You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/05/15 14:17:50 UTC
svn commit: r1338666 - in
/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso:
./ filter/ state/
Author: sergeyb
Date: Tue May 15 12:17:49 2012
New Revision: 1338666
URL: http://svn.apache.org/viewvc?rev=1338666&view=rev
Log:
Optional support for the cookie domains for sso tokens
Modified:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java Tue May 15 12:17:49 2012
@@ -30,15 +30,27 @@ public class AbstractSSOSpHandler {
private SPStateManager stateProvider;
private long stateTimeToLive = SSOConstants.DEFAULT_STATE_TIME;
- protected String createCookie(String name, String value, String path) {
+ //TODO: support attaching a signature to the cookie value
+ protected String createCookie(String name,
+ String value,
+ String path,
+ String domain) {
String contextCookie = name + "=" + value;
- // Make sure all the SP application filters can get this token;
- // Path property should be enough for a single container, Domain
- // property may need to be used for more complex environments
+ // Setting a specific path restricts the browsers
+ // to return a cookie only to the web applications
+ // listening on that specific context path
if (path != null) {
contextCookie += ";Path=" + path;
}
+
+ // Setting a specific domain further restricts the browsers
+ // to return a cookie only to the web applications
+ // listening on the specific context path within a particular domain
+ if (domain != null) {
+ contextCookie += ";Domain=" + domain;
+ }
+
// Keep the cookie across the browser restarts until it actually expires.
// Note that the Expires property has been deprecated but apparently is
// supported better than 'max-age' property by different browsers
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java Tue May 15 12:17:49 2012
@@ -121,7 +121,8 @@ public class RequestAssertionConsumerSer
String contextCookie = createCookie(SSOConstants.SECURITY_CONTEXT_TOKEN,
securityContextKey,
- requestState.getWebAppContext());
+ requestState.getWebAppContext(),
+ requestState.getWebAppDomain());
// Finally, redirect to the service provider endpoint
return Response.seeOther(targetURI).header("Set-Cookie", contextCookie).build();
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/AbstractServiceProviderFilter.java Tue May 15 12:17:49 2012
@@ -70,6 +70,7 @@ public abstract class AbstractServicePro
private String idpServiceAddress;
private String issuerId;
private String assertionConsumerServiceAddress;
+ private String webAppDomain;
public void setAssertionConsumerServiceAddress(
String assertionConsumerServiceAddress) {
@@ -194,12 +195,14 @@ public abstract class AbstractServicePro
authnRequest.getID(),
getIssuerId(m),
webAppContext,
+ getWebAppDomain(),
System.currentTimeMillis());
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
getStateProvider().setRequestState(relayState, requestState);
info.setRelayState(relayState);
info.setWebAppContext(webAppContext);
+ info.setWebAppDomain(getWebAppDomain());
return info;
}
@@ -227,5 +230,13 @@ public abstract class AbstractServicePro
new org.apache.cxf.common.i18n.Message(code, BUNDLE);
LOG.warning(errorMsg.toString());
}
+
+ public String getWebAppDomain() {
+ return webAppDomain;
+ }
+
+ public void setWebAppDomain(String webAppDomain) {
+ this.webAppDomain = webAppDomain;
+ }
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRedirectBindingFilter.java Tue May 15 12:17:49 2012
@@ -41,7 +41,8 @@ public class SamlRedirectBindingFilter e
String contextCookie = createCookie(SSOConstants.RELAY_STATE,
info.getRelayState(),
- info.getWebAppContext());
+ info.getWebAppContext(),
+ info.getWebAppDomain());
return Response.seeOther(ub.build())
.header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store")
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/filter/SamlRequestInfo.java Tue May 15 12:17:49 2012
@@ -23,6 +23,7 @@ public class SamlRequestInfo {
private String relayState;
private String idpServiceAddress;
private String webAppContext;
+ private String webAppDomain;
public void setEncodedSamlRequest(String encodedSaml) {
this.encodedSamlRequest = encodedSaml;
@@ -48,4 +49,10 @@ public class SamlRequestInfo {
public String getWebAppContext() {
return webAppContext;
}
+ public String getWebAppDomain() {
+ return webAppDomain;
+ }
+ public void setWebAppDomain(String webAppDomain) {
+ this.webAppDomain = webAppDomain;
+ }
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java?rev=1338666&r1=1338665&r2=1338666&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java Tue May 15 12:17:49 2012
@@ -25,6 +25,7 @@ public class RequestState {
private String samlRequestId;
private String issuerId;
private String webAppContext;
+ private String webAppDomain;
private long createdAt;
public RequestState(String targetAddress,
@@ -32,12 +33,14 @@ public class RequestState {
String samlRequestId,
String issuerId,
String webAppContext,
+ String webAppDomain,
long createdAt) {
this.targetAddress = targetAddress;
this.idpServiceAddress = idpServiceAddress;
this.samlRequestId = samlRequestId;
this.issuerId = issuerId;
this.webAppContext = webAppContext;
+ this.webAppDomain = webAppDomain;
this.createdAt = createdAt;
}
@@ -64,4 +67,8 @@ public class RequestState {
public String getWebAppContext() {
return webAppContext;
}
+
+ public String getWebAppDomain() {
+ return webAppDomain;
+ }
}