You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/28 18:09:49 UTC
[1/2] cxf-fediz git commit: FEDIZ-192 - customSTSParameter propagation
Repository: cxf-fediz
Updated Branches:
refs/heads/master 6e453b98a -> b464dc99e
FEDIZ-192 - customSTSParameter propagation
Add feedback from review
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b464dc99
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b464dc99
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b464dc99
Branch: refs/heads/master
Commit: b464dc99e5b832ff33779616a6bcf1b88084e602
Parents: a78cc23
Author: gonzalad <ad...@yahoo.fr>
Authored: Tue Feb 28 17:44:15 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Feb 28 18:09:00 2017 +0000
----------------------------------------------------------------------
.../cxf/fediz/service/idp/STSUPAuthenticationProvider.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b464dc99/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
index 5f66266..7e166f3 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
@@ -135,10 +135,10 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
if (getCustomSTSParameter() != null) {
HttpServletRequest request =
((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
- HttpServletResponse response =
- ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getResponse();
authRealmParameter = request.getParameter(getCustomSTSParameter());
if (authRealmParameter == null) {
+ HttpServletResponse response =
+ ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getResponse();
SavedRequest savedRequest = requestCache.getRequest(request, response);
String[] parameterValues = savedRequest.getParameterValues(this.getCustomSTSParameter());
if (parameterValues != null && parameterValues.length > 0) {
[2/2] cxf-fediz git commit: FEDIZ-192 - customSTSParameter propagation
Posted by co...@apache.org.
FEDIZ-192 - customSTSParameter propagation
This fix enables propagating the customSTSParameter
SAML parameter to the Validator class.
The issue was caused by Spring Security which redirects
the user to a /login page (without the original parameters)
To handle this case, we :
* get the custom parameter from HTTP parameters
(as previously).
* if not found we lookup in the Spring Security
savedRequest (aka requestCache).
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a78cc23e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a78cc23e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a78cc23e
Branch: refs/heads/master
Commit: a78cc23e2f76d6640aae5b816dc17b867ec83f06
Parents: 6e453b9
Author: gonzalad <ad...@yahoo.fr>
Authored: Tue Feb 28 13:20:16 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Feb 28 18:09:00 2017 +0000
----------------------------------------------------------------------
.../idp/STSUPAuthenticationProvider.java | 48 ++++++++++++++++----
1 file changed, 39 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a78cc23e/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
index 6db919b..5f66266 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.service.idp;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
@@ -33,6 +34,9 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
@@ -43,6 +47,8 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
private static final Logger LOG = LoggerFactory.getLogger(STSUPAuthenticationProvider.class);
+ private RequestCache requestCache = new HttpSessionRequestCache();
+
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// We only handle UsernamePasswordAuthenticationTokens
@@ -85,15 +91,7 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
try {
- if (getCustomSTSParameter() != null) {
- HttpServletRequest request =
- ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
- String authRealmParameter = request.getParameter(getCustomSTSParameter());
- LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
- if (authRealmParameter != null) {
- sts.setCustomContent(authRealmParameter);
- }
- }
+ sts.setCustomContent(getCustomSTSParameterValue());
// Line below may be uncommented for debugging
// setTimeout(sts.getClient(), 3600000L);
@@ -123,9 +121,41 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
}
+ /**
+ * If customSTSParameter has been set, this method will lookup :
+ * <ul>
+ * <ol> in http parameters</ol>
+ * <ol> if not found in the requestCache from Spring Security.
+ * This lookup is necessary whenever you use Spring Security form-login since
+ * it redirects you to an login-url and stores original request in the requestCache.</ol>
+ * </ul>
+ */
+ private String getCustomSTSParameterValue() {
+ String authRealmParameter = null;
+ if (getCustomSTSParameter() != null) {
+ HttpServletRequest request =
+ ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
+ HttpServletResponse response =
+ ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getResponse();
+ authRealmParameter = request.getParameter(getCustomSTSParameter());
+ if (authRealmParameter == null) {
+ SavedRequest savedRequest = requestCache.getRequest(request, response);
+ String[] parameterValues = savedRequest.getParameterValues(this.getCustomSTSParameter());
+ if (parameterValues != null && parameterValues.length > 0) {
+ authRealmParameter = parameterValues[0];
+ }
+ }
+ LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
+ }
+ return authRealmParameter;
+ }
+
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
+ public void setRequestCache(RequestCache requestCache) {
+ this.requestCache = requestCache;
+ }
}