You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/13 11:36:28 UTC
[12/18] cxf-fediz git commit: Whitespace cleanup
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
index 19573c6..18add14 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
@@ -95,20 +95,20 @@ public class SAMLResponseTest {
static final String TEST_REQUEST_URI = "/fedizhelloworld";
static final String TEST_IDP_ISSUER = "http://url_to_the_issuer";
static final String TEST_CLIENT_ADDRESS = "https://127.0.0.1";
-
+
private static final String CONFIG_FILE = "fediz_test_config_saml.xml";
-
+
private static Crypto crypto;
private static CallbackHandler cbPasswordHandler;
private static FedizConfigurator configurator;
private static DocumentBuilderFactory docBuilderFactory;
-
+
static {
docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
}
-
-
+
+
@BeforeClass
public static void init() {
try {
@@ -121,12 +121,12 @@ public class SAMLResponseTest {
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -144,7 +144,7 @@ public class SAMLResponseTest {
return null;
}
}
-
+
/**
* Successfully validate a SAMLResponse
*/
@@ -152,9 +152,9 @@ public class SAMLResponseTest {
public void validateSAMLResponse() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -164,24 +164,24 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
String responseStr = createSamlResponseStr(requestId);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -190,7 +190,7 @@ public class SAMLResponseTest {
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
assertClaims(wfRes.getClaims(), FedizConstants.DEFAULT_ROLE_URI.toString());
}
-
+
/**
* Validate SAMLResponse with a Response without an internal token parameter
*/
@@ -198,9 +198,9 @@ public class SAMLResponseTest {
public void validateResponseWithoutToken() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -210,20 +210,20 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
Document doc = STSUtil.toSOAPPart(SAMLSSOTestUtils.SAMPLE_EMPTY_SAML_RESPONSE);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(DOM2Writer.nodeToString(doc));
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -234,14 +234,14 @@ public class SAMLResponseTest {
}
}
}
-
+
@org.junit.Test
public void testMissingRelayState() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
requestId,
@@ -250,20 +250,20 @@ public class SAMLResponseTest {
null,
null,
System.currentTimeMillis());
-
+
// Create SAML Response
String responseStr = createSamlResponseStr(requestId);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -274,7 +274,7 @@ public class SAMLResponseTest {
}
}
}
-
+
/**
* Validate SAML 1 token (this is not allowed / supported)
*/
@@ -326,7 +326,7 @@ public class SAMLResponseTest {
}
}
}
-
+
/**
* Validate SAML 2 token which doesn't include the role SAML attribute
*/
@@ -334,9 +334,9 @@ public class SAMLResponseTest {
public void validateSAML2TokenWithoutRoles() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -346,7 +346,7 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -355,31 +355,31 @@ public class SAMLResponseTest {
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
callbackHandler.setRoles(null);
-
+
String responseStr = createSamlResponseStr(callbackHandler, requestId);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
Assert.assertEquals("No roles must be found", null, wfRes.getRoles());
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
}
-
-
+
+
/**
* Validate SAML 2 token where role information is provided
* within another SAML attribute
@@ -433,7 +433,7 @@ public class SAMLResponseTest {
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 2 token which includes role attribute
* but RoleURI is not configured
@@ -487,8 +487,8 @@ public class SAMLResponseTest {
Assert.assertEquals("Two roles must be found", null, wfRes.getRoles());
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
}
-
-
+
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* Roles are encoded as a multiple saml attributes with the same name
@@ -598,7 +598,7 @@ public class SAMLResponseTest {
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* The configured subject of the trusted issuer doesn't match with
@@ -634,7 +634,7 @@ public class SAMLResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -642,7 +642,7 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
@@ -668,7 +668,7 @@ public class SAMLResponseTest {
// expected
}
}
-
+
/**
* Validate SAML 2 token twice which causes an exception
* due to replay attack
@@ -718,7 +718,7 @@ public class SAMLResponseTest {
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
-
+
wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -729,7 +729,7 @@ public class SAMLResponseTest {
}
}
}
-
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* The configured subject of the trusted issuer doesn't match with
@@ -775,7 +775,7 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -828,14 +828,14 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
.size());
}
-
+
/**
* Validate SAML 2 token which is expired
*/
@@ -863,7 +863,7 @@ public class SAMLResponseTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
DateTime currentTime = new DateTime();
currentTime = currentTime.minusSeconds(60);
@@ -875,7 +875,7 @@ public class SAMLResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -883,13 +883,13 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
@@ -911,7 +911,7 @@ public class SAMLResponseTest {
}
}
}
-
+
/**
* Validate SAML 2 token which is not yet valid (in 30 seconds)
* but within the maximum clock skew range (60 seconds)
@@ -941,7 +941,7 @@ public class SAMLResponseTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
DateTime currentTime = new DateTime();
currentTime = currentTime.plusSeconds(300);
@@ -953,7 +953,7 @@ public class SAMLResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -961,13 +961,13 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
@@ -981,7 +981,7 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -1038,7 +1038,7 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -1088,7 +1088,7 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -1096,14 +1096,14 @@ public class SAMLResponseTest {
.size());
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
}
-
+
@org.junit.Test
public void testModifiedSignature() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -1113,7 +1113,7 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -1121,13 +1121,13 @@ public class SAMLResponseTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -1135,11 +1135,11 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
WSPasswordCallback[] cb = {
new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE)
};
@@ -1156,21 +1156,21 @@ public class SAMLResponseTest {
"urn:oasis:names:tc:SAML:2.0:status:Success", null
);
Response response =
- SAML2PResponseComponentBuilder.createSAMLResponse(requestId,
- assertion.getIssuerString(),
+ SAML2PResponseComponentBuilder.createSAMLResponse(requestId,
+ assertion.getIssuerString(),
status);
response.getAssertions().add(assertion.getSaml2());
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
-
- NodeList assertionNodes =
+
+ NodeList assertionNodes =
policyElement.getElementsByTagNameNS(WSConstants.SAML2_NS, "Assertion");
Assert.assertTrue(assertionNodes != null && assertionNodes.getLength() == 1);
-
+
Element assertionElement = (Element)assertionNodes.item(0);
-
+
// Change IssueInstant attribute
String issueInstance = assertionElement.getAttributeNS(null, "IssueInstant");
DateTime issueDateTime = new DateTime(issueInstance, DateTimeZone.UTC);
@@ -1178,18 +1178,18 @@ public class SAMLResponseTest {
assertionElement.setAttributeNS(null, "IssueInstant", issueDateTime.toString());
String responseStr = encodeResponse(policyElement);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -1198,14 +1198,14 @@ public class SAMLResponseTest {
// expected
}
}
-
+
@org.junit.Test
public void testTrustFailure() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("CLIENT_TRUST");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -1215,21 +1215,21 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
String responseStr = createSamlResponseStr(requestId);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -1238,7 +1238,7 @@ public class SAMLResponseTest {
// expected
}
}
-
+
private String createSamlResponseStr(String requestId) throws Exception {
// Create SAML Assertion
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1247,10 +1247,10 @@ public class SAMLResponseTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
return createSamlResponseStr(callbackHandler, requestId);
}
-
+
private String createSamlResponseStr(AbstractSAMLCallbackHandler saml2CallbackHandler,
String requestId) throws Exception {
ConditionsBean cp = new ConditionsBean();
@@ -1258,7 +1258,7 @@ public class SAMLResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
saml2CallbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -1266,15 +1266,15 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
saml2CallbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(saml2CallbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId);
return encodeResponse(response);
}
-
- private Element createSamlResponse(SamlAssertionWrapper assertion, String alias,
+
+ private Element createSamlResponse(SamlAssertionWrapper assertion, String alias,
boolean sign, String requestID)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
WSPasswordCallback[] cb = {
@@ -1286,7 +1286,7 @@ public class SAMLResponseTest {
if (sign) {
assertion.signAssertion(alias, password, crypto, false);
}
-
+
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
@@ -1295,8 +1295,8 @@ public class SAMLResponseTest {
"urn:oasis:names:tc:SAML:2.0:status:Success", null
);
Response response =
- SAML2PResponseComponentBuilder.createSAMLResponse(requestID,
- assertion.getIssuerString(),
+ SAML2PResponseComponentBuilder.createSAMLResponse(requestID,
+ assertion.getIssuerString(),
status);
response.getAssertions().add(assertion.getSaml2());
@@ -1306,14 +1306,14 @@ public class SAMLResponseTest {
return policyElement;
}
-
-
+
+
/**
* Returns the first element that matches <code>name</code> and
* <code>namespace</code>. <p/> This is a replacement for a XPath lookup
* <code>//name</code> with the given namespace. It's somewhat faster than
* XPath, and we do not deal with prefixes, just with the real namespace URI
- *
+ *
* @param startNode Where to start the search
* @param name Local name of the element
* @param namespace Namespace URI of the element
@@ -1368,14 +1368,14 @@ public class SAMLResponseTest {
private void assertClaims(List<Claim> claims, String roleClaimType) {
for (Claim c : claims) {
- Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
+ Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
c.getClaimType().equals(roleClaimType)
|| c.getClaimType().equals(ClaimTypes.COUNTRY)
|| c.getClaimType().equals(AbstractSAMLCallbackHandler.CLAIM_TYPE_LANGUAGE)
);
}
}
-
+
private String encodeResponse(Element response) throws IOException {
String responseMessage = DOM2Writer.nodeToString(response);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
index 842dcd8..18850a0 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
@@ -21,9 +21,9 @@ package org.apache.cxf.fediz.core.samlsso;
public final class SAMLSSOTestUtils {
-
-
- public static final String SAMPLE_EMPTY_SAML_RESPONSE =
+
+
+ public static final String SAMPLE_EMPTY_SAML_RESPONSE =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<saml2p:Response ID=\"c4b78949-d52e-4ae0-ad44-04ef58fe1ca8\" "
+ "InResponseTo=\"612223b6-fb12-4c40-9a31-9bd94e09a579\" "
@@ -33,9 +33,9 @@ public final class SAMLSSOTestUtils {
+ "http://localhost:12345/idp/samlsso</saml2:Issuer><saml2p:Status>"
+ "<saml2p:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/>"
+ "</saml2p:Status></saml2p:Response>";
-
+
private SAMLSSOTestUtils() {
-
+
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
index 2acffb3..46e9d78 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
@@ -65,25 +65,25 @@ import org.slf4j.LoggerFactory;
@PreMatching
public abstract class AbstractServiceProviderFilter implements ContainerRequestFilter {
-
- public static final String SECURITY_CONTEXT_TOKEN =
+
+ public static final String SECURITY_CONTEXT_TOKEN =
"org.apache.fediz.SECURITY_TOKEN";
- public static final String SECURITY_CONTEXT_STATE =
+ public static final String SECURITY_CONTEXT_STATE =
"org.apache.fediz.SECURITY_CONTEXT_STATE";
-
- protected static final ResourceBundle BUNDLE =
+
+ protected static final ResourceBundle BUNDLE =
BundleUtils.getBundle(AbstractServiceProviderFilter.class);
private static final Logger LOG = LoggerFactory.getLogger(AbstractServiceProviderFilter.class);
-
+
private boolean addWebAppContext = true;
private boolean addEndpointAddressToContext;
-
+
private FedizConfigurator configurator;
private String configFile;
private SPStateManager stateManager;
private long stateTimeToLive = 120000;
private String webAppDomain;
-
+
public String getConfigFile() {
return configFile;
}
@@ -91,7 +91,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
public void setConfigFile(String configFile) {
this.configFile = configFile;
}
-
+
@PostConstruct
public synchronized void configure() throws JAXBException, IOException {
if (configurator == null) {
@@ -102,7 +102,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
try {
File f = new File(actualConfigFile);
if (!f.exists()) {
- URL url = ResourceUtils.getResourceURL(actualConfigFile,
+ URL url = ResourceUtils.getResourceURL(actualConfigFile,
BusFactory.getThreadDefaultBus());
if (url == null) {
url = new URL(actualConfigFile);
@@ -125,12 +125,12 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
throw new IOException(e);
}
}
-
+
if (stateManager == null) {
stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
- }
+ }
}
-
+
@PreDestroy
public synchronized void cleanup() throws IOException {
if (configurator != null) {
@@ -145,21 +145,21 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
}
}
}
-
+
stateManager.close();
}
-
+
protected boolean checkSecurityContext(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) {
HttpHeaders headers = new HttpHeadersImpl(m);
Map<String, Cookie> cookies = headers.getCookies();
-
+
Cookie securityContextCookie = cookies.get(SECURITY_CONTEXT_TOKEN);
-
+
ResponseState responseState = getValidResponseState(securityContextCookie, fedConfig, m);
if (responseState == null) {
- return false;
+ return false;
}
-
+
Cookie relayStateCookie = cookies.get(SECURITY_CONTEXT_STATE);
if (relayStateCookie == null) {
reportError("MISSING_RELAY_COOKIE");
@@ -171,41 +171,41 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
reportError("INVALID_RELAY_STATE");
return false;
}
-
+
// Check to see if a CSRF-style attack is being mounted
String state = getState(fedConfig, params);
if (state != null && !state.equals(responseState.getState())) {
LOG.error("wctx parameter does not match stored value");
throw ExceptionUtils.toForbiddenException(null, null);
}
-
+
// Create SecurityContext
try {
- Element token =
+ Element token =
StaxUtils.read(new StringReader(responseState.getAssertion())).getDocumentElement();
setSecurityContext(responseState, m, token);
} catch (Exception ex) {
reportError("INVALID_RESPONSE_STATE");
return false;
}
-
+
return true;
}
-
+
protected void setSecurityContext(
ResponseState responseState, Message m, Element token
) throws WSSecurityException {
- CXFFedizPrincipal principal =
- new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(),
+ CXFFedizPrincipal principal =
+ new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(),
responseState.getRoles(), token);
-
+
SecurityTokenThreadLocal.setToken(principal.getLoginToken());
- FedizSecurityContext context =
+ FedizSecurityContext context =
new FedizSecurityContext(principal, responseState.getRoles());
m.put(SecurityContext.class, context);
}
-
- protected ResponseState getValidResponseState(Cookie securityContextCookie,
+
+ protected ResponseState getValidResponseState(Cookie securityContextCookie,
FedizContext fedConfig,
Message m) {
if (securityContextCookie == null) {
@@ -218,22 +218,22 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
}
String contextKey = securityContextCookie.getValue();
ResponseState responseState = stateManager.getResponseState(contextKey);
-
+
if (responseState == null) {
reportError("MISSING_RESPONSE_STATE");
return null;
}
-
+
if (CookieUtils.isStateExpired(responseState.getCreatedAt(), fedConfig.isDetectExpiredTokens(),
responseState.getExpiresAt(), getStateTimeToLive())) {
reportError("EXPIRED_RESPONSE_STATE");
stateManager.removeResponseState(contextKey);
return null;
}
-
+
String webAppContext = getWebAppContext(m);
- if (webAppDomain != null
- && (responseState.getWebAppDomain() == null
+ if (webAppDomain != null
+ && (responseState.getWebAppDomain() == null
|| !webAppDomain.equals(responseState.getWebAppDomain()))
|| responseState.getWebAppContext() == null
|| !webAppContext.equals(responseState.getWebAppContext())) {
@@ -247,7 +247,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
}
return responseState;
}
-
+
protected String getState(FedizContext fedConfig, MultivaluedMap<String, String> params) {
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol) {
return params.getFirst(FederationConstants.PARAM_CONTEXT);
@@ -257,7 +257,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
return null;
}
-
+
protected FedizContext getFedizContext(Message message) {
String contextName = getWebAppContext(message);
String[] contextPath = contextName.split("/");
@@ -266,7 +266,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
}
return getContextConfiguration(contextName);
}
-
+
protected synchronized FedizContext getContextConfiguration(String contextName) {
if (configurator == null) {
throw new IllegalStateException("No Fediz configuration available");
@@ -282,21 +282,21 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
return config;
}
-
+
protected void reportError(String code) {
- org.apache.cxf.common.i18n.Message errorMsg =
+ org.apache.cxf.common.i18n.Message errorMsg =
new org.apache.cxf.common.i18n.Message(code, BUNDLE);
LOG.warn(errorMsg.toString());
}
-
+
protected void reportTrace(String code) {
if (LOG.isDebugEnabled()) {
- org.apache.cxf.common.i18n.Message errorMsg =
+ org.apache.cxf.common.i18n.Message errorMsg =
new org.apache.cxf.common.i18n.Message(code, BUNDLE);
LOG.debug(errorMsg.toString());
}
}
-
+
protected String getWebAppContext(Message m) {
if (addWebAppContext) {
if (addEndpointAddressToContext) {
@@ -309,11 +309,11 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
return "/";
}
}
-
+
public void setAddWebAppContext(boolean addWebAppContext) {
this.addWebAppContext = addWebAppContext;
}
-
+
public SPStateManager getStateManager() {
return stateManager;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
index 5a6914e..325de9c 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
@@ -27,12 +27,12 @@ import org.apache.cxf.fediz.core.ClaimCollection;
import org.apache.cxf.fediz.core.FedizPrincipal;
public class CXFFedizPrincipal implements FedizPrincipal {
-
+
private final String subject;
private final List<Claim> claims;
private Element token;
private List<String> roles = Collections.emptyList();
-
+
public CXFFedizPrincipal(String subject, List<Claim> claims, List<String> roles, Element token) {
this.subject = subject;
this.claims = claims;
@@ -56,7 +56,7 @@ public class CXFFedizPrincipal implements FedizPrincipal {
public Element getLoginToken() {
return token;
}
-
+
public List<String> getRoleClaims() {
return Collections.unmodifiableList(roles);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
index a62b97a..5566c52 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -73,18 +73,18 @@ import org.slf4j.LoggerFactory;
public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
implements ContainerResponseFilter {
-
+
private static final Logger LOG = LoggerFactory.getLogger(FedizRedirectBindingFilter.class);
-
- @Context
+
+ @Context
private MessageContext messageContext;
private boolean redirectOnInitialSignIn;
-
+
public void filter(ContainerRequestContext context) {
Message m = JAXRSUtils.getCurrentMessage();
FedizContext fedConfig = getFedizContext(m);
-
+
// See if it is a Metadata request
if (isMetadataRequest(context, fedConfig)) {
return;
@@ -92,7 +92,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
String httpMethod = context.getMethod();
MultivaluedMap<String, String> params = null;
-
+
try {
if (HttpMethod.GET.equals(httpMethod)) {
params = context.getUriInfo().getQueryParameters();
@@ -104,7 +104,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
-
+
// See if it is a Logout request first
if (isLogoutRequest(context, fedConfig, m, params) || isSignoutCleanupRequest(fedConfig, m, params)) {
return;
@@ -119,7 +119,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
throw ExceptionUtils.toBadRequestException(null, null);
}
}
-
+
private void processSignInRequest(ContainerRequestContext context, FedizContext fedConfig,
Message m, MultivaluedMap<String, String> params) {
String responseToken = getResponseToken(fedConfig, params);
@@ -137,7 +137,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
LOG.debug("token=\n" + responseToken);
}
- FedizResponse wfRes =
+ FedizResponse wfRes =
validateSignInRequest(fedConfig, params, responseToken, state);
// Validate AudienceRestriction
@@ -170,12 +170,12 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
String webAppContext = getWebAppContext(m);
- ResponseState responseState =
+ ResponseState responseState =
new ResponseState(token,
- state,
+ state,
webAppContext,
webAppDomain,
- currentTime,
+ currentTime,
expiresAt);
responseState.setClaims(wfRes.getClaims());
responseState.setRoles(roles);
@@ -192,7 +192,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
// Redirect with cookie set
if (isRedirectOnInitialSignIn()) {
- ResponseBuilder response =
+ ResponseBuilder response =
Response.seeOther(new UriInfoImpl(m).getAbsolutePath());
response.header(HttpHeaders.SET_COOKIE, contextCookie);
@@ -206,17 +206,17 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
}
}
}
-
+
}
private void processSignInRequired(ContainerRequestContext context, FedizContext fedConfig) {
// Unauthenticated -> redirect
- FedizProcessor processor =
+ FedizProcessor processor =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
HttpServletRequest request = messageContext.getHttpServletRequest();
try {
- RedirectionResponse redirectionResponse =
+ RedirectionResponse redirectionResponse =
processor.createSignInRequest(request, fedConfig);
String redirectURL = redirectionResponse.getRedirectionURL();
if (redirectURL != null) {
@@ -233,7 +233,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
if (requestState != null && requestState.getState() != null) {
getStateManager().setRequestState(requestState.getState(), requestState);
- String contextCookie =
+ String contextCookie =
CookieUtils.createCookie(SECURITY_CONTEXT_STATE,
requestState.getState(),
request.getRequestURI(),
@@ -251,7 +251,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
-
+
}
private boolean isMetadataRequest(ContainerRequestContext context, FedizContext fedConfig) {
@@ -262,26 +262,26 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
if (LOG.isInfoEnabled()) {
LOG.info("Metadata document requested");
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
try {
HttpServletRequest request = messageContext.getHttpServletRequest();
Document metadata = wfProc.getMetaData(request, fedConfig);
String metadataStr = DOM2Writer.nodeToString(metadata);
-
+
ResponseBuilder response = Response.ok(metadataStr, "text/xml");
context.abortWith(response.build());
return true;
} catch (Exception ex) {
LOG.error("Failed to get metadata document: " + ex.getMessage());
throw ExceptionUtils.toInternalServerErrorException(ex, null);
- }
+ }
}
-
+
return false;
}
-
+
private boolean isLogoutRequest(ContainerRequestContext context, FedizContext fedConfig,
Message message, MultivaluedMap<String, String> params) {
@@ -297,16 +297,16 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
signout = true;
}
}
-
+
if (signout) {
cleanupContext(message);
try {
- FedizProcessor processor =
+ FedizProcessor processor =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
HttpServletRequest request = messageContext.getHttpServletRequest();
- RedirectionResponse redirectionResponse =
+ RedirectionResponse redirectionResponse =
processor.createSignOutRequest(request, null, fedConfig); //TODO
String redirectURL = redirectionResponse.getRedirectionURL();
if (redirectURL != null) {
@@ -327,10 +327,10 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
}
-
+
return false;
}
-
+
private void cleanupContext(Message message) {
HttpHeaders headers = new HttpHeadersImpl(message);
Map<String, Cookie> cookies = headers.getCookies();
@@ -343,7 +343,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
getStateManager().removeRequestState(contextKey);
}
}
-
+
private String getMetadataURI(FedizContext fedConfig) {
if (fedConfig.getProtocol().getMetadataURI() != null) {
return fedConfig.getProtocol().getMetadataURI();
@@ -352,10 +352,10 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
} else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
}
-
+
return FederationConstants.METADATA_PATH_URI;
}
-
+
private boolean isSignInRequired(FedizContext fedConfig, MultivaluedMap<String, String> params) {
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
&& params.getFirst(FederationConstants.PARAM_ACTION) == null) {
@@ -364,11 +364,11 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
&& params.getFirst(SAMLSSOConstants.RELAY_STATE) == null) {
return true;
}
-
+
return false;
}
-
- private boolean isSignInRequest(FedizContext fedConfig, MultivaluedMap<String, String> params) {
+
+ private boolean isSignInRequest(FedizContext fedConfig, MultivaluedMap<String, String> params) {
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
&& FederationConstants.ACTION_SIGNIN.equals(
params.getFirst(FederationConstants.PARAM_ACTION))) {
@@ -377,12 +377,12 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
&& params.getFirst(SAMLSSOConstants.RELAY_STATE) != null) {
return true;
}
-
+
return false;
}
-
- private boolean isSignoutCleanupRequest(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) {
-
+
+ private boolean isSignoutCleanupRequest(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) {
+
boolean signoutCleanup = false;
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
&& FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(
@@ -392,14 +392,14 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
&& params.getFirst(SAMLSSOConstants.RELAY_STATE) != null) {
signoutCleanup = true;
}*/
-
+
if (signoutCleanup) {
if (LOG.isDebugEnabled()) {
LOG.debug("SignOutCleanup request found");
LOG.debug("SignOutCleanup action...");
}
cleanupContext(m);
-
+
HttpServletResponse response = messageContext.getHttpServletResponse();
try {
final ServletOutputStream responseOutputStream = response.getOutputStream();
@@ -419,20 +419,20 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
-
+
return true;
}
-
+
return false;
}
-
+
private String getResponseToken(FedizContext fedConfig, MultivaluedMap<String, String> params) {
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol) {
return params.getFirst(FederationConstants.PARAM_RESULT);
} else if (params != null && fedConfig.getProtocol() instanceof SAMLProtocol) {
return params.getFirst(SAMLSSOConstants.SAML_RESPONSE);
}
-
+
return null;
}
@@ -445,34 +445,34 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(params.getFirst(FederationConstants.PARAM_ACTION));
wfReq.setResponseToken(responseToken);
-
+
if (state == null || state.getBytes().length <= 0) {
LOG.error("Invalid RelayState/WCTX");
throw ExceptionUtils.toBadRequestException(null, null);
}
-
+
wfReq.setState(state);
wfReq.setRequestState(getStateManager().removeRequestState(state));
-
+
if (wfReq.getRequestState() == null) {
LOG.error("Missing Request State");
throw ExceptionUtils.toBadRequestException(null, null);
}
-
- if (CookieUtils.isStateExpired(wfReq.getRequestState().getCreatedAt(), false, 0,
+
+ if (CookieUtils.isStateExpired(wfReq.getRequestState().getCreatedAt(), false, 0,
getStateTimeToLive())) {
LOG.error("EXPIRED_REQUEST_STATE");
throw ExceptionUtils.toBadRequestException(null, null);
}
-
+
HttpServletRequest request = messageContext.getHttpServletRequest();
wfReq.setRequest(request);
- X509Certificate certs[] =
+ X509Certificate certs[] =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
try {
return wfProc.processRequest(wfReq, fedConfig);
@@ -481,13 +481,13 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
throw ExceptionUtils.toNotAuthorizedException(ex, null);
}
}
-
+
private void validateAudienceRestrictions(
- FedizResponse wfRes,
+ FedizResponse wfRes,
List<String> audienceURIs,
HttpServletRequest request
) {
- // Validate the AudienceRestriction in Security Token (e.g. SAML)
+ // Validate the AudienceRestriction in Security Token (e.g. SAML)
// against the configured list of audienceURIs
if (wfRes.getAudience() != null) {
boolean validAudience = false;
@@ -497,13 +497,13 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
break;
}
}
-
+
if (!validAudience) {
LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
+ "] doesn't match with specified list of URIs.");
throw ExceptionUtils.toForbiddenException(null, null);
}
-
+
if (LOG.isDebugEnabled() && request.getRequestURL().indexOf(wfRes.getAudience()) == -1) {
LOG.debug("Token AudienceRestriction doesn't match with request URL ["
+ wfRes.getAudience() + "] ["
@@ -527,7 +527,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
if (tokenContext != null) {
responseContext.getHeaders().add(HttpHeaders.SET_COOKIE, tokenContext);
}
-
+
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
index 89adc17..0e694e7 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
@@ -27,7 +27,7 @@ import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.security.SecurityContext;
public class FedizSecurityContext implements SecurityContext {
-
+
private Principal principal;
private Set<Principal> roles;
@@ -41,7 +41,7 @@ public class FedizSecurityContext implements SecurityContext {
}
}
}
-
+
@Override
public Principal getUserPrincipal() {
return principal;
@@ -54,7 +54,7 @@ public class FedizSecurityContext implements SecurityContext {
return true;
}
}
-
+
return false;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
index 5b886ba..0b7d099 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
@@ -32,7 +32,7 @@ import org.apache.wss4j.common.cache.EHCacheManagerHolder;
import org.apache.wss4j.common.util.Loader;
/**
- * An in-memory EHCache implementation of the SPStateManager interface.
+ * An in-memory EHCache implementation of the SPStateManager interface.
* The default TTL is 5 minutes.
*/
public class EHCacheSPStateManager implements SPStateManager {
@@ -40,34 +40,34 @@ public class EHCacheSPStateManager implements SPStateManager {
public static final long DEFAULT_TTL = 60L * 5L;
public static final String REQUEST_CACHE_KEY = "cxf.fediz.samlp.request.state.cache";
public static final String RESPONSE_CACHE_KEY = "cxf.fediz.samlp.response.state.cache";
-
+
private Ehcache requestCache;
private Ehcache responseCache;
private CacheManager cacheManager;
private long ttl = DEFAULT_TTL;
-
+
public EHCacheSPStateManager(String configFile) {
this(getConfigFileURL(configFile));
}
-
+
public EHCacheSPStateManager(URL configFileURL) {
this(EHCacheManagerHolder.getCacheManager("", configFileURL));
}
-
+
public EHCacheSPStateManager(CacheManager cacheManager) {
this.cacheManager = cacheManager;
-
+
CacheConfiguration requestCC = EHCacheManagerHolder.getCacheConfiguration(REQUEST_CACHE_KEY, cacheManager);
Ehcache newCache = new Cache(requestCC);
requestCache = cacheManager.addCacheIfAbsent(newCache);
-
+
CacheConfiguration responseCC = EHCacheManagerHolder.getCacheConfiguration(RESPONSE_CACHE_KEY, cacheManager);
-
+
newCache = new Cache(responseCC);
responseCache = cacheManager.addCacheIfAbsent(newCache);
}
-
+
private static URL getConfigFileURL(Object o) {
if (o instanceof String) {
try {
@@ -80,11 +80,11 @@ public class EHCacheSPStateManager implements SPStateManager {
// Do nothing
}
} else if (o instanceof URL) {
- return (URL)o;
+ return (URL)o;
}
return null;
}
-
+
/**
* Set a new (default) TTL value in seconds
* @param newTtl a new (default) TTL value in seconds
@@ -92,7 +92,7 @@ public class EHCacheSPStateManager implements SPStateManager {
public void setTTL(long newTtl) {
ttl = newTtl;
}
-
+
/**
* Get the (default) TTL value in seconds
* @return the (default) TTL value in seconds
@@ -100,18 +100,18 @@ public class EHCacheSPStateManager implements SPStateManager {
public long getTTL() {
return ttl;
}
-
+
public void setRequestState(String relayState, RequestState state) {
if (relayState == null || "".equals(relayState)) {
return;
}
-
+
int parsedTTL = (int)ttl;
if (ttl != (long)parsedTTL) {
// Fall back to 60 minutes if the default TTL is set incorrectly
parsedTTL = 3600;
}
-
+
Element element = new Element(relayState, state);
element.setTimeToLive(parsedTTL);
element.setTimeToIdle(parsedTTL);
@@ -126,7 +126,7 @@ public class EHCacheSPStateManager implements SPStateManager {
}
return null;
}
-
+
public ResponseState getResponseState(String securityContextKey) {
Element element = responseCache.get(securityContextKey);
if (element != null) {
@@ -152,7 +152,7 @@ public class EHCacheSPStateManager implements SPStateManager {
if (securityContextKey == null || "".equals(securityContextKey)) {
return;
}
-
+
int parsedTTL = (int)ttl;
if (ttl != (long)parsedTTL) {
// Fall back to 5 minutes if the default TTL is set incorrectly
@@ -161,10 +161,10 @@ public class EHCacheSPStateManager implements SPStateManager {
Element element = new Element(securityContextKey, state);
element.setTimeToLive(parsedTTL);
element.setTimeToIdle(parsedTTL);
-
+
responseCache.put(element);
}
-
+
public void close() throws IOException {
if (cacheManager != null) {
cacheManager.shutdown();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
index 17fa532..04db854 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
@@ -32,7 +32,7 @@ import org.apache.cxf.fediz.core.Claim;
public class ResponseState implements Serializable {
private static final long serialVersionUID = -3247188797004342462L;
-
+
private String assertion;
private String state;
private String webAppContext;
@@ -43,16 +43,16 @@ public class ResponseState implements Serializable {
private String issuer;
private List<Claim> claims;
private String subject;
-
+
public ResponseState() {
-
+
}
-
+
public ResponseState(String assertion,
String state,
String webAppContext,
String webAppDomain,
- long createdAt,
+ long createdAt,
long expiresAt) {
this.assertion = assertion;
this.state = state;
@@ -65,7 +65,7 @@ public class ResponseState implements Serializable {
public long getCreatedAt() {
return createdAt;
}
-
+
public long getExpiresAt() {
return expiresAt;
}
@@ -73,7 +73,7 @@ public class ResponseState implements Serializable {
public String getState() {
return state;
}
-
+
public String getWebAppContext() {
return webAppContext;
}
@@ -81,7 +81,7 @@ public class ResponseState implements Serializable {
public String getWebAppDomain() {
return webAppDomain;
}
-
+
public String getAssertion() {
return assertion;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
index 5ed5a47..693da53 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
@@ -25,22 +25,22 @@ import org.apache.cxf.fediz.core.RequestState;
/**
* SSO Service Provider State Manager.
- *
+ *
* TODO: review the possibility of working with the Servlet HTTPSession
- * instead; in that case it can be tricky to configure various containers
- * (Tomcat, Jetty) to make sure the cookies are shared across multiple
+ * instead; in that case it can be tricky to configure various containers
+ * (Tomcat, Jetty) to make sure the cookies are shared across multiple
* war contexts which will be needed if RequestAssertionConsumerService
- * needs to be run in its own war file instead of having every application
- * war on the SP side have a dedicated RequestAssertionConsumerService endpoint
+ * needs to be run in its own war file instead of having every application
+ * war on the SP side have a dedicated RequestAssertionConsumerService endpoint
*/
public interface SPStateManager extends Closeable {
-
+
void setRequestState(String relayState, RequestState state);
RequestState removeRequestState(String relayState);
-
+
void setResponseState(String contextKey, ResponseState state);
ResponseState getResponseState(String contextKey);
ResponseState removeResponseState(String contextKey);
-
+
void close() throws IOException;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
index 4cff406..a905641 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
@@ -39,7 +39,7 @@ import org.slf4j.LoggerFactory;
/**
* This CallbackHandler implementation obtains the security token from
* the thread local storage to be used as the delegation token.
- */
+ */
public class ThreadLocalCallbackHandler implements CallbackHandler {
private static final Logger LOG = LoggerFactory.getLogger(ThreadLocalCallbackHandler.class);
@@ -58,7 +58,7 @@ public class ThreadLocalCallbackHandler implements CallbackHandler {
LOG.debug(DOM2Writer.nodeToString(token));
LOG.debug("****************** END TOKEN *******************");
}
- callback.setToken(token);
+ callback.setToken(token);
}
} else {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
index 803c26a..e3ff3c7 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
@@ -73,22 +73,22 @@ import org.eclipse.jetty.util.log.Logger;
* by sending a WS-Federation SignIn request.
* </p>
* <p>
- * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
+ * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
* mechanism to authenticate the user.
* FederationAuthentication uses {@link SessionAuthentication} to wrap Authentication results so that they are
* associated with the session.
* </p>
*/
public class FederationAuthenticator extends LoginAuthenticator {
-
+
public static final String J_URI = "org.eclipse.jetty.security.form_URI";
public static final String J_POST = "org.eclipse.jetty.security.form_POST";
public static final String J_CONTEXT = "org.eclipse.jetty.security.form_CONTEXT";
private static final Logger LOG = Log.getLogger(FederationAuthenticator.class);
-
+
private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-
+
private String configFile;
private FedizConfigurator configurator;
private String encoding = "UTF-8";
@@ -98,7 +98,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
/**
- *
+ *
*/
@Override
public void setConfiguration(AuthConfiguration configuration) {
@@ -123,7 +123,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
//throw new ServerAuthException("Failed to load Fediz configuration",
// e);
}
-
+
}
/* ------------------------------------------------------------ */
@@ -138,7 +138,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
public void setConfigFile(String configFile) {
this.configFile = configFile;
}
-
+
public String getEncoding() {
return encoding;
}
@@ -146,22 +146,22 @@ public class FederationAuthenticator extends LoginAuthenticator {
public void setEncoding(String encoding) {
this.encoding = encoding;
}
-
+
/* ------------------------------------------------------------ */
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
throws ServerAuthException {
-
+
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
HttpSession session = request.getSession(true);
-
+
String contextName = request.getSession().getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
FedizContext fedConfig = getContextConfiguration(contextName);
-
+
// Check to see if it is a metadata request
MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedConfig);
if (mdHandler.canHandleRequest(request)) {
@@ -175,17 +175,17 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (!mandatory) {
return new DeferredAuthentication(this);
}
-
+
try {
req.setCharacterEncoding(this.encoding);
} catch (UnsupportedEncodingException ex) {
LOG.warn("Unsupported encoding '" + this.encoding + "'", ex);
}
-
+
try {
String action = request.getParameter(FederationConstants.PARAM_ACTION);
Authentication authentication = null;
-
+
// Handle a request for authentication.
if (isSignInRequest(request, fedConfig)) {
authentication = handleSignInRequest(request, response, session, fedConfig);
@@ -196,7 +196,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
authentication = Authentication.UNAUTHENTICATED;
}
-
+
if (authentication != null) {
return authentication;
}
@@ -206,35 +206,35 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (authentication != null) {
return authentication;
}
-
+
// if we can't send challenge
if (DeferredAuthentication.isDeferred(response)) {
LOG.debug("auth deferred {}", session.getId());
return Authentication.UNAUTHENTICATED;
}
-
+
// remember the current URI
synchronized (session) {
// But only if it is not set already, or we save every uri that leads to a login form redirect
- if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)
+ if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)
StringBuffer buf = request.getRequestURL();
if (request.getQueryString() != null) {
buf.append("?").append(request.getQueryString());
}
session.setAttribute(J_URI, buf.toString());
-
- if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType())
+
+ if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType())
&& HttpMethods.POST.equals(request.getMethod())) {
- Request baseRequest = (req instanceof Request) ? (Request)req
+ Request baseRequest = (req instanceof Request) ? (Request)req
: AbstractHttpConnection.getCurrentConnection().getRequest();
- baseRequest.extractParameters();
+ baseRequest.extractParameters();
session.setAttribute(J_POST, new MultiMap<String>(baseRequest.getParameters()));
}
}
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signInRedirectToIssuer(request, response, wfProc, session);
@@ -247,8 +247,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
* catch (ServletException e) { throw new ServerAuthException(e); }
*/
}
-
- private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
+
+ private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FedizContext fedConfig) throws IOException {
FedizResponse wfRes = null;
if (LOG.isDebugEnabled()) {
@@ -271,7 +271,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
wfReq.setState(request.getParameter("RelayState"));
wfReq.setRequest(request);
- X509Certificate[] certs =
+ X509Certificate[] certs =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
@@ -291,23 +291,23 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.UNAUTHENTICATED;
}
-
+
nuri = (String) session.getAttribute(J_URI);
if (nuri == null || nuri.length() == 0) {
nuri = request.getContextPath();
- if (nuri.length() == 0) {
+ if (nuri.length() == 0) {
nuri = URIUtil.SLASH;
}
}
Authentication cached = new SessionAuthentication(getAuthMethod(), user, wfRes);
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
}
-
+
FederationUserIdentity fui = (FederationUserIdentity)user;
session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());
-
- response.setContentLength(0);
+
+ response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL(nuri));
return new FederationAuthentication(getAuthMethod(), user);
@@ -323,7 +323,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
return Authentication.UNAUTHENTICATED;
}
}
-
+
private Authentication handleSignOutCleanup(HttpServletResponse response, HttpSession session) throws IOException {
if (LOG.isDebugEnabled()) {
LOG.debug("SignOutCleanup request found");
@@ -346,10 +346,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
responseOutputStream.flush();
return Authentication.SEND_SUCCESS;
}
-
- private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
+
+ private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FedizContext fedConfig) throws IOException {
- Authentication authentication =
+ Authentication authentication =
(Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
if (authentication != null) {
// Has authentication been revoked?
@@ -361,21 +361,21 @@ public class FederationAuthenticator extends LoginAuthenticator {
String action = request.getParameter(FederationConstants.PARAM_ACTION);
boolean logout = FederationConstants.ACTION_SIGNOUT.equals(action);
String logoutUrl = fedConfig.getLogoutURL();
-
+
String uri = request.getRequestURI();
if (uri == null) {
uri = URIUtil.SLASH;
}
-
+
String contextName = request.getSession().getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
-
+
if (logout || logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
session.invalidate();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signOutRedirectToIssuer(request, response, wfProc);
@@ -395,8 +395,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
// This is a retry of an original POST request
// so restore method and parameters
- session.removeAttribute(J_POST);
- Request baseRequest = (Request)request;
+ session.removeAttribute(J_POST);
+ Request baseRequest = (Request)request;
// (req instanceof Request)?(Request)
// req:HttpConnection.getCurrentConnection().getRequest();
baseRequest.setMethod(HttpMethods.POST);
@@ -405,13 +405,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
} else if (jUri != null) {
session.removeAttribute(J_URI);
}
-
+
return authentication;
}
}
return null;
}
-
+
private boolean isTokenExpired(FedizContext fedConfig, UserIdentity userIdentity) {
if (fedConfig.isDetectExpiredTokens()) {
try {
@@ -421,13 +421,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
LOG.debug("Token doesn't expire");
return false;
}
-
+
Date currentTime = new Date();
if (!currentTime.after(tokenExpires)) {
return false;
} else {
LOG.warn("Token already expired. Clean up and redirect");
-
+
return true;
}
} catch (ClassCastException ex) {
@@ -435,7 +435,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
throw new IllegalStateException("UserIdentity must be instance of FederationUserIdentity");
}
}
-
+
return false;
}
@@ -451,7 +451,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
return false;
}
-
+
private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
if (fedConfig.getProtocol() instanceof FederationProtocol) {
return request.getParameter(FederationConstants.PARAM_RESULT);
@@ -460,16 +460,16 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
return null;
}
-
+
/* ------------------------------------------------------------ */
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
User validatedUser) throws ServerAuthException {
return true;
- }
-
+ }
+
/**
* Called to redirect sign-in to the IDP/Issuer
- *
+ *
* @param request
* Request we are processing
* @param response
@@ -482,7 +482,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
* {@link HttpServletResponse#sendError(int, String)} throws an
* {@link IOException}
*/
- protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
+ protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
FedizProcessor processor, HttpSession session)
throws IOException {
@@ -503,11 +503,11 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
synchronized (session) {
session.setAttribute(J_CONTEXT, redirectionResponse.getRequestState().getState());
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignInRequest.");
@@ -519,10 +519,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
-
+
}
- protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
+ protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
FedizProcessor processor)
throws IOException {
@@ -534,7 +534,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
FedizContext fedCtx = this.configurator.getFedizContext(contextName);
try {
- RedirectionResponse redirectionResponse =
+ RedirectionResponse redirectionResponse =
processor.createSignOutRequest(request, null, fedCtx); //TODO
String redirectURL = redirectionResponse.getRedirectionURL();
if (redirectURL != null) {
@@ -544,7 +544,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignOutRequest.");
@@ -557,7 +557,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
}
}
-
+
private FedizContext getContextConfiguration(String contextName) {
if (configurator == null) {
throw new IllegalStateException("No Fediz configuration available");
@@ -566,7 +566,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (config == null) {
throw new IllegalStateException("No Fediz configuration for context :" + contextName);
}
-
+
String jettyHome = System.getProperty("jetty.home");
if (jettyHome != null && jettyHome.length() > 0) {
config.setRelativePath(jettyHome);
@@ -581,7 +581,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
*/
public static class FederationAuthentication extends UserAuthentication implements
Authentication.ResponseSent {
-
+
public FederationAuthentication(String method, UserIdentity userIdentity) {
super(method, userIdentity);
}