You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/06/21 23:55:39 UTC
svn commit: r1495610 - in /cxf/fediz/trunk/plugins/core/src:
main/java/org/apache/cxf/fediz/core/
main/java/org/apache/cxf/fediz/core/config/
main/java/org/apache/cxf/fediz/core/spi/ main/resources/schemas/
test/java/org/apache/cxf/fediz/core/config/
Author: owulff
Date: Fri Jun 21 21:55:38 2013
New Revision: 1495610
URL: http://svn.apache.org/r1495610
Log:
[FEDIZ-62] Customize SignIn Query
Added:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignInQueryCallback.java
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java
Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1495610&r1=1495609&r2=1495610&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java Fri Jun 21 21:55:38 2013
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.core;
import java.io.ByteArrayInputStream;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
@@ -29,6 +30,7 @@ import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -47,6 +49,7 @@ import org.apache.cxf.fediz.core.metadat
import org.apache.cxf.fediz.core.spi.FreshnessCallback;
import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
import org.apache.cxf.fediz.core.spi.IDPCallback;
+import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
import org.apache.cxf.fediz.core.spi.WAuthCallback;
import org.apache.cxf.fediz.core.util.DOMUtils;
import org.apache.ws.security.WSConstants;
@@ -349,63 +352,24 @@ public class FederationProcessorImpl imp
throw new IllegalStateException("Unsupported protocol");
}
- Object issuerObj = ((FederationProtocol)config.getProtocol()).getIssuer();
- String issuerURL = null;
- if (issuerObj instanceof String) {
- issuerURL = (String)issuerObj;
- } else if (issuerObj instanceof CallbackHandler) {
- CallbackHandler issuerCB = (CallbackHandler)issuerObj;
- IDPCallback callback = new IDPCallback(request);
- issuerCB.handle(new Callback[] {callback});
- issuerURL = callback.getIssuerUrl().toString();
- }
+ String issuerURL = resolveIssuer(request, config);
LOG.info("Issuer url: " + issuerURL);
if (issuerURL != null && issuerURL.length() > 0) {
redirectURL = issuerURL;
}
- Object wAuthObj = ((FederationProtocol)config.getProtocol()).getAuthenticationType();
- String wAuth = null;
- if (wAuthObj != null) {
- if (wAuthObj instanceof String) {
- wAuth = (String)wAuthObj;
- } else if (wAuthObj instanceof CallbackHandler) {
- CallbackHandler wauthCB = (CallbackHandler)wAuthObj;
- WAuthCallback callback = new WAuthCallback(request);
- wauthCB.handle(new Callback[] {callback});
- wAuth = callback.getWauth();
- }
- }
+ String wAuth = resolveAuthenticationType(request, config);
LOG.info("WAuth: " + wAuth);
- Object homeRealmObj = ((FederationProtocol)config.getProtocol()).getHomeRealm();
- String homeRealm = null;
- if (homeRealmObj != null) {
- if (homeRealmObj instanceof String) {
- homeRealm = (String)homeRealmObj;
- } else if (homeRealmObj instanceof CallbackHandler) {
- CallbackHandler hrCB = (CallbackHandler)homeRealmObj;
- HomeRealmCallback callback = new HomeRealmCallback(request);
- hrCB.handle(new Callback[] {callback});
- homeRealm = callback.getHomeRealm();
- }
- }
+ String homeRealm = resolveHomeRealm(request, config);
LOG.info("HomeRealm: " + homeRealm);
- Object freshnessObj = ((FederationProtocol)config.getProtocol()).getFreshness();
- String freshness = null;
- if (freshnessObj != null) {
- if (freshnessObj instanceof String) {
- freshness = (String)freshnessObj;
- } else if (freshnessObj instanceof CallbackHandler) {
- CallbackHandler frCB = (CallbackHandler)freshnessObj;
- FreshnessCallback callback = new FreshnessCallback(request);
- frCB.handle(new Callback[] {callback});
- freshness = callback.getFreshness();
- }
- }
+ String freshness = resolveFreshness(request, config);
LOG.info("Freshness: " + freshness);
+ String signInQuery = resolveSignInQuery(request, config);
+ LOG.info("SignIn Query: " + signInQuery);
+
StringBuilder sb = new StringBuilder();
sb.append(FederationConstants.PARAM_ACTION).append('=').append(FederationConstants.ACTION_SIGNIN);
@@ -463,6 +427,11 @@ public class FederationProcessorImpl imp
sb.append('&').append(FederationConstants.PARAM_CURRENT_TIME).append('=')
.append(URLEncoder.encode(wct, "UTF-8"));
+ // add signin query extensions
+ if (signInQuery != null && signInQuery.length() > 0) {
+ sb.append('&').append(signInQuery);
+ }
+
redirectURL = redirectURL + "?" + sb.toString();
} catch (Exception ex) {
LOG.error("Failed to create SignInRequest", ex);
@@ -470,6 +439,99 @@ public class FederationProcessorImpl imp
}
return redirectURL;
}
+
+ private String resolveSignInQuery(HttpServletRequest request, FederationContext config)
+ throws IOException, UnsupportedCallbackException, UnsupportedEncodingException {
+ Object signInQueryObj = ((FederationProtocol)config.getProtocol()).getSignInQuery();
+ String signInQuery = null;
+ if (signInQueryObj != null) {
+ if (signInQueryObj instanceof String) {
+ signInQuery = (String)signInQueryObj;
+ } else if (signInQueryObj instanceof CallbackHandler) {
+ CallbackHandler frCB = (CallbackHandler)signInQueryObj;
+ SignInQueryCallback callback = new SignInQueryCallback(request);
+ frCB.handle(new Callback[] {callback});
+ Map<String, String> signInQueryMap = callback.getSignInQueryParamMap();
+ StringBuilder sbQuery = new StringBuilder();
+ for (String key : signInQueryMap.keySet()) {
+ if (sbQuery.length() > 0) {
+ sbQuery.append("&");
+ }
+ sbQuery.append(key).append('=').
+ append(URLEncoder.encode(signInQueryMap.get(key), "UTF-8"));
+ }
+ signInQuery = sbQuery.toString();
+
+ }
+ }
+ return signInQuery;
+ }
+
+ private String resolveFreshness(HttpServletRequest request, FederationContext config) throws IOException,
+ UnsupportedCallbackException {
+ Object freshnessObj = ((FederationProtocol)config.getProtocol()).getFreshness();
+ String freshness = null;
+ if (freshnessObj != null) {
+ if (freshnessObj instanceof String) {
+ freshness = (String)freshnessObj;
+ } else if (freshnessObj instanceof CallbackHandler) {
+ CallbackHandler frCB = (CallbackHandler)freshnessObj;
+ FreshnessCallback callback = new FreshnessCallback(request);
+ frCB.handle(new Callback[] {callback});
+ freshness = callback.getFreshness();
+ }
+ }
+ return freshness;
+ }
+
+ private String resolveHomeRealm(HttpServletRequest request, FederationContext config) throws IOException,
+ UnsupportedCallbackException {
+ Object homeRealmObj = ((FederationProtocol)config.getProtocol()).getHomeRealm();
+ String homeRealm = null;
+ if (homeRealmObj != null) {
+ if (homeRealmObj instanceof String) {
+ homeRealm = (String)homeRealmObj;
+ } else if (homeRealmObj instanceof CallbackHandler) {
+ CallbackHandler hrCB = (CallbackHandler)homeRealmObj;
+ HomeRealmCallback callback = new HomeRealmCallback(request);
+ hrCB.handle(new Callback[] {callback});
+ homeRealm = callback.getHomeRealm();
+ }
+ }
+ return homeRealm;
+ }
+
+ private String resolveAuthenticationType(HttpServletRequest request, FederationContext config)
+ throws IOException, UnsupportedCallbackException {
+ Object wAuthObj = ((FederationProtocol)config.getProtocol()).getAuthenticationType();
+ String wAuth = null;
+ if (wAuthObj != null) {
+ if (wAuthObj instanceof String) {
+ wAuth = (String)wAuthObj;
+ } else if (wAuthObj instanceof CallbackHandler) {
+ CallbackHandler wauthCB = (CallbackHandler)wAuthObj;
+ WAuthCallback callback = new WAuthCallback(request);
+ wauthCB.handle(new Callback[] {callback});
+ wAuth = callback.getWauth();
+ }
+ }
+ return wAuth;
+ }
+
+ private String resolveIssuer(HttpServletRequest request, FederationContext config) throws IOException,
+ UnsupportedCallbackException {
+ Object issuerObj = ((FederationProtocol)config.getProtocol()).getIssuer();
+ String issuerURL = null;
+ if (issuerObj instanceof String) {
+ issuerURL = (String)issuerObj;
+ } else if (issuerObj instanceof CallbackHandler) {
+ CallbackHandler issuerCB = (CallbackHandler)issuerObj;
+ IDPCallback callback = new IDPCallback(request);
+ issuerCB.handle(new Callback[] {callback});
+ issuerURL = callback.getIssuerUrl().toString();
+ }
+ return issuerURL;
+ }
private String extractFullContextPath(HttpServletRequest request) throws MalformedURLException {
String result = null;
Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java?rev=1495610&r1=1495609&r2=1495610&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java Fri Jun 21 21:55:38 2013
@@ -43,6 +43,7 @@ public class FederationProtocol extends
private Object issuer;
private Object homeRealm;
private Object freshness;
+ private Object signInQuery;
private List<TokenValidator> validators = new ArrayList<TokenValidator>();
public FederationProtocol(ProtocolType protocolType) {
@@ -265,6 +266,43 @@ public class FederationProtocol extends
+ "java.lang.String or javax.security.auth.callback.CallbackHandler.");
}
}
+
+ public Object getSignInQuery() {
+ if (this.signInQuery != null) {
+ return this.signInQuery;
+ }
+ CallbackType cbt = getFederationProtocol().getSignInQuery();
+ if (cbt == null) {
+ return null;
+ }
+ if (cbt.getType() == null || cbt.getType().equals(ArgumentType.STRING)) {
+ this.signInQuery = new String(cbt.getValue());
+ } else if (cbt.getType().equals(ArgumentType.CLASS)) {
+ try {
+ this.signInQuery =
+ Thread.currentThread().getContextClassLoader().loadClass(cbt.getValue()).newInstance();
+ } catch (Exception e) {
+ LOG.error("Failed to create instance of " + cbt.getValue(), e);
+ throw new IllegalStateException("Failed to create instance of " + cbt.getValue());
+ }
+ } else {
+ LOG.error("Only String and Class are supported for 'SignInQuery'");
+ throw new IllegalStateException("Only String and Class are supported for 'SignInQuery'");
+ }
+ return this.signInQuery;
+ }
+
+ public void setSignInQuery(Object value) {
+ final boolean isString = value instanceof String;
+ final boolean isCallbackHandler = value instanceof CallbackHandler;
+ if (isString || isCallbackHandler) {
+ this.signInQuery = value;
+ } else {
+ LOG.error("Unsupported 'SignInQuery' object");
+ throw new IllegalArgumentException("Unsupported 'SignInQuery' object. Type must be "
+ + "java.lang.String or javax.security.auth.callback.CallbackHandler.");
+ }
+ }
public String getReply() {
return getFederationProtocol().getReply();
Added: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignInQueryCallback.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignInQueryCallback.java?rev=1495610&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignInQueryCallback.java (added)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignInQueryCallback.java Fri Jun 21 21:55:38 2013
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.spi;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class SignInQueryCallback extends AbstractServletCallback {
+
+ private Map<String, String> signInQueryParamMap;
+
+ public SignInQueryCallback(HttpServletRequest request) {
+ super(request);
+ }
+
+ public Map<String, String> getSignInQueryParamMap() {
+ return signInQueryParamMap;
+ }
+
+ public void setSignInQueryParamMap(Map<String, String> signInQueryParamMap) {
+ this.signInQueryParamMap = signInQueryParamMap;
+ }
+
+}
Modified: cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd?rev=1495610&r1=1495609&r2=1495610&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd (original)
+++ cxf/fediz/trunk/plugins/core/src/main/resources/schemas/FedizConfig.xsd Fri Jun 21 21:55:38 2013
@@ -96,6 +96,7 @@
<xs:element ref="freshness" />
<xs:element ref="reply" />
<xs:element ref="request" />
+ <xs:element ref="signInQuery" />
<xs:element ref="claimTypesRequested" />
<xs:element ref="tokenValidators" />
<xs:element ref="applicationServiceURL" />
@@ -126,6 +127,7 @@
<xs:element name="homeRealm" type="CallbackType" />
<xs:element name="authenticationType" type="CallbackType" />
<xs:element name="freshness" type="CallbackType" />
+ <xs:element name="signInQuery" type="CallbackType" />
<xs:simpleType name="argumentType">
<xs:restriction base="xs:string">
Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java?rev=1495610&r1=1495609&r2=1495610&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java Fri Jun 21 21:55:38 2013
@@ -22,6 +22,7 @@ package org.apache.cxf.fediz.core.config
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
+import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -47,6 +48,7 @@ import org.apache.cxf.fediz.core.config.
import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
import org.apache.cxf.fediz.core.spi.IDPCallback;
+import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
import org.apache.cxf.fediz.core.spi.WAuthCallback;
import org.junit.AfterClass;
@@ -67,6 +69,7 @@ public class CallbackHandlerTest {
private static final String ROLE_URI = "http://someserver:8080/path/roles.uri";
private static final String CLAIM_TYPE = "a particular claim type";
private static final String SUBJECT_VALUE = ".*CN=www.sts1.com.*";
+ private static final String TEST_SIGNIN_QUERY = "pubid=myid";
@AfterClass
@@ -151,6 +154,11 @@ public class CallbackHandlerTest {
authType.setValue(TestCallbackHandler.TEST_WAUTH);
protocol.setAuthenticationType(authType);
+ CallbackType signInQueryType = new CallbackType();
+ signInQueryType.setType(ArgumentType.STRING);
+ signInQueryType.setValue(TEST_SIGNIN_QUERY);
+ protocol.setSignInQuery(signInQueryType);
+
return config;
}
@@ -174,6 +182,11 @@ public class CallbackHandlerTest {
authType.setValue(CALLBACKHANDLER_CLASS);
protocol.setAuthenticationType(authType);
+ CallbackType signInQueryType = new CallbackType();
+ signInQueryType.setType(ArgumentType.CLASS);
+ signInQueryType.setValue(CALLBACKHANDLER_CLASS);
+ protocol.setSignInQuery(signInQueryType);
+
return config;
}
@@ -216,6 +229,17 @@ public class CallbackHandlerTest {
hrCB.handle(new Callback[] {callbackHR});
String hr = callbackHR.getHomeRealm();
Assert.assertEquals(TestCallbackHandler.TEST_HOME_REALM, hr);
+
+ Object signInQueryObj = fp.getSignInQuery();
+ Assert.assertTrue(signInQueryObj instanceof CallbackHandler);
+ CallbackHandler siqCB = (CallbackHandler)signInQueryObj;
+ SignInQueryCallback callbackSIQ = new SignInQueryCallback(null);
+ siqCB.handle(new Callback[] {callbackSIQ});
+ Map<String, String> signinQueryMap = callbackSIQ.getSignInQueryParamMap();
+ Assert.assertEquals(2, signinQueryMap.size());
+ Assert.assertEquals("myid", signinQueryMap.get("pubid"));
+ Assert.assertEquals("<=>", signinQueryMap.get("testenc"));
+
}
@org.junit.Test
@@ -248,6 +272,11 @@ public class CallbackHandlerTest {
Assert.assertTrue(homeRealmObj instanceof String);
String hr = (String)homeRealmObj;
Assert.assertEquals(TestCallbackHandler.TEST_HOME_REALM, hr);
+
+ Object signInQueryObj = fp.getSignInQuery();
+ Assert.assertTrue(signInQueryObj instanceof String);
+ String signInQuery = (String)signInQueryObj;
+ Assert.assertEquals(TestCallbackHandler.TEST_SIGNIN_QUERY, signInQuery);
}
}
Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java?rev=1495610&r1=1495609&r2=1495610&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java Fri Jun 21 21:55:38 2013
@@ -21,6 +21,8 @@ package org.apache.cxf.fediz.core.config
import java.io.IOException;
import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -28,6 +30,7 @@ import javax.security.auth.callback.Unsu
import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
import org.apache.cxf.fediz.core.spi.IDPCallback;
+import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
import org.apache.cxf.fediz.core.spi.WAuthCallback;
public class TestCallbackHandler implements CallbackHandler {
@@ -35,6 +38,7 @@ public class TestCallbackHandler impleme
static final String TEST_HOME_REALM = "http://test.com/homerealm";
static final String TEST_IDP = "http://rp.example.com/";
static final String TEST_WAUTH = "up";
+ static final String TEST_SIGNIN_QUERY = "pubid=myid";
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
@@ -47,6 +51,12 @@ public class TestCallbackHandler impleme
} else if (callbacks[i] instanceof IDPCallback) {
IDPCallback callback = (IDPCallback) callbacks[i];
callback.setIssuerUrl(new URL(TEST_IDP));
+ } else if (callbacks[i] instanceof SignInQueryCallback) {
+ SignInQueryCallback callback = (SignInQueryCallback) callbacks[i];
+ Map<String, String> queryParamMap = new HashMap<String, String>();
+ queryParamMap.put("pubid", "myid");
+ queryParamMap.put("testenc", "<=>");
+ callback.setSignInQueryParamMap(queryParamMap);
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}