You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/04/13 15:01:13 UTC
[5/5] cxf-fediz git commit: Fixing merge
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/bf5f471d
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/bf5f471d
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/bf5f471d
Branch: refs/heads/1.2.x-fixes
Commit: bf5f471d45f147bae346b45f0cf45ac20f53a1e5
Parents: 229c2b9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 13 16:01:00 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 13 16:01:00 2017 +0100
----------------------------------------------------------------------
.../idp/beans/EndpointAddressValidator.java | 5 +++
.../fediz/service/idp/domain/Application.java | 4 +-
.../cxf/fediz/service/idp/domain/Idp.java | 2 +-
.../idp/src/main/resources/entities-realma.xml | 1 -
.../WEB-INF/federation-validate-request.xml | 14 +++++--
.../apache/cxf/fediz/systests/idp/IdpTest.java | 40 +++-----------------
6 files changed, 24 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
index 83299cb..3e3d09c 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
@@ -64,6 +64,11 @@ public class EndpointAddressValidator {
return true;
}
+ if (realm == null) {
+ LOG.warn("No service config found for " + realm);
+ return false;
+ }
+
Application serviceConfig = idpConfig.findApplication(realm);
if (serviceConfig == null) {
LOG.warn("No service config found for " + realm);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
index fca01e1..b90b831 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
@@ -33,8 +33,8 @@ import javax.xml.bind.annotation.XmlType;
@XmlRootElement(name = "application", namespace = "http://org.apache.cxf.fediz/")
@XmlType(propOrder = {"realm", "role", "serviceDisplayName", "serviceDescription", "protocol",
"tokenType", "lifeTime", "encryptionCertificate", "requestedClaims",
- "policyNamespace", "passiveRequestorEndpoint", "passiveRequestorEndpointConstraint", "id" })
- "logoutEndpoint", "logoutEndpointConstraint"})
+ "policyNamespace", "passiveRequestorEndpoint", "passiveRequestorEndpointConstraint", "id",
+ "logoutEndpoint", "logoutEndpointConstraint" })
public class Application implements Serializable {
private static final long serialVersionUID = 5644327504861846964L;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
index bc4fe27..53e4ab9 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
@@ -36,7 +36,7 @@ import javax.xml.bind.annotation.XmlType;
"certificate", "certificatePassword", "provideIdpList", "useCurrentIdp", "hrds",
"rpSingleSignOutConfirmation", "supportedProtocols", "tokenTypesOffered", "claimTypesOffered",
"authenticationURIs", "applications", "trustedIdps", "id", "rpSingleSignOutCleanupConfirmation",
- "disableLogoutAddressValidation"})
+ "disableLogoutAddressValidation" })
public class Idp implements Serializable {
private static final long serialVersionUID = -5570301342547139039L;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/entities-realma.xml b/services/idp/src/main/resources/entities-realma.xml
index cdb116f..7d1490a 100644
--- a/services/idp/src/main/resources/entities-realma.xml
+++ b/services/idp/src/main/resources/entities-realma.xml
@@ -118,7 +118,6 @@
<property name="lifeTime" value="3600" />
<property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/fediz-oidc/.*" />
<property name="logoutEndpointConstraint" value="https://localhost:?(\d)*/.*" />
->>>>>>> 5eba7a0... FEDIZ-200 - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
index d37b13a..246657d 100644
--- a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
@@ -40,7 +40,7 @@
</on-entry>
<if
test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
- then="validateWReplyForSignout" />
+ then="parseLogoutWreply" />
<if
test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess"
else="selectSAMLProcess" />
@@ -62,10 +62,18 @@
then="viewBadRequest" else="signinResponse" />
</decision-state>
- <action-state id="validateWReplyForSignout">
+ <action-state id="parseLogoutWreply">
<on-entry>
- <evaluate expression="@org.apache.cxf.fediz.service.idp.util.WebUtils@getHttpHeader(flowRequestContext, 'Referer')" result="flowScope.wreply"/>
+ <evaluate expression="@org.apache.cxf.fediz.service.idp.util.WebUtils@getHttpHeader(flowRequestContext, 'Referer')" result="flowScope.referer"/>
</on-entry>
+ <evaluate expression="flowScope.referer == null" />
+ <transition on="yes" to="validateWReplyForSignout" />
+ <transition on="no" to="validateWReplyForSignout" >
+ <set name="flowScope.wreply" value="flowScope.referer" />
+ </transition>
+ </action-state>
+
+ <action-state id="validateWReplyForSignout">
<evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)
and endpointAddressValidator.isValidSignoutAddress(flowRequestContext, flowScope.wreply, flowScope.wtrealm)"/>
<transition on="yes" to="selectSignOutProcess" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 70ccbc1..2b40e30 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -29,11 +29,14 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import com.gargoylesoftware.htmlunit.CookieManager;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.html.DomElement;
import com.gargoylesoftware.htmlunit.html.DomNodeList;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
import com.gargoylesoftware.htmlunit.xml.XmlPage;
import org.apache.catalina.LifecycleException;
@@ -41,6 +44,7 @@ import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.commons.io.IOUtils;
+import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.util.DOMUtils;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
@@ -697,7 +701,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
+
@Test
public void testIdPLogout() throws Exception {
@@ -725,7 +729,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
@@ -742,8 +745,6 @@ public class IdpTest {
HtmlSubmitInput button = form.getInputByName("_eventId_submit");
button.click();
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out
webClient = new WebClient();
@@ -754,7 +755,6 @@ public class IdpTest {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
- webClient.close();
}
@Test
@@ -784,7 +784,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
@@ -797,8 +796,6 @@ public class IdpTest {
Assert.assertEquals("IDP SignOut Response Page", idpPage.getTitleText());
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out
webClient = new WebClient();
@@ -808,8 +805,6 @@ public class IdpTest {
idpPage = webClient.getPage(url);
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
-
- webClient.close();
}
@Test
@@ -839,7 +834,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP using a bad wreply
String badWReply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
@@ -858,8 +852,6 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out. Even though an error was thrown on a bad wreply, we should still
// be logged out
@@ -871,7 +863,6 @@ public class IdpTest {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
- webClient.close();
}
@Test
@@ -901,7 +892,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345";
@@ -920,8 +910,6 @@ public class IdpTest {
HtmlSubmitInput button = form.getInputByName("_eventId_submit");
button.click();
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out
webClient = new WebClient();
@@ -931,8 +919,6 @@ public class IdpTest {
idpPage = webClient.getPage(url);
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
-
- webClient.close();
}
@Test
@@ -962,7 +948,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345/badlogout";
@@ -980,7 +965,6 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
- webClient.close();
}
@Test
@@ -1010,7 +994,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345";
@@ -1027,7 +1010,6 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
- webClient.close();
}
@Test
@@ -1057,7 +1039,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345";
@@ -1076,8 +1057,6 @@ public class IdpTest {
HtmlSubmitInput button = form.getInputByName("_eventId_submit");
button.click();
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out
webClient = new WebClient();
@@ -1087,8 +1066,6 @@ public class IdpTest {
idpPage = webClient.getPage(url);
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
-
- webClient.close();
}
@Test
@@ -1118,7 +1095,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345/badlogout";
@@ -1135,8 +1111,6 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
-
- webClient.close();
}
@Test
@@ -1166,7 +1140,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345";
@@ -1183,9 +1156,6 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
-
- webClient.close();
}
->>>>>>> 5eba7a0... FEDIZ-200 - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
}