You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/02/25 13:15:28 UTC
cxf-fediz git commit: Some changes to how the Fediz IdP handles
state/context
Repository: cxf-fediz
Updated Branches:
refs/heads/master c436aa7b0 -> 6a91675ef
Some changes to how the Fediz IdP handles state/context
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6a91675e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6a91675e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6a91675e
Branch: refs/heads/master
Commit: 6a91675ef40386a4a4f9f13f7835a637919b4dfc
Parents: c436aa7
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Feb 25 12:15:06 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Feb 25 12:15:06 2016 +0000
----------------------------------------------------------------------
.../cxf/fediz/service/idp/IdpConstants.java | 34 ++++++++++++++++++++
.../idp/beans/SigninParametersCacheAction.java | 12 +++----
.../idp/beans/TrustedIdpProtocolAction.java | 7 ++--
.../TrustedIdpOIDCProtocolHandler.java | 9 +++---
.../TrustedIdpSAMLProtocolHandler.java | 7 ++--
.../TrustedIdpWSFedProtocolHandler.java | 9 +++---
.../WEB-INF/flows/federation-signin-request.xml | 3 +-
.../flows/federation-validate-request.xml | 5 ++-
8 files changed, 58 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a91675e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
new file mode 100644
index 0000000..c754a38
--- /dev/null
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpConstants.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.idp;
+
+public final class IdpConstants {
+
+ public static final String IDP_CONFIG = "idpConfig";
+
+ /**
+ * A key used to store context/state when communicating with a trusted third party IdP.
+ */
+ public static final String TRUSTED_IDP_CONTEXT = "trusted_idp_context";
+
+ private IdpConstants() {
+ // complete
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a91675e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
index 7031171..1ec197f 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
@@ -26,6 +26,7 @@ import java.util.UUID;
import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.service.idp.IdpConstants;
import org.apache.cxf.fediz.service.idp.domain.Application;
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.util.WebUtils;
@@ -38,8 +39,6 @@ import org.springframework.webflow.execution.RequestContext;
@Component
public class SigninParametersCacheAction {
- //todo introduce constants class?
- public static final String IDP_CONFIG = "idpConfig";
@Deprecated
public static final String REALM_URL_MAP = "realmUrlMap";
public static final String ACTIVE_APPLICATIONS = "realmConfigMap";
@@ -69,15 +68,14 @@ public class SigninParametersCacheAction {
WebUtils.putAttributeInExternalContext(context, uuidKey, signinParams);
LOG.debug("SignIn parameters cached: {}", signinParams.toString());
- WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_CONTEXT, uuidKey);
- LOG.info("SignIn parameters cached and " + FederationConstants.PARAM_CONTEXT + " set to [" + uuidKey + "].");
+ WebUtils.putAttributeInFlowScope(context, IdpConstants.TRUSTED_IDP_CONTEXT, uuidKey);
+ LOG.info("SignIn parameters cached and context set to [" + uuidKey + "].");
}
public void restore(RequestContext context) {
String uuidKey = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
- // TODO Abstract the concept of a context to cater for either protocol
if (uuidKey == null) {
uuidKey = (String)WebUtils.getAttributeFromFlowScope(context, SAMLSSOConstants.RELAY_STATE);
}
@@ -135,7 +133,7 @@ public class SigninParametersCacheAction {
String wtrealm = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_TREALM);
- Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, IDP_CONFIG);
+ Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, IdpConstants.IDP_CONFIG);
String url = null;
@@ -173,7 +171,7 @@ public class SigninParametersCacheAction {
String whr = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_HOME_REALM);
String wtrealm = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_TREALM);
- Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, IDP_CONFIG);
+ Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, IdpConstants.IDP_CONFIG);
if (whr == null || wtrealm == null || idpConfig == null) {
return;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a91675e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
index 2369bae..67838b5 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
@@ -20,6 +20,7 @@ package org.apache.cxf.fediz.service.idp.beans;
import java.net.URL;
+import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
import org.apache.cxf.fediz.service.idp.protocols.ProtocolController;
@@ -49,7 +50,8 @@ public class TrustedIdpProtocolAction {
private ProtocolController<TrustedIdpProtocolHandler> trustedIdpProtocolHandlers;
public String mapSignInRequest(RequestContext requestContext) {
- String trustedIdpRealm = requestContext.getFlowScope().getString("whr");
+ String trustedIdpRealm =
+ requestContext.getFlowScope().getString(FederationConstants.PARAM_HOME_REALM);
LOG.info("Prepare redirect to Trusted IDP '{}'", trustedIdpRealm);
Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
@@ -74,7 +76,8 @@ public class TrustedIdpProtocolAction {
}
public SecurityToken mapSignInResponse(RequestContext requestContext) {
- String trustedIdpRealm = requestContext.getFlowScope().getString("whr");
+ String trustedIdpRealm =
+ requestContext.getFlowScope().getString(FederationConstants.PARAM_HOME_REALM);
LOG.info("Prepare validate SignInResponse of Trusted IDP '{}'", trustedIdpRealm);
Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a91675e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
index 1e1c199..441b083 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
@@ -46,6 +46,7 @@ import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.util.CertsUtils;
import org.apache.cxf.fediz.core.util.DOMUtils;
+import org.apache.cxf.fediz.service.idp.IdpConstants;
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
@@ -149,11 +150,9 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
sb.append("scope").append('=');
sb.append("openid");
- String wctx = context.getFlowScope().getString(FederationConstants.PARAM_CONTEXT);
- if (wctx != null) {
- sb.append("&").append("state").append('=');
- sb.append(wctx);
- }
+ String state = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT);
+ sb.append("&").append("state").append('=');
+ sb.append(state);
return new URL(sb.toString());
} catch (MalformedURLException ex) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a91675e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index f128467..44f9bda 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -49,6 +49,7 @@ import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.util.CertsUtils;
import org.apache.cxf.fediz.core.util.DOMUtils;
+import org.apache.cxf.fediz.service.idp.IdpConstants;
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
@@ -160,10 +161,8 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
ub.queryParam(SSOConstants.SAML_REQUEST, urlEncodedRequest);
- String wctx = context.getFlowScope().getString(FederationConstants.PARAM_CONTEXT);
- if (wctx != null) {
- ub.queryParam(SSOConstants.RELAY_STATE, wctx);
- }
+ String wctx = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT);
+ ub.queryParam(SSOConstants.RELAY_STATE, wctx);
if (signRequest) {
signRequest(urlEncodedRequest, wctx, idp, ub);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a91675e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
index 946ab61..201d9bf 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
@@ -47,6 +47,7 @@ import org.apache.cxf.fediz.core.processor.FedizProcessor;
import org.apache.cxf.fediz.core.processor.FedizRequest;
import org.apache.cxf.fediz.core.processor.FedizResponse;
import org.apache.cxf.fediz.core.util.CertsUtils;
+import org.apache.cxf.fediz.service.idp.IdpConstants;
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
@@ -97,11 +98,9 @@ public class TrustedIdpWSFedProtocolHandler implements TrustedIdpProtocolHandler
sb.append("&").append(FederationConstants.PARAM_FRESHNESS).append('=');
sb.append(URLEncoder.encode(wfresh, "UTF-8"));
}
- String wctx = context.getFlowScope().getString(FederationConstants.PARAM_CONTEXT);
- if (wctx != null) {
- sb.append("&").append(FederationConstants.PARAM_CONTEXT).append('=');
- sb.append(wctx);
- }
+ String wctx = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT);
+ sb.append("&").append(FederationConstants.PARAM_CONTEXT).append('=');
+ sb.append(wctx);
return new URL(sb.toString());
} catch (MalformedURLException ex) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a91675e/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
index 094d393..f064e7a 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
@@ -163,8 +163,7 @@
<evaluate expression="signinParametersCacheAction.store(flowRequestContext)" />
</on-entry>
<output name="whr" value="flowScope.whr" />
- <output name="wctx" value="flowScope.wctx" />
- <output name="RelayState" value="flowScope.RelayState" />
+ <output name="trusted_idp_context" value="flowScope.trusted_idp_context" />
</end-state>
</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a91675e/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 4a9e20f..b5ee03b 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -86,8 +86,8 @@
<output name="whr" />
<output name="wctx" />
- <output name="RelayState" />
<output name="idpToken" />
+ <output name="trusted_idp_context" />
<transition on="requestRpToken" to="requestRpToken">
<set name="flowScope.whr" value="currentEvent.attributes.whr" />
@@ -98,8 +98,7 @@
<transition on="scInternalServerError" to="scInternalServerError" />
<transition on="redirectToTrustedIDP" to="processTrustedIdpProtocol">
<set name="flowScope.whr" value="currentEvent.attributes.whr" />
- <set name="flowScope.wctx" value="currentEvent.attributes.wctx" />
- <set name="flowScope.RelayState" value="currentEvent.attributes.RelayState" />
+ <set name="flowScope.trusted_idp_context" value="currentEvent.attributes.trusted_idp_context"/>
</transition>
<transition on="redirectToLocalIDP" to="redirectToLocalIDP">
<set name="flowScope.wctx" value="currentEvent.attributes.wctx" />