You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/13 11:36:26 UTC
[10/18] cxf-fediz git commit: Whitespace cleanup
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 154aab1..4104e8f 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -54,17 +54,17 @@ import org.springframework.security.ui.FilterChainOrder;
public class FederationAuthenticationFilter extends AbstractProcessingFilter {
-
+
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationFilter.class);
-
+
private FederationConfig federationConfig;
-
+
public FederationAuthenticationFilter() {
super();
}
/**
- *
+ *
*/
@Override
protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
@@ -75,15 +75,15 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
}
return result;
}
-
+
private boolean isTokenExpired() {
SecurityContext context = SecurityContextHolder.getContext();
- boolean detectExpiredTokens =
+ boolean detectExpiredTokens =
federationConfig != null && federationConfig.getFedizContext().isDetectExpiredTokens();
if (context != null && detectExpiredTokens) {
Authentication authentication = context.getAuthentication();
if (authentication instanceof FederationAuthenticationToken) {
- Date tokenExpires =
+ Date tokenExpires =
((FederationAuthenticationToken)authentication).getResponse().getTokenExpires();
if (tokenExpires == null) {
return false;
@@ -95,7 +95,7 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
}
}
}
-
+
return false;
}
@@ -106,13 +106,13 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
-
+
if (isTokenExpired()) {
throw new ExpiredTokenException("Token is expired");
}
-
+
verifySavedState(request);
-
+
String wa = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request);
FedizRequest wfReq = new FedizRequest();
@@ -120,18 +120,18 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
wfReq.setResponseToken(responseToken);
wfReq.setState(getState(request));
wfReq.setRequest(request);
-
- X509Certificate certs[] =
+
+ X509Certificate certs[] =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
-
+
final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(null, wfReq);
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
return this.getAuthenticationManager().authenticate(authRequest);
}
-
+
private void verifySavedState(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session != null) {
@@ -143,17 +143,17 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
}
}
}
-
+
private String getState(ServletRequest request) {
if (request.getParameter(FederationConstants.PARAM_CONTEXT) != null) {
return request.getParameter(FederationConstants.PARAM_CONTEXT);
} else if (request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
return request.getParameter(SAMLSSOConstants.RELAY_STATE);
}
-
+
return null;
}
-
+
@Override
public void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) {
@@ -161,29 +161,29 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
String redirectUrl = null;
try {
FedizContext fedContext = federationConfig.getFedizContext();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
RedirectionResponse redirectionResponse =
wfProc.createSignInRequest(request, fedContext);
redirectUrl = redirectionResponse.getRedirectionURL();
-
+
if (redirectUrl == null) {
LOG.warn("Failed to create SignInRequest. Redirect URL null");
throw new BadCredentialsException("Failed to create SignInRequest. Redirect URL null");
}
-
+
Map<String, String> headers = redirectionResponse.getHeaders();
if (!headers.isEmpty()) {
for (Entry<String, String> entry : headers.entrySet()) {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
} catch (ProcessingException ex) {
LOG.warn("Failed to create SignInRequest", ex);
throw new BadCredentialsException("Failed to create SignInRequest: " + ex.getMessage());
}
-
+
if (LOG.isInfoEnabled()) {
LOG.info("Redirecting to IDP: " + redirectUrl);
}
@@ -193,21 +193,21 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
throw new BadCredentialsException(ex.getMessage(), ex);
}
}
-
+
try {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} catch (IOException e) {
throw authException;
}
}
-
+
private String getResponseToken(ServletRequest request) {
if (request.getParameter(FederationConstants.PARAM_RESULT) != null) {
return request.getParameter(FederationConstants.PARAM_RESULT);
} else if (request.getParameter(SAMLSSOConstants.SAML_RESPONSE) != null) {
return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
}
-
+
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java
index 142e166..6b39c13 100644
--- a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java
@@ -195,16 +195,16 @@ public class FederationAuthenticator extends FormAuthenticator {
@Override
public boolean authenticate(Request request, HttpServletResponse response,
LoginConfig config) throws IOException {
-
+
LOG.debug("authenticate invoked");
-
+
String contextName = request.getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
LOG.debug("reading configuration for context path: {}", contextName);
FedizContext fedCtx = getContextConfiguration(contextName);
-
+
// Handle Signin requests
TomcatSigninHandler signinHandler = new TomcatSigninHandler(fedCtx);
signinHandler.setLandingPage(landingPage);
@@ -219,7 +219,7 @@ public class FederationAuthenticator extends FormAuthenticator {
// The actual login will take place after redirect
return false;
}
-
+
// Is this the re-submit of the original request URI after successful
// authentication? If so, forward the *original* request instead.
if (matchRequest(request)) {
@@ -241,12 +241,12 @@ public class FederationAuthenticator extends FormAuthenticator {
if (contextId == null) {
LOG.warn("The 'wctx' parameter has not been provided back with signin request.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
+
} else {
Session session = ((Request)request).getSessionInternal();
String originalURL = (String)session.getNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId);
session.removeNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId); // Cleanup session
-
+
try {
if (originalURL != null) {
LOG.debug("Restore request to {}", originalURL);
@@ -267,7 +267,7 @@ public class FederationAuthenticator extends FormAuthenticator {
}
}
}
-
+
protected boolean restoreRequest(Request request, HttpServletResponse response) throws IOException {
Session session = request.getSessionInternal();
@@ -288,7 +288,7 @@ public class FederationAuthenticator extends FormAuthenticator {
}
}
- protected void redirectToIdp(Request request, HttpServletResponse response, FedizContext fedCtx)
+ protected void redirectToIdp(Request request, HttpServletResponse response, FedizContext fedCtx)
throws IOException {
FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedCtx.getProtocol());
@@ -322,7 +322,7 @@ public class FederationAuthenticator extends FormAuthenticator {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
}
-
+
@Override
protected boolean matchRequest(Request request) {
Session session = request.getSessionInternal(false);
@@ -335,10 +335,10 @@ public class FederationAuthenticator extends FormAuthenticator {
return super.matchRequest(request);
}
}
- }
+ }
return false;
}
-
+
protected void saveRequest(Request request, String contextId) throws IOException {
String uri = request.getDecodedRequestURI();
Session session = request.getSessionInternal(true);
@@ -360,7 +360,7 @@ public class FederationAuthenticator extends FormAuthenticator {
session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString());
}
}
-
+
protected boolean restoreRequest(Request request) throws IOException {
Session session = request.getSessionInternal(false);
String uri = request.getDecodedRequestURI();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
index 964701a..4beee9f 100644
--- a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
@@ -52,7 +52,7 @@ public class FederationPrincipalImpl extends GenericPrincipal implements FedizPr
public Element getLoginToken() {
return loginToken;
}
-
+
public List<String> getRoleClaims() {
return Collections.unmodifiableList(roles);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
index 485d2aa..af70d88 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
@@ -185,16 +185,16 @@ public class FederationAuthenticator extends FormAuthenticator {
@Override
public boolean authenticate(Request request, HttpServletResponse response) throws IOException {
-
+
LOG.debug("authenticate invoked");
-
+
String contextName = request.getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
LOG.debug("reading configuration for context path: {}", contextName);
FedizContext fedCtx = getContextConfiguration(contextName);
-
+
// Handle Signin requests
TomcatSigninHandler signinHandler = new TomcatSigninHandler(fedCtx);
signinHandler.setLandingPage(landingPage);
@@ -209,7 +209,7 @@ public class FederationAuthenticator extends FormAuthenticator {
// The actual login will take place after redirect
return false;
}
-
+
// Is this the re-submit of the original request URI after successful
// authentication? If so, forward the *original* request instead.
if (matchRequest(request)) {
@@ -231,12 +231,12 @@ public class FederationAuthenticator extends FormAuthenticator {
if (contextId == null) {
LOG.warn("The 'wctx' parameter has not been provided back with signin request.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
+
} else {
Session session = ((Request)request).getSessionInternal();
String originalURL = (String)session.getNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId);
session.removeNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId); // Cleanup session
-
+
try {
if (originalURL != null) {
LOG.debug("Restore request to {}", originalURL);
@@ -257,7 +257,7 @@ public class FederationAuthenticator extends FormAuthenticator {
}
}
}
-
+
protected boolean restoreRequest(Request request, HttpServletResponse response) throws IOException {
Session session = request.getSessionInternal();
@@ -278,7 +278,7 @@ public class FederationAuthenticator extends FormAuthenticator {
}
}
- protected void redirectToIdp(Request request, HttpServletResponse response, FedizContext fedCtx)
+ protected void redirectToIdp(Request request, HttpServletResponse response, FedizContext fedCtx)
throws IOException {
FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedCtx.getProtocol());
@@ -312,7 +312,7 @@ public class FederationAuthenticator extends FormAuthenticator {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
}
-
+
@Override
protected boolean matchRequest(Request request) {
Session session = request.getSessionInternal(false);
@@ -325,10 +325,10 @@ public class FederationAuthenticator extends FormAuthenticator {
return super.matchRequest(request);
}
}
- }
+ }
return false;
}
-
+
protected void saveRequest(Request request, String contextId) throws IOException {
String uri = request.getDecodedRequestURI();
Session session = request.getSessionInternal(true);
@@ -350,7 +350,7 @@ public class FederationAuthenticator extends FormAuthenticator {
session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString());
}
}
-
+
protected boolean restoreRequest(Request request) throws IOException {
Session session = request.getSessionInternal(false);
String uri = request.getDecodedRequestURI();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java
index 7b3ee9e..8a49e44 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java
@@ -24,12 +24,12 @@ package org.apache.cxf.fediz.was;
*/
//CHECKSTYLE:OFF
public interface Constants {
-
+
String HTTP_POST_METHOD = "POST";
//String UTF_8_ENCODING_SCHEME = "UTF-8";
String VERSION = "1.2.0";
String TIMESTAMP_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
-
+
String USER_REGISTRY_JNDI_NAME = "UserRegistry";
String SUBJECT_TOKEN_KEY = "_security.token";
@@ -69,13 +69,13 @@ public interface Constants {
* default value is set to 'false', thus the UserRegistry will be invoked.
*/
String PROPERTY_KEY_DIRECT_GROUP_MAPPING = "directGroupMapping";
-
+
/**
* The session cookie name can be renamed in WebSphere. If it is renamed, it is required to change it in the
* interceptor configuration too. A misconfiguration would lead to performance loss.
*/
String PROPERTY_SESSION_COOKIE_NAME = "sessionCookieName";
-
+
/**
* Default name of the session cookie in wbesphere
*/
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java
index f0c2c0a..3374853 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java
@@ -80,7 +80,7 @@ public class FileBasedRoleToGroupMapper implements RoleToGroupMapper {
if (roles == null) {
return null;
}
-
+
List<String> groups = new ArrayList<>(20);
for (String key : roles) {
List<String> groupList = mappings.get(key);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java
index 04e515c..29cb70c 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java
@@ -26,9 +26,9 @@ import java.util.Properties;
*/
public interface RoleToGroupMapper {
/**
- * Convenience Method to allow initialization of a GroupMapper
+ * Convenience Method to allow initialization of a GroupMapper
* from the Properties defined in the WAS Server configuration
- *
+ *
*/
void initialize(Properties properties);
@@ -39,8 +39,8 @@ public interface RoleToGroupMapper {
/**
* Convenience Method to allow cleanup of allocated resources
- *
- */
-
+ *
+ */
+
void cleanup();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
index 8ad301b..d79b6e7 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
@@ -127,10 +127,10 @@ public class SecurityContextTTLChecker extends HttpServlet implements Filter {
long currentTime = System.currentTimeMillis();
return response.getTokenExpires().getTime() > currentTime;
}
-
+
private FedizResponse getCachedFederationResponse(Subject subject) {
Iterator<?> i = subject.getPublicCredentials().iterator();
-
+
while (i.hasNext()) {
Object o = i.next();
if (o instanceof Hashtable) {
@@ -141,7 +141,7 @@ public class SecurityContextTTLChecker extends HttpServlet implements Filter {
}
return null;
}
-
+
/*
* (non-Java-doc)
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
index c7a28de..e458604 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
@@ -78,7 +78,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
private FedizConfigurator configurator;
private RoleToGroupMapper mapper;
private String cookieName = "LtpaToken2";
-
+
/**
* @see org.apache.cxf.fediz.was.Constants#PROPERTY_KEY_DIRECT_GROUP_MAPPING
*/
@@ -123,7 +123,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
/**
* Registers a WebApplication using its contextPath as a key. This method must be called by the associated
* security ServletFilter instance of a secured application at initialization time
- *
+ *
* @param contextPath
* @deprecated Not used/needed any longer since version 1.2.0
*/
@@ -134,7 +134,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
/**
* Deregister a WebApplication using its contextPath as a key. This method must be called by the
* associated security ServletFilter instance of a secured application in the #destroy() method
- *
+ *
* @param contextPath
* @deprecated Not used/needed any longer since version 1.2.0
*/
@@ -214,7 +214,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
* This method decides weather the interceptor shall be called for #negotiateValidateandEstablishTrust. If
* the request is applicable for a metadata document, logout URL, or provides a signin token, this method
* returns true. I the use , otherwise this interceptor will not be called.
- *
+ *
* @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#isTargetInterceptor(HttpServletRequest)
*/
@Override
@@ -390,7 +390,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
throw new WebTrustAssociationFailedException(e.getMessage());
}
}
-
+
protected void terminateSession(HttpServletRequest request) {
HttpSession session = request.getSession();
session.removeAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY);
@@ -583,7 +583,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
/**
* Convenience method for converting a list of group names to their unique group IDs
- *
+ *
* @param reg
* @param group
* @return
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java b/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java
index 2159816..14e96c5 100644
--- a/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java
+++ b/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java
@@ -35,15 +35,15 @@ import static org.junit.Assert.assertNotNull;
public class FedizInterceptorTest {
-
+
@Test
public void testGroupMappingWithNull() throws WebTrustAssociationFailedException {
-
+
FedizResponse resp = EasyMock.createMock(FedizResponse.class);
EasyMock.expect(resp.getRoles()).andReturn(null);
EasyMock.expect(resp.getUsername()).andReturn("Test-User").anyTimes();
EasyMock.replay(resp);
-
+
FedizInterceptor fedizInterceptor = new FedizInterceptor();
Properties properties = new Properties();
properties.put(Constants.PROPERTY_KEY_CONFIG_LOCATION, "src/test/resources/fediz_config.xml");
@@ -52,20 +52,20 @@ public class FedizInterceptorTest {
assertNotNull(result);
assertEquals(0, result.size());
}
-
+
@Test
public void testDirectGroupMapping() throws WebTrustAssociationFailedException {
-
+
FedizResponse resp = EasyMock.createMock(FedizResponse.class);
EasyMock.expect(resp.getRoles()).andReturn(Arrays.asList("Admin", "Manager"));
EasyMock.expect(resp.getUsername()).andReturn("Test-User").anyTimes();
EasyMock.replay(resp);
-
+
FedizInterceptor fedizInterceptor = new FedizInterceptor();
Properties properties = new Properties();
properties.put(Constants.PROPERTY_KEY_CONFIG_LOCATION, "src/test/resources/fediz_config.xml");
properties.put(Constants.PROPERTY_KEY_DIRECT_GROUP_MAPPING, "true");
-
+
fedizInterceptor.initialize(properties);
List<String> result = fedizInterceptor.groupIdsFromTokenRoles(resp);
assertNotNull(result);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
index 0aab857..dca1b46 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
@@ -44,26 +44,26 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
public class MetadataServlet extends HttpServlet {
public static final String PARAM_REALM = "realm";
-
+
private static final Logger LOG = LoggerFactory
.getLogger(MetadataServlet.class);
private static final long serialVersionUID = 1L;
-
+
private ApplicationContext applicationContext;
private String realm;
-
-
+
+
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
response.setContentType("text/xml; charset=utf-8");
PrintWriter out = response.getWriter();
-
+
ConfigService cs = (ConfigService)getApplicationContext().getBean("config");
Idp idpConfig = cs.getIDP(realm);
try {
if (request.getServletPath() != null && request.getServletPath().startsWith("/metadata")) {
- String serviceRealm =
+ String serviceRealm =
request.getRequestURI().substring(request.getRequestURI().indexOf("/metadata")
+ "/metadata".length());
if (serviceRealm != null && serviceRealm.charAt(0) == '/') {
@@ -107,5 +107,5 @@ public class MetadataServlet extends HttpServlet {
}
return applicationContext;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
index 4e8ed11..d42904b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
@@ -49,49 +49,49 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
*/
public abstract class STSAuthenticationProvider implements AuthenticationProvider {
- public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
+ public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
-
- public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
+
+ public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-
+
public static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST =
"http://schemas.xmlsoap.org/ws/2005/02/trust";
-
+
private static final Logger LOG = LoggerFactory.getLogger(STSAuthenticationProvider.class);
protected String wsdlLocation;
-
+
protected String namespace = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512;
-
+
protected String wsdlService;
protected String wsdlEndpoint;
protected String appliesTo;
-
+
protected boolean use200502Namespace;
-
+
protected String tokenType;
-
+
protected Bus bus;
-
+
protected Integer lifetime;
-
+
//Required to get IDP roles to use the IDP application, used in future release
protected String roleURI;
-
+
protected Map<String, Object> properties = new HashMap<>();
-
+
private String customSTSParameter;
-
+
protected List<GrantedAuthority> createAuthorities(SecurityToken token) throws WSSecurityException {
List<GrantedAuthority> authorities = new ArrayList<>();
//authorities.add(new SimpleGrantedAuthority("ROLE_AUTHENTICATED"));
//Not needed because AuthenticatedVoter has been added for SecurityFlowExecutionListener
if (roleURI != null) {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token.getToken());
-
+
List<Claim> claims = parseClaimsInAssertion(assertion.getSaml2());
for (Claim c : claims) {
if (c.getClaimType() != null && roleURI.equals(c.getClaimType().toString())) {
@@ -112,13 +112,13 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
}
}
}
-
+
//Add IDP_LOGIN role to be able to access resource Idp, TrustedIdp, etc.
authorities.add(new SimpleGrantedAuthority("ROLE_IDP_LOGIN"));
-
+
return authorities;
}
-
+
public String getWsdlLocation() {
return wsdlLocation;
}
@@ -142,7 +142,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
public void setWsdlEndpoint(String wsdlEndpoint) {
this.wsdlEndpoint = wsdlEndpoint;
}
-
+
public String getNamespace() {
return namespace;
}
@@ -158,7 +158,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
public void setAppliesTo(String appliesTo) {
this.appliesTo = appliesTo;
}
-
+
public void setBus(Bus bus) {
this.bus = bus;
}
@@ -175,7 +175,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
public void setTokenType(String tokenType) {
this.tokenType = tokenType;
}
-
+
public Integer getLifetime() {
return lifetime;
}
@@ -202,7 +202,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
LOG.debug("parsing attribute: {}", attribute.getName());
Claim c = new Claim();
- // Workaround for CXF-4484
+ // Workaround for CXF-4484
// Value of Attribute Name not fully qualified
// if NameFormat is http://schemas.xmlsoap.org/ws/2005/05/identity/claims
// but ClaimType value must be fully qualified as Namespace attribute goes away
@@ -229,7 +229,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
return collection;
}
-
+
protected void mergeClaimToMap(Map<String, Claim> claimsMap, Claim c,
List<String> valueList) {
Claim t = claimsMap.get(c.getClaimType().toString());
@@ -270,7 +270,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
public void setRoleURI(String roleURI) {
this.roleURI = roleURI;
}
-
+
public void setProperties(Map<String, Object> p) {
properties.putAll(p);
}
@@ -295,7 +295,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
this.customSTSParameter = customSTSParameter;
}
-//May be uncommented for debugging
+//May be uncommented for debugging
// private void setTimeout(Client client, Long timeout) {
// HTTPConduit conduit = (HTTPConduit) client.getConduit();
// HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
@@ -303,5 +303,5 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
// httpClientPolicy.setReceiveTimeout(timeout);
// conduit.setClient(httpClientPolicy);
// }
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
index 62f4817..5e80466 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
@@ -56,21 +56,21 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
private static final Logger LOG = LoggerFactory.getLogger(STSKrbAuthenticationProvider.class);
private KerberosTokenValidator kerberosTokenValidator;
-
+
private CallbackHandler kerberosCallbackHandler;
-
+
private boolean kerberosUsernameServiceNameForm;
-
+
private boolean requireDelegation;
-
-
+
+
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// We only handle KerberosServiceRequestTokens
if (!(authentication instanceof KerberosServiceRequestToken)) {
return null;
}
-
+
Bus cxfBus = getBus();
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
@@ -83,26 +83,26 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
sts.setWsdlLocation(wsdlLocation);
sts.setServiceQName(new QName(namespace, wsdlService));
sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-
+
sts.getProperties().putAll(properties);
if (use200502Namespace) {
sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
}
-
+
if (lifetime != null) {
sts.setEnableLifetime(true);
sts.setTtl(lifetime.intValue());
}
-
+
return handleKerberos((KerberosServiceRequestToken)authentication, sts);
}
-
+
private Authentication handleKerberos(
KerberosServiceRequestToken kerberosRequestToken,
IdpSTSClient sts
) {
Principal kerberosPrincipal = null;
- //
+ //
// If delegation is required then validate the received token + store the
// Delegated Credential so that we can retrieve a new kerberos token for the
// STS with it. If delegation is not required, then we just get the received
@@ -118,36 +118,36 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
kerberosClient.setToken(kerberosRequestToken.getToken());
sts.getProperties().put(SecurityConstants.KERBEROS_CLIENT, kerberosClient);
}
-
+
try {
- // Line below may be uncommented for debugging
+ // Line below may be uncommented for debugging
// setTimeout(sts.getClient(), 3600000L);
SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-
+
if (kerberosPrincipal == null && token.getToken() != null
&& "Assertion".equals(token.getToken().getLocalName())) {
// For the pass-through Kerberos case, we don't know the Principal name...
- kerberosPrincipal =
+ kerberosPrincipal =
new SAMLTokenPrincipalImpl(new SamlAssertionWrapper(token.getToken()));
}
-
+
if (kerberosPrincipal == null) {
LOG.info("Failed to authenticate user '" + kerberosRequestToken.getName());
return null;
}
-
+
List<GrantedAuthority> authorities = createAuthorities(token);
-
- KerberosServiceRequestToken ksrt =
+
+ KerberosServiceRequestToken ksrt =
new KerberosServiceRequestToken(kerberosPrincipal, authorities, kerberosRequestToken.getToken());
-
+
STSUserDetails details = new STSUserDetails(kerberosPrincipal.getName(),
"",
authorities,
token);
ksrt.setDetails(details);
-
+
LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), kerberosPrincipal.getName());
return ksrt;
} catch (Exception ex) {
@@ -155,7 +155,7 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
return null;
}
}
-
+
private Principal validateKerberosToken(
KerberosServiceRequestToken token,
IdpSTSClient sts
@@ -174,7 +174,7 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
return null;
}
GSSCredential delegatedCredential = kerberosContext.getDelegationCredential();
- sts.getProperties().put(SecurityConstants.DELEGATED_CREDENTIAL,
+ sts.getProperties().put(SecurityConstants.DELEGATED_CREDENTIAL,
delegatedCredential);
sts.getProperties().put(SecurityConstants.KERBEROS_USE_CREDENTIAL_DELEGATION, "true");
kerberosPrincipal = kerberosContext.getPrincipal();
@@ -187,7 +187,7 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
}
if (kerberosTokenValidator.getContextName() != null) {
- sts.getProperties().put(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME,
+ sts.getProperties().put(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME,
kerberosTokenValidator.getContextName());
}
if (kerberosTokenValidator.getServiceName() != null) {
@@ -195,17 +195,17 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
kerberosTokenValidator.getServiceName());
}
if (kerberosCallbackHandler != null) {
- sts.getProperties().put(SecurityConstants.CALLBACK_HANDLER,
+ sts.getProperties().put(SecurityConstants.CALLBACK_HANDLER,
kerberosCallbackHandler);
}
if (kerberosUsernameServiceNameForm) {
- sts.getProperties().put(SecurityConstants.KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,
+ sts.getProperties().put(SecurityConstants.KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,
"true");
}
-
+
return kerberosPrincipal;
}
-
+
protected GSSContext createGSSContext() throws GSSException {
Oid oid = new Oid("1.2.840.113554.1.2.2");
@@ -223,7 +223,7 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
public boolean supports(Class<?> authentication) {
return authentication.equals(KerberosServiceRequestToken.class);
}
-
+
public KerberosTokenValidator getKerberosTokenValidator() {
return kerberosTokenValidator;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
index 889dadd..3c1ecd2 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
@@ -38,23 +38,23 @@ import org.springframework.web.filter.GenericFilterBean;
public class STSPortFilter extends GenericFilterBean implements ApplicationContextAware {
private static final Logger LOG = LoggerFactory.getLogger(STSPortFilter.class);
-
+
private ApplicationContext applicationContext;
private STSAuthenticationProvider authenticationProvider;
-
+
private boolean isPortSet;
-
+
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
-
+
Assert.isTrue(applicationContext != null, "Application context must not be null");
STSAuthenticationProvider authProvider = authenticationProvider;
if (authProvider == null) {
authProvider = applicationContext.getBean(STSAuthenticationProvider.class);
}
Assert.isTrue(authProvider != null, "STSAuthenticationProvider must be configured");
-
+
//Only update the port if HTTPS is used, otherwise ignored (like retrieving the WADL over HTTP)
if (!isPortSet && request.isSecure()) {
try {
@@ -70,7 +70,7 @@ public class STSPortFilter extends GenericFilterBean implements ApplicationConte
LOG.error("Invalid Url '" + authProvider.getWsdlLocation() + "': " + e.getMessage());
}
}
-
+
chain.doFilter(request, response);
}
@@ -78,7 +78,7 @@ public class STSPortFilter extends GenericFilterBean implements ApplicationConte
authProvider.setWsdlLocation(wsdlUrl);
this.isPortSet = true;
}
-
+
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
index 45ec0a3..e6e3629 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
@@ -51,7 +51,7 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
if (!(authentication instanceof PreAuthenticatedAuthenticationToken)) {
return null;
}
-
+
Bus cxfBus = getBus();
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
@@ -64,20 +64,20 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
sts.setWsdlLocation(wsdlLocation);
sts.setServiceQName(new QName(namespace, wsdlService));
sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-
+
sts.getProperties().putAll(properties);
if (use200502Namespace) {
sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
}
-
+
if (lifetime != null) {
sts.setEnableLifetime(true);
sts.setTtl(lifetime.intValue());
}
-
+
return handlePreAuthenticated((PreAuthenticatedAuthenticationToken)authentication, sts);
}
-
+
private Authentication handlePreAuthenticated(
PreAuthenticatedAuthenticationToken preauthenticatedToken,
IdpSTSClient sts
@@ -86,7 +86,7 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
if (cert == null) {
return null;
}
-
+
// Convert the received certificate to a DOM Element to write it out "OnBehalfOf"
Document doc = DOMUtils.createDocument();
X509Data certElem = new X509Data(doc);
@@ -97,25 +97,25 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
LOG.debug("Error parsing a client certificate", e);
return null;
}
-
+
try {
- // Line below may be uncommented for debugging
+ // Line below may be uncommented for debugging
// setTimeout(sts.getClient(), 3600000L);
SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-
+
List<GrantedAuthority> authorities = createAuthorities(token);
-
+
STSUserDetails details = new STSUserDetails(preauthenticatedToken.getName(),
"",
authorities,
token);
-
+
preauthenticatedToken.setDetails(details);
-
+
LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), preauthenticatedToken.getName());
return preauthenticatedToken;
-
+
} catch (Exception ex) {
LOG.info("Failed to authenticate user '" + preauthenticatedToken.getName() + "'", ex);
return null;
@@ -126,5 +126,5 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
public boolean supports(Class<?> authentication) {
return authentication.equals(PreAuthenticatedAuthenticationToken.class);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
index 6e9130c..6db919b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
@@ -42,14 +42,14 @@ import org.springframework.web.context.request.ServletRequestAttributes;
public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
private static final Logger LOG = LoggerFactory.getLogger(STSUPAuthenticationProvider.class);
-
+
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// We only handle UsernamePasswordAuthenticationTokens
if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
return null;
}
-
+
Bus cxfBus = getBus();
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
@@ -62,31 +62,31 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
sts.setWsdlLocation(wsdlLocation);
sts.setServiceQName(new QName(namespace, wsdlService));
sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-
+
sts.getProperties().putAll(properties);
if (use200502Namespace) {
sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
}
-
+
if (lifetime != null) {
sts.setEnableLifetime(true);
sts.setTtl(lifetime.intValue());
}
-
+
return handleUsernamePassword((UsernamePasswordAuthenticationToken)authentication, sts);
}
-
+
private Authentication handleUsernamePassword(
UsernamePasswordAuthenticationToken usernamePasswordToken,
IdpSTSClient sts
) {
sts.getProperties().put(SecurityConstants.USERNAME, usernamePasswordToken.getName());
sts.getProperties().put(SecurityConstants.PASSWORD, (String)usernamePasswordToken.getCredentials());
-
+
try {
-
+
if (getCustomSTSParameter() != null) {
- HttpServletRequest request =
+ HttpServletRequest request =
((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
String authRealmParameter = request.getParameter(getCustomSTSParameter());
LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
@@ -95,16 +95,16 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
}
}
- // Line below may be uncommented for debugging
+ // Line below may be uncommented for debugging
// setTimeout(sts.getClient(), 3600000L);
SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-
+
List<GrantedAuthority> authorities = createAuthorities(token);
-
- UsernamePasswordAuthenticationToken upat =
- new UsernamePasswordAuthenticationToken(usernamePasswordToken.getName(),
- usernamePasswordToken.getCredentials(),
+
+ UsernamePasswordAuthenticationToken upat =
+ new UsernamePasswordAuthenticationToken(usernamePasswordToken.getName(),
+ usernamePasswordToken.getCredentials(),
authorities);
STSUserDetails details = new STSUserDetails(usernamePasswordToken.getName(),
@@ -115,17 +115,17 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), usernamePasswordToken.getName());
return upat;
-
+
} catch (Exception ex) {
LOG.info("Failed to authenticate user '" + usernamePasswordToken.getName() + "'", ex);
return null;
}
-
+
}
-
+
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
index 080bcb4..4178b07 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
@@ -25,18 +25,18 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
public class STSUserDetails extends User {
-
+
private static final long serialVersionUID = 1975259365978165675L;
-
+
private SecurityToken token;
-
+
public STSUserDetails(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked,
Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
-
- public STSUserDetails(String username, String password,
+
+ public STSUserDetails(String username, String password,
Collection<? extends GrantedAuthority> authorities, SecurityToken token) {
super(username, password, true, true, true, true, authorities);
this.token = token;
@@ -51,23 +51,23 @@ public class STSUserDetails extends User {
if (!(object instanceof STSUserDetails)) {
return false;
}
-
+
if (token != null && !token.equals(((STSUserDetails)object).token)) {
return false;
} else if (token == null && ((STSUserDetails)object).token != null) {
return false;
}
-
+
return super.equals(object);
}
-
+
@Override
public int hashCode() {
int hashCode = 17;
if (token != null) {
hashCode *= 31 * token.hashCode();
}
-
+
return hashCode * super.hashCode();
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
index 25780d2..fa40a55 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
@@ -37,7 +37,7 @@ public class CommonsURLValidator {
if (endpointAddress == null) {
return true;
}
-
+
// The endpointAddress address must be a valid URL + start with http(s)
// Validate it first using commons-validator
UrlValidator urlValidator = new UrlValidator(new String[] {"http", "https"}, UrlValidator.ALLOW_LOCAL_URLS);
@@ -45,8 +45,8 @@ public class CommonsURLValidator {
LOG.warn("The given endpointAddress parameter {} is not a valid URL", endpointAddress);
return false;
}
-
+
return true;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
index cbe4ee8..b65fe09 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
@@ -37,13 +37,13 @@ public class IdpTokenExpiredAction {
public boolean isTokenExpired(String homeRealm, RequestContext context)
throws Exception {
-
- SecurityToken idpToken =
+
+ SecurityToken idpToken =
(SecurityToken) WebUtils.getAttributeFromExternalContext(context, homeRealm);
if (idpToken == null) {
return true;
}
-
+
if (tokenExpirationValidation && idpToken.isExpired()) {
LOG.info("[IDP_TOKEN=" + idpToken.getId() + "] is expired.");
return true;
@@ -57,7 +57,7 @@ public class IdpTokenExpiredAction {
}
/**
- * Set whether the token validation (e.g. lifetime) shall be performed on every request (true) or only
+ * Set whether the token validation (e.g. lifetime) shall be performed on every request (true) or only
* once at initial authentication (false). The default is "true" (note that the plugins default for this
* configuration option is "true").
* @param tokenExpirationValidation Whether to perform token expiration validation per request
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
index 3f5be36..7ef61b2 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
@@ -42,25 +42,25 @@ public class PassiveRequestorValidator {
if (endpointAddress == null) {
return true;
}
-
+
Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, "idpConfig");
Application serviceConfig = idpConfig.findApplication(realm);
if (serviceConfig == null) {
LOG.warn("No service config found for " + realm);
return false;
}
-
- if (serviceConfig.getPassiveRequestorEndpoint() == null
+
+ if (serviceConfig.getPassiveRequestorEndpoint() == null
&& serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) {
LOG.error("Either the 'passiveRequestorEndpoint' or the 'passiveRequestorEndpointConstraint' "
+ "configuration values must be specified for the application");
- } else if (serviceConfig.getPassiveRequestorEndpoint() != null
+ } else if (serviceConfig.getPassiveRequestorEndpoint() != null
&& serviceConfig.getPassiveRequestorEndpoint().equals(endpointAddress)) {
- LOG.debug("The supplied endpoint address {} matches the configured passive requestor endpoint value",
+ LOG.debug("The supplied endpoint address {} matches the configured passive requestor endpoint value",
endpointAddress);
return true;
} else if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() != null) {
- Matcher matcher =
+ Matcher matcher =
serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress);
if (matcher.matches()) {
return true;
@@ -69,8 +69,8 @@ public class PassiveRequestorValidator {
endpointAddress);
}
}
-
+
return false;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index c2a8e26..5984fa4 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -61,20 +61,20 @@ import org.springframework.webflow.execution.RequestContext;
public class STSClientAction {
- private static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY =
+ private static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY =
"http://schemas.xmlsoap.org/ws/2005/05/identity";
- private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
+ private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
-
- private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY =
+
+ private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
private static final String HTTP_WWW_W3_ORG_2005_08_ADDRESSING = "http://www.w3.org/2005/08/addressing";
- private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
+ private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-
+
private static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST =
"http://schemas.xmlsoap.org/ws/2005/02/trust";
@@ -82,29 +82,29 @@ public class STSClientAction {
private static final Logger LOG = LoggerFactory
.getLogger(STSClientAction.class);
-
+
protected String namespace = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512;
protected String wsdlLocation;
protected String wsdlEndpoint;
-
+
protected String wsdlService = SECURITY_TOKEN_SERVICE;
-
+
protected String tokenType = WSConstants.WSS_SAML2_TOKEN_TYPE;
-
+
protected Map<String, Object> properties;
-
+
protected boolean use200502Namespace;
-
+
protected int ttl = 1800;
-
+
protected Bus bus;
-
+
private boolean isPortSet;
-
+
private String keyType = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER;
-
+
private String customSTSParameter;
@@ -132,7 +132,7 @@ public class STSClientAction {
public void setWsdlEndpoint(String wsdlEndpoint) {
this.wsdlEndpoint = wsdlEndpoint;
}
-
+
public String getWsdlService() {
return wsdlService;
}
@@ -140,7 +140,7 @@ public class STSClientAction {
public void setWsdlService(String wsdlService) {
this.wsdlService = wsdlService;
}
-
+
public String getNamespace() {
return namespace;
}
@@ -148,7 +148,7 @@ public class STSClientAction {
public void setNamespace(String namespace) {
this.namespace = namespace;
}
-
+
public void setBus(Bus bus) {
this.bus = bus;
}
@@ -173,7 +173,7 @@ public class STSClientAction {
public void setTtl(int ttl) {
this.ttl = ttl;
}
-
+
public String getCustomSTSParameter() {
return customSTSParameter;
}
@@ -181,7 +181,7 @@ public class STSClientAction {
public void setCustomSTSParameter(String customSTSParameter) {
this.customSTSParameter = customSTSParameter;
}
-
+
/**
* @param context the webflow request context
* @param realm The client/application realm
@@ -190,7 +190,7 @@ public class STSClientAction {
*/
public Element submit(RequestContext context, String realm, String homeRealm)
throws Exception {
-
+
SecurityToken idpToken = getSecurityToken(context, homeRealm);
Bus cxfBus = getBus();
@@ -198,13 +198,13 @@ public class STSClientAction {
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace(HTTP_WWW_W3_ORG_2005_08_ADDRESSING);
-
+
Application serviceConfig = idpConfig.findApplication(realm);
if (serviceConfig == null) {
LOG.warn("No service config found for " + realm);
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
// Parse wreq parameter - we only support parsing TokenType and KeyType for now
String wreq = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REQUEST);
String stsTokenType = null;
@@ -216,12 +216,12 @@ public class STSClientAction {
if (wreqElement != null && "RequestSecurityToken".equals(wreqElement.getLocalName())
&& (STSUtils.WST_NS_05_12.equals(wreqElement.getNamespaceURI())
|| HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST.equals(wreqElement.getNamespaceURI()))) {
- Element tokenTypeElement =
+ Element tokenTypeElement =
DOMUtils.getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "TokenType");
if (tokenTypeElement != null) {
stsTokenType = tokenTypeElement.getTextContent();
}
- Element keyTypeElement =
+ Element keyTypeElement =
DOMUtils.getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "KeyType");
if (keyTypeElement != null) {
stsKeyType = keyTypeElement.getTextContent();
@@ -232,7 +232,7 @@ public class STSClientAction {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
+
if (stsTokenType != null) {
sts.setTokenType(stsTokenType);
} else if (serviceConfig.getTokenType() != null && serviceConfig.getTokenType().length() > 0) {
@@ -240,18 +240,18 @@ public class STSClientAction {
} else {
sts.setTokenType(getTokenType());
}
-
+
if (serviceConfig.getPolicyNamespace() != null && serviceConfig.getPolicyNamespace().length() > 0) {
sts.setWspNamespace(serviceConfig.getPolicyNamespace());
}
-
+
LOG.debug("TokenType {} set for realm {}", sts.getTokenType(), realm);
-
+
sts.setKeyType(stsKeyType);
if (HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY.equals(stsKeyType)) {
HttpServletRequest servletRequest = WebUtils.getHttpServletRequest(context);
if (servletRequest != null) {
- X509Certificate certs[] =
+ X509Certificate certs[] =
(X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate");
if (certs != null && certs.length > 0) {
sts.setUseCertificateForConfirmationKeyInfo(true);
@@ -275,18 +275,18 @@ public class STSClientAction {
addClaims(sts, serviceConfig.getRequestedClaims());
LOG.debug("Requested claims set for {}", realm);
}
-
+
sts.setEnableLifetime(true);
setLifetime(sts, serviceConfig, realm);
-
+
sts.setEnableAppliesTo(serviceConfig.isEnableAppliesTo());
-
+
sts.setOnBehalfOf(idpToken.getToken());
-
+
if (properties != null) {
sts.setProperties(properties);
}
-
+
if (getCustomSTSParameter() != null) {
String authRealmParameter = context.getRequestParameters().get(getCustomSTSParameter());
LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
@@ -294,13 +294,13 @@ public class STSClientAction {
sts.setCustomContent(authRealmParameter);
}
}
-
+
Element rpToken = null;
try {
rpToken = sts.requestSecurityTokenResponse(realm);
} catch (SoapFault ex) {
LOG.error("Error in retrieving a token", ex.getMessage());
- if (ex.getFaultCode() != null
+ if (ex.getFaultCode() != null
&& "RequestFailed".equals(ex.getFaultCode().getLocalPart())) {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
@@ -309,23 +309,23 @@ public class STSClientAction {
if (LOG.isInfoEnabled()) {
String id = getIdFromToken(rpToken);
-
+
LOG.info("[RP_TOKEN={}] successfully created for realm [{}] on behalf of [IDP_TOKEN={}]",
id, realm, idpToken.getId());
}
return rpToken;
}
-
+
private String getIdFromToken(Element token) throws IOException, XMLStreamException {
if (token != null) {
NodeList nd = token.getElementsByTagNameNS(WSConstants.SAML2_NS, "Assertion");
-
+
String identifier = "ID";
if (nd.getLength() == 0) {
nd = token.getElementsByTagNameNS(WSConstants.SAML_NS, "Assertion");
identifier = "AssertionID";
}
-
+
if (nd.getLength() > 0) {
Element e = (Element) nd.item(0);
if (e.hasAttributeNS(null, identifier)) {
@@ -333,7 +333,7 @@ public class STSClientAction {
}
}
}
-
+
return "";
}
@@ -349,7 +349,7 @@ public class STSClientAction {
}
return idpToken;
}
-
+
private void processWsdlLocation(RequestContext context) {
if (!isPortSet) {
@@ -357,7 +357,7 @@ public class STSClientAction {
URL url = new URL(this.wsdlLocation);
URL updatedUrl = new URL(url.getProtocol(), url.getHost(),
WebUtils.getHttpServletRequest(context).getLocalPort(), url.getFile());
-
+
setSTSWsdlUrl(updatedUrl.toString());
LOG.info("STS WSDL URL updated to {}", updatedUrl.toString());
} catch (MalformedURLException e) {
@@ -368,7 +368,7 @@ public class STSClientAction {
private void addClaims(STSClient sts, List<RequestClaim> requestClaimList)
throws ParserConfigurationException, XMLStreamException {
-
+
Element claims = createClaimsElement(requestClaimList);
if (claims != null) {
sts.setClaims(claims);
@@ -395,7 +395,7 @@ public class STSClientAction {
writer.writeStartElement("ic", "ClaimType",
HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
writer.writeAttribute("Uri", item.getClaimType().toString());
- writer.writeAttribute("Optional", Boolean.toString(item.isOptional()));
+ writer.writeAttribute("Optional", Boolean.toString(item.isOptional()));
writer.writeEndElement();
}
}
@@ -404,7 +404,7 @@ public class STSClientAction {
return writer.getDocument().getDocumentElement();
}
-
+
private synchronized void setSTSWsdlUrl(String wsdlUrl) {
this.wsdlLocation = wsdlUrl;
this.isPortSet = true;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
index 4665cb5..e36ecf4 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
@@ -53,10 +53,10 @@ public class TokenSerializer {
LOG.warn("nodeToString Transformer Exception");
}
String serializedToken = sw.toString();
-
+
return org.apache.commons.lang3.StringEscapeUtils.escapeXml11(serializedToken);
}
-
+
return null;
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
index 9ea2de2..e9c861f 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
@@ -40,28 +40,28 @@ import org.springframework.webflow.execution.RequestContext;
public class TrustedIdpProtocolAction {
private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpProtocolAction.class);
-
+
private static final String IDP_CONFIG = "idpConfig";
-
+
@Autowired
// Qualifier workaround. See http://www.jayway.com/2013/11/03/spring-and-autowiring-of-generic-types/
@Qualifier("trustedIdpProtocolControllerImpl")
private ProtocolController<TrustedIdpProtocolHandler> trustedIdpProtocolHandlers;
-
+
public String mapSignInRequest(RequestContext requestContext, String trustedIdpRealm) {
LOG.info("Prepare redirect to Trusted IDP '{}'", trustedIdpRealm);
-
+
Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
-
+
TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
if (trustedIdp == null) {
LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
}
-
+
String protocol = trustedIdp.getProtocol();
LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);
-
+
TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
if (protocolHandler == null) {
LOG.error("No ProtocolHandler found for {}", protocol);
@@ -71,21 +71,21 @@ public class TrustedIdpProtocolAction {
LOG.info("Redirect url {}", redirectUrl.toString());
return redirectUrl.toString();
}
-
+
public SecurityToken mapSignInResponse(RequestContext requestContext, String trustedIdpRealm) {
LOG.info("Prepare validate SignInResponse of Trusted IDP '{}'", trustedIdpRealm);
-
+
Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
-
+
TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
if (trustedIdp == null) {
LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
}
-
+
String protocol = trustedIdp.getProtocol();
LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);
-
+
TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
if (protocolHandler == null) {
LOG.error("No ProtocolHandler found for {}", protocol);