cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [12/18] cxf-fediz git commit: Whitespace cleanup
Date Mon, 13 Feb 2017 11:36:28 GMT
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
index 19573c6..18add14 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
@@ -95,20 +95,20 @@ public class SAMLResponseTest {
     static final String TEST_REQUEST_URI = "/fedizhelloworld";
     static final String TEST_IDP_ISSUER = "http://url_to_the_issuer";
     static final String TEST_CLIENT_ADDRESS = "https://127.0.0.1";
-    
+
     private static final String CONFIG_FILE = "fediz_test_config_saml.xml";
-    
+
     private static Crypto crypto;
     private static CallbackHandler cbPasswordHandler;
     private static FedizConfigurator configurator;
     private static DocumentBuilderFactory docBuilderFactory;
-    
+
     static {
         docBuilderFactory = DocumentBuilderFactory.newInstance();
         docBuilderFactory.setNamespaceAware(true);
     }
-    
-    
+
+
     @BeforeClass
     public static void init() {
         try {
@@ -121,12 +121,12 @@ public class SAMLResponseTest {
         Assert.assertNotNull(configurator);
 
     }
-    
+
     @AfterClass
     public static void cleanup() {
         SecurityTestUtil.cleanup();
     }
-    
+
 
     private static FedizConfigurator getFederationConfigurator() {
         if (configurator != null) {
@@ -144,7 +144,7 @@ public class SAMLResponseTest {
             return null;
         }
     }
-    
+
     /**
      * Successfully validate a SAMLResponse
      */
@@ -152,9 +152,9 @@ public class SAMLResponseTest {
     public void validateSAMLResponse() throws Exception {
         // Mock up a Request
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-        
+
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
+
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
@@ -164,24 +164,24 @@ public class SAMLResponseTest {
                                                      null,
                                                      relayState,
                                                      System.currentTimeMillis());
-        
+
         // Create SAML Response
         String responseStr = createSamlResponseStr(requestId);
-        
+
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
         EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
         EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
         EasyMock.replay(req);
-        
+
         FedizRequest wfReq = new FedizRequest();
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
         wfReq.setRequestState(requestState);
-        
+
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-        
+
         Assert.assertEquals("Principal name wrong", TEST_USER,
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -190,7 +190,7 @@ public class SAMLResponseTest {
         Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
         assertClaims(wfRes.getClaims(), FedizConstants.DEFAULT_ROLE_URI.toString());
     }
-    
+
     /**
      * Validate SAMLResponse with a Response without an internal token parameter
      */
@@ -198,9 +198,9 @@ public class SAMLResponseTest {
     public void validateResponseWithoutToken() throws Exception {
         // Mock up a Request
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-        
+
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
+
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
@@ -210,20 +210,20 @@ public class SAMLResponseTest {
                                                      null,
                                                      relayState,
                                                      System.currentTimeMillis());
-        
+
         Document doc = STSUtil.toSOAPPart(SAMLSSOTestUtils.SAMPLE_EMPTY_SAML_RESPONSE);
-        
+
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
         EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
         EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
         EasyMock.replay(req);
-        
+
         FedizRequest wfReq = new FedizRequest();
         wfReq.setResponseToken(DOM2Writer.nodeToString(doc));
         wfReq.setState(relayState);
         wfReq.setRequest(req);
         wfReq.setRequestState(requestState);
-        
+
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
             wfProc.processRequest(wfReq, config);
@@ -234,14 +234,14 @@ public class SAMLResponseTest {
             }
         }
     }
-    
+
     @org.junit.Test
     public void testMissingRelayState() throws Exception {
         // Mock up a Request
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-        
+
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
+
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
                                                      requestId,
@@ -250,20 +250,20 @@ public class SAMLResponseTest {
                                                      null,
                                                      null,
                                                      System.currentTimeMillis());
-        
+
         // Create SAML Response
         String responseStr = createSamlResponseStr(requestId);
-        
+
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
         EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
         EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
         EasyMock.replay(req);
-        
+
         FedizRequest wfReq = new FedizRequest();
         wfReq.setResponseToken(responseStr);
         wfReq.setRequest(req);
         wfReq.setRequestState(requestState);
-        
+
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
             wfProc.processRequest(wfReq, config);
@@ -274,7 +274,7 @@ public class SAMLResponseTest {
             }
         }
     }
-    
+
     /**
      * Validate SAML 1 token (this is not allowed / supported)
      */
@@ -326,7 +326,7 @@ public class SAMLResponseTest {
             }
         }
     }
-    
+
     /**
      * Validate SAML 2 token which doesn't include the role SAML attribute
      */
@@ -334,9 +334,9 @@ public class SAMLResponseTest {
     public void validateSAML2TokenWithoutRoles() throws Exception {
         // Mock up a Request
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-        
+
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
+
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
@@ -346,7 +346,7 @@ public class SAMLResponseTest {
                                                      null,
                                                      relayState,
                                                      System.currentTimeMillis());
-        
+
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -355,31 +355,31 @@ public class SAMLResponseTest {
         callbackHandler.setIssuer(TEST_IDP_ISSUER);
         callbackHandler.setSubjectName(TEST_USER);
         callbackHandler.setRoles(null);
-        
+
         String responseStr = createSamlResponseStr(callbackHandler, requestId);
-        
+
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
         EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
         EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
         EasyMock.replay(req);
-        
+
         FedizRequest wfReq = new FedizRequest();
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
         wfReq.setRequestState(requestState);
-        
+
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-        
+
         Assert.assertEquals("Principal name wrong", TEST_USER,
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
         Assert.assertEquals("No roles must be found", null, wfRes.getRoles());
         Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
     }
-    
-    
+
+
     /**
      * Validate SAML 2 token where role information is provided
      * within another SAML attribute
@@ -433,7 +433,7 @@ public class SAMLResponseTest {
         Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
         assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
     }
-    
+
     /**
      * Validate SAML 2 token which includes role attribute
      * but RoleURI is not configured
@@ -487,8 +487,8 @@ public class SAMLResponseTest {
         Assert.assertEquals("Two roles must be found", null, wfRes.getRoles());
         Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
     }
-    
-    
+
+
     /**
      * Validate SAML 2 token which includes the role attribute with 2 values
      * Roles are encoded as a multiple saml attributes with the same name
@@ -598,7 +598,7 @@ public class SAMLResponseTest {
         Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
         assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
     }
-    
+
     /**
      * Validate SAML 2 token which includes the role attribute with 2 values
      * The configured subject of the trusted issuer doesn't match with
@@ -634,7 +634,7 @@ public class SAMLResponseTest {
         audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
         cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
         callbackHandler.setConditions(cp);
-        
+
         // Subject Confirmation Data
         SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
         subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -642,7 +642,7 @@ public class SAMLResponseTest {
         subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
         subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
         callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-        
+
         SAMLCallback samlCallback = new SAMLCallback();
         SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
@@ -668,7 +668,7 @@ public class SAMLResponseTest {
             // expected
         }
     }
-    
+
     /**
      * Validate SAML 2 token twice which causes an exception
      * due to replay attack
@@ -718,7 +718,7 @@ public class SAMLResponseTest {
         Assert.assertEquals("Principal name wrong", TEST_USER,
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
-        
+
         wfProc = new SAMLProcessorImpl();
         try {
             wfProc.processRequest(wfReq, config);
@@ -729,7 +729,7 @@ public class SAMLResponseTest {
             }
         }
     }
-    
+
     /**
      * Validate SAML 2 token which includes the role attribute with 2 values
      * The configured subject of the trusted issuer doesn't match with
@@ -775,7 +775,7 @@ public class SAMLResponseTest {
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-        
+
         Assert.assertEquals("Principal name wrong", TEST_USER,
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -828,14 +828,14 @@ public class SAMLResponseTest {
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-        
+
         Assert.assertEquals("Principal name wrong", TEST_USER,
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
         Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
                             .size());
     }
-    
+
     /**
      * Validate SAML 2 token which is expired
      */
@@ -863,7 +863,7 @@ public class SAMLResponseTest {
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         callbackHandler.setIssuer(TEST_IDP_ISSUER);
         callbackHandler.setSubjectName(TEST_USER);
-        
+
         ConditionsBean cp = new ConditionsBean();
         DateTime currentTime = new DateTime();
         currentTime = currentTime.minusSeconds(60);
@@ -875,7 +875,7 @@ public class SAMLResponseTest {
         audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
         cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
         callbackHandler.setConditions(cp);
-        
+
         // Subject Confirmation Data
         SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
         subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -883,13 +883,13 @@ public class SAMLResponseTest {
         subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
         subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
         callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-        
+
         SAMLCallback samlCallback = new SAMLCallback();
         SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         Element response = createSamlResponse(assertion, "mystskey", true, requestId);
         String responseStr = encodeResponse(response);
-        
+
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
         EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
         EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
@@ -911,7 +911,7 @@ public class SAMLResponseTest {
             }
         }
     }
-    
+
     /**
      * Validate SAML 2 token which is not yet valid (in 30 seconds)
      * but within the maximum clock skew range (60 seconds)
@@ -941,7 +941,7 @@ public class SAMLResponseTest {
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         callbackHandler.setIssuer(TEST_IDP_ISSUER);
         callbackHandler.setSubjectName(TEST_USER);
-        
+
         ConditionsBean cp = new ConditionsBean();
         DateTime currentTime = new DateTime();
         currentTime = currentTime.plusSeconds(300);
@@ -953,7 +953,7 @@ public class SAMLResponseTest {
         audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
         cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
         callbackHandler.setConditions(cp);
-        
+
         // Subject Confirmation Data
         SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
         subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -961,13 +961,13 @@ public class SAMLResponseTest {
         subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
         subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
         callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-        
+
         SAMLCallback samlCallback = new SAMLCallback();
         SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         Element response = createSamlResponse(assertion, "mystskey", true, requestId);
         String responseStr = encodeResponse(response);
-        
+
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
         EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
         EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
@@ -981,7 +981,7 @@ public class SAMLResponseTest {
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-        
+
         Assert.assertEquals("Principal name wrong", TEST_USER,
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -1038,7 +1038,7 @@ public class SAMLResponseTest {
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-        
+
         Assert.assertEquals("Principal name wrong", TEST_USER,
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -1088,7 +1088,7 @@ public class SAMLResponseTest {
 
         FedizProcessor wfProc = new SAMLProcessorImpl();
         FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-        
+
         Assert.assertEquals("Principal name wrong", TEST_USER,
                             wfRes.getUsername());
         Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -1096,14 +1096,14 @@ public class SAMLResponseTest {
                             .size());
         Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
     }
-    
+
     @org.junit.Test
     public void testModifiedSignature() throws Exception {
         // Mock up a Request
         FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-        
+
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
+
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
@@ -1113,7 +1113,7 @@ public class SAMLResponseTest {
                                                      null,
                                                      relayState,
                                                      System.currentTimeMillis());
-        
+
         // Create SAML Response
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setAlsoAddAuthnStatement(true);
@@ -1121,13 +1121,13 @@ public class SAMLResponseTest {
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         callbackHandler.setIssuer(TEST_IDP_ISSUER);
         callbackHandler.setSubjectName(TEST_USER);
-        
+
         ConditionsBean cp = new ConditionsBean();
         AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
         audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
         cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
         callbackHandler.setConditions(cp);
-        
+
         // Subject Confirmation Data
         SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
         subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -1135,11 +1135,11 @@ public class SAMLResponseTest {
         subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
         subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
         callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-        
+
         SAMLCallback samlCallback = new SAMLCallback();
         SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-        
+
         WSPasswordCallback[] cb = {
             new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE)
         };
@@ -1156,21 +1156,21 @@ public class SAMLResponseTest {
                 "urn:oasis:names:tc:SAML:2.0:status:Success", null
             );
         Response response =
-            SAML2PResponseComponentBuilder.createSAMLResponse(requestId, 
-                                                              assertion.getIssuerString(), 
+            SAML2PResponseComponentBuilder.createSAMLResponse(requestId,
+                                                              assertion.getIssuerString(),
                                                               status);
 
         response.getAssertions().add(assertion.getSaml2());
 
         Element policyElement = OpenSAMLUtil.toDom(response, doc);
         doc.appendChild(policyElement);
-        
-        NodeList assertionNodes = 
+
+        NodeList assertionNodes =
             policyElement.getElementsByTagNameNS(WSConstants.SAML2_NS, "Assertion");
         Assert.assertTrue(assertionNodes != null && assertionNodes.getLength() == 1);
-        
+
         Element assertionElement = (Element)assertionNodes.item(0);
-        
+
         // Change IssueInstant attribute
         String issueInstance = assertionElement.getAttributeNS(null, "IssueInstant");
         DateTime issueDateTime = new DateTime(issueInstance, DateTimeZone.UTC);
@@ -1178,18 +1178,18 @@ public class SAMLResponseTest {
         assertionElement.setAttributeNS(null, "IssueInstant", issueDateTime.toString());
 
         String responseStr = encodeResponse(policyElement);
-        
+
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
         EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
         EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
         EasyMock.replay(req);
-        
+
         FedizRequest wfReq = new FedizRequest();
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
         wfReq.setRequestState(requestState);
-        
+
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
             wfProc.processRequest(wfReq, config);
@@ -1198,14 +1198,14 @@ public class SAMLResponseTest {
             // expected
         }
     }
-    
+
     @org.junit.Test
     public void testTrustFailure() throws Exception {
         // Mock up a Request
         FedizContext config = getFederationConfigurator().getFedizContext("CLIENT_TRUST");
-        
+
         String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-        
+
         String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
         RequestState requestState = new RequestState(TEST_REQUEST_URL,
                                                      TEST_IDP_ISSUER,
@@ -1215,21 +1215,21 @@ public class SAMLResponseTest {
                                                      null,
                                                      relayState,
                                                      System.currentTimeMillis());
-        
+
         // Create SAML Response
         String responseStr = createSamlResponseStr(requestId);
-        
+
         HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
         EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
         EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
         EasyMock.replay(req);
-        
+
         FedizRequest wfReq = new FedizRequest();
         wfReq.setResponseToken(responseStr);
         wfReq.setState(relayState);
         wfReq.setRequest(req);
         wfReq.setRequestState(requestState);
-        
+
         FedizProcessor wfProc = new SAMLProcessorImpl();
         try {
             wfProc.processRequest(wfReq, config);
@@ -1238,7 +1238,7 @@ public class SAMLResponseTest {
             // expected
         }
     }
-    
+
     private String createSamlResponseStr(String requestId) throws Exception {
         // Create SAML Assertion
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1247,10 +1247,10 @@ public class SAMLResponseTest {
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         callbackHandler.setIssuer(TEST_IDP_ISSUER);
         callbackHandler.setSubjectName(TEST_USER);
-        
+
         return createSamlResponseStr(callbackHandler, requestId);
     }
-    
+
     private String createSamlResponseStr(AbstractSAMLCallbackHandler saml2CallbackHandler,
                                          String requestId) throws Exception {
         ConditionsBean cp = new ConditionsBean();
@@ -1258,7 +1258,7 @@ public class SAMLResponseTest {
         audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
         cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
         saml2CallbackHandler.setConditions(cp);
-        
+
         // Subject Confirmation Data
         SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
         subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -1266,15 +1266,15 @@ public class SAMLResponseTest {
         subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
         subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
         saml2CallbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-        
+
         SAMLCallback samlCallback = new SAMLCallback();
         SAMLUtil.doSAMLCallback(saml2CallbackHandler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         Element response = createSamlResponse(assertion, "mystskey", true, requestId);
         return encodeResponse(response);
     }
-    
-    private Element createSamlResponse(SamlAssertionWrapper assertion, String alias, 
+
+    private Element createSamlResponse(SamlAssertionWrapper assertion, String alias,
                                       boolean sign, String requestID)
         throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
         WSPasswordCallback[] cb = {
@@ -1286,7 +1286,7 @@ public class SAMLResponseTest {
         if (sign) {
             assertion.signAssertion(alias, password, crypto, false);
         }
-        
+
         DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
         Document doc = docBuilder.newDocument();
 
@@ -1295,8 +1295,8 @@ public class SAMLResponseTest {
                 "urn:oasis:names:tc:SAML:2.0:status:Success", null
             );
         Response response =
-            SAML2PResponseComponentBuilder.createSAMLResponse(requestID, 
-                                                              assertion.getIssuerString(), 
+            SAML2PResponseComponentBuilder.createSAMLResponse(requestID,
+                                                              assertion.getIssuerString(),
                                                               status);
 
         response.getAssertions().add(assertion.getSaml2());
@@ -1306,14 +1306,14 @@ public class SAMLResponseTest {
 
         return policyElement;
     }
-    
-    
+
+
     /**
      * Returns the first element that matches <code>name</code> and
      * <code>namespace</code>. <p/> This is a replacement for a XPath lookup
      * <code>//name</code> with the given namespace. It's somewhat faster than
      * XPath, and we do not deal with prefixes, just with the real namespace URI
-     * 
+     *
      * @param startNode Where to start the search
      * @param name Local name of the element
      * @param namespace Namespace URI of the element
@@ -1368,14 +1368,14 @@ public class SAMLResponseTest {
 
     private void assertClaims(List<Claim> claims, String roleClaimType) {
         for (Claim c : claims) {
-            Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(), 
+            Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
                               c.getClaimType().equals(roleClaimType)
                               || c.getClaimType().equals(ClaimTypes.COUNTRY)
                               || c.getClaimType().equals(AbstractSAMLCallbackHandler.CLAIM_TYPE_LANGUAGE)
                               );
         }
     }
-    
+
     private String encodeResponse(Element response) throws IOException {
         String responseMessage = DOM2Writer.nodeToString(response);
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
index 842dcd8..18850a0 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
@@ -21,9 +21,9 @@ package org.apache.cxf.fediz.core.samlsso;
 
 
 public final class SAMLSSOTestUtils {
-    
- 
-    public static final String SAMPLE_EMPTY_SAML_RESPONSE = 
+
+
+    public static final String SAMPLE_EMPTY_SAML_RESPONSE =
         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
         + "<saml2p:Response ID=\"c4b78949-d52e-4ae0-ad44-04ef58fe1ca8\" "
         + "InResponseTo=\"612223b6-fb12-4c40-9a31-9bd94e09a579\" "
@@ -33,9 +33,9 @@ public final class SAMLSSOTestUtils {
         + "http://localhost:12345/idp/samlsso</saml2:Issuer><saml2p:Status>"
         + "<saml2p:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/>"
         + "</saml2p:Status></saml2p:Response>";
-    
+
     private SAMLSSOTestUtils() {
-        
+
     }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
index 2acffb3..46e9d78 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
@@ -65,25 +65,25 @@ import org.slf4j.LoggerFactory;
 
 @PreMatching
 public abstract class AbstractServiceProviderFilter implements ContainerRequestFilter {
-    
-    public static final String SECURITY_CONTEXT_TOKEN = 
+
+    public static final String SECURITY_CONTEXT_TOKEN =
         "org.apache.fediz.SECURITY_TOKEN";
-    public static final String SECURITY_CONTEXT_STATE = 
+    public static final String SECURITY_CONTEXT_STATE =
         "org.apache.fediz.SECURITY_CONTEXT_STATE";
-    
-    protected static final ResourceBundle BUNDLE = 
+
+    protected static final ResourceBundle BUNDLE =
         BundleUtils.getBundle(AbstractServiceProviderFilter.class);
     private static final Logger LOG = LoggerFactory.getLogger(AbstractServiceProviderFilter.class);
-    
+
     private boolean addWebAppContext = true;
     private boolean addEndpointAddressToContext;
-    
+
     private FedizConfigurator configurator;
     private String configFile;
     private SPStateManager stateManager;
     private long stateTimeToLive = 120000;
     private String webAppDomain;
-    
+
     public String getConfigFile() {
         return configFile;
     }
@@ -91,7 +91,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
     public void setConfigFile(String configFile) {
         this.configFile = configFile;
     }
-    
+
     @PostConstruct
     public synchronized void configure() throws JAXBException, IOException {
         if (configurator == null) {
@@ -102,7 +102,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
             try {
                 File f = new File(actualConfigFile);
                 if (!f.exists()) {
-                    URL url = ResourceUtils.getResourceURL(actualConfigFile, 
+                    URL url = ResourceUtils.getResourceURL(actualConfigFile,
                                                         BusFactory.getThreadDefaultBus());
                     if (url == null) {
                         url = new URL(actualConfigFile);
@@ -125,12 +125,12 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
                 throw new IOException(e);
             }
         }
-        
+
         if (stateManager == null) {
             stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
-        } 
+        }
     }
-    
+
     @PreDestroy
     public synchronized void cleanup() throws IOException {
         if (configurator != null) {
@@ -145,21 +145,21 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
                 }
             }
         }
-        
+
         stateManager.close();
     }
-    
+
     protected boolean checkSecurityContext(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) {
         HttpHeaders headers = new HttpHeadersImpl(m);
         Map<String, Cookie> cookies = headers.getCookies();
-        
+
         Cookie securityContextCookie = cookies.get(SECURITY_CONTEXT_TOKEN);
-        
+
         ResponseState responseState = getValidResponseState(securityContextCookie, fedConfig, m);
         if (responseState == null) {
-            return false;    
+            return false;
         }
-        
+
         Cookie relayStateCookie = cookies.get(SECURITY_CONTEXT_STATE);
         if (relayStateCookie == null) {
             reportError("MISSING_RELAY_COOKIE");
@@ -171,41 +171,41 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
             reportError("INVALID_RELAY_STATE");
             return false;
         }
-        
+
         // Check to see if a CSRF-style attack is being mounted
         String state = getState(fedConfig, params);
         if (state != null && !state.equals(responseState.getState())) {
             LOG.error("wctx parameter does not match stored value");
             throw ExceptionUtils.toForbiddenException(null, null);
         }
-        
+
         // Create SecurityContext
         try {
-            Element token = 
+            Element token =
                 StaxUtils.read(new StringReader(responseState.getAssertion())).getDocumentElement();
             setSecurityContext(responseState, m, token);
         } catch (Exception ex) {
             reportError("INVALID_RESPONSE_STATE");
             return false;
         }
-        
+
         return true;
     }
-    
+
     protected void setSecurityContext(
         ResponseState responseState, Message m, Element token
     ) throws WSSecurityException {
-        CXFFedizPrincipal principal = 
-            new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(), 
+        CXFFedizPrincipal principal =
+            new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(),
                                   responseState.getRoles(), token);
-        
+
         SecurityTokenThreadLocal.setToken(principal.getLoginToken());
-        FedizSecurityContext context = 
+        FedizSecurityContext context =
             new FedizSecurityContext(principal, responseState.getRoles());
         m.put(SecurityContext.class, context);
     }
-    
-    protected ResponseState getValidResponseState(Cookie securityContextCookie, 
+
+    protected ResponseState getValidResponseState(Cookie securityContextCookie,
                                                   FedizContext fedConfig,
                                                   Message m) {
         if (securityContextCookie == null) {
@@ -218,22 +218,22 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
         }
         String contextKey = securityContextCookie.getValue();
         ResponseState responseState = stateManager.getResponseState(contextKey);
-        
+
         if (responseState == null) {
             reportError("MISSING_RESPONSE_STATE");
             return null;
         }
-        
+
         if (CookieUtils.isStateExpired(responseState.getCreatedAt(), fedConfig.isDetectExpiredTokens(),
                                        responseState.getExpiresAt(), getStateTimeToLive())) {
             reportError("EXPIRED_RESPONSE_STATE");
             stateManager.removeResponseState(contextKey);
             return null;
         }
-        
+
         String webAppContext = getWebAppContext(m);
-        if (webAppDomain != null 
-            && (responseState.getWebAppDomain() == null 
+        if (webAppDomain != null
+            && (responseState.getWebAppDomain() == null
                 || !webAppDomain.equals(responseState.getWebAppDomain()))
                 || responseState.getWebAppContext() == null
                 || !webAppContext.equals(responseState.getWebAppContext())) {
@@ -247,7 +247,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
         }
         return responseState;
     }
-    
+
     protected String getState(FedizContext fedConfig, MultivaluedMap<String, String> params) {
         if (params != null && fedConfig.getProtocol() instanceof FederationProtocol) {
             return params.getFirst(FederationConstants.PARAM_CONTEXT);
@@ -257,7 +257,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
 
         return null;
     }
-    
+
     protected FedizContext getFedizContext(Message message) {
         String contextName = getWebAppContext(message);
         String[] contextPath = contextName.split("/");
@@ -266,7 +266,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
         }
         return getContextConfiguration(contextName);
     }
-    
+
     protected synchronized FedizContext getContextConfiguration(String contextName) {
         if (configurator == null) {
             throw new IllegalStateException("No Fediz configuration available");
@@ -282,21 +282,21 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
 
         return config;
     }
-    
+
     protected void reportError(String code) {
-        org.apache.cxf.common.i18n.Message errorMsg = 
+        org.apache.cxf.common.i18n.Message errorMsg =
             new org.apache.cxf.common.i18n.Message(code, BUNDLE);
         LOG.warn(errorMsg.toString());
     }
-    
+
     protected void reportTrace(String code) {
         if (LOG.isDebugEnabled()) {
-            org.apache.cxf.common.i18n.Message errorMsg = 
+            org.apache.cxf.common.i18n.Message errorMsg =
                 new org.apache.cxf.common.i18n.Message(code, BUNDLE);
             LOG.debug(errorMsg.toString());
         }
     }
-    
+
     protected String getWebAppContext(Message m) {
         if (addWebAppContext) {
             if (addEndpointAddressToContext) {
@@ -309,11 +309,11 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
             return "/";
         }
     }
-  
+
     public void setAddWebAppContext(boolean addWebAppContext) {
         this.addWebAppContext = addWebAppContext;
     }
-        
+
     public SPStateManager getStateManager() {
         return stateManager;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
index 5a6914e..325de9c 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
@@ -27,12 +27,12 @@ import org.apache.cxf.fediz.core.ClaimCollection;
 import org.apache.cxf.fediz.core.FedizPrincipal;
 
 public class CXFFedizPrincipal implements FedizPrincipal {
-    
+
     private final String subject;
     private final List<Claim> claims;
     private Element token;
     private List<String> roles = Collections.emptyList();
-    
+
     public CXFFedizPrincipal(String subject, List<Claim> claims, List<String> roles, Element token) {
         this.subject = subject;
         this.claims = claims;
@@ -56,7 +56,7 @@ public class CXFFedizPrincipal implements FedizPrincipal {
     public Element getLoginToken() {
         return token;
     }
-    
+
     public List<String> getRoleClaims() {
         return Collections.unmodifiableList(roles);
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
index a62b97a..5566c52 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -73,18 +73,18 @@ import org.slf4j.LoggerFactory;
 
 public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
     implements ContainerResponseFilter {
-    
+
     private static final Logger LOG = LoggerFactory.getLogger(FedizRedirectBindingFilter.class);
-    
-    @Context 
+
+    @Context
     private MessageContext messageContext;
 
     private boolean redirectOnInitialSignIn;
-    
+
     public void filter(ContainerRequestContext context) {
         Message m = JAXRSUtils.getCurrentMessage();
         FedizContext fedConfig = getFedizContext(m);
-        
+
         // See if it is a Metadata request
         if (isMetadataRequest(context, fedConfig)) {
             return;
@@ -92,7 +92,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
 
         String httpMethod = context.getMethod();
         MultivaluedMap<String, String> params = null;
-        
+
         try {
             if (HttpMethod.GET.equals(httpMethod)) {
                 params = context.getUriInfo().getQueryParameters();
@@ -104,7 +104,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
             LOG.debug(ex.getMessage(), ex);
             throw ExceptionUtils.toInternalServerErrorException(ex, null);
         }
-        
+
         // See if it is a Logout request first
         if (isLogoutRequest(context, fedConfig, m, params) || isSignoutCleanupRequest(fedConfig, m, params)) {
             return;
@@ -119,7 +119,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
             throw ExceptionUtils.toBadRequestException(null, null);
         }
     }
-    
+
     private void processSignInRequest(ContainerRequestContext context, FedizContext fedConfig,
                                       Message m, MultivaluedMap<String, String> params) {
         String responseToken = getResponseToken(fedConfig, params);
@@ -137,7 +137,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
                 LOG.debug("token=\n" + responseToken);
             }
 
-            FedizResponse wfRes = 
+            FedizResponse wfRes =
                 validateSignInRequest(fedConfig, params, responseToken, state);
 
             // Validate AudienceRestriction
@@ -170,12 +170,12 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
 
             String webAppContext = getWebAppContext(m);
 
-            ResponseState responseState = 
+            ResponseState responseState =
                 new ResponseState(token,
-                                  state, 
+                                  state,
                                   webAppContext,
                                   webAppDomain,
-                                  currentTime, 
+                                  currentTime,
                                   expiresAt);
             responseState.setClaims(wfRes.getClaims());
             responseState.setRoles(roles);
@@ -192,7 +192,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
 
             // Redirect with cookie set
             if (isRedirectOnInitialSignIn()) {
-                ResponseBuilder response = 
+                ResponseBuilder response =
                     Response.seeOther(new UriInfoImpl(m).getAbsolutePath());
                 response.header(HttpHeaders.SET_COOKIE, contextCookie);
 
@@ -206,17 +206,17 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
                 }
             }
         }
-        
+
     }
 
     private void processSignInRequired(ContainerRequestContext context, FedizContext fedConfig) {
      // Unauthenticated -> redirect
-        FedizProcessor processor = 
+        FedizProcessor processor =
             FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
 
         HttpServletRequest request = messageContext.getHttpServletRequest();
         try {
-            RedirectionResponse redirectionResponse = 
+            RedirectionResponse redirectionResponse =
                 processor.createSignInRequest(request, fedConfig);
             String redirectURL = redirectionResponse.getRedirectionURL();
             if (redirectURL != null) {
@@ -233,7 +233,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
                 if (requestState != null && requestState.getState() != null) {
                     getStateManager().setRequestState(requestState.getState(), requestState);
 
-                    String contextCookie = 
+                    String contextCookie =
                         CookieUtils.createCookie(SECURITY_CONTEXT_STATE,
                                                  requestState.getState(),
                                                  request.getRequestURI(),
@@ -251,7 +251,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
             LOG.debug(ex.getMessage(), ex);
             throw ExceptionUtils.toInternalServerErrorException(ex, null);
         }
-        
+
     }
 
     private boolean isMetadataRequest(ContainerRequestContext context, FedizContext fedConfig) {
@@ -262,26 +262,26 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
             if (LOG.isInfoEnabled()) {
                 LOG.info("Metadata document requested");
             }
-            
-            FedizProcessor wfProc = 
+
+            FedizProcessor wfProc =
                 FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
             try {
                 HttpServletRequest request = messageContext.getHttpServletRequest();
                 Document metadata = wfProc.getMetaData(request, fedConfig);
                 String metadataStr = DOM2Writer.nodeToString(metadata);
-                
+
                 ResponseBuilder response = Response.ok(metadataStr, "text/xml");
                 context.abortWith(response.build());
                 return true;
             } catch (Exception ex) {
                 LOG.error("Failed to get metadata document: " + ex.getMessage());
                 throw ExceptionUtils.toInternalServerErrorException(ex, null);
-            }            
+            }
         }
-        
+
         return false;
     }
-    
+
     private boolean isLogoutRequest(ContainerRequestContext context, FedizContext fedConfig,
                                     Message message, MultivaluedMap<String, String> params) {
 
@@ -297,16 +297,16 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
                 signout = true;
             }
         }
-        
+
         if (signout) {
             cleanupContext(message);
 
             try {
-                FedizProcessor processor = 
+                FedizProcessor processor =
                     FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
 
                 HttpServletRequest request = messageContext.getHttpServletRequest();
-                RedirectionResponse redirectionResponse = 
+                RedirectionResponse redirectionResponse =
                     processor.createSignOutRequest(request, null, fedConfig); //TODO
                 String redirectURL = redirectionResponse.getRedirectionURL();
                 if (redirectURL != null) {
@@ -327,10 +327,10 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
                 throw ExceptionUtils.toInternalServerErrorException(ex, null);
             }
         }
-        
+
         return false;
     }
-    
+
     private void cleanupContext(Message message) {
         HttpHeaders headers = new HttpHeadersImpl(message);
         Map<String, Cookie> cookies = headers.getCookies();
@@ -343,7 +343,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
             getStateManager().removeRequestState(contextKey);
         }
     }
-    
+
     private String getMetadataURI(FedizContext fedConfig) {
         if (fedConfig.getProtocol().getMetadataURI() != null) {
             return fedConfig.getProtocol().getMetadataURI();
@@ -352,10 +352,10 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
         } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
             return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
         }
-        
+
         return FederationConstants.METADATA_PATH_URI;
     }
-    
+
     private boolean isSignInRequired(FedizContext fedConfig, MultivaluedMap<String, String> params) {
         if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
             && params.getFirst(FederationConstants.PARAM_ACTION) == null) {
@@ -364,11 +364,11 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
             && params.getFirst(SAMLSSOConstants.RELAY_STATE) == null) {
             return true;
         }
-        
+
         return false;
     }
-    
-    private boolean isSignInRequest(FedizContext fedConfig, MultivaluedMap<String, String> params) { 
+
+    private boolean isSignInRequest(FedizContext fedConfig, MultivaluedMap<String, String> params) {
         if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
             && FederationConstants.ACTION_SIGNIN.equals(
                 params.getFirst(FederationConstants.PARAM_ACTION))) {
@@ -377,12 +377,12 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
             && params.getFirst(SAMLSSOConstants.RELAY_STATE) != null) {
             return true;
         }
-        
+
         return false;
     }
-    
-    private boolean isSignoutCleanupRequest(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) { 
-        
+
+    private boolean isSignoutCleanupRequest(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) {
+
         boolean signoutCleanup = false;
         if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
             && FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(
@@ -392,14 +392,14 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
             && params.getFirst(SAMLSSOConstants.RELAY_STATE) != null) {
             signoutCleanup = true;
         }*/
-        
+
         if (signoutCleanup) {
             if (LOG.isDebugEnabled()) {
                 LOG.debug("SignOutCleanup request found");
                 LOG.debug("SignOutCleanup action...");
             }
             cleanupContext(m);
-            
+
             HttpServletResponse response = messageContext.getHttpServletResponse();
             try {
                 final ServletOutputStream responseOutputStream = response.getOutputStream();
@@ -419,20 +419,20 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
                 LOG.debug(ex.getMessage(), ex);
                 throw ExceptionUtils.toInternalServerErrorException(ex, null);
             }
-            
+
             return true;
         }
-        
+
         return false;
     }
-    
+
     private String getResponseToken(FedizContext fedConfig, MultivaluedMap<String, String> params) {
         if (params != null && fedConfig.getProtocol() instanceof FederationProtocol) {
             return params.getFirst(FederationConstants.PARAM_RESULT);
         } else if (params != null && fedConfig.getProtocol() instanceof SAMLProtocol) {
             return params.getFirst(SAMLSSOConstants.SAML_RESPONSE);
         }
-        
+
         return null;
     }
 
@@ -445,34 +445,34 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
         FedizRequest wfReq = new FedizRequest();
         wfReq.setAction(params.getFirst(FederationConstants.PARAM_ACTION));
         wfReq.setResponseToken(responseToken);
-        
+
         if (state == null || state.getBytes().length <= 0) {
             LOG.error("Invalid RelayState/WCTX");
             throw ExceptionUtils.toBadRequestException(null, null);
         }
-        
+
         wfReq.setState(state);
         wfReq.setRequestState(getStateManager().removeRequestState(state));
-        
+
         if (wfReq.getRequestState() == null) {
             LOG.error("Missing Request State");
             throw ExceptionUtils.toBadRequestException(null, null);
         }
-        
-        if (CookieUtils.isStateExpired(wfReq.getRequestState().getCreatedAt(), false, 0, 
+
+        if (CookieUtils.isStateExpired(wfReq.getRequestState().getCreatedAt(), false, 0,
                                        getStateTimeToLive())) {
             LOG.error("EXPIRED_REQUEST_STATE");
             throw ExceptionUtils.toBadRequestException(null, null);
         }
-        
+
         HttpServletRequest request = messageContext.getHttpServletRequest();
         wfReq.setRequest(request);
 
-        X509Certificate certs[] = 
+        X509Certificate certs[] =
             (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
         wfReq.setCerts(certs);
 
-        FedizProcessor wfProc = 
+        FedizProcessor wfProc =
             FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
         try {
             return wfProc.processRequest(wfReq, fedConfig);
@@ -481,13 +481,13 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
             throw ExceptionUtils.toNotAuthorizedException(ex, null);
         }
     }
-    
+
     private void validateAudienceRestrictions(
-        FedizResponse wfRes, 
+        FedizResponse wfRes,
         List<String> audienceURIs,
         HttpServletRequest request
     ) {
-        // Validate the AudienceRestriction in Security Token (e.g. SAML) 
+        // Validate the AudienceRestriction in Security Token (e.g. SAML)
         // against the configured list of audienceURIs
         if (wfRes.getAudience() != null) {
             boolean validAudience = false;
@@ -497,13 +497,13 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
                     break;
                 }
             }
-            
+
             if (!validAudience) {
                 LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
                          + "] doesn't match with specified list of URIs.");
                 throw ExceptionUtils.toForbiddenException(null, null);
             }
-            
+
             if (LOG.isDebugEnabled() && request.getRequestURL().indexOf(wfRes.getAudience()) == -1) {
                 LOG.debug("Token AudienceRestriction doesn't match with request URL ["
                         + wfRes.getAudience() + "]  ["
@@ -527,7 +527,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
         if (tokenContext != null) {
             responseContext.getHeaders().add(HttpHeaders.SET_COOKIE, tokenContext);
         }
-        
+
     }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
index 89adc17..0e694e7 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
@@ -27,7 +27,7 @@ import org.apache.cxf.common.security.SimplePrincipal;
 import org.apache.cxf.security.SecurityContext;
 
 public class FedizSecurityContext implements SecurityContext {
-    
+
     private Principal principal;
     private Set<Principal> roles;
 
@@ -41,7 +41,7 @@ public class FedizSecurityContext implements SecurityContext {
             }
         }
     }
-    
+
     @Override
     public Principal getUserPrincipal() {
         return principal;
@@ -54,7 +54,7 @@ public class FedizSecurityContext implements SecurityContext {
                 return true;
             }
         }
-        
+
         return false;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
index 5b886ba..0b7d099 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
@@ -32,7 +32,7 @@ import org.apache.wss4j.common.cache.EHCacheManagerHolder;
 import org.apache.wss4j.common.util.Loader;
 
 /**
- * An in-memory EHCache implementation of the SPStateManager interface. 
+ * An in-memory EHCache implementation of the SPStateManager interface.
  * The default TTL is 5 minutes.
  */
 public class EHCacheSPStateManager implements SPStateManager {
@@ -40,34 +40,34 @@ public class EHCacheSPStateManager implements SPStateManager {
     public static final long DEFAULT_TTL = 60L * 5L;
     public static final String REQUEST_CACHE_KEY = "cxf.fediz.samlp.request.state.cache";
     public static final String RESPONSE_CACHE_KEY = "cxf.fediz.samlp.response.state.cache";
-    
+
     private Ehcache requestCache;
     private Ehcache responseCache;
     private CacheManager cacheManager;
     private long ttl = DEFAULT_TTL;
-    
+
     public EHCacheSPStateManager(String configFile) {
         this(getConfigFileURL(configFile));
     }
-    
+
     public EHCacheSPStateManager(URL configFileURL) {
         this(EHCacheManagerHolder.getCacheManager("", configFileURL));
     }
-    
+
     public EHCacheSPStateManager(CacheManager cacheManager) {
         this.cacheManager = cacheManager;
-        
+
         CacheConfiguration requestCC = EHCacheManagerHolder.getCacheConfiguration(REQUEST_CACHE_KEY, cacheManager);
 
         Ehcache newCache = new Cache(requestCC);
         requestCache = cacheManager.addCacheIfAbsent(newCache);
-        
+
         CacheConfiguration responseCC = EHCacheManagerHolder.getCacheConfiguration(RESPONSE_CACHE_KEY, cacheManager);
-        
+
         newCache = new Cache(responseCC);
         responseCache = cacheManager.addCacheIfAbsent(newCache);
     }
-    
+
     private static URL getConfigFileURL(Object o) {
         if (o instanceof String) {
             try {
@@ -80,11 +80,11 @@ public class EHCacheSPStateManager implements SPStateManager {
                 // Do nothing
             }
         } else if (o instanceof URL) {
-            return (URL)o;        
+            return (URL)o;
         }
         return null;
     }
-    
+
     /**
      * Set a new (default) TTL value in seconds
      * @param newTtl a new (default) TTL value in seconds
@@ -92,7 +92,7 @@ public class EHCacheSPStateManager implements SPStateManager {
     public void setTTL(long newTtl) {
         ttl = newTtl;
     }
-    
+
     /**
      * Get the (default) TTL value in seconds
      * @return the (default) TTL value in seconds
@@ -100,18 +100,18 @@ public class EHCacheSPStateManager implements SPStateManager {
     public long getTTL() {
         return ttl;
     }
-    
+
     public void setRequestState(String relayState, RequestState state) {
         if (relayState == null || "".equals(relayState)) {
             return;
         }
-        
+
         int parsedTTL = (int)ttl;
         if (ttl != (long)parsedTTL) {
             // Fall back to 60 minutes if the default TTL is set incorrectly
             parsedTTL = 3600;
         }
-        
+
         Element element = new Element(relayState, state);
         element.setTimeToLive(parsedTTL);
         element.setTimeToIdle(parsedTTL);
@@ -126,7 +126,7 @@ public class EHCacheSPStateManager implements SPStateManager {
         }
         return null;
     }
-    
+
     public ResponseState getResponseState(String securityContextKey) {
         Element element = responseCache.get(securityContextKey);
         if (element != null) {
@@ -152,7 +152,7 @@ public class EHCacheSPStateManager implements SPStateManager {
         if (securityContextKey == null || "".equals(securityContextKey)) {
             return;
         }
-        
+
         int parsedTTL = (int)ttl;
         if (ttl != (long)parsedTTL) {
             // Fall back to 5 minutes if the default TTL is set incorrectly
@@ -161,10 +161,10 @@ public class EHCacheSPStateManager implements SPStateManager {
         Element element = new Element(securityContextKey, state);
         element.setTimeToLive(parsedTTL);
         element.setTimeToIdle(parsedTTL);
-        
+
         responseCache.put(element);
     }
-    
+
     public void close() throws IOException {
         if (cacheManager != null) {
             cacheManager.shutdown();

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
index 17fa532..04db854 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
@@ -32,7 +32,7 @@ import org.apache.cxf.fediz.core.Claim;
 public class ResponseState implements Serializable {
 
     private static final long serialVersionUID = -3247188797004342462L;
-    
+
     private String assertion;
     private String state;
     private String webAppContext;
@@ -43,16 +43,16 @@ public class ResponseState implements Serializable {
     private String issuer;
     private List<Claim> claims;
     private String subject;
-    
+
     public ResponseState() {
-        
+
     }
-    
+
     public ResponseState(String assertion,
                          String state,
                          String webAppContext,
                          String webAppDomain,
-                         long createdAt, 
+                         long createdAt,
                          long expiresAt) {
         this.assertion = assertion;
         this.state = state;
@@ -65,7 +65,7 @@ public class ResponseState implements Serializable {
     public long getCreatedAt() {
         return createdAt;
     }
-    
+
     public long getExpiresAt() {
         return expiresAt;
     }
@@ -73,7 +73,7 @@ public class ResponseState implements Serializable {
     public String getState() {
         return state;
     }
-    
+
     public String getWebAppContext() {
         return webAppContext;
     }
@@ -81,7 +81,7 @@ public class ResponseState implements Serializable {
     public String getWebAppDomain() {
         return webAppDomain;
     }
-    
+
     public String getAssertion() {
         return assertion;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
index 5ed5a47..693da53 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
@@ -25,22 +25,22 @@ import org.apache.cxf.fediz.core.RequestState;
 
 /**
  * SSO Service Provider State Manager.
- * 
+ *
  * TODO: review the possibility of working with the Servlet HTTPSession
- * instead; in that case it can be tricky to configure various containers 
- * (Tomcat, Jetty) to make sure the cookies are shared across multiple 
+ * instead; in that case it can be tricky to configure various containers
+ * (Tomcat, Jetty) to make sure the cookies are shared across multiple
  * war contexts which will be needed if RequestAssertionConsumerService
- * needs to be run in its own war file instead of having every application 
- * war on the SP side have a dedicated RequestAssertionConsumerService endpoint   
+ * needs to be run in its own war file instead of having every application
+ * war on the SP side have a dedicated RequestAssertionConsumerService endpoint
  */
 public interface SPStateManager extends Closeable {
-    
+
     void setRequestState(String relayState, RequestState state);
     RequestState removeRequestState(String relayState);
-    
+
     void setResponseState(String contextKey, ResponseState state);
     ResponseState getResponseState(String contextKey);
     ResponseState removeResponseState(String contextKey);
-    
+
     void close() throws IOException;
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
index 4cff406..a905641 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
@@ -39,7 +39,7 @@ import org.slf4j.LoggerFactory;
 /**
  * This CallbackHandler implementation obtains the security token from
  * the thread local storage to be used as the delegation token.
- */ 
+ */
 public class ThreadLocalCallbackHandler implements CallbackHandler {
 
     private static final Logger LOG = LoggerFactory.getLogger(ThreadLocalCallbackHandler.class);
@@ -58,7 +58,7 @@ public class ThreadLocalCallbackHandler implements CallbackHandler {
                         LOG.debug(DOM2Writer.nodeToString(token));
                         LOG.debug("****************** END TOKEN *******************");
                     }
-                    callback.setToken(token);     
+                    callback.setToken(token);
                 }
 
             } else {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
index 803c26a..e3ff3c7 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
@@ -73,22 +73,22 @@ import org.eclipse.jetty.util.log.Logger;
  * by sending a WS-Federation SignIn request.
  * </p>
  * <p>
- * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of 
+ * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
  * mechanism to authenticate the user.
  * FederationAuthentication uses {@link SessionAuthentication} to wrap Authentication results so that they are
  * associated with the session.
  * </p>
  */
 public class FederationAuthenticator extends LoginAuthenticator {
-    
+
     public static final String J_URI = "org.eclipse.jetty.security.form_URI";
     public static final String J_POST = "org.eclipse.jetty.security.form_POST";
     public static final String J_CONTEXT = "org.eclipse.jetty.security.form_CONTEXT";
 
     private static final Logger LOG = Log.getLogger(FederationAuthenticator.class);
-    
+
     private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-       
+
     private String configFile;
     private FedizConfigurator configurator;
     private String encoding = "UTF-8";
@@ -98,7 +98,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
 
 
     /**
-     * 
+     *
      */
     @Override
     public void setConfiguration(AuthConfiguration configuration) {
@@ -123,7 +123,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
             //throw new ServerAuthException("Failed to load Fediz configuration",
             //                              e);
         }
-        
+
     }
 
     /* ------------------------------------------------------------ */
@@ -138,7 +138,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
     public void setConfigFile(String configFile) {
         this.configFile = configFile;
     }
-    
+
     public String getEncoding() {
         return encoding;
     }
@@ -146,22 +146,22 @@ public class FederationAuthenticator extends LoginAuthenticator {
     public void setEncoding(String encoding) {
         this.encoding = encoding;
     }
-    
+
     /* ------------------------------------------------------------ */
     public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
         throws ServerAuthException {
-        
+
         HttpServletRequest request = (HttpServletRequest)req;
         HttpServletResponse response = (HttpServletResponse)res;
 
         HttpSession session = request.getSession(true);
-        
+
         String contextName = request.getSession().getServletContext().getContextPath();
         if (contextName == null || contextName.isEmpty()) {
             contextName = "/";
         }
         FedizContext fedConfig = getContextConfiguration(contextName);
-        
+
         // Check to see if it is a metadata request
         MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedConfig);
         if (mdHandler.canHandleRequest(request)) {
@@ -175,17 +175,17 @@ public class FederationAuthenticator extends LoginAuthenticator {
         if (!mandatory) {
             return new DeferredAuthentication(this);
         }
-        
+
         try {
             req.setCharacterEncoding(this.encoding);
         } catch (UnsupportedEncodingException ex) {
             LOG.warn("Unsupported encoding '" + this.encoding + "'", ex);
         }
-        
+
         try {
             String action = request.getParameter(FederationConstants.PARAM_ACTION);
             Authentication authentication = null;
-            
+
             // Handle a request for authentication.
             if (isSignInRequest(request, fedConfig)) {
                 authentication = handleSignInRequest(request, response, session, fedConfig);
@@ -196,7 +196,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
                 response.sendError(HttpServletResponse.SC_BAD_REQUEST);
                 authentication = Authentication.UNAUTHENTICATED;
             }
-            
+
             if (authentication != null) {
                 return authentication;
             }
@@ -206,35 +206,35 @@ public class FederationAuthenticator extends LoginAuthenticator {
             if (authentication != null) {
                 return authentication;
             }
-            
+
 
             // if we can't send challenge
             if (DeferredAuthentication.isDeferred(response)) {
                 LOG.debug("auth deferred {}", session.getId());
                 return Authentication.UNAUTHENTICATED;
             }
-            
+
             // remember the current URI
             synchronized (session) {
                 // But only if it is not set already, or we save every uri that leads to a login form redirect
-                if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)  
+                if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)
                     StringBuffer buf = request.getRequestURL();
                     if (request.getQueryString() != null) {
                         buf.append("?").append(request.getQueryString());
                     }
                     session.setAttribute(J_URI, buf.toString());
-                    
-                    if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType()) 
+
+                    if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType())
                         && HttpMethods.POST.equals(request.getMethod())) {
-                        Request baseRequest = (req instanceof Request) ? (Request)req 
+                        Request baseRequest = (req instanceof Request) ? (Request)req
                             : AbstractHttpConnection.getCurrentConnection().getRequest();
-                        baseRequest.extractParameters();                        
+                        baseRequest.extractParameters();
                         session.setAttribute(J_POST, new MultiMap<String>(baseRequest.getParameters()));
                     }
                 }
             }
-            
-            FedizProcessor wfProc = 
+
+            FedizProcessor wfProc =
                 FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
             signInRedirectToIssuer(request, response, wfProc, session);
 
@@ -247,8 +247,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
          * catch (ServletException e) { throw new ServerAuthException(e); }
          */
     }
-    
-    private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response, 
+
+    private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
                                                HttpSession session, FedizContext fedConfig) throws IOException {
         FedizResponse wfRes = null;
         if (LOG.isDebugEnabled()) {
@@ -271,7 +271,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
             wfReq.setState(request.getParameter("RelayState"));
             wfReq.setRequest(request);
 
-            X509Certificate[] certs = 
+            X509Certificate[] certs =
                 (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
             wfReq.setCerts(certs);
 
@@ -291,23 +291,23 @@ public class FederationAuthenticator extends LoginAuthenticator {
                         response.sendError(HttpServletResponse.SC_FORBIDDEN);
                         return Authentication.UNAUTHENTICATED;
                     }
-                    
+
                     nuri = (String) session.getAttribute(J_URI);
 
                     if (nuri == null || nuri.length() == 0) {
                         nuri = request.getContextPath();
-                        if (nuri.length() == 0) { 
+                        if (nuri.length() == 0) {
                             nuri = URIUtil.SLASH;
                         }
                     }
                     Authentication cached = new SessionAuthentication(getAuthMethod(), user, wfRes);
                     session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
                 }
-                
+
                 FederationUserIdentity fui = (FederationUserIdentity)user;
                 session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());
-                
-                response.setContentLength(0);   
+
+                response.setContentLength(0);
                 response.sendRedirect(response.encodeRedirectURL(nuri));
 
                 return new FederationAuthentication(getAuthMethod(), user);
@@ -323,7 +323,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
             return Authentication.UNAUTHENTICATED;
         }
     }
-    
+
     private Authentication handleSignOutCleanup(HttpServletResponse response, HttpSession session) throws IOException {
         if (LOG.isDebugEnabled()) {
             LOG.debug("SignOutCleanup request found");
@@ -346,10 +346,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
         responseOutputStream.flush();
         return Authentication.SEND_SUCCESS;
     }
-    
-    private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response, 
+
+    private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
                                                       HttpSession session, FedizContext fedConfig) throws IOException {
-        Authentication authentication = 
+        Authentication authentication =
             (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
         if (authentication != null) {
             // Has authentication been revoked?
@@ -361,21 +361,21 @@ public class FederationAuthenticator extends LoginAuthenticator {
                 String action = request.getParameter(FederationConstants.PARAM_ACTION);
                 boolean logout = FederationConstants.ACTION_SIGNOUT.equals(action);
                 String logoutUrl = fedConfig.getLogoutURL();
-                
+
                 String uri = request.getRequestURI();
                 if (uri == null) {
                     uri = URIUtil.SLASH;
                 }
-                
+
                 String contextName = request.getSession().getServletContext().getContextPath();
                 if (contextName == null || contextName.isEmpty()) {
                     contextName = "/";
                 }
-                
+
                 if (logout || logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
                     session.invalidate();
 
-                    FedizProcessor wfProc = 
+                    FedizProcessor wfProc =
                         FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
                     signOutRedirectToIssuer(request, response, wfProc);
 
@@ -395,8 +395,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
                         // This is a retry of an original POST request
                         // so restore method and parameters
 
-                        session.removeAttribute(J_POST);            
-                        Request baseRequest = (Request)request; 
+                        session.removeAttribute(J_POST);
+                        Request baseRequest = (Request)request;
                         // (req instanceof Request)?(Request)
                         // req:HttpConnection.getCurrentConnection().getRequest();
                         baseRequest.setMethod(HttpMethods.POST);
@@ -405,13 +405,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
                 } else if (jUri != null) {
                     session.removeAttribute(J_URI);
                 }
-                        
+
                 return authentication;
             }
         }
         return null;
     }
-    
+
     private boolean isTokenExpired(FedizContext fedConfig, UserIdentity userIdentity) {
         if (fedConfig.isDetectExpiredTokens()) {
             try {
@@ -421,13 +421,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
                     LOG.debug("Token doesn't expire");
                     return false;
                 }
-    
+
                 Date currentTime = new Date();
                 if (!currentTime.after(tokenExpires)) {
                     return false;
                 } else {
                     LOG.warn("Token already expired. Clean up and redirect");
-    
+
                     return true;
                 }
             } catch (ClassCastException ex) {
@@ -435,7 +435,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
                 throw new IllegalStateException("UserIdentity must be instance of FederationUserIdentity");
             }
         }
-        
+
         return false;
     }
 
@@ -451,7 +451,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
 
         return false;
     }
-    
+
     private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
         if (fedConfig.getProtocol() instanceof FederationProtocol) {
             return request.getParameter(FederationConstants.PARAM_RESULT);
@@ -460,16 +460,16 @@ public class FederationAuthenticator extends LoginAuthenticator {
         }
         return null;
     }
-    
+
     /* ------------------------------------------------------------ */
     public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
                                   User validatedUser) throws ServerAuthException {
         return true;
-    }    
-    
+    }
+
     /**
      * Called to redirect sign-in to the IDP/Issuer
-     * 
+     *
      * @param request
      *            Request we are processing
      * @param response
@@ -482,7 +482,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
      *             {@link HttpServletResponse#sendError(int, String)} throws an
      *             {@link IOException}
      */
-    protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response, 
+    protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
                                           FedizProcessor processor, HttpSession session)
         throws IOException {
 
@@ -503,11 +503,11 @@ public class FederationAuthenticator extends LoginAuthenticator {
                         response.addHeader(entry.getKey(), entry.getValue());
                     }
                 }
-                
+
                 synchronized (session) {
                     session.setAttribute(J_CONTEXT, redirectionResponse.getRequestState().getState());
                 }
-                
+
                 response.sendRedirect(redirectURL);
             } else {
                 LOG.warn("Failed to create SignInRequest.");
@@ -519,10 +519,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
             response.sendError(
                                HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
         }
-        
+
     }
 
-    protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response, 
+    protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
                                            FedizProcessor processor)
             throws IOException {
 
@@ -534,7 +534,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
         }
         FedizContext fedCtx = this.configurator.getFedizContext(contextName);
         try {
-            RedirectionResponse redirectionResponse = 
+            RedirectionResponse redirectionResponse =
                 processor.createSignOutRequest(request, null, fedCtx); //TODO
             String redirectURL = redirectionResponse.getRedirectionURL();
             if (redirectURL != null) {
@@ -544,7 +544,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
                         response.addHeader(entry.getKey(), entry.getValue());
                     }
                 }
-                
+
                 response.sendRedirect(redirectURL);
             } else {
                 LOG.warn("Failed to create SignOutRequest.");
@@ -557,7 +557,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
                     HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
         }
     }
-    
+
     private FedizContext getContextConfiguration(String contextName) {
         if (configurator == null) {
             throw new IllegalStateException("No Fediz configuration available");
@@ -566,7 +566,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
         if (config == null) {
             throw new IllegalStateException("No Fediz configuration for context :" + contextName);
         }
-        
+
         String jettyHome = System.getProperty("jetty.home");
         if (jettyHome != null && jettyHome.length() > 0) {
             config.setRelativePath(jettyHome);
@@ -581,7 +581,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
      */
     public static class FederationAuthentication extends UserAuthentication implements
         Authentication.ResponseSent {
-        
+
         public FederationAuthentication(String method, UserIdentity userIdentity) {
             super(method, userIdentity);
         }


Mime
View raw message