cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf-fediz git commit: FEDIZ-192 - customSTSParameter propagation
Date Tue, 28 Feb 2017 18:09:50 GMT
FEDIZ-192 - customSTSParameter propagation

This fix enables propagating the customSTSParameter
SAML parameter to the Validator class.

The issue was caused by Spring Security which redirects
the user to a /login page (without the original parameters)

To handle this case, we :
 * get the custom parameter from HTTP parameters
   (as previously).
 * if not found we lookup in the Spring Security
   savedRequest (aka requestCache).

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a78cc23e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a78cc23e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a78cc23e

Branch: refs/heads/master
Commit: a78cc23e2f76d6640aae5b816dc17b867ec83f06
Parents: 6e453b9
Author: gonzalad <adr_gonzalez@yahoo.fr>
Authored: Tue Feb 28 13:20:16 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Feb 28 18:09:00 2017 +0000

----------------------------------------------------------------------
 .../idp/STSUPAuthenticationProvider.java        | 48 ++++++++++++++++----
 1 file changed, 39 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a78cc23e/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
index 6db919b..5f66266 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.service.idp;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
@@ -33,6 +34,9 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.security.web.savedrequest.SavedRequest;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
@@ -43,6 +47,8 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider
{
 
     private static final Logger LOG = LoggerFactory.getLogger(STSUPAuthenticationProvider.class);
 
+    private RequestCache requestCache = new HttpSessionRequestCache();
+
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
         // We only handle UsernamePasswordAuthenticationTokens
@@ -85,15 +91,7 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider
{
 
         try {
 
-            if (getCustomSTSParameter() != null) {
-                HttpServletRequest request =
-                    ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
-                String authRealmParameter = request.getParameter(getCustomSTSParameter());
-                LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
-                if (authRealmParameter != null) {
-                    sts.setCustomContent(authRealmParameter);
-                }
-            }
+            sts.setCustomContent(getCustomSTSParameterValue());
 
             // Line below may be uncommented for debugging
             // setTimeout(sts.getClient(), 3600000L);
@@ -123,9 +121,41 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider
{
 
     }
 
+    /**
+     * If customSTSParameter has been set, this method will lookup :
+     * <ul>
+     *     <ol> in http parameters</ol>
+     *     <ol> if not found in the requestCache from Spring Security.
+     *     This lookup is necessary whenever you use Spring Security form-login since
+     *     it redirects you to an login-url and stores original request in the requestCache.</ol>
+     * </ul>
+     */
+    private String getCustomSTSParameterValue() {
+        String authRealmParameter = null;
+        if (getCustomSTSParameter() != null) {
+            HttpServletRequest request =
+                    ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
+            HttpServletResponse response =
+                    ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getResponse();
+            authRealmParameter = request.getParameter(getCustomSTSParameter());
+            if (authRealmParameter == null) {
+                SavedRequest savedRequest = requestCache.getRequest(request, response);
+                String[] parameterValues = savedRequest.getParameterValues(this.getCustomSTSParameter());
+                if (parameterValues != null && parameterValues.length > 0) {
+                    authRealmParameter = parameterValues[0];
+                }
+            }
+            LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
+        }
+        return authRealmParameter;
+    }
+
     @Override
     public boolean supports(Class<?> authentication) {
         return authentication.equals(UsernamePasswordAuthenticationToken.class);
     }
 
+    public void setRequestCache(RequestCache requestCache) {
+        this.requestCache = requestCache;
+    }
 }


Mime
View raw message