You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/08/27 17:30:12 UTC
[cxf-fediz] 03/03: Fixing tests + supporting Jetty8 plugin
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 540e87680848f809618dfb75c1b679a8807600b4
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Aug 27 18:29:52 2018 +0100
Fixing tests + supporting Jetty8 plugin
---
.../cxf/fediz/jetty8/FederationAuthenticator.java | 24 ++++++++++++++++------
.../apache/cxf/fediz/systests/samlsso/CXFTest.java | 2 +-
.../cxf/fediz/systests/samlsso/JettyTest.java | 2 +-
3 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
index e3ff3c7..9c91c8c 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
@@ -37,6 +37,7 @@ import javax.servlet.http.HttpSession;
import javax.xml.bind.JAXBException;
import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.config.FederationProtocol;
import org.apache.cxf.fediz.core.config.FedizConfigurator;
@@ -268,8 +269,9 @@ public class FederationAuthenticator extends LoginAuthenticator {
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(action);
wfReq.setResponseToken(responseToken);
- wfReq.setState(request.getParameter("RelayState"));
+ wfReq.setState(getState(request));
wfReq.setRequest(request);
+ wfReq.setRequestState((RequestState) session.getAttribute(J_CONTEXT));
X509Certificate[] certs =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
@@ -284,10 +286,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
String nuri;
synchronized (session) {
// Check the context
- String savedContext = (String) session.getAttribute(J_CONTEXT);
- String receivedContext = request.getParameter(FederationConstants.PARAM_CONTEXT);
- if (savedContext == null || !savedContext.equals(receivedContext)) {
- LOG.warn("The received wctx parameter does not match the saved value");
+ RequestState savedRequestState = (RequestState) session.getAttribute(J_CONTEXT);
+ String receivedContext = getState(request);
+ if (savedRequestState == null || !savedRequestState.getState().equals(receivedContext)) {
+ LOG.warn("The received wctx/RelayState parameter does not match the saved value");
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.UNAUTHENTICATED;
}
@@ -461,6 +463,16 @@ public class FederationAuthenticator extends LoginAuthenticator {
return null;
}
+ private String getState(ServletRequest request) {
+ if (request.getParameter(FederationConstants.PARAM_CONTEXT) != null) {
+ return request.getParameter(FederationConstants.PARAM_CONTEXT);
+ } else if (request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
+ return request.getParameter(SAMLSSOConstants.RELAY_STATE);
+ }
+
+ return null;
+ }
+
/* ------------------------------------------------------------ */
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
User validatedUser) throws ServerAuthException {
@@ -505,7 +517,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
synchronized (session) {
- session.setAttribute(J_CONTEXT, redirectionResponse.getRequestState().getState());
+ session.setAttribute(J_CONTEXT, redirectionResponse.getRequestState());
}
response.sendRedirect(redirectURL);
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/CXFTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/CXFTest.java
index a6db304..9892e5a 100644
--- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/CXFTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/CXFTest.java
@@ -28,7 +28,7 @@ import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.apache.cxf.fediz.integrationtests.AbstractTests;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyTest.java
index 0e2096f..3b79c70 100644
--- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyTest.java
@@ -24,7 +24,7 @@ import java.io.File;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.apache.cxf.fediz.integrationtests.AbstractTests;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;