmpty()) { - + String tokenEndpoint = getProperty(trustedIdp, TOKEN_ENDPOINT); if (tokenEndpoint == null \|\| tokenEndpoint.isEmpty()) { tokenEndpoint = "https://graph.facebook.com/v2.6/oauth/access_token"; } - + String apiEndpoint = getProperty(trustedIdp, API_ENDPOINT); if (apiEndpoint == null \|\| apiEndpoint.isEmpty()) { apiEndpoint = "https://graph.facebook.com/v2.6"; } - + String clientId = getProperty(trustedIdp, CLIENT_ID); String clientSecret = getProperty(trustedIdp, CLIENT_SECRET); if (clientSecret == null \|\| clientSecret.isEmpty()) { LOG.warn("A CLIENT_SECRET must be configured to use the TrustedIdpFacebookProtocolHandler"); throw new IllegalStateException("No CLIENT_SECRET specified"); } - + // Here we need to get the AccessToken using the authorization code ClientAccessToken accessToken = getAccessTokenUsingCode(tokenEndpoint, code, clientId, clientSecret, idp.getIdpUrl().toString()); @@ -113,8 +113,8 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P LOG.warn("No Access Token received from the Facebook IdP"); return null; } - - // Now we need to invoke on the API endpoint using the access token to get the + + // Now we need to invoke on the API endpoint using the access token to get the // user's claims String subjectName = getSubjectName(apiEndpoint, accessToken.getTokenKey(), trustedIdp); try { @@ -123,25 +123,25 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P LOG.warn("Home realm is null"); throw new IllegalStateException("Home realm is null"); } - + // Convert into a SAML Token Date expires = new Date(); expires.setTime(expires.getTime() + (accessToken.getExpiresIn() 1000L)); SecurityToken idpToken = new SecurityToken(IDGenerator.generateID(null), null, expires); - SamlAssertionWrapper assertion = + SamlAssertionWrapper assertion = createSamlAssertion(idp, trustedIdp, subjectName, null, expires); Document doc = DOMUtils.createDocument(); Element token = assertion.toDOM(doc); - - // Create new Security token with new id. + + // Create new Security token with new id. // Parameters for freshness computation are copied from original IDP_TOKEN idpToken.setToken(token); - + LOG.info("[IDP_TOKEN={}] for user '{}' issued by home realm [{}]", - assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(), + assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(), whr); LOG.debug("Expired date={}", expires); - + return idpToken; } catch (IllegalStateException ex) { throw ex; @@ -152,23 +152,23 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P } return null; } - + private ClientAccessToken getAccessTokenUsingCode(String tokenEndpoint, String code, String clientId, String clientSecret, String redirectURI) { // Here we need to get the AccessToken using the authorization code List<Object> providers = new ArrayList<>(); providers.add(new OAuthJSONProvider()); - - WebClient client = + + WebClient client = WebClient.create(tokenEndpoint, providers, "cxf-tls.xml"); - + ClientConfiguration config = WebClient.getConfig(client); if (LOG.isDebugEnabled()) { config.getOutInterceptors().add(new LoggingOutInterceptor()); config.getInInterceptors().add(new LoggingInInterceptor()); } - + client.type("application/x-www-form-urlencoded"); client.accept("application/json"); @@ -182,10 +182,10 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P return response.readEntity(ClientAccessToken.class); } - + private String getSubjectName(String apiEndpoint, String accessToken, TrustedIdp trustedIdp) { - WebClient client = WebClient.create(apiEndpoint, - Collections.singletonList(new JsonMapObjectProvider()), + WebClient client = WebClient.create(apiEndpoint, + Collections.singletonList(new JsonMapObjectProvider()), "cxf-tls.xml"); client.path("/me"); ClientConfiguration config = WebClient.getConfig(client); @@ -197,27 +197,27 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P client.accept("application/json"); client.query("access_token", accessToken); - + String subjectName = getProperty(trustedIdp, SUBJECT_CLAIM); if (subjectName == null \|\| subjectName.isEmpty()) { subjectName = "email"; } client.query("fields", subjectName); JsonMapObject mapObject = client.get(JsonMapObject.class); - + String parsedSubjectName = (String)mapObject.getProperty(subjectName); if (subjectName.contains("email")) { parsedSubjectName = parsedSubjectName.replace("\\u0040", "@"); } return parsedSubjectName; } - + protected String getScope(TrustedIdp trustedIdp) { String scope = getProperty(trustedIdp, SCOPE); if (scope != null) { scope = scope.trim(); } - + if (scope == null \|\| scope.isEmpty()) { scope = "email"; } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java index 47a318d..96d56e6 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java @@ -72,29 +72,29 @@ import org.springframework.webflow.execution.RequestContext; / @Component public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2ProtocolHandler { - + /* * The signature algorithm to use in verifying the IdToken. The default is "RS256". / public static final String SIGNATURE_ALGORITHM = "signature.algorithm"; - + /* - * The Claim in which to extract the Subject username to insert into the generated SAML token. + * The Claim in which to extract the Subject username to insert into the generated SAML token. * It defaults to "preferred_username", otherwise it falls back to the "sub" claim. / public static final String SUBJECT_CLAIM = "subject.claim"; - + /* * Additional (space-separated) parameters to be sent in the "scope" to the authorization endpoint. - * Fediz will automatically use "openid" for this value. + * Fediz will automatically use "openid" for this value. / public static final String SCOPE = "scope"; - + /* * The URI from which to retrieve the JSON Web Keys to validate the signed IdToken. / public static final String JWKS_URI = "jwks.uri"; - + public static final String PROTOCOL = "openid-connect-1.0"; private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpOIDCProtocolHandler.class); @@ -110,34 +110,34 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto String code = (String) WebUtils.getAttributeFromFlowScope(context, OAuthConstants.CODE_RESPONSE_TYPE); if (code != null && !code.isEmpty()) { - + String tokenEndpoint = getProperty(trustedIdp, TOKEN_ENDPOINT); if (tokenEndpoint == null \|\| tokenEndpoint.isEmpty()) { LOG.warn("A TOKEN_ENDPOINT must be configured to use the OIDCProtocolHandler"); throw new IllegalStateException("No TOKEN_ENDPOINT specified"); } - + String clientId = getProperty(trustedIdp, CLIENT_ID); String clientSecret = getProperty(trustedIdp, CLIENT_SECRET); if (clientSecret == null \|\| clientSecret.isEmpty()) { LOG.warn("A CLIENT_SECRET must be configured to use the OIDCProtocolHandler"); throw new IllegalStateException("No CLIENT_SECRET specified"); } - + // Here we need to get the IdToken using the authorization code List<Object> providers = new ArrayList<>(); providers.add(new OAuthJSONProvider()); - - WebClient client = + + WebClient client = WebClient.create(tokenEndpoint, providers, clientId, clientSecret, "cxf-tls.xml"); - + ClientConfiguration config = WebClient.getConfig(client); if (LOG.isDebugEnabled()) { config.getOutInterceptors().add(new LoggingOutInterceptor()); config.getInInterceptors().add(new LoggingInInterceptor()); } - + client.type("application/x-www-form-urlencoded").accept("application/json"); Form form = new Form(); @@ -153,50 +153,50 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto LOG.warn("No IdToken received from the OIDC IdP"); return null; } - + client.close(); - + try { String whr = (String) WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM); if (whr == null) { LOG.warn("Home realm is null"); throw new IllegalStateException("Home realm is null"); } - + // Parse the received Token JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken); JwtToken jwt = jwtConsumer.getJwtToken(); - + if (jwt != null && jwt.getClaims() != null && LOG.isDebugEnabled()) { LOG.debug("Received Claims:"); for (Map.Entry<String, Object> claim : jwt.getClaims().asMap().entrySet()) { LOG.debug(claim.getKey() + ": " + claim.getValue()); } } - + if (jwt != null && jwt.getJwsHeaders() != null && LOG.isDebugEnabled()) { LOG.debug("Received JWS Headers:"); for (Map.Entry<String, Object> header : jwt.getJwsHeaders().asMap().entrySet()) { LOG.debug(header.getKey() + ": " + header.getValue()); } } - + if (!validateSignature(trustedIdp, jwtConsumer)) { LOG.warn("Signature does not validate"); return null; } - + // Make sure the received token is valid according to the spec validateToken(jwt, clientId); - + Date created = new Date((long)jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT) 1000L); Date notBefore = null; if (jwt.getClaim(JwtConstants.CLAIM_NOT_BEFORE) != null) { notBefore = new Date((long)jwt.getClaim(JwtConstants.CLAIM_NOT_BEFORE) * 1000L); - } - + } + Date expires = new Date((long)jwt.getClaim(JwtConstants.CLAIM_EXPIRY) * 1000L); - + // Subject String subjectName = getProperty(trustedIdp, SUBJECT_CLAIM); LOG.debug("Trying to extract subject name using the claim name {}", subjectName); @@ -210,24 +210,24 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto + "Falling back to use {}", subjectName); } } - + // Convert into a SAML Token - SamlAssertionWrapper assertion = + SamlAssertionWrapper assertion = createSamlAssertion(idp, trustedIdp, (String)jwt.getClaim(subjectName), notBefore, expires); Document doc = DOMUtils.createDocument(); Element token = assertion.toDOM(doc); - - // Create new Security token with new id. + + // Create new Security token with new id. // Parameters for freshness computation are copied from original IDP_TOKEN SecurityToken idpToken = new SecurityToken(assertion.getId(), created, expires); idpToken.setToken(token); - + LOG.info("[IDP_TOKEN={}] for user '{}' created from [RP_TOKEN={}] issued by home realm [{}/{}]", - assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(), + assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID), whr, jwt.getClaim(JwtConstants.CLAIM_ISSUER)); LOG.debug("Created date={}", created); LOG.debug("Expired date={}", expires); - + return idpToken; } catch (IllegalStateException ex) { throw ex; @@ -238,7 +238,7 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto } return null; } - + protected void validateToken(JwtToken jwt, String clientId) { // We must have the following claims if (jwt.getClaim(JwtConstants.CLAIM_ISSUER) == null @@ -249,7 +249,7 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto LOG.warn("The IdToken is missing a required claim"); throw new IllegalStateException("The IdToken is missing a required claim"); } - + // The audience must match the client_id of this client boolean match = false; for (String audience : jwt.getClaims().getAudiences()) { @@ -262,61 +262,61 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto LOG.warn("The audience of the token does not match this client"); throw new IllegalStateException("The audience of the token does not match this client"); } - + JwtUtils.validateTokenClaims(jwt.getClaims(), 300, 0, false); } - - private boolean validateSignature(TrustedIdp trustedIdp, JwsJwtCompactConsumer jwtConsumer) - throws CertificateException, WSSecurityException, Base64DecodingException, + + private boolean validateSignature(TrustedIdp trustedIdp, JwsJwtCompactConsumer jwtConsumer) + throws CertificateException, WSSecurityException, Base64DecodingException, ProcessingException, IOException { - + // Validate the Signature String sigAlgo = getProperty(trustedIdp, SIGNATURE_ALGORITHM); if (sigAlgo == null \|\| sigAlgo.isEmpty()) { sigAlgo = "RS256"; } - + JwtToken jwt = jwtConsumer.getJwtToken(); String jwksUri = getProperty(trustedIdp, JWKS_URI); JsonWebKey verifyingKey = null; - - if (jwksUri != null && jwt.getJwsHeaders() != null + + if (jwksUri != null && jwt.getJwsHeaders() != null && jwt.getJwsHeaders().containsHeader(JoseConstants.HEADER_KEY_ID)) { String kid = (String)jwt.getJwsHeaders().getHeader(JoseConstants.HEADER_KEY_ID); LOG.debug("Attemping to retrieve key id {} from uri {}", kid, jwksUri); List<Object> jsonKeyProviders = new ArrayList<>(); jsonKeyProviders.add(new JsonWebKeysProvider()); - - WebClient client = + + WebClient client = WebClient.create(jwksUri, jsonKeyProviders, "cxf-tls.xml"); client.accept("application/json"); - + ClientConfiguration config = WebClient.getConfig(client); if (LOG.isDebugEnabled()) { config.getOutInterceptors().add(new LoggingOutInterceptor()); config.getInInterceptors().add(new LoggingInInterceptor()); } - + Response response = client.get(); JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class); if (jsonWebKeys != null) { verifyingKey = jsonWebKeys.getKey(kid); } } - + if (verifyingKey != null) { return jwtConsumer.verifySignatureWith(verifyingKey, SignatureAlgorithm.getAlgorithm(sigAlgo)); } - + X509Certificate validatingCert = CertsUtils.parseX509Certificate(trustedIdp.getCertificate()); if (validatingCert != null) { return jwtConsumer.verifySignatureWith(validatingCert, SignatureAlgorithm.getAlgorithm(sigAlgo)); } - + LOG.warn("No key supplied to verify the signature of the IdToken"); return false; } - + protected String getScope(TrustedIdp trustedIdp) { String scope = getProperty(trustedIdp, SCOPE); if (scope != null) { @@ -325,7 +325,7 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto scope = "openid " + scope; } } - + if (scope == null \|\| scope.isEmpty()) { scope = "openid"; } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java index 31bc572..1d7c050 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java @@ -33,10 +33,10 @@ import org.springframework.stereotype.Component; public class TrustedIdpProtocolControllerImpl implements ProtocolController<TrustedIdpProtocolHandler> { private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpProtocolControllerImpl.class); - + @Autowired private List<TrustedIdpProtocolHandler> protocolHandlers; - + @Override public TrustedIdpProtocolHandler getProtocolHandler(String protocol) { for (TrustedIdpProtocolHandler protocolHandler : protocolHandlers) { @@ -47,7 +47,7 @@ public class TrustedIdpProtocolControllerImpl implements ProtocolController<Trus LOG.warn("No protocol handler found for {}", protocol); return null; } - + @Override public List<String> getProtocols() { List<String> protocols = new ArrayList<>(); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java index 7b8c3eb..b256c3e 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java @@ -80,28 +80,28 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan * Whether to sign the request or not. The default is "true". / public static final String SIGN_REQUEST = "sign.request"; - + /* * Whether to require a KeyInfo or not when processing a (signed) Response. The default is "true". / public static final String REQUIRE_KEYINFO = "require.keyinfo"; - + /* * Whether the assertions contained in the Response must be signed or not (if the response itself * is not signed). The default is "true". / public static final String REQUIRE_SIGNED_ASSERTIONS = "require.signed.assertions"; - + /* * Whether we have to "know" the issuer of the SAML Response or not. The default is "true". / public static final String REQUIRE_KNOWN_ISSUER = "require.known.issuer"; - + /* * Whether we BASE-64 decode the response or not. The default is "true". / public static final String SUPPORT_BASE64_ENCODING = "support.base64.encoding"; - + /* * Whether we support Deflate encoding or not. The default is "false". / @@ -131,11 +131,11 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - AuthnRequest authnRequest = + AuthnRequest authnRequest = authnRequestBuilder.createAuthnRequest( null, idp.getRealm(), idp.getIdpUrl().toString() ); - + boolean signRequest = isBooleanPropertyConfigured(trustedIdp, SIGN_REQUEST, true); if (signRequest) { authnRequest.setDestination(trustedIdp.getUrl()); @@ -148,13 +148,13 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan UriBuilder ub = UriBuilder.fromUri(trustedIdp.getUrl()); ub.queryParam(SSOConstants.SAML_REQUEST, urlEncodedRequest); - + String wctx = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT); ub.queryParam(SSOConstants.RELAY_STATE, wctx); if (signRequest) { signRequest(urlEncodedRequest, wctx, idp, ub); } - + // Store the Request ID String authnRequestId = authnRequest.getID(); WebUtils.putAttributeInExternalContext(context, SAML_SSO_REQUEST_ID, authnRequestId); @@ -180,23 +180,23 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp) { try { - String encodedSAMLResponse = (String) WebUtils.getAttributeFromFlowScope(context, + String encodedSAMLResponse = (String) WebUtils.getAttributeFromFlowScope(context, SSOConstants.SAML_RESPONSE); - + // Read the response + convert to an OpenSAML Response Object - org.opensaml.saml.saml2.core.Response samlResponse = + org.opensaml.saml.saml2.core.Response samlResponse = readSAMLResponse(encodedSAMLResponse, trustedIdp); - + Crypto crypto = CertsUtils.getCryptoFromCertificate(trustedIdp.getCertificate()); validateSamlResponseProtocol(samlResponse, crypto, trustedIdp); // Validate the Response - SSOValidatorResponse validatorResponse = + SSOValidatorResponse validatorResponse = validateSamlSSOResponse(samlResponse, idp, trustedIdp, context); - // Create new Security token with new id. + // Create new Security token with new id. // Parameters for freshness computation are copied from original IDP_TOKEN String id = IDGenerator.generateID("_"); - SecurityToken idpToken = + SecurityToken idpToken = new SecurityToken(id, validatorResponse.getCreated(), validatorResponse.getSessionNotOnOrAfter()); idpToken.setToken(validatorResponse.getAssertionElement()); @@ -217,10 +217,10 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan throw new IllegalStateException("Unexpected exception occured: " + ex.getMessage()); } } - + private String encodeAuthnRequest(Element authnRequest) throws IOException { String requestMessage = DOM2Writer.nodeToString(authnRequest); - + if (LOG.isDebugEnabled()) { LOG.debug(requestMessage); } @@ -230,7 +230,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan return Base64Utility.encode(deflatedBytes); } - + /* * Sign a request according to the redirect binding spec for Web SSO / @@ -245,7 +245,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan LOG.error("No crypto instance of properties file configured for signature"); throw new IllegalStateException("Invalid IdP configuration"); } - + String alias = crypto.getDefaultX509Identifier(); X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, alias); if (cert == null) { @@ -262,29 +262,29 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan jceSigAlgo = "SHA1withDSA"; } LOG.debug("Using Signature algorithm " + sigAlgo); - + ub.queryParam(SSOConstants.SIG_ALG, URLEncoder.encode(sigAlgo, "UTF-8")); - + // Get the password String password = config.getCertificatePassword(); - + // Get the private key PrivateKey privateKey = crypto.getPrivateKey(alias, password); - + // Sign the request Signature signature = Signature.getInstance(jceSigAlgo); signature.initSign(privateKey); - - String requestToSign = + + String requestToSign = SSOConstants.SAML_REQUEST + "=" + authnRequest + "&" + SSOConstants.RELAY_STATE + "=" + relayState + "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(sigAlgo, "UTF-8"); signature.update(requestToSign.getBytes("UTF-8")); byte[] signBytes = signature.sign(); - + String encodedSignature = Base64.encode(signBytes); - + ub.queryParam(SSOConstants.SIGNATURE, URLEncoder.encode(encodedSignature, "UTF-8")); } @@ -294,14 +294,14 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan } String samlResponseDecoded = samlResponse; - + InputStream tokenStream = null; if (isBooleanPropertyConfigured(trustedIdp, SUPPORT_BASE64_ENCODING, true)) { try { byte[] deflatedToken = Base64Utility.decode(samlResponseDecoded); tokenStream = isBooleanPropertyConfigured(trustedIdp, SUPPORT_DEFLATE_ENCODING, false) ? new DeflateEncoderDecoder().inflateToken(deflatedToken) - : new ByteArrayInputStream(deflatedToken); + : new ByteArrayInputStream(deflatedToken); } catch (Base64Exception ex) { throw ExceptionUtils.toBadRequestException(ex, null); } catch (DataFormatException ex) { @@ -321,9 +321,9 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan } catch (Exception ex) { throw new WebApplicationException(400); } - + LOG.debug("Received response: " + DOM2Writer.nodeToString(responseDoc.getDocumentElement())); - + XMLObject responseObject = null; try { responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement()); @@ -336,7 +336,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan return (org.opensaml.saml.saml2.core.Response)responseObject; } - + /* * Validate the received SAML Response as per the protocol / @@ -353,13 +353,13 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan throw ExceptionUtils.toBadRequestException(null, null); } } - + /* * Validate the received SAML Response as per the Web SSO profile / private SSOValidatorResponse validateSamlSSOResponse( org.opensaml.saml.saml2.core.Response samlResponse, - Idp idp, + Idp idp, TrustedIdp trustedIdp, RequestContext requestContext ) { @@ -378,9 +378,9 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan } LOG.debug("Using {} for issuer validation", issuer); ssoResponseValidator.setIssuerIDP(issuer); - + // Get the stored request ID - String requestId = + String requestId = (String)WebUtils.getAttributeFromExternalContext(requestContext, SAML_SSO_REQUEST_ID); ssoResponseValidator.setRequestId(requestId); ssoResponseValidator.setSpIdentifier(idp.getRealm()); @@ -388,7 +388,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan isBooleanPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS, true)); ssoResponseValidator.setEnforceKnownIssuer( isBooleanPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true)); - + HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext); boolean post = "POST".equals(httpServletRequest.getMethod()); if (post) { @@ -401,11 +401,11 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan throw ExceptionUtils.toBadRequestException(ex, null); } } - + public void setReplayCache(TokenReplayCache<String> replayCache) { this.replayCache = replayCache; } - + public TokenReplayCache<String> getReplayCache() { if (replayCache == null) { replayCache = new EHCacheTokenReplayCache(); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java index ea8feb4..a3f5615 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java @@ -59,12 +59,12 @@ import org.springframework.webflow.execution.RequestContext; @Component public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHandler { - + /* * Whether to add the home realm parameter to the URL for redirection or not. The default is "true". / public static final String HOME_REALM_PROPAGATION = "home.realm.propagation"; - + public static final String PROTOCOL = "http://docs.oasis-open.org/wsfed/federation/200706"; private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpWSFedProtocolHandler.class); @@ -73,10 +73,10 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa public String getProtocol() { return PROTOCOL; } - + @Override public URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp) { - + try { StringBuilder sb = new StringBuilder(); sb.append(trustedIdp.getUrl()); @@ -86,12 +86,12 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa sb.append(URLEncoder.encode(idp.getRealm(), "UTF-8")); sb.append("&").append(FederationConstants.PARAM_REPLY).append('='); sb.append(URLEncoder.encode(idp.getIdpUrl().toString(), "UTF-8")); - + if (isBooleanPropertyConfigured(trustedIdp, HOME_REALM_PROPAGATION, true)) { sb.append("&").append(FederationConstants.PARAM_HOME_REALM).append('='); sb.append(trustedIdp.getRealm()); } - + String wfresh = context.getFlowScope().getString(FederationConstants.PARAM_FRESHNESS); if (wfresh != null) { sb.append("&").append(FederationConstants.PARAM_FRESHNESS).append('='); @@ -100,7 +100,7 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa String wctx = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT); sb.append("&").append(FederationConstants.PARAM_CONTEXT).append('='); sb.append(wctx); - + return new URL(sb.toString()); } catch (MalformedURLException ex) { LOG.error("Invalid Redirect URL for Trusted Idp", ex); @@ -110,45 +110,45 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa throw new IllegalStateException("Invalid Redirect URL for Trusted Idp"); } } - + @Override public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp) { try { String whr = (String) WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM); - + if (whr == null) { LOG.warn("Home realm is null"); throw new IllegalStateException("Home realm is null"); } - + String wresult = (String) WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_RESULT); - + if (wresult == null) { LOG.warn("Parameter wresult not found"); throw new IllegalStateException("No security token issued"); } - + FedizContext fedContext = getFedizContext(idp, trustedIdp); - + FedizRequest wfReq = new FedizRequest(); wfReq.setAction(FederationConstants.ACTION_SIGNIN); wfReq.setResponseToken(wresult); - + FedizProcessor wfProc = new FederationProcessorImpl(); FedizResponse wfResp = wfProc.processRequest(wfReq, fedContext); - + fedContext.close(); - + Element e = wfResp.getToken(); - - // Create new Security token with new id. + + // Create new Security token with new id. // Parameters for freshness computation are copied from original IDP_TOKEN String id = IDGenerator.generateID("_"); SecurityToken idpToken = new SecurityToken(id, wfResp.getTokenCreated(), wfResp.getTokenExpires()); - + idpToken.setToken(e); LOG.info("[IDP_TOKEN={}] for user '{}' created from [RP_TOKEN={}] issued by home realm [{}/{}]", id, wfResp.getUsername(), wfResp.getUniqueTokenId(), whr, wfResp.getIssuer()); @@ -166,8 +166,8 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa throw new IllegalStateException("Unexpected exception occured: " + ex.getMessage()); } } - - + + private FedizContext getFedizContext(Idp idpConfig, TrustedIdp trustedIdpConfig) throws ProcessingException { @@ -190,7 +190,7 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa certStores.getTrustManager().add(tm0); config.setCertificateStores(certStores); } - + // Configure trusted IDP TrustedIssuers trustedIssuers = new TrustedIssuers(); TrustedIssuerType ti0 = new TrustedIssuerType(); @@ -210,7 +210,7 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa FedizContext fedContext = new FedizContext(config); if (!isCertificateLocation) { CertificateStore cs = null; - + X509Certificate cert; try { cert = CertsUtils.parseX509Certificate(trustedIdpConfig.getCertificate()); @@ -219,13 +219,13 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa throw new ProcessingException("Failed to parse trusted certificate"); } cs = new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0])); - + TrustManager tm = new TrustManager(cs); fedContext.getCertificateStores().add(tm); } - + fedContext.init(); return fedContext; } - + } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java index 2034dca..cb1365f 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java @@ -63,22 +63,22 @@ public interface ApplicationService { @POST @PreAuthorize("hasRole('APPLICATION_CREATE')") Response addApplication(@Context UriInfo ui, Application service); - + @PUT @Path("{realm}") @PreAuthorize("hasRole('APPLICATION_UPDATE')") Response updateApplication(@Context UriInfo ui, @PathParam("realm") String realm, Application application); - + @DELETE @Path("{realm}") @PreAuthorize("hasRole('APPLICATION_DELETE')") Response deleteApplication(@PathParam("realm") String realm); - + @POST @Path("{realm}/claims") @PreAuthorize("hasRole('APPLICATION_UPDATE')") Response addClaimToApplication(@Context UriInfo ui, @PathParam("realm") String realm, RequestClaim claim); - + @DELETE @Path("{realm}/claims/{claimType}") @PreAuthorize("hasRole('APPLICATION_UPDATE')") http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java index 1b2f6ff..8861744 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java @@ -48,24 +48,24 @@ public class ApplicationServiceImpl implements ApplicationService { @Autowired private ApplicationDAO applicationDAO; - + @Autowired private ClaimDAO claimDAO; - + @Override public Applications getApplications(int start, int size, List<String> expand, UriInfo uriInfo) { List<Application> applications = applicationDAO.getApplications(start, size, expand); - + for (Application a : applications) { URI self = uriInfo.getAbsolutePathBuilder().path(a.getRealm()).build(); a.setHref(self); } - + Applications list = new Applications(); list.setApplications(applications); return list; } - + @Override public Application getApplication(String realm, List<String> expand) { Application application = applicationDAO.getApplication(realm, expand); @@ -75,7 +75,7 @@ public class ApplicationServiceImpl implements ApplicationService { return application; } } - + @Override public Response addApplication(UriInfo ui, Application application) { LOG.info("add Service config"); @@ -84,13 +84,13 @@ public class ApplicationServiceImpl implements ApplicationService { throw new WebApplicationException(Status.BAD_REQUEST); } Application createdApplication = applicationDAO.addApplication(application); - + UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri()); uriBuilder.path("{index}"); URI location = uriBuilder.build(createdApplication.getRealm()); return Response.created(location).entity(application).build(); } - + @Override public Response updateApplication(UriInfo ui, String realm, Application application) { if (!realm.equals(application.getRealm().toString())) { @@ -101,17 +101,17 @@ public class ApplicationServiceImpl implements ApplicationService { throw new WebApplicationException(Status.BAD_REQUEST); } applicationDAO.updateApplication(realm, application); - + return Response.noContent().build(); } - + @Override public Response deleteApplication(String realm) { applicationDAO.deleteApplication(realm); - + return Response.noContent().build(); } - + @Override public Response addClaimToApplication(UriInfo ui, String realm, RequestClaim claim) { Application application = applicationDAO.getApplication(realm, null); @@ -124,15 +124,15 @@ public class ApplicationServiceImpl implements ApplicationService { RequestClaim rc = new RequestClaim(foundClaim); application.getRequestedClaims().add(rc); applicationDAO.addClaimToApplication(application, claim); - + return Response.noContent().build(); } - + @Override public Response removeClaimFromApplication(UriInfo ui, String realm, String claimType) { Application application = applicationDAO.getApplication(realm, null); - - RequestClaim foundItem = null; + + RequestClaim foundItem = null; for (RequestClaim item : application.getRequestedClaims()) { if (item.getClaimType().toString().equals(claimType)) { foundItem = item; @@ -145,7 +145,7 @@ public class ApplicationServiceImpl implements ApplicationService { } application.getRequestedClaims().remove(foundItem); applicationDAO.removeClaimFromApplication(application, foundItem); - + return Response.noContent().build(); } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java index 47dac60..ce0d1a9 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java @@ -49,7 +49,7 @@ public interface ClaimService { Response getClaims(@QueryParam("start") int start, @QueryParam("size") @DefaultValue("2") int size, @Context UriInfo uriInfo); - + @GET @Path("{claimType}") @PreAuthorize("hasRole('CLAIM_READ')") @@ -58,12 +58,12 @@ public interface ClaimService { @POST @PreAuthorize("hasRole('CLAIM_CREATE')") Response addClaim(@Context UriInfo ui, Claim claim); - + @PUT @Path("{claimType}") @PreAuthorize("hasRole('CLAIM_UPDATE')") Response updateClaim(@Context UriInfo ui, @PathParam("claimType") String claimType, Claim claim); - + @DELETE @Path("{claimType}") @PreAuthorize("hasRole('CLAIM_DELETE')") http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java index 141bfab..965485b 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java @@ -47,32 +47,32 @@ public class ClaimServiceImpl implements ClaimService { @Override public Response getClaims(int start, int size, UriInfo uriInfo) { List<Claim> claims = claimDAO.getClaims(start, size); - + for (Claim c : claims) { URI self = uriInfo.getAbsolutePathBuilder().path(c.getClaimType().toString()).build(); c.setHref(self); } - + Claims list = new Claims(); list.setClaims(claims); - - + + //return Response.ok(list).type(MediaType.APPLICATION_JSON_TYPE).build(); return Response.ok(list).build(); } - + @Override public Response addClaim(UriInfo ui, Claim claim) { LOG.info("add Claim config"); - + Claim createdClaim = claimDAO.addClaim(claim); - + UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri()); uriBuilder.path("{index}"); URI location = uriBuilder.build(createdClaim.getClaimType().toString()); return Response.created(location).entity(claim).build(); } - + @Override public Claim getClaim(String claimType) { Claim claim = claimDAO.getClaim(claimType); @@ -89,18 +89,18 @@ public class ClaimServiceImpl implements ClaimService { throw new BadRequestException(); } claimDAO.updateClaim(claimType, claim); - + return Response.noContent().build(); } @Override public Response deleteClaim(String claimType) { claimDAO.deleteClaim(claimType); - + return Response.noContent().build(); } - - + + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java index 4bc392c..951f332 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java @@ -58,16 +58,16 @@ public interface EntitlementService { @POST @PreAuthorize("hasRole('ENTITLEMENT_CREATE')") Response addEntitlement(@Context UriInfo ui, Entitlement entitlement); - + @PUT @Path("{name}") @PreAuthorize("hasRole('ENTITLEMENT_UPDATE')") Response updateEntitlement(@Context UriInfo ui, @PathParam("name") String name, Entitlement entitlement); - + @DELETE @Path("{name}") @PreAuthorize("hasRole('ENTITLEMENT_DELETE')") Response deleteEntitlement(@PathParam("name") String name); - + } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java index 9c89c04..b71672b 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java @@ -47,25 +47,25 @@ public class EntitlementServiceImpl implements EntitlementService { @Override public Entitlements getEntitlements(int start, int size, UriInfo uriInfo) { List<Entitlement> entitlements = entitlementDAO.getEntitlements(start, size); - + Entitlements list = new Entitlements(); list.setEntitlements(entitlements); - + return list; } - + @Override public Response addEntitlement(UriInfo ui, Entitlement entitlement) { Entitlement createdEntitlement = entitlementDAO.addEntitlement(entitlement); - + UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri()); uriBuilder.path("{index}"); URI location = uriBuilder.build(createdEntitlement.getName()); - + LOG.debug("Entitlement '" + createdEntitlement.getName() + "' added"); return Response.created(location).entity(entitlement).build(); } - + @Override public Entitlement getEntitlement(String name) { Entitlement entitlement = entitlementDAO.getEntitlement(name); @@ -82,7 +82,7 @@ public class EntitlementServiceImpl implements EntitlementService { throw new BadRequestException(); } entitlementDAO.updateEntitlement(name, entitlement); - + LOG.debug("Entitlement '" + entitlement.getName() + "' updated"); return Response.noContent().build(); } @@ -90,7 +90,7 @@ public class EntitlementServiceImpl implements EntitlementService { @Override public Response deleteEntitlement(String name) { entitlementDAO.deleteEntitlement(name); - + LOG.debug("Entitlement '" + name + "' deleted"); return Response.noContent().build(); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java index b4692e8..c51fb5c 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java @@ -64,51 +64,51 @@ public interface IdpService { @POST @PreAuthorize("hasRole('IDP_CREATE')") Response addIdp(@Context UriInfo ui, Idp idp); - + @PUT @Path("{realm}") @PreAuthorize("hasRole('IDP_UPDATE')") Response updateIdp(@Context UriInfo ui, @PathParam("realm") String realm, Idp idp); - + @DELETE @Path("{realm}") @PreAuthorize("hasRole('IDP_DELETE')") Response deleteIdp(@PathParam("realm") String realm); - + @POST @Path("{realm}/applications") @PreAuthorize("hasRole('IDP_UPDATE')") Response addApplicationToIdp(@Context UriInfo ui, @PathParam("realm") String realm, Application application); - + @DELETE @Path("{realm}/applications/{realmApplication}") @PreAuthorize("hasRole('IDP_UPDATE')") Response removeApplicationFromIdp(@Context UriInfo ui, @PathParam("realm") String realm, @PathParam("realmApplication") String applicationRealm); - + @POST @Path("{realm}/trusted-idps") @PreAuthorize("hasRole('IDP_UPDATE')") Response addTrustedIdpToIdp(@Context UriInfo ui, @PathParam("realm") String realm, TrustedIdp trustedIdp); - + @DELETE @Path("{realm}/trusted-idps/{realmTrustedIdp}") @PreAuthorize("hasRole('IDP_UPDATE')") Response removeTrustedIdpFromIdp(@Context UriInfo ui, @PathParam("realm") String realm, @PathParam("realmTrustedIdp") String trustedIdpRealm); - + @POST @Path("{realm}/claims") @PreAuthorize("hasRole('IDP_UPDATE')") Response addClaimToIdp(@Context UriInfo ui, @PathParam("realm") String realm, Claim claim); - + @DELETE @Path("{realm}/claims/{claimType}") @PreAuthorize("hasRole('IDP_UPDATE')") Response removeClaimFromIdp(@Context UriInfo ui, @PathParam("realm") String realm, - @PathParam("claimType") String claimType); + @PathParam("claimType") String claimType); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java index d4b5c40..61dac14 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java @@ -52,25 +52,25 @@ public class IdpServiceImpl implements IdpService { @Autowired private IdpDAO idpDAO; - + @Autowired private ApplicationDAO applicationDAO; - + @Autowired private TrustedIdpDAO trustedIdpDAO; - + @Autowired private ClaimDAO claimDAO; - + @Override public Idps getIdps(int start, int size, List<String> expand, UriInfo uriInfo) { List<Idp> idps = idpDAO.getIdps(start, size, expand); - + Idps list = new Idps(); list.setIdps(idps); return list; } - + @Override public Idp getIdp(String realm, List<String> expand) { Idp idp = idpDAO.getIdp(realm, expand); @@ -81,7 +81,7 @@ public class IdpServiceImpl implements IdpService { return idp; } } - + @Override public Response addIdp(UriInfo ui, Idp idp) { LOG.info("add IDP config"); @@ -94,13 +94,13 @@ public class IdpServiceImpl implements IdpService { throw new WebApplicationException(Status.BAD_REQUEST); } Idp createdIdp = idpDAO.addIdp(idp); - + UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri()); uriBuilder.path("{index}"); URI location = uriBuilder.build(createdIdp.getRealm()); return Response.created(location).entity(idp).build(); } - + @Override public Response updateIdp(UriInfo ui, String realm, Idp idp) { if (!realm.equals(idp.getRealm().toString())) { @@ -115,14 +115,14 @@ public class IdpServiceImpl implements IdpService { throw new WebApplicationException(Status.BAD_REQUEST); } idpDAO.updateIdp(realm, idp); - + return Response.noContent().build(); } @Override public Response deleteIdp(String realm) { idpDAO.deleteIdp(realm); - + return Response.noContent().build(); } @@ -137,15 +137,15 @@ public class IdpServiceImpl implements IdpService { } Application application2 = applicationDAO.getApplication(application.getRealm(), null); idpDAO.addApplicationToIdp(idp, application2); - + return Response.noContent().build(); } - + @Override public Response removeApplicationFromIdp(UriInfo ui, String realm, String applicationRealm) { Idp idp = idpDAO.getIdp(realm, Arrays.asList("all")); - - Application foundItem = null; + + Application foundItem = null; for (Application item : idp.getApplications()) { if (item.getRealm().equals(applicationRealm)) { foundItem = item; @@ -157,13 +157,13 @@ public class IdpServiceImpl implements IdpService { throw new WebApplicationException(Status.NOT_FOUND); } idpDAO.removeApplicationFromIdp(idp, foundItem); - + return Response.noContent().build(); } - - - - + + + + @Override public Response addTrustedIdpToIdp(UriInfo ui, String realm, TrustedIdp trustedIdp) { Idp idp = idpDAO.getIdp(realm, Arrays.asList("all")); @@ -174,17 +174,17 @@ public class IdpServiceImpl implements IdpService { } } TrustedIdp trustedIpd2 = trustedIdpDAO.getTrustedIDP(trustedIdp.getRealm()); - + idpDAO.addTrustedIdpToIdp(idp, trustedIpd2); - + return Response.noContent().build(); } - + @Override public Response removeTrustedIdpFromIdp(UriInfo ui, String realm, String trustedIdpRealm) { Idp idp = idpDAO.getIdp(realm, Arrays.asList("all")); - - TrustedIdp foundItem = null; + + TrustedIdp foundItem = null; for (TrustedIdp item : idp.getTrustedIdps()) { if (item.getRealm().equals(trustedIdpRealm)) { foundItem = item; @@ -196,15 +196,15 @@ public class IdpServiceImpl implements IdpService { throw new WebApplicationException(Status.NOT_FOUND); } idpDAO.removeTrustedIdpFromIdp(idp, foundItem); - + return Response.noContent().build(); - } - + } + @Override public Response addClaimToIdp(UriInfo ui, String realm, Claim claim) { Idp idp = idpDAO.getIdp(realm, Arrays.asList("all")); for (Claim idpClaim : idp.getClaimTypesOffered()) { - if (idpClaim.getClaimType() != null + if (idpClaim.getClaimType() != null && idpClaim.getClaimType().toString().equals(claim.getClaimType().toString())) { LOG.warn("Claim '" + claim.getClaimType() + "' already added"); throw new WebApplicationException(Status.CONFLICT); @@ -212,15 +212,15 @@ public class IdpServiceImpl implements IdpService { } Claim claim2 = claimDAO.getClaim(claim.getClaimType().toString()); idpDAO.addClaimToIdp(idp, claim2); - + return Response.noContent().build(); } - + @Override public Response removeClaimFromIdp(UriInfo ui, String realm, String claimType) { Idp idp = idpDAO.getIdp(realm, Arrays.asList("all")); - - Claim foundItem = null; + + Claim foundItem = null; for (Claim item : idp.getClaimTypesOffered()) { if (item.getClaimType().toString().equals(claimType)) { foundItem = item; @@ -232,7 +232,7 @@ public class IdpServiceImpl implements IdpService { throw new WebApplicationException(Status.NOT_FOUND); } idpDAO.removeClaimFromIdp(idp, foundItem); - + return Response.noContent().build(); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java index 1e87bfc..b9bd2cf 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java @@ -1,114 +1,114 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - / -package org.apache.cxf.fediz.service.idp.rest; - -import java.util.List; -import java.util.Map; - -import org.apache.cxf.jaxrs.ext.ResourceComparator; -import org.apache.cxf.jaxrs.model.ClassResourceInfo; -import org.apache.cxf.jaxrs.model.OperationResourceInfo; -import org.apache.cxf.jaxrs.model.OperationResourceInfoComparator; -import org.apache.cxf.jaxrs.model.Parameter; -import org.apache.cxf.jaxrs.utils.JAXRSUtils; -import org.apache.cxf.message.Message; - -public class QueryResourceInfoComparator extends OperationResourceInfoComparator implements ResourceComparator { - - public QueryResourceInfoComparator() { - super(null, null); - } - - @Override - public int compare(final ClassResourceInfo cri1, final ClassResourceInfo cri2, final Message message) { - // Leave Class selection to CXF - return 0; - } - - @Override - public int compare(final OperationResourceInfo oper1, final OperationResourceInfo oper2, final Message message) { - // Check if CXF can make a decision - int cxfResult = super.compare(oper1, oper2); - if (cxfResult != 0) { - return cxfResult; - } - - int op1Counter = getMatchingRate(oper1, message); - int op2Counter = getMatchingRate(oper2, message); - - return op1Counter == op2Counter - ? 0 - : op1Counter < op2Counter - ? 1 - : -1; - } - - /* - * This method calculates a number indicating a good or bad match between values provided within the request and - * expected method parameters. A higher number means a better match. - * - * @param operation The operation to be rated, based on contained parameterInfo values. - * @param message A message containing query and header values from user request - * @return A positive or negative number, indicating a good match between query and method - / - protected int getMatchingRate(final OperationResourceInfo operation, final Message message) { - List<Parameter> params = operation.getParameters(); - if (params == null \|\| params.isEmpty()) { - return 0; - } - - // Get Request QueryParams - String query = (String) message.get(Message.QUERY_STRING); - String path = (String) message.get(Message.REQUEST_URI); - Map<String, List<String>> qParams = JAXRSUtils.getStructuredParams(query, "&", true, false); - Map<String, List<String>> mParams = JAXRSUtils.getMatrixParams(path, true); - // Get Request Headers - Map<?, ?> qHeader = (java.util.Map<?, ?>) message.get(Message.PROTOCOL_HEADERS); - - int rate = 0; - for (Parameter p : params) { - switch (p.getType()) { - case QUERY: - if (qParams.containsKey(p.getName())) { - rate += 2; - } else if (p.getDefaultValue() == null) { - rate -= 1; - } - break; - case MATRIX: - if (mParams.containsKey(p.getName())) { - rate += 2; - } else if (p.getDefaultValue() == null) { - rate -= 1; - } - break; - case HEADER: - if (qHeader.containsKey(p.getName())) { - rate += 2; - } else if (p.getDefaultValue() == null) { - rate -= 1; - } - break; - default: - break; - } - } - return rate; - } -} +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + / +package org.apache.cxf.fediz.service.idp.rest; + +import java.util.List; +import java.util.Map; + +import org.apache.cxf.jaxrs.ext.ResourceComparator; +import org.apache.cxf.jaxrs.model.ClassResourceInfo; +import org.apache.cxf.jaxrs.model.OperationResourceInfo; +import org.apache.cxf.jaxrs.model.OperationResourceInfoComparator; +import org.apache.cxf.jaxrs.model.Parameter; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.message.Message; + +public class QueryResourceInfoComparator extends OperationResourceInfoComparator implements ResourceComparator { + + public QueryResourceInfoComparator() { + super(null, null); + } + + @Override + public int compare(final ClassResourceInfo cri1, final ClassResourceInfo cri2, final Message message) { + // Leave Class selection to CXF + return 0; + } + + @Override + public int compare(final OperationResourceInfo oper1, final OperationResourceInfo oper2, final Message message) { + // Check if CXF can make a decision + int cxfResult = super.compare(oper1, oper2); + if (cxfResult != 0) { + return cxfResult; + } + + int op1Counter = getMatchingRate(oper1, message); + int op2Counter = getMatchingRate(oper2, message); + + return op1Counter == op2Counter + ? 0 + : op1Counter < op2Counter + ? 1 + : -1; + } + + /* + * This method calculates a number indicating a good or bad match between values provided within the request and + * expected method parameters. A higher number means a better match. + * + * @param operation The operation to be rated, based on contained parameterInfo values. + * @param message A message containing query and header values from user request + * @return A positive or negative number, indicating a good match between query and method + / + protected int getMatchingRate(final OperationResourceInfo operation, final Message message) { + List<Parameter> params = operation.getParameters(); + if (params == null \|\| params.isEmpty()) { + return 0; + } + + // Get Request QueryParams + String query = (String) message.get(Message.QUERY_STRING); + String path = (String) message.get(Message.REQUEST_URI); + Map<String, List<String>> qParams = JAXRSUtils.getStructuredParams(query, "&", true, false); + Map<String, List<String>> mParams = JAXRSUtils.getMatrixParams(path, true); + // Get Request Headers + Map<?, ?> qHeader = (java.util.Map<?, ?>) message.get(Message.PROTOCOL_HEADERS); + + int rate = 0; + for (Parameter p : params) { + switch (p.getType()) { + case QUERY: + if (qParams.containsKey(p.getName())) { + rate += 2; + } else if (p.getDefaultValue() == null) { + rate -= 1; + } + break; + case MATRIX: + if (mParams.containsKey(p.getName())) { + rate += 2; + } else if (p.getDefaultValue() == null) { + rate -= 1; + } + break; + case HEADER: + if (qHeader.containsKey(p.getName())) { + rate += 2; + } else if (p.getDefaultValue() == null) { + rate -= 1; + } + break; + default: + break; + } + } + return rate; + } +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java index c7a1e1e..b305e0f 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java @@ -1,83 +1,83 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - / -package org.apache.cxf.fediz.service.idp.rest; - -import javax.validation.ConstraintViolationException; -import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.Response.ResponseBuilder; -import javax.ws.rs.core.Response.Status; -import javax.ws.rs.ext.ExceptionMapper; -import javax.ws.rs.ext.Provider; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.dao.DataIntegrityViolationException; -import org.springframework.dao.DataRetrievalFailureException; -import org.springframework.dao.EmptyResultDataAccessException; -import org.springframework.security.access.AccessDeniedException; - -@Provider -public class RestServiceExceptionMapper implements ExceptionMapper<Exception> { - - public static final String APPLICATION_ERROR_CODE = "X-Application-Error-Code"; - - public static final String APPLICATION_ERROR_INFO = "X-Application-Error-Info"; - - private static final String BASIC_REALM_UNAUTHORIZED = "Basic realm=\"Apache Fediz authentication\""; - - private static final Logger LOG = LoggerFactory.getLogger(RestServiceExceptionMapper.class); - - @Override - public Response toResponse(final Exception ex) { - LOG.warn("Exception occured processing REST request: " + ex.getMessage(), ex); - - if (ex instanceof AccessDeniedException) { - return Response.status(Response.Status.UNAUTHORIZED). - header(HttpHeaders.WWW_AUTHENTICATE, BASIC_REALM_UNAUTHORIZED). - build(); - } - if (ex instanceof ConstraintViolationException) { - ConstraintViolationException cve = (ConstraintViolationException)ex; - LOG.debug("{}\n{}", ex.getMessage(), cve.getConstraintViolations().toString()); - return buildResponse(Response.Status.BAD_REQUEST, ex); - } - if (ex instanceof DataIntegrityViolationException) { - return buildResponse(Response.Status.CONFLICT, ex); - } - - if (ex instanceof EmptyResultDataAccessException) { - return buildResponse(Response.Status.NOT_FOUND, ex); - } - - if (ex instanceof DataRetrievalFailureException) { - return buildResponse(Response.Status.NOT_FOUND, ex); - } - - // Rest is interpreted as InternalServerError - return buildResponse(Response.Status.INTERNAL_SERVER_ERROR, ex); - } - - Response buildResponse(final Status status, final Exception ex) { - ResponseBuilder responseBuilder = Response.status(status); - return responseBuilder.header(APPLICATION_ERROR_CODE, ex.getClass().getName()) - .header(APPLICATION_ERROR_INFO, ex.getMessage()) - .status(status).build(); - } - -} +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.idp.rest; + +import javax.validation.ConstraintViolationException; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.ResponseBuilder; +import javax.ws.rs.core.Response.Status; +import javax.ws.rs.ext.ExceptionMapper; +import javax.ws.rs.ext.Provider; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.dao.DataIntegrityViolationException; +import org.springframework.dao.DataRetrievalFailureException; +import org.springframework.dao.EmptyResultDataAccessException; +import org.springframework.security.access.AccessDeniedException; + +@Provider +public class RestServiceExceptionMapper implements ExceptionMapper<Exception> { + + public static final String APPLICATION_ERROR_CODE = "X-Application-Error-Code"; + + public static final String APPLICATION_ERROR_INFO = "X-Application-Error-Info"; + + private static final String BASIC_REALM_UNAUTHORIZED = "Basic realm=\"Apache Fediz authentication\""; + + private static final Logger LOG = LoggerFactory.getLogger(RestServiceExceptionMapper.class); + + @Override + public Response toResponse(final Exception ex) { + LOG.warn("Exception occured processing REST request: " + ex.getMessage(), ex); + + if (ex instanceof AccessDeniedException) { + return Response.status(Response.Status.UNAUTHORIZED). + header(HttpHeaders.WWW_AUTHENTICATE, BASIC_REALM_UNAUTHORIZED). + build(); + } + if (ex instanceof ConstraintViolationException) { + ConstraintViolationException cve = (ConstraintViolationException)ex; + LOG.debug("{}\n{}", ex.getMessage(), cve.getConstraintViolations().toString()); + return buildResponse(Response.Status.BAD_REQUEST, ex); + } + if (ex instanceof DataIntegrityViolationException) { + return buildResponse(Response.Status.CONFLICT, ex); + } + + if (ex instanceof EmptyResultDataAccessException) { + return buildResponse(Response.Status.NOT_FOUND, ex); + } + + if (ex instanceof DataRetrievalFailureException) { + return buildResponse(Response.Status.NOT_FOUND, ex); + } + + // Rest is interpreted as InternalServerError + return buildResponse(Response.Status.INTERNAL_SERVER_ERROR, ex); + } + + Response buildResponse(final Status status, final Exception ex) { + ResponseBuilder responseBuilder = Response.status(status); + return responseBuilder.header(APPLICATION_ERROR_CODE, ex.getClass().getName()) + .header(APPLICATION_ERROR_INFO, ex.getMessage()) + .status(status).build(); + } + +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java index 27d498c..f5d1313 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java @@ -63,22 +63,22 @@ public interface RoleService { @POST @PreAuthorize("hasRole('ROLE_CREATE')") Response addRole(@Context UriInfo ui, Role role); - + @PUT @Path("{name}") @PreAuthorize("hasRole('ROLE_UPDATE')") Response updateRole(@Context UriInfo ui, @PathParam("name") String name, Role role); - + @DELETE @Path("{name}") @PreAuthorize("hasRole('ROLE_DELETE')") Response deleteRole(@PathParam("name") String name); - + @POST @Path("{name}/entitlements") @PreAuthorize("hasRole('ROLE_UPDATE')") Response addEntitlementToRole(@Context UriInfo ui, @PathParam("name") String name, Entitlement entitlement); - + @DELETE @Path("{name}/entitlements/{entitlementName}") @PreAuthorize("hasRole('ROLE_UPDATE')") http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java index 24ff339..58df748 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java @@ -47,19 +47,19 @@ public class RoleServiceImpl implements RoleService { @Autowired private RoleDAO roleDAO; - + @Autowired private EntitlementDAO entitlementDAO; - + @Override public Roles getRoles(int start, int size, List<String> expand, UriInfo uriInfo) { List<Role> roles = roleDAO.getRoles(start, size, expand); - + Roles list = new Roles(); list.setRoles(roles); return list; } - + @Override public Role getRole(String name, List<String> expand) { Role role = roleDAO.getRole(name, expand); @@ -69,7 +69,7 @@ public class RoleServiceImpl implements RoleService { return role; } } - + @Override public Response addRole(UriInfo ui, Role role) { if (role.getEntitlements() != null && role.getEntitlements().size() > 0) { @@ -77,15 +77,15 @@ public class RoleServiceImpl implements RoleService { throw new WebApplicationException(Status.BAD_REQUEST); } Role createdRole = roleDAO.addRole(role); - + UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri()); uriBuilder.path("{index}"); URI location = uriBuilder.build(createdRole.getName()); - + LOG.debug("Role '" + role.getName() + "' added"); return Response.created(location).entity(role).build(); } - + @Override public Response updateRole(UriInfo ui, String name, Role role) { if (!name.equals(role.getName().toString())) { @@ -96,37 +96,37 @@ public class RoleServiceImpl implements RoleService { throw new WebApplicationException(Status.BAD_REQUEST); } roleDAO.updateRole(name, role); - + LOG.debug("Role '" + role.getName() + "' updated"); return Response.noContent().build(); } - + @Override public Response deleteRole(String name) { roleDAO.deleteRole(name); - + LOG.debug("Role '" + name + "' deleted"); return Response.noContent().build(); } - + @Override public Response addEntitlementToRole(UriInfo ui, String name, Entitlement entitlement) { Role role = roleDAO.getRole(name, null); - + Entitlement foundEntitlement = entitlementDAO.getEntitlement(entitlement.getName()); roleDAO.addEntitlementToRole(role, foundEntitlement); - + LOG.debug("Entitlement '" + entitlement.getName() + "' added to Role '" + name + "'"); return Response.noContent().build(); } - + @Override public Response removeEntitlementFromRole(UriInfo ui, String name, String entitlementName) { Role role = roleDAO.getRole(name, null); Entitlement entitlement = entitlementDAO.getEntitlement(entitlementName); - + roleDAO.removeEntitlementFromRole(role, entitlement); - + LOG.debug("Entitlement '" + entitlementName + "' removed from Role '" + name + "'"); return Response.noContent().build(); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java index 03eb6da..bed3e9a 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java @@ -30,7 +30,7 @@ public class RootServiceImpl implements RootService { public RootServiceImpl() { } - + public Response head(UriInfo uriInfo) { UriBuilder absolute = uriInfo.getBaseUriBuilder(); URI claimUrl = absolute.clone().path("claims").build(); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java ---------------------------------------------------------------------- diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java index b76d91d..01578a2 100644 --- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java +++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java @@ -57,12 +57,12 @@ public interface TrustedIdpService { @POST @PreAuthorize("hasRole('TRUSTEDIDP_CREATE')") Response addTrustedIDP(@Context UriInfo ui, TrustedIdp trustedIdp); - + @PUT @Path("{realm}") @PreAuthorize("hasRole('TRUSTEDIDP_UPDATE')") Response updateTrustedIDP(@Context UriInfo ui, @PathParam("realm") String realm, TrustedIdp trustedIdp); - + @DELETE @Path("{realm}") @PreAuthorize("hasRole('TRUSTEDIDP_DELETE')")
Mime	Unnamed text/plain (inline, 7-Bit, 88313 bytes)
	View raw message