You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2012/04/28 21:54:04 UTC
svn commit: r1331814 - in /cxf/fediz/trunk:
fediz-core/src/main/java/org/apache/cxf/fediz/core/
fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/
fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/
Author: owulff
Date: Sat Apr 28 19:54:03 2012
New Revision: 1331814
URL: http://svn.apache.org/viewvc?rev=1331814&view=rev
Log:
Type of claim value changed to Object
Modified:
cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java
cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java
cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Modified: cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java?rev=1331814&r1=1331813&r2=1331814&view=diff
==============================================================================
--- cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java (original)
+++ cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java Sat Apr 28 19:54:03 2012
@@ -54,7 +54,7 @@ public class Claim implements Serializab
private String issuer;
private String originalIssuer;
private Principal principal;
- private String value;
+ private Object value;
private URI namespace = ClaimTypes.URI_BASE;
public URI getNamespace() {
@@ -97,11 +97,11 @@ public class Claim implements Serializab
this.principal = principal;
}
- public void setValue(String value) {
+ public void setValue(Object value) {
this.value = value;
}
- public String getValue() {
+ public Object getValue() {
return value;
}
Modified: cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java?rev=1331814&r1=1331813&r2=1331814&view=diff
==============================================================================
--- cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java (original)
+++ cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java Sat Apr 28 19:54:03 2012
@@ -35,6 +35,7 @@ public class FederationConfiguration {
private boolean detectReplayedTokens = true;
private long tokenReplayCacheExpirationTime = 0;
private boolean detectExpiredTokens = true;
+ private String relativePath;
//[TODO] TokenReplayCacheExpirationPeriod
//[TODO] DetectReplayedTokens
@@ -119,5 +120,11 @@ public class FederationConfiguration {
public String getTrustStorePassword() {
return trustStorePassword;
}
+ public void setRelativePath(String relativePath) {
+ this.relativePath = relativePath;
+ }
+ public String getRelativePath() {
+ return relativePath;
+ }
}
Modified: cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1331814&r1=1331813&r2=1331814&view=diff
==============================================================================
--- cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java (original)
+++ cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java Sat Apr 28 19:54:03 2012
@@ -19,11 +19,12 @@ package org.apache.cxf.fediz.core.saml;
import java.io.IOException;
import java.net.URI;
-import java.net.URISyntaxException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
@@ -74,9 +75,15 @@ public class SAMLTokenValidator implemen
FederationContext config) {
try {
-
+ String trustStoreFile = config.getTrustStoreFile();
+ /*
+ File f = new File(trustStoreFile);
+ if (!f.exists() && config.getRelativePath() != null && !config.getRelativePath().isEmpty()) {
+ trustStoreFile = config.getRelativePath().concat(File.separator + config.getTrustStoreFile());
+ }
+ */
Properties sigProperties = createCryptoProviderProperties(
- config.getTrustStoreFile(), config.getTrustStorePassword());
+ trustStoreFile, config.getTrustStorePassword());
Crypto sigCrypto = CryptoFactory.getInstance(sigProperties);
RequestData requestData = new RequestData();
@@ -145,10 +152,19 @@ public class SAMLTokenValidator implemen
URI claimURI = URI.create(c.getNamespace() + "/"
+ c.getClaimType());
if (roleURI.equals(claimURI)) {
- if (delim == null) {
- delim = ",";
+ Object oValue = c.getValue();
+ if (oValue instanceof String) {
+ if (delim == null) {
+ roles = Collections.singletonList((String)oValue);
+ } else {
+ roles = parseRoles((String)oValue, delim);
+ }
+ } else if (oValue instanceof List<?>) {
+ List<String> values = (List<String>)oValue;
+ roles = Collections.unmodifiableList(values);
+ } else {
+ throw new IllegalStateException("Invalid value type of Claim value");
}
- roles = parseRoles(c.getValue(), delim);
claims.remove(c);
break;
}
@@ -180,6 +196,8 @@ public class SAMLTokenValidator implemen
return Collections.emptyList();
}
ClaimCollection collection = new ClaimCollection();
+ Map<String,Claim> claimsMap = new HashMap<String,Claim>();
+
for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) {
if (LOG.isDebugEnabled()) {
@@ -196,28 +214,24 @@ public class SAMLTokenValidator implemen
Claim c = new Claim();
c.setIssuer(assertion.getIssuer());
c.setClaimType(URI.create(attribute.getAttributeName()));
- try {
- c.setClaimType(new URI(attribute.getAttributeName()));
- } catch (URISyntaxException e) {
- LOG.warn("Invalid attribute name in attributestatement: "
- + e.getMessage());
- continue;
- }
+ List<String> valueList = new ArrayList<String>();
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
if (LOG.isDebugEnabled()) {
LOG.debug(" [" + value + "]");
}
- c.setValue(value);
- collection.add(c);
- break;
+ valueList.add(value);
}
+ mergeClaimToMap(claimsMap, c, valueList);
}
}
+ collection.addAll(claimsMap.values());
return collection;
}
+
+
protected List<Claim> parseClaimsInAssertion(
org.opensaml.saml2.core.Assertion assertion) {
List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = assertion
@@ -230,6 +244,7 @@ public class SAMLTokenValidator implemen
}
List<Claim> collection = new ArrayList<Claim>();
+ Map<String,Claim> claimsMap = new HashMap<String,Claim>();
for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) {
if (LOG.isDebugEnabled()) {
@@ -244,22 +259,53 @@ public class SAMLTokenValidator implemen
Claim c = new Claim();
c.setClaimType(URI.create(attribute.getName()));
c.setIssuer(assertion.getIssuer().getNameQualifier());
+
+ List<String> valueList = new ArrayList<String>();
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
if (LOG.isDebugEnabled()) {
LOG.debug(" [" + value + "]");
}
- c.setValue(value);
- collection.add(c);
- break;
+ valueList.add(value);
}
+ mergeClaimToMap(claimsMap, c, valueList);
}
}
+ collection.addAll(claimsMap.values());
return collection;
}
+ protected void mergeClaimToMap(Map<String, Claim> claimsMap, Claim c,
+ List<String> valueList) {
+ Claim t = claimsMap.get(c.getClaimType().toString());
+ if (t != null) {
+ //same SAML attribute already processed. Thus Claim object already created.
+ Object oValue = t.getValue();
+ if (oValue instanceof String) {
+ //one child element AttributeValue only
+ List<String> values = new ArrayList<String>();
+ values.add((String)oValue); //add existing value
+ values.addAll(valueList);
+ } else if (oValue instanceof List<?>) {
+ //more than one child element AttributeValue
+ List<String> values = (List<String>)oValue;
+ values.addAll(valueList);
+ } else {
+ throw new IllegalStateException("Invalid value type of Claim value");
+ }
+ } else {
+ if (valueList.size() == 1) {
+ c.setValue(valueList.get(0));
+ } else {
+ c.setValue(valueList);
+ }
+ // Add claim to map
+ claimsMap.put(c.getClaimType().toString(), c);
+ }
+ }
+
protected List<String> parseRoles(String value, String delim) {
List<String> roles = new ArrayList<String>();
StringTokenizer st = new StringTokenizer(value, delim);
Modified: cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java?rev=1331814&r1=1331813&r2=1331814&view=diff
==============================================================================
--- cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java (original)
+++ cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java Sat Apr 28 19:54:03 2012
@@ -88,6 +88,7 @@ public class FederationAuthenticator ext
}
configurator = new FederationConfigurator();
configurator.loadConfig(f);
+ log.debug("Fediz configuration read from " + f.getAbsolutePath());
} catch (JAXBException e) {
throw new LifecycleException("Failed to load Fediz configuration",
e);
@@ -100,11 +101,9 @@ public class FederationAuthenticator ext
if (configurator == null) {
throw new IllegalStateException("No Fediz configuration available");
}
- FederationContext config = configurator
- .getFederationContext(contextName);
+ FederationContext config = configurator.getFederationContext(contextName);
if (config == null) {
- throw new IllegalStateException(
- "No Fediz configuration for context :" + contextName);
+ throw new IllegalStateException("No Fediz configuration for context :" + contextName);
}
return config;
}
@@ -406,15 +405,14 @@ public class FederationAuthenticator ext
}
/**
- * Called to redirect to the login page
+ * Called to redirect to the IDP/Issuer
*
* @param request
* Request we are processing
* @param response
* Response we are populating
- * @param config
- * Login configuration describing how authentication should be
- * performed
+ * @param processor
+ * FederationProcessor
* @throws IOException
* If the forward to the login page fails and the call to
* {@link HttpServletResponse#sendError(int, String)} throws an