cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf-fediz] 01/02: Fix to get correct context variable in the Tomcat8 handler for SAML SSO
Date Wed, 16 May 2018 16:42:23 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git

commit ec2892287987798e4f54639fc7d414a17534897f
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Wed May 16 16:04:57 2018 +0100

    Fix to get correct context variable in the Tomcat8 handler for SAML SSO
---
 .../cxf/fediz/core/handler/SigninHandler.java      | 39 ++++++++++++++++------
 .../cxf/fediz/tomcat8/FederationAuthenticator.java |  9 +++--
 2 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index 125e9fc..1bf80f9 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -58,7 +58,7 @@ public class SigninHandler<T> implements RequestHandler<T> {
             && FederationConstants.ACTION_SIGNIN.equals(request.getParameter(FederationConstants.PARAM_ACTION)))
{
             return true;
         } else if (fedizContext.getProtocol() instanceof SAMLProtocol
-                   && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null)
{
+            && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
             return true;
         }
         return false;
@@ -103,22 +103,23 @@ public class SigninHandler<T> implements RequestHandler<T>
{
         FedizRequest federationRequest = new FedizRequest();
 
         String wa = req.getParameter(FederationConstants.PARAM_ACTION);
-        
-        String relayState = req.getParameter("RelayState");
 
         federationRequest.setAction(wa);
         federationRequest.setResponseToken(responseToken);
-        federationRequest.setState(relayState);
+
+        if (fedizContext.getProtocol() instanceof SAMLProtocol) {
+            String relayState = req.getParameter("RelayState");
+            federationRequest.setState(relayState);
+            if (relayState != null) {
+                HttpSession session = req.getSession();
+                federationRequest.setRequestState((RequestState)
+                     session.getAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX
+ relayState));
+                session.removeAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX
+ relayState);
+            }
+        }
         federationRequest.setRequest(req);
         federationRequest.setCerts((X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate"));
 
-        if (relayState != null) {
-            HttpSession session = req.getSession();
-            federationRequest.setRequestState((RequestState) 
-                 session.getAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX
+ relayState));
-            session.removeAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX
+ relayState);
-        }
-        
         FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedizContext.getProtocol());
         return processor.processRequest(federationRequest, fedizContext);
     }
@@ -166,6 +167,22 @@ public class SigninHandler<T> implements RequestHandler<T>
{
         return token;
     }
 
+    public String getContextParameter(HttpServletRequest request) {
+        String context = null;
+        if (fedizContext.getProtocol() instanceof FederationProtocol) {
+            context = request.getParameter(FederationConstants.PARAM_CONTEXT);
+            if (context == null) {
+                throw new RuntimeException("Missing required parameter 'wctx'");
+            }
+        } else if (fedizContext.getProtocol() instanceof SAMLProtocol) {
+            context = request.getParameter("RelayState");
+            if (context == null) {
+                throw new RuntimeException("Missing required parameter 'RelayState'");
+            }
+        }
+        return context;
+    }
+
     public FedizContext getFedizContext() {
         return fedizContext;
     }
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
index ff92c69..656f3f9 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
@@ -203,7 +203,7 @@ public class FederationAuthenticator extends FormAuthenticator {
             FedizPrincipal principal = signinHandler.handleRequest(request, response);
             if (principal != null) {
                 LOG.debug("Authentication of '{}' was successful", principal);
-                resumeRequest(request, response);
+                resumeRequest(signinHandler.getContextParameter(request), request, response);
             } else {
                 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             }
@@ -231,12 +231,11 @@ public class FederationAuthenticator extends FormAuthenticator {
         return authenticate(request, response);
     }
 
-    protected void resumeRequest(HttpServletRequest request, HttpServletResponse response)
throws IOException {
-        String contextId = request.getParameter(FederationConstants.PARAM_CONTEXT);
+    protected void resumeRequest(String contextId, HttpServletRequest request,
+                                 HttpServletResponse response) throws IOException {
         if (contextId == null) {
-            LOG.warn("The 'wctx' parameter has not been provided back with signin request.");
+            LOG.warn("The context parameter has not been provided back with signin request.");
             response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
         } else {
             Session session = ((Request)request).getSessionInternal();
             String originalURL = (String)session.getNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX
+ contextId);

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

Mime
View raw message