You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/28 18:09:49 UTC

[1/2] cxf-fediz git commit: FEDIZ-192 - customSTSParameter propagation

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 6e453b98a -> b464dc99e


FEDIZ-192 - customSTSParameter propagation

Add feedback from review

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b464dc99
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b464dc99
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b464dc99

Branch: refs/heads/master
Commit: b464dc99e5b832ff33779616a6bcf1b88084e602
Parents: a78cc23
Author: gonzalad <ad...@yahoo.fr>
Authored: Tue Feb 28 17:44:15 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Feb 28 18:09:00 2017 +0000

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/STSUPAuthenticationProvider.java       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b464dc99/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
index 5f66266..7e166f3 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
@@ -135,10 +135,10 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
         if (getCustomSTSParameter() != null) {
             HttpServletRequest request =
                     ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
-            HttpServletResponse response =
-                    ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getResponse();
             authRealmParameter = request.getParameter(getCustomSTSParameter());
             if (authRealmParameter == null) {
+                HttpServletResponse response =
+                        ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getResponse();
                 SavedRequest savedRequest = requestCache.getRequest(request, response);
                 String[] parameterValues = savedRequest.getParameterValues(this.getCustomSTSParameter());
                 if (parameterValues != null && parameterValues.length > 0) {

[2/2] cxf-fediz git commit: FEDIZ-192 - customSTSParameter propagation

Posted by co...@apache.org.

FEDIZ-192 - customSTSParameter propagation

This fix enables propagating the customSTSParameter
SAML parameter to the Validator class.

The issue was caused by Spring Security which redirects
the user to a /login page (without the original parameters)

To handle this case, we :
 * get the custom parameter from HTTP parameters
   (as previously).
 * if not found we lookup in the Spring Security
   savedRequest (aka requestCache).

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a78cc23e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a78cc23e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a78cc23e

Branch: refs/heads/master
Commit: a78cc23e2f76d6640aae5b816dc17b867ec83f06
Parents: 6e453b9
Author: gonzalad <ad...@yahoo.fr>
Authored: Tue Feb 28 13:20:16 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Feb 28 18:09:00 2017 +0000

----------------------------------------------------------------------
 .../idp/STSUPAuthenticationProvider.java        | 48 ++++++++++++++++----
 1 file changed, 39 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a78cc23e/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
index 6db919b..5f66266 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.service.idp;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
@@ -33,6 +34,9 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.security.web.savedrequest.SavedRequest;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
@@ -43,6 +47,8 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
 
     private static final Logger LOG = LoggerFactory.getLogger(STSUPAuthenticationProvider.class);
 
+    private RequestCache requestCache = new HttpSessionRequestCache();
+
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
         // We only handle UsernamePasswordAuthenticationTokens
@@ -85,15 +91,7 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
 
         try {
 
-            if (getCustomSTSParameter() != null) {
-                HttpServletRequest request =
-                    ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
-                String authRealmParameter = request.getParameter(getCustomSTSParameter());
-                LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
-                if (authRealmParameter != null) {
-                    sts.setCustomContent(authRealmParameter);
-                }
-            }
+            sts.setCustomContent(getCustomSTSParameterValue());
 
             // Line below may be uncommented for debugging
             // setTimeout(sts.getClient(), 3600000L);
@@ -123,9 +121,41 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
 
     }
 
+    /**
+     * If customSTSParameter has been set, this method will lookup :
+     * <ul>
+     *     <ol> in http parameters</ol>
+     *     <ol> if not found in the requestCache from Spring Security.
+     *     This lookup is necessary whenever you use Spring Security form-login since
+     *     it redirects you to an login-url and stores original request in the requestCache.</ol>
+     * </ul>
+     */
+    private String getCustomSTSParameterValue() {
+        String authRealmParameter = null;
+        if (getCustomSTSParameter() != null) {
+            HttpServletRequest request =
+                    ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
+            HttpServletResponse response =
+                    ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getResponse();
+            authRealmParameter = request.getParameter(getCustomSTSParameter());
+            if (authRealmParameter == null) {
+                SavedRequest savedRequest = requestCache.getRequest(request, response);
+                String[] parameterValues = savedRequest.getParameterValues(this.getCustomSTSParameter());
+                if (parameterValues != null && parameterValues.length > 0) {
+                    authRealmParameter = parameterValues[0];
+                }
+            }
+            LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
+        }
+        return authRealmParameter;
+    }
+
     @Override
     public boolean supports(Class<?> authentication) {
         return authentication.equals(UsernamePasswordAuthenticationToken.class);
     }
 
+    public void setRequestCache(RequestCache requestCache) {
+        this.requestCache = requestCache;
+    }
 }