You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/05/03 13:42:59 UTC
svn commit: r1333408 - in
/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso:
./ filter/ state/
Author: sergeyb
Date: Thu May 3 11:42:58 2012
New Revision: 1333408
URL: http://svn.apache.org/viewvc?rev=1333408&view=rev
Log:
[CXF-3589] Introducing a common SP handler, limiting cookies to specific apps that initiated SAMLRequest
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java (with props)
Modified:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java?rev=1333408&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java (added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java Thu May 3 11:42:58 2012
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.sso;
+
+import java.util.Date;
+
+import javax.ws.rs.Path;
+
+import org.apache.cxf.jaxrs.utils.HttpUtils;
+import org.apache.cxf.rs.security.saml.sso.state.SPStateManager;
+
+@Path("sso")
+public class AbstractSSOSpHandler {
+ private SPStateManager stateProvider;
+ private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
+
+ protected String createCookie(String name, String value, String path) {
+
+ String contextCookie = name + "=" + value;
+ // Make sure all the SP application filters can get this token;
+ // Path property should be enough for a single container, Domain
+ // property may need to be used for more complex environments
+ if (path != null) {
+ contextCookie += ";Path=" + path;
+ }
+ // Keep the cookie across the browser restarts until it actually expires.
+ // Note that the Expires property has been deprecated but apparently is
+ // supported better than 'max-age' property by different browsers
+ // (Firefox, IE, etc)
+ Date expiresDate = new Date(System.currentTimeMillis() + stateTimeToLive);
+ String cookieExpires = HttpUtils.getHttpDateFormat().format(expiresDate);
+ contextCookie += ";Expires=" + cookieExpires;
+ //TODO: Consider adding an 'HttpOnly' attribute
+
+ return contextCookie;
+ }
+
+ protected boolean isStateExpired(long stateCreatedAt) {
+ return new Date().after(new Date(stateCreatedAt + getStateTimeToLive()));
+ }
+
+ public void setStateProvider(SPStateManager stateProvider) {
+ this.stateProvider = stateProvider;
+ }
+
+ public SPStateManager getStateProvider() {
+ return stateProvider;
+ }
+
+ public void setStateTimeToLive(long stateTimeToLive) {
+ this.stateTimeToLive = stateTimeToLive;
+ }
+
+ public long getStateTimeToLive() {
+ return stateTimeToLive;
+ }
+}
Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java Thu May 3 11:42:58 2012
@@ -23,7 +23,6 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URI;
-import java.util.Date;
import java.util.ResourceBundle;
import java.util.UUID;
import java.util.logging.Logger;
@@ -49,18 +48,16 @@ import org.apache.cxf.common.util.Base64
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.jaxrs.utils.HttpUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
import org.apache.cxf.rs.security.saml.sso.state.RequestState;
import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
-import org.apache.cxf.rs.security.saml.sso.state.SPStateManager;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;
import org.opensaml.xml.XMLObject;
@Path("sso")
-public class RequestAssertionConsumerService {
+public class RequestAssertionConsumerService extends AbstractSSOSpHandler {
private static final Logger LOG =
LogUtils.getL7dLogger(RequestAssertionConsumerService.class);
private static final ResourceBundle BUNDLE =
@@ -69,9 +66,6 @@ public class RequestAssertionConsumerSer
private boolean supportDeflateEncoding = true;
private boolean supportBase64Encoding = true;
- private SPStateManager stateProvider;
- private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
-
@Context
private MessageContext jaxrsContext;
@@ -97,13 +91,12 @@ public class RequestAssertionConsumerSer
reportError("MISSING_RELAY_STATE");
throw new WebApplicationException(400);
}
- RequestState requestState = stateProvider.removeRequestState(relayState);
+ RequestState requestState = getStateProvider().removeRequestState(relayState);
if (requestState == null) {
reportError("MISSING_REQUEST_STATE");
throw new WebApplicationException(400);
}
- long stateCreatedAt = requestState.getCreatedAt();
- if (new Date().after(new Date(stateCreatedAt + stateTimeToLive))) {
+ if (isStateExpired(requestState.getCreatedAt())) {
reportError("EXPIRED_REQUEST_STATE");
throw new WebApplicationException(400);
}
@@ -119,15 +112,13 @@ public class RequestAssertionConsumerSer
String securityContextKey = UUID.randomUUID().toString();
long currentTime = System.currentTimeMillis();
- ResponseState responseState = new ResponseState(currentTime);
- stateProvider.setResponseState(securityContextKey, responseState);
+ ResponseState responseState = new ResponseState(relayState, currentTime);
+ getStateProvider().setResponseState(securityContextKey, responseState);
+
+ String contextCookie = createCookie(SSOConstants.SECURITY_CONTEXT_TOKEN,
+ securityContextKey,
+ requestState.getWebAppContext());
- String contextCookie =
- SSOConstants.SECURITY_CONTEXT_TOKEN + "=" + securityContextKey;
- Date expiresDate = new Date(currentTime + stateTimeToLive);
- String cookieExpires = HttpUtils.getHttpDateFormat().format(expiresDate);
- contextCookie += ";Expires=" + cookieExpires;
-
// Finally, redirect to the service provider endpoint
return Response.seeOther(targetURI).header("Set-Cookie", contextCookie).build();
@@ -223,11 +214,4 @@ public class RequestAssertionConsumerSer
LOG.warning(errorMsg.toString());
}
- public void setStateTimeToLive(long stateTime) {
- this.stateTimeToLive = stateTime;
- }
-
- public void setStateProvider(SPStateManager provider) {
- this.stateProvider = provider;
- }
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java Thu May 3 11:42:58 2012
@@ -19,9 +19,9 @@
package org.apache.cxf.rs.security.saml.sso.filter;
import java.io.IOException;
+import java.net.URI;
import java.net.URLEncoder;
import java.util.Collections;
-import java.util.Date;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.UUID;
@@ -41,12 +41,13 @@ import org.apache.cxf.common.util.Base64
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
+import org.apache.cxf.jaxrs.impl.UriInfoImpl;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
+import org.apache.cxf.rs.security.saml.sso.AbstractSSOSpHandler;
import org.apache.cxf.rs.security.saml.sso.SSOConstants;
import org.apache.cxf.rs.security.saml.sso.state.RequestState;
import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
-import org.apache.cxf.rs.security.saml.sso.state.SPStateManager;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;
import org.apache.ws.security.util.DOM2Writer;
import org.opensaml.common.SAMLVersion;
@@ -58,7 +59,8 @@ import org.opensaml.saml2.core.NameIDPol
import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.xml.io.MarshallingException;
-public abstract class AbstractServiceProviderFilter implements RequestHandler {
+public abstract class AbstractServiceProviderFilter extends AbstractSSOSpHandler
+ implements RequestHandler {
protected static final Logger LOG =
LogUtils.getL7dLogger(AbstractServiceProviderFilter.class);
@@ -68,9 +70,6 @@ public abstract class AbstractServicePro
private String idpServiceAddress;
private String issuerId;
private String assertionConsumerServiceAddress;
- private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
-
- private SPStateManager stateProvider;
public void setAssertionConsumerServiceAddress(
String assertionConsumerServiceAddress) {
@@ -89,6 +88,14 @@ public abstract class AbstractServicePro
return idpServiceAddress;
}
+ private String getIssuerId(Message m) {
+ if (issuerId == null) {
+ return new UriInfoImpl(m).getBaseUri().toString();
+ } else {
+ return issuerId;
+ }
+ }
+
protected boolean checkSecurityContext(Message m) {
HttpHeaders headers = new HttpHeadersImpl(m);
Map<String, Cookie> cookies = headers.getCookies();
@@ -99,15 +106,24 @@ public abstract class AbstractServicePro
return false;
}
String contextKey = securityContextCookie.getValue();
- ResponseState responseState = stateProvider.getResponseState(contextKey);
+ ResponseState responseState = getStateProvider().getResponseState(contextKey);
if (responseState == null) {
reportError("MISSING_RESPONSE_STATE");
return false;
}
- long stateCreatedAt = responseState.getCreatedAt();
- if (new Date().after(new Date(stateCreatedAt + stateTimeToLive))) {
+ if (isStateExpired(responseState.getCreatedAt())) {
reportError("EXPIRED_RESPONSE_STATE");
- stateProvider.removeResponseState(contextKey);
+ getStateProvider().removeResponseState(contextKey);
+ return false;
+ }
+ Cookie relayStateCookie = cookies.get(SSOConstants.RELAY_STATE);
+ if (relayStateCookie == null) {
+ reportError("MISSING_RELAY_COOKIE");
+ return false;
+ }
+ String originalRelayState = responseState.getRelayState();
+ if (!originalRelayState.equals(relayStateCookie.getValue())) {
+ reportError("INVALID_RELAY_STATE");
return false;
}
//TODO: use ResponseState to set up a proper SecurityContext
@@ -117,7 +133,7 @@ public abstract class AbstractServicePro
protected AuthnRequest createAuthnRequest(Message m, Document doc) throws Exception {
Issuer issuer =
- SamlpRequestComponentBuilder.createIssuer(issuerId);
+ SamlpRequestComponentBuilder.createIssuer(getIssuerId(m));
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(
true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "Issuer"
@@ -169,16 +185,21 @@ public abstract class AbstractServicePro
SamlRequestInfo info = new SamlRequestInfo();
info.setEncodedSamlRequest(authnRequestEncoded);
+ String httpBasePath = (String)m.get("http.base.path");
+ String webAppContext = URI.create(httpBasePath).getRawPath();
String originalRequestURI = (String)m.get(Message.REQUEST_URI);
+
RequestState requestState = new RequestState(originalRequestURI,
- idpServiceAddress,
+ getIdpServiceAddress(),
authnRequest.getID(),
- issuerId,
+ getIssuerId(m),
+ webAppContext,
System.currentTimeMillis());
String relayState = UUID.randomUUID().toString();
- stateProvider.setRequestState(relayState, requestState);
+ getStateProvider().setRequestState(relayState, requestState);
info.setRelayState(relayState);
+ info.setWebAppContext(webAppContext);
return info;
}
@@ -206,13 +227,5 @@ public abstract class AbstractServicePro
new org.apache.cxf.common.i18n.Message(code, BUNDLE);
LOG.warning(errorMsg.toString());
}
-
- public void setStateTimeToLive(long stateTime) {
- this.stateTimeToLive = stateTime;
- }
-
- public void setStateProvider(SPStateManager provider) {
- this.stateProvider = provider;
- }
-
+
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/Messages.properties Thu May 3 11:42:58 2012
@@ -20,4 +20,6 @@
#
MISSING_ASSERTION_SERVICE_URL=RequestAssertionConsumerService URI is not set
MISSING_RESPONSE_STATE=Response State is not available
+MISSING_RELAY_COOKIE=RelayState cookie is not available
+INVALID_RELAY_STATE=RelayState is invalid
EXPIRED_RESPONSE_STATE=Response State has expired
\ No newline at end of file
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlPostBindingFilter.java Thu May 3 11:42:58 2012
@@ -38,6 +38,10 @@ public class SamlPostBindingFilter exten
// in the XHTML form using SamlResponseInfo
// in principle we could've built the XHTML form right here
// but it will be cleaner to get that done in JSP
+
+ // Note the view handler will also need to set a RelayState
+ // cookie
+
return Response.ok(info)
.type("text/html")
.build();
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java Thu May 3 11:42:58 2012
@@ -39,9 +39,14 @@ public class SamlRedirectBindingFilter e
ub.queryParam(SSOConstants.SAML_REQUEST, info.getEncodedSamlRequest());
ub.queryParam(SSOConstants.RELAY_STATE, info.getRelayState());
+ String contextCookie = createCookie(SSOConstants.RELAY_STATE,
+ info.getRelayState(),
+ info.getWebAppContext());
+
return Response.seeOther(ub.build())
.header(HttpHeaders.CACHE_CONTROL, "no-store")
.header("Pragma", "no-cache")
+ .header("Set-Cookie", contextCookie)
.build();
} catch (Exception ex) {
throw new WebApplicationException(ex);
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java Thu May 3 11:42:58 2012
@@ -22,6 +22,7 @@ public class SamlRequestInfo {
private String encodedSamlRequest;
private String relayState;
private String idpServiceAddress;
+ private String webAppContext;
public void setEncodedSamlRequest(String encodedSaml) {
this.encodedSamlRequest = encodedSaml;
@@ -41,4 +42,10 @@ public class SamlRequestInfo {
public String getIdpServiceAddress() {
return idpServiceAddress;
}
+ public void setWebAppContext(String webAppContext) {
+ this.webAppContext = webAppContext;
+ }
+ public String getWebAppContext() {
+ return webAppContext;
+ }
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java Thu May 3 11:42:58 2012
@@ -49,10 +49,6 @@ public class MemorySPStateManager implem
return requestStateMap.remove(relayState);
}
- public RequestState getRequestState(String relayState) {
- return requestStateMap.get(relayState);
- }
-
public void close() {
// complete
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java Thu May 3 11:42:58 2012
@@ -24,17 +24,20 @@ public class RequestState {
private String idpServiceAddress;
private String samlRequestId;
private String issuerId;
+ private String webAppContext;
private long createdAt;
public RequestState(String targetAddress,
String idpServiceAddress,
String samlRequestId,
String issuerId,
+ String webAppContext,
long createdAt) {
this.targetAddress = targetAddress;
this.idpServiceAddress = idpServiceAddress;
this.samlRequestId = samlRequestId;
this.issuerId = issuerId;
+ this.webAppContext = webAppContext;
this.createdAt = createdAt;
}
@@ -57,4 +60,8 @@ public class RequestState {
public long getCreatedAt() {
return createdAt;
}
+
+ public String getWebAppContext() {
+ return webAppContext;
+ }
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java Thu May 3 11:42:58 2012
@@ -20,13 +20,19 @@ package org.apache.cxf.rs.security.saml.
public class ResponseState {
+ private String relayState;
private long createdAt;
- public ResponseState(long createdAt) {
+ public ResponseState(String relayState, long createdAt) {
+ this.relayState = relayState;
this.createdAt = createdAt;
}
public long getCreatedAt() {
return createdAt;
}
+
+ public String getRelayState() {
+ return relayState;
+ }
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java?rev=1333408&r1=1333407&r2=1333408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java Thu May 3 11:42:58 2012
@@ -31,7 +31,6 @@ package org.apache.cxf.rs.security.saml.
public interface SPStateManager {
void setRequestState(String relayState, RequestState state);
- RequestState getRequestState(String relayState);
RequestState removeRequestState(String relayState);
void setResponseState(String contextKey, ResponseState state);