You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/10/01 09:52:39 UTC
[6/8] git commit: Fixing Metadata Logout URL
Fixing Metadata Logout URL
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/be392d35
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/be392d35
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/be392d35
Branch: refs/heads/master
Commit: be392d35c78ca0a5dc24211b051cfeacba5f59d3
Parents: 1b6058d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Sep 30 11:46:34 2014 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Sep 30 11:46:34 2014 +0100
----------------------------------------------------------------------
.../cxf/fediz/core/metadata/MetadataWriter.java | 41 ++++++++++++++++++--
.../core/processor/FederationProcessorImpl.java | 4 +-
.../fediz/core/processor/FedizProcessor.java | 4 +-
.../fediz/core/processor/SAMLProcessorImpl.java | 4 +-
.../core/federation/FederationMetaDataTest.java | 6 +--
.../fediz/core/samlsso/SAMLMetaDataTest.java | 26 +++++++++++--
.../cxf/plugin/FedizRedirectBindingFilter.java | 3 +-
.../fediz/jetty/FederationAuthenticator.java | 2 +-
.../web/FederationAuthenticationEntryPoint.java | 2 +-
.../web/FederationAuthenticationEntryPoint.java | 4 +-
.../fediz/tomcat/FederationAuthenticator.java | 2 +-
11 files changed, 76 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index 20fa3fe..3edde28 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -24,17 +24,19 @@ import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
+import javax.servlet.http.HttpServletRequest;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import org.w3c.dom.Document;
-
import org.apache.cxf.fediz.core.config.Claim;
import org.apache.cxf.fediz.core.config.FederationProtocol;
import org.apache.cxf.fediz.core.config.FedizContext;
@@ -66,7 +68,9 @@ public class MetadataWriter {
}
//CHECKSTYLE:OFF
- public Document getMetaData(FedizContext config) throws ProcessingException {
+ public Document getMetaData(
+ HttpServletRequest request, FedizContext config
+ ) throws ProcessingException {
try {
ByteArrayOutputStream bout = new ByteArrayOutputStream(4096);
@@ -102,7 +106,7 @@ public class MetadataWriter {
if (protocol instanceof FederationProtocol) {
writeFederationMetadata(writer, config, serviceURL);
} else if (protocol instanceof SAMLProtocol) {
- writeSAMLMetadata(writer, config, serviceURL);
+ writeSAMLMetadata(writer, request, config, serviceURL);
}
writer.writeEndElement(); // EntityDescriptor
@@ -235,6 +239,7 @@ public class MetadataWriter {
private void writeSAMLMetadata(
XMLStreamWriter writer,
+ HttpServletRequest request,
FedizContext config,
String serviceURL
) throws Exception {
@@ -248,7 +253,15 @@ public class MetadataWriter {
if (config.getLogoutURL() != null) {
writer.writeStartElement("md", "SingleLogoutService", SAML2_METADATA_NS);
- writer.writeAttribute("Location", config.getLogoutURL());
+
+ String logoutURL = config.getLogoutURL();
+ if (logoutURL.startsWith("/")) {
+ logoutURL = extractFullContextPath(request).concat(logoutURL.substring(1));
+ } else {
+ logoutURL = extractFullContextPath(request).concat(logoutURL);
+ }
+ writer.writeAttribute("Location", logoutURL);
+
writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
writer.writeEndElement(); // SingleLogoutService
}
@@ -323,4 +336,24 @@ public class MetadataWriter {
writer.writeEndElement(); // SPSSODescriptor
}
+ private String extractFullContextPath(HttpServletRequest request) throws MalformedURLException {
+ String result = null;
+ String contextPath = request.getContextPath();
+ String requestUrl = request.getRequestURL().toString();
+ String requestPath = new URL(requestUrl).getPath();
+ // Cut request path of request url and add context path if not ROOT
+ if (requestPath != null && requestPath.length() > 0) {
+ int lastIndex = requestUrl.lastIndexOf(requestPath);
+ result = requestUrl.substring(0, lastIndex);
+ } else {
+ result = requestUrl;
+ }
+ if (contextPath != null && contextPath.length() > 0) {
+ // contextPath contains starting slash
+ result = result + contextPath + "/";
+ } else {
+ result = result + "/";
+ }
+ return result;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 9e0d383..ed830e6 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -109,8 +109,8 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
- public Document getMetaData(FedizContext config) throws ProcessingException {
- return new MetadataWriter().getMetaData(config);
+ public Document getMetaData(HttpServletRequest request, FedizContext config) throws ProcessingException {
+ return new MetadataWriter().getMetaData(request, config);
}
protected FedizResponse processSignInRequest(
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
index 0f7af91..c6cea4e 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
@@ -37,6 +37,8 @@ public interface FedizProcessor {
HttpServletRequest request, FedizContext config
) throws ProcessingException;
- Document getMetaData(FedizContext config) throws ProcessingException;
+ Document getMetaData(
+ HttpServletRequest request, FedizContext config
+ ) throws ProcessingException;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 64ffe36..99703af 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -98,8 +98,8 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
}
- public Document getMetaData(FedizContext config) throws ProcessingException {
- return new MetadataWriter().getMetaData(config);
+ public Document getMetaData(HttpServletRequest request, FedizContext config) throws ProcessingException {
+ return new MetadataWriter().getMetaData(request, config);
}
private RequestState processRelayState(
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
index 441b4be..a0bb6e8 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
@@ -73,7 +73,7 @@ public class FederationMetaDataTest {
FedizContext config = loadConfig("ROOT");
FedizProcessor wfProc = new FederationProcessorImpl();
- Document doc = wfProc.getMetaData(config);
+ Document doc = wfProc.getMetaData(null, config);
Assert.assertNotNull(doc);
Node signatureNode = doc.getElementsByTagName("Signature").item(0);
@@ -105,7 +105,7 @@ public class FederationMetaDataTest {
FedizProcessor wfProc = new FederationProcessorImpl();
Document doc;
- doc = wfProc.getMetaData(config);
+ doc = wfProc.getMetaData(null, config);
Assert.assertNull(doc);
fail("Failure expected as signing store contains more than one certificate");
} catch (ProcessingException ex) {
@@ -119,7 +119,7 @@ public class FederationMetaDataTest {
FedizContext config = loadConfig("ROOT_NO_SIGNINGKEY");
FedizProcessor wfProc = new FederationProcessorImpl();
- Document doc = wfProc.getMetaData(config);
+ Document doc = wfProc.getMetaData(null, config);
Assert.assertNotNull(doc);
try {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java
index 3c04d9d..aafeb34 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java
@@ -22,12 +22,12 @@ package org.apache.cxf.fediz.core.samlsso;
import java.io.File;
import java.net.URL;
+import javax.servlet.http.HttpServletRequest;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
import org.apache.cxf.fediz.common.SecurityTestUtil;
import org.apache.cxf.fediz.core.config.FedizConfigurator;
import org.apache.cxf.fediz.core.config.FedizContext;
@@ -39,6 +39,7 @@ import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
+import org.easymock.EasyMock;
import org.junit.AfterClass;
import org.junit.Assert;
@@ -49,6 +50,8 @@ import static org.junit.Assert.fail;
*/
public class SAMLMetaDataTest {
private static final String CONFIG_FILE = "fediz_meta_test_config_saml.xml";
+ private static final String TEST_REQUEST_URL = "https://localhost/fedizhelloworld/";
+ private static final String CONTEXT_PATH = "https://localhost:9443/";
@AfterClass
public static void cleanup() {
@@ -75,7 +78,12 @@ public class SAMLMetaDataTest {
FedizContext config = loadConfig("ROOT");
FedizProcessor wfProc = new FederationProcessorImpl();
- Document doc = wfProc.getMetaData(config);
+ HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
+ EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
+ EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH);
+ EasyMock.replay(req);
+
+ Document doc = wfProc.getMetaData(req, config);
Assert.assertNotNull(doc);
Node signatureNode = doc.getElementsByTagName("Signature").item(0);
@@ -107,8 +115,13 @@ public class SAMLMetaDataTest {
FedizProcessor wfProc = new FederationProcessorImpl();
Document doc;
+
+ HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
+ EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
+ EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH);
+ EasyMock.replay(req);
- doc = wfProc.getMetaData(config);
+ doc = wfProc.getMetaData(req, config);
Assert.assertNull(doc);
fail("Failure expected as signing store contains more than one certificate");
} catch (ProcessingException ex) {
@@ -122,7 +135,12 @@ public class SAMLMetaDataTest {
FedizContext config = loadConfig("ROOT_NO_SIGNINGKEY");
FedizProcessor wfProc = new FederationProcessorImpl();
- Document doc = wfProc.getMetaData(config);
+ HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
+ EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
+ EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH);
+ EasyMock.replay(req);
+
+ Document doc = wfProc.getMetaData(req, config);
Assert.assertNotNull(doc);
try {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
index 6a1e81a..83eb3b5 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -243,7 +243,8 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter {
FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
try {
- Document metadata = wfProc.getMetaData(fedConfig);
+ HttpServletRequest request = messageContext.getHttpServletRequest();
+ Document metadata = wfProc.getMetaData(request, fedConfig);
String metadataStr = DOM2Writer.nodeToString(metadata);
ResponseBuilder response = Response.ok(metadataStr, "text/xml");
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
index 9b8033c..e727ae1 100644
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
+++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
@@ -176,7 +176,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
try {
- Document metadata = wfProc.getMetaData(fedConfig);
+ Document metadata = wfProc.getMetaData(request, fedConfig);
out.write(DOM2Writer.nodeToString(metadata));
return Authentication.SEND_CONTINUE;
} catch (Exception ex) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index e777ab8..9749927 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -97,7 +97,7 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
try {
- Document metadata = wfProc.getMetaData(fedContext);
+ Document metadata = wfProc.getMetaData(servletRequest, fedContext);
out.write(DOM2Writer.nodeToString(metadata));
return;
} catch (Exception ex) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index ffc4fe6..3fd799f 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -100,7 +100,7 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
try {
- Document metadata = wfProc.getMetaData(fedContext);
+ Document metadata = wfProc.getMetaData(servletRequest, fedContext);
out.write(DOM2Writer.nodeToString(metadata));
return;
} catch (Exception ex) {
@@ -189,7 +189,7 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
try {
- Document metadata = wfProc.getMetaData(fedContext);
+ Document metadata = wfProc.getMetaData(hrequest, fedContext);
out.write(DOM2Writer.nodeToString(metadata));
return;
} catch (Exception ex) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
index 024fd14..40d0538 100644
--- a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
+++ b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
@@ -201,7 +201,7 @@ public class FederationAuthenticator extends FormAuthenticator {
FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
try {
- Document metadata = wfProc.getMetaData(fedConfig);
+ Document metadata = wfProc.getMetaData(request, fedConfig);
out.write(DOM2Writer.nodeToString(metadata));
return;
} catch (Exception ex) {