cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf-fediz] 01/02: Merge pull request #27 from amergey/master
Date Wed, 16 May 2018 13:56:12 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git

commit f7f4df6b058a0cce4ad8e80af127a87ad55484b8
Author: Colm O hEigeartaigh <coheigea@users.noreply.github.com>
AuthorDate: Wed May 16 14:04:46 2018 +0100

    Merge pull request #27 from amergey/master
    
    [FEDIZ-217] Fix SAML authentication in Plugin
---
 .../java/org/apache/cxf/fediz/core/FederationConstants.java |  6 ++++++
 .../org/apache/cxf/fediz/core/handler/SigninHandler.java    | 13 ++++++++++++-
 .../apache/cxf/fediz/core/processor/SAMLProcessorImpl.java  |  3 ++-
 .../apache/cxf/fediz/tomcat8/FederationAuthenticator.java   |  9 +++++++--
 4 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
index 6839ff5..88bd273 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
@@ -150,6 +150,12 @@ public final class FederationConstants extends FedizConstants {
      * element.
      */
     public static final String PARAM_RESULT_PTR = "wresultptr";
+    
+    /**
+     * This OPTIONAL session attribute prefix append to request RelayState value specifies

+     * initial RequestState created before redirecting to IDP
+     */
+    public static final String SESSION_SAVED_REQUEST_STATE_PREFIX = "SAVED_REQUEST_STATE_";
 
     public static final Map<String, URI> AUTH_TYPE_MAP;
     static {
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index 31aefcd..125e9fc 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -23,8 +23,10 @@ import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.config.FedizContext;
@@ -101,13 +103,22 @@ public class SigninHandler<T> implements RequestHandler<T>
{
         FedizRequest federationRequest = new FedizRequest();
 
         String wa = req.getParameter(FederationConstants.PARAM_ACTION);
+        
+        String relayState = req.getParameter("RelayState");
 
         federationRequest.setAction(wa);
         federationRequest.setResponseToken(responseToken);
-        federationRequest.setState(req.getParameter("RelayState"));
+        federationRequest.setState(relayState);
         federationRequest.setRequest(req);
         federationRequest.setCerts((X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate"));
 
+        if (relayState != null) {
+            HttpSession session = req.getSession();
+            federationRequest.setRequestState((RequestState) 
+                 session.getAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX
+ relayState));
+            session.removeAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX
+ relayState);
+        }
+        
         FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedizContext.getProtocol());
         return processor.processRequest(federationRequest, fedizContext);
     }
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 7b2abc9..4ae304d 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -135,6 +135,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
                 tokenStream = CompressionUtils.inflate(deflatedToken);
             }
         } catch (DataFormatException ex) {
+            LOG.warn("Invalid data format", ex);
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         } catch (Base64DecodingException e) {
             throw new ProcessingException(TYPE.INVALID_REQUEST);
@@ -147,7 +148,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             el = doc.getDocumentElement();
 
         } catch (Exception e) {
-            LOG.warn("Failed to parse token: " + e.getMessage());
+            LOG.warn("Failed to parse token", e);
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
 
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
index e3da1db..6f357e8 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
@@ -43,6 +43,7 @@ import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.FedizPrincipal;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
@@ -299,7 +300,7 @@ public class FederationAuthenticator extends FormAuthenticator {
 
                 // Save original request in our session
                 try {
-                    saveRequest(request, redirectionResponse.getRequestState().getState());
+                    saveRequest(request, redirectionResponse.getRequestState());
                 } catch (IOException ioe) {
                     LOG.debug("Request body too big to save during authentication");
                     response.sendError(HttpServletResponse.SC_FORBIDDEN, sm
@@ -333,7 +334,8 @@ public class FederationAuthenticator extends FormAuthenticator {
         return false;
     }
 
-    protected void saveRequest(Request request, String contextId) throws IOException {
+    protected void saveRequest(Request request, RequestState requestState) throws IOException
{
+        String contextId = requestState.getState();
         String uri = request.getDecodedRequestURI();
         Session session = request.getSessionInternal(true);
         if (session != null) {
@@ -352,6 +354,9 @@ public class FederationAuthenticator extends FormAuthenticator {
                 sb.append(saved.getQueryString());
             }
             session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString());
+            //we set Request State as session attribute for later retrieval in SigninHandler
+            request.getSession().setAttribute(
+                FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + requestState.getState(),
requestState);
         }
     }
 

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

Mime
View raw message