You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/09/06 10:15:22 UTC
[2/4] cxf git commit: CXF-7039 - JAX-RS Security SAML web SSO
consumer service can not validate SAML response behind reverse proxy
CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy
# Conflicts:
# rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/144271ed
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/144271ed
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/144271ed
Branch: refs/heads/3.0.x-fixes
Commit: 144271ed753b223c216e9848c3e748ff62d320e9
Parents: 67cef8f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Sep 6 11:03:55 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Sep 6 11:12:39 2016 +0100
----------------------------------------------------------------------
...AbstractRequestAssertionConsumerHandler.java | 49 +++++++++++++++++++-
1 file changed, 47 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/144271ed/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
index 16afc2a..f5c8aae 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
@@ -70,6 +70,12 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
private TokenReplayCache<String> replayCache;
private MessageContext messageContext;
+<<<<<<< HEAD
+=======
+ private String applicationURL;
+ private boolean parseApplicationURLFromRelayState;
+ private String assertionConsumerServiceAddress;
+>>>>>>> dac029e... CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy
@Context
public void setMessageContext(MessageContext mc) {
@@ -310,8 +316,11 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
) {
try {
SAMLSSOResponseValidator ssoResponseValidator = new SAMLSSOResponseValidator();
- ssoResponseValidator.setAssertionConsumerURL(
- messageContext.getUriInfo().getAbsolutePath().toString());
+ String racsAddress = assertionConsumerServiceAddress;
+ if (racsAddress == null) {
+ racsAddress = messageContext.getUriInfo().getAbsolutePath().toString();
+ }
+ ssoResponseValidator.setAssertionConsumerURL(racsAddress);
ssoResponseValidator.setClientAddress(
messageContext.getHttpServletRequest().getRemoteAddr());
@@ -353,4 +362,40 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
public void setEnforceResponseSigned(boolean enforceResponseSigned) {
this.enforceResponseSigned = enforceResponseSigned;
}
+<<<<<<< HEAD
+=======
+
+ public String getApplicationURL() {
+ return applicationURL;
+ }
+
+ /**
+ * Set the Application URL to forward to, for the unsolicited IdP case.
+ * @param applicationURL
+ */
+ public void setApplicationURL(String applicationURL) {
+ this.applicationURL = applicationURL;
+ }
+
+ public boolean isParseApplicationURLFromRelayState() {
+ return parseApplicationURLFromRelayState;
+ }
+
+ /**
+ * Whether to parse the application URL to forward to from the RelayState, for the unsolicted IdP case.
+ * @param parseApplicationURLFromRelayState
+ */
+ public void setParseApplicationURLFromRelayState(boolean parseApplicationURLFromRelayState) {
+ this.parseApplicationURLFromRelayState = parseApplicationURLFromRelayState;
+ }
+
+ public String getAssertionConsumerServiceAddress() {
+ return assertionConsumerServiceAddress;
+ }
+
+ public void setAssertionConsumerServiceAddress(String assertionConsumerServiceAddress) {
+ this.assertionConsumerServiceAddress = assertionConsumerServiceAddress;
+ }
+
+>>>>>>> dac029e... CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy
}