You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/09/06 10:15:22 UTC

[2/4] cxf git commit: CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy

CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy

# Conflicts:
#	rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/144271ed
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/144271ed
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/144271ed

Branch: refs/heads/3.0.x-fixes
Commit: 144271ed753b223c216e9848c3e748ff62d320e9
Parents: 67cef8f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Sep 6 11:03:55 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Sep 6 11:12:39 2016 +0100

----------------------------------------------------------------------
 ...AbstractRequestAssertionConsumerHandler.java | 49 +++++++++++++++++++-
 1 file changed, 47 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/144271ed/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
index 16afc2a..f5c8aae 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
@@ -70,6 +70,12 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
     private TokenReplayCache<String> replayCache;
 
     private MessageContext messageContext;
+<<<<<<< HEAD
+=======
+    private String applicationURL;
+    private boolean parseApplicationURLFromRelayState;
+    private String assertionConsumerServiceAddress;
+>>>>>>> dac029e... CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy
     
     @Context 
     public void setMessageContext(MessageContext mc) {
@@ -310,8 +316,11 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
     ) {
         try {
             SAMLSSOResponseValidator ssoResponseValidator = new SAMLSSOResponseValidator();
-            ssoResponseValidator.setAssertionConsumerURL(
-                messageContext.getUriInfo().getAbsolutePath().toString());
+            String racsAddress = assertionConsumerServiceAddress;
+            if (racsAddress == null) {
+                racsAddress = messageContext.getUriInfo().getAbsolutePath().toString();
+            }
+            ssoResponseValidator.setAssertionConsumerURL(racsAddress);
 
             ssoResponseValidator.setClientAddress(
                  messageContext.getHttpServletRequest().getRemoteAddr());
@@ -353,4 +362,40 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
     public void setEnforceResponseSigned(boolean enforceResponseSigned) {
         this.enforceResponseSigned = enforceResponseSigned;
     }
+<<<<<<< HEAD
+=======
+
+    public String getApplicationURL() {
+        return applicationURL;
+    }
+
+    /**
+     * Set the Application URL to forward to, for the unsolicited IdP case.
+     * @param applicationURL
+     */
+    public void setApplicationURL(String applicationURL) {
+        this.applicationURL = applicationURL;
+    }
+
+    public boolean isParseApplicationURLFromRelayState() {
+        return parseApplicationURLFromRelayState;
+    }
+
+    /**
+     * Whether to parse the application URL to forward to from the RelayState, for the unsolicted IdP case.
+     * @param parseApplicationURLFromRelayState
+     */
+    public void setParseApplicationURLFromRelayState(boolean parseApplicationURLFromRelayState) {
+        this.parseApplicationURLFromRelayState = parseApplicationURLFromRelayState;
+    }
+
+    public String getAssertionConsumerServiceAddress() {
+        return assertionConsumerServiceAddress;
+    }
+
+    public void setAssertionConsumerServiceAddress(String assertionConsumerServiceAddress) {
+        this.assertionConsumerServiceAddress = assertionConsumerServiceAddress;
+    }
+
+>>>>>>> dac029e... CXF-7039 - JAX-RS Security SAML web SSO consumer service can not validate SAML response behind reverse proxy
 }