You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/04/11 16:44:59 UTC
[2/3] cxf-fediz git commit: [FEDIZ-163] - Default to disabling
Deflate Encoding for the SAML SSO response
[FEDIZ-163] - Default to disabling Deflate Encoding for the SAML SSO response
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/768a3855
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/768a3855
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/768a3855
Branch: refs/heads/master
Commit: 768a38556dc08051e1bf0f83cce5497bf7fcb0e1
Parents: 8de90b1
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Apr 11 15:29:03 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Apr 11 15:44:42 2016 +0100
----------------------------------------------------------------------
.../idp/beans/samlsso/AuthnRequestParser.java | 14 +++++++------
.../idp/beans/samlsso/SamlResponseCreator.java | 2 +-
.../beans/samlsso/SamlResponseErrorCreator.java | 2 +-
.../cxf/fediz/samlsso/example/SamlSso.java | 22 +++++++++++++-------
.../src/test/resources/entities-realma.xml | 2 --
.../apache/cxf/fediz/systests/idp/IdpTest.java | 10 ++++++---
6 files changed, 32 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/768a3855/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
index c36f3d9..8a09b03 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
@@ -46,11 +46,11 @@ import org.springframework.webflow.execution.RequestContext;
public class AuthnRequestParser {
private static final Logger LOG = LoggerFactory.getLogger(AuthnRequestParser.class);
- private boolean supportDeflateEncoding = true;
+ private boolean supportDeflateEncoding;
public void parseSAMLRequest(RequestContext context, Idp idp, String samlRequest) throws ProcessingException {
LOG.debug("Received SAML Request: {}", samlRequest);
-
+
AuthnRequest parsedRequest = null;
if (samlRequest == null) {
WebUtils.removeAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
@@ -59,7 +59,7 @@ public class AuthnRequestParser {
(AuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (parsedRequest == null) {
try {
- parsedRequest = extractRequest(samlRequest);
+ parsedRequest = extractRequest(context, samlRequest);
WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, parsedRequest);
LOG.debug("SAML Request with id '{}' successfully parsed", parsedRequest.getID());
} catch (Exception ex) {
@@ -135,10 +135,12 @@ public class AuthnRequestParser {
return false;
}
- private AuthnRequest extractRequest(String samlRequest) throws Exception {
+ protected AuthnRequest extractRequest(RequestContext context, String samlRequest) throws Exception {
byte[] deflatedToken = Base64Utility.decode(samlRequest);
- InputStream tokenStream = supportDeflateEncoding
- ? new DeflateEncoderDecoder().inflateToken(deflatedToken)
+ String httpMethod = WebUtils.getHttpServletRequest(context).getMethod();
+
+ InputStream tokenStream = supportDeflateEncoding || "GET".equals(httpMethod)
+ ? new DeflateEncoderDecoder().inflateToken(deflatedToken)
: new ByteArrayInputStream(deflatedToken);
Document responseDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/768a3855/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
index a9aadf5..3bc36ea 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
@@ -64,7 +64,7 @@ import org.springframework.webflow.execution.RequestContext;
public class SamlResponseCreator {
private static final Logger LOG = LoggerFactory.getLogger(SamlResponseCreator.class);
- private boolean supportDeflateEncoding = true;
+ private boolean supportDeflateEncoding;
public String createSAMLResponse(RequestContext context, Idp idp, Element rpToken,
String consumerURL, String requestId, String requestIssuer)
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/768a3855/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
index 24b21f4..ce257e0 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
@@ -46,7 +46,7 @@ import org.springframework.webflow.execution.RequestContext;
public class SamlResponseErrorCreator {
private static final Logger LOG = LoggerFactory.getLogger(SamlResponseErrorCreator.class);
- private boolean supportDeflateEncoding = true;
+ private boolean supportDeflateEncoding;
public String createSAMLResponse(RequestContext context, boolean requestor,
Idp idp, String requestID) throws ProcessingException {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/768a3855/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
index 4d62d87..34db1cd 100644
--- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
+++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
@@ -20,6 +20,7 @@
package org.apache.cxf.fediz.samlsso.example;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
@@ -100,9 +101,10 @@ public class SamlSso {
// Create the response
Element response = createResponse(request.getID(), racs, requestIssuer);
- String responseStr = encodeResponse(response);
+ boolean redirect = "REDIRECT".equals(binding);
+ String responseStr = encodeResponse(response, redirect);
- if ("REDIRECT".equals(binding)) {
+ if (redirect) {
return redirectResponse(relayState, racs, responseStr);
} else {
return postBindingResponse(relayState, racs, responseStr);
@@ -164,19 +166,25 @@ public class SamlSso {
return policyElement;
}
- protected String encodeResponse(Element response) throws IOException {
+ protected String encodeResponse(Element response, boolean redirect) throws IOException {
String responseMessage = DOM2Writer.nodeToString(response);
System.out.println("RESP: " + responseMessage);
- DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
- byte[] deflatedBytes = encoder.deflateToken(responseMessage.getBytes("UTF-8"));
+ byte[] deflatedBytes = null;
+ if (redirect) {
+ DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
+ deflatedBytes = encoder.deflateToken(responseMessage.getBytes("UTF-8"));
+ } else {
+ deflatedBytes = responseMessage.getBytes("UTF-8");
+ }
return Base64Utility.encode(deflatedBytes);
}
- protected AuthnRequest extractRequest(String samlRequest) throws Base64Exception, DataFormatException,
- XMLStreamException, UnsupportedEncodingException, WSSecurityException {
+ protected AuthnRequest extractRequest(String samlRequest) throws Base64Exception,
+ DataFormatException, XMLStreamException, UnsupportedEncodingException, WSSecurityException {
byte[] deflatedToken = Base64Utility.decode(samlRequest);
+
InputStream tokenStream = new DeflateEncoderDecoder().inflateToken(deflatedToken);
Document responseDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/768a3855/systests/federation/samlsso/src/test/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/entities-realma.xml b/systests/federation/samlsso/src/test/resources/entities-realma.xml
index 83cc384..d6965d0 100644
--- a/systests/federation/samlsso/src/test/resources/entities-realma.xml
+++ b/systests/federation/samlsso/src/test/resources/entities-realma.xml
@@ -118,7 +118,6 @@
<property name="parameters">
<util:map>
<entry key="sign.request" value="true" />
- <entry key="support.deflate.encoding" value="true" />
</util:map>
</property>
</bean>
@@ -138,7 +137,6 @@
<property name="parameters">
<util:map>
<entry key="sign.request" value="true" />
- <entry key="support.deflate.encoding" value="true" />
</util:map>
</property>
</bean>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/768a3855/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 3c34f55..6a4df36 100644
--- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.systests.idp;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@@ -254,7 +255,10 @@ public class IdpTest {
signAuthnRequest(authnRequest);
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
- String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
+
+ // Don't inflate the token...
+ String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
+ String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8"));
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up";
@@ -587,7 +591,7 @@ public class IdpTest {
// Don't inflate the token...
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
- String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8"));
+ String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8"));
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
@@ -698,7 +702,7 @@ public class IdpTest {
// Decode + verify response
byte[] deflatedToken = Base64Utility.decode(samlResponse);
- InputStream inputStream = new DeflateEncoderDecoder().inflateToken(deflatedToken);
+ InputStream inputStream = new ByteArrayInputStream(deflatedToken);
Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));