You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/10/06 06:56:37 UTC
[cxf-fediz] branch master updated: Add signInQuery callback to SAML
SSO
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/master by this push:
new 6c326e7 Add signInQuery callback to SAML SSO
new 9a1af28 Merge pull request #61 from pedromfalves/FEDIZ-252
6c326e7 is described below
commit 6c326e7b7bd3aeb7961c82ce8dc7272057ad5c73
Author: Pedro Alves <pe...@innoveo.com>
AuthorDate: Fri Oct 2 20:09:39 2020 +0200
Add signInQuery callback to SAML SSO
---
.../cxf/fediz/core/config/FederationProtocol.java | 22 ---------------
.../org/apache/cxf/fediz/core/config/Protocol.java | 22 +++++++++++++++
.../core/processor/AbstractFedizProcessor.java | 33 ++++++++++++++++++++++
.../core/processor/FederationProcessorImpl.java | 32 ---------------------
.../fediz/core/processor/SAMLProcessorImpl.java | 7 +++++
.../src/main/resources/schemas/FedizConfig.xsd | 2 +-
6 files changed, 63 insertions(+), 55 deletions(-)
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
index b497136..f7cabe1 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
@@ -36,7 +36,6 @@ public class FederationProtocol extends Protocol {
private Object authenticationType;
private Object homeRealm;
private Object freshness;
- private Object signInQuery;
private Object signOutQuery;
public FederationProtocol(ProtocolType protocolType) {
@@ -120,27 +119,6 @@ public class FederationProtocol extends Protocol {
}
}
- public Object getSignInQuery() {
- if (this.signInQuery != null) {
- return this.signInQuery;
- }
- CallbackType cbt = getFederationProtocol().getSignInQuery();
- this.signInQuery = ConfigUtils.loadCallbackType(cbt, "SignInQuery", getClassloader());
- return this.signInQuery;
- }
-
- public void setSignInQuery(Object value) {
- final boolean isString = value instanceof String;
- final boolean isCallbackHandler = value instanceof CallbackHandler;
- if (isString || isCallbackHandler) {
- this.signInQuery = value;
- } else {
- LOG.error("Unsupported 'SignInQuery' object");
- throw new IllegalArgumentException("Unsupported 'SignInQuery' object. Type must be "
- + "java.lang.String or javax.security.auth.callback.CallbackHandler.");
- }
- }
-
public Object getSignOutQuery() {
if (this.signOutQuery != null) {
return this.signOutQuery;
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
index 3f1e498..84431ff 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
@@ -43,6 +43,7 @@ public abstract class Protocol {
private Object realm;
private List<TokenValidator> validators = new ArrayList<>();
private Object reply;
+ private Object signInQuery;
public Protocol(ProtocolType protocolType) {
this.protocolType = protocolType;
@@ -209,4 +210,25 @@ public abstract class Protocol {
}
}
+ public Object getSignInQuery() {
+ if (this.signInQuery != null) {
+ return this.signInQuery;
+ }
+ CallbackType cbt = getProtocolType().getSignInQuery();
+ this.signInQuery = ConfigUtils.loadCallbackType(cbt, "SignInQuery", getClassloader());
+ return this.signInQuery;
+ }
+
+ public void setSignInQuery(Object value) {
+ final boolean isString = value instanceof String;
+ final boolean isCallbackHandler = value instanceof CallbackHandler;
+ if (isString || isCallbackHandler) {
+ this.signInQuery = value;
+ } else {
+ LOG.error("Unsupported 'SignInQuery' object");
+ throw new IllegalArgumentException("Unsupported 'SignInQuery' object. Type must be java.lang.String or "
+ + "javax.security.auth.callback.CallbackHandler.");
+ }
+ }
+
}
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
index 71a04d3..37a4a63 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
@@ -25,6 +25,7 @@ import java.net.URI;
import java.time.Instant;
import java.util.Collections;
import java.util.List;
+import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -38,10 +39,14 @@ import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
import org.apache.cxf.fediz.core.spi.IDPCallback;
import org.apache.cxf.fediz.core.spi.RealmCallback;
import org.apache.cxf.fediz.core.spi.ReplyCallback;
+import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
import org.apache.cxf.fediz.core.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static java.net.URLEncoder.encode;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
public abstract class AbstractFedizProcessor implements FedizProcessor {
private static final Logger LOG = LoggerFactory.getLogger(AbstractFedizProcessor.class);
@@ -180,4 +185,32 @@ public abstract class AbstractFedizProcessor implements FedizProcessor {
}
}
}
+
+ protected String resolveSignInQuery(HttpServletRequest request, FedizContext config) throws IOException,
+ UnsupportedCallbackException {
+ Object signInQueryObj = config.getProtocol().getSignInQuery();
+ String signInQuery = null;
+ if (signInQueryObj != null) {
+ if (signInQueryObj instanceof String) {
+ signInQuery = (String)signInQueryObj;
+ } else if (signInQueryObj instanceof CallbackHandler) {
+ CallbackHandler frCB = (CallbackHandler)signInQueryObj;
+ SignInQueryCallback callback = new SignInQueryCallback(request);
+ frCB.handle(new Callback[] {callback});
+ Map<String, String> signInQueryMap = callback.getSignInQueryParamMap();
+ if (signInQueryMap != null) {
+ StringBuilder sbQuery = new StringBuilder();
+ for (Map.Entry<String, String> entry : signInQueryMap.entrySet()) {
+ if (sbQuery.length() > 0) {
+ sbQuery.append('&');
+ }
+ sbQuery.append(entry.getKey()).append('=').append(encode(entry.getValue(), UTF_8.name()));
+ }
+ signInQuery = sbQuery.toString();
+ }
+
+ }
+ }
+ return signInQuery;
+ }
}
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 3e809fe..b760dec 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -21,7 +21,6 @@ package org.apache.cxf.fediz.core.processor;
import java.io.IOException;
import java.io.StringReader;
-import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.Certificate;
@@ -61,7 +60,6 @@ import org.apache.cxf.fediz.core.metadata.MetadataWriter;
import org.apache.cxf.fediz.core.spi.FreshnessCallback;
import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
import org.apache.cxf.fediz.core.spi.ReplyConstraintCallback;
-import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
import org.apache.cxf.fediz.core.spi.SignOutQueryCallback;
import org.apache.cxf.fediz.core.spi.WAuthCallback;
import org.apache.cxf.fediz.core.spi.WReqCallback;
@@ -552,36 +550,6 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
return response;
}
- private String resolveSignInQuery(HttpServletRequest request, FedizContext config) throws IOException,
- UnsupportedCallbackException, UnsupportedEncodingException {
- Object signInQueryObj = ((FederationProtocol)config.getProtocol()).getSignInQuery();
- String signInQuery = null;
- if (signInQueryObj != null) {
- if (signInQueryObj instanceof String) {
- signInQuery = (String)signInQueryObj;
- } else if (signInQueryObj instanceof CallbackHandler) {
- CallbackHandler frCB = (CallbackHandler)signInQueryObj;
- SignInQueryCallback callback = new SignInQueryCallback(request);
- frCB.handle(new Callback[] {
- callback
- });
- Map<String, String> signInQueryMap = callback.getSignInQueryParamMap();
- if (signInQueryMap != null) {
- StringBuilder sbQuery = new StringBuilder();
- for (Entry<String, String> entry : signInQueryMap.entrySet()) {
- if (sbQuery.length() > 0) {
- sbQuery.append('&');
- }
- sbQuery.append(entry.getKey()).append('=').append(encode(entry.getValue(), UTF_8.name()));
- }
- signInQuery = sbQuery.toString();
- }
-
- }
- }
- return signInQuery;
- }
-
private Pattern resolveLogoutRedirectToConstraint(HttpServletRequest request, FedizContext config)
throws IOException, UnsupportedCallbackException {
Object logoutConstraintObj = config.getLogoutRedirectToConstraint();
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 3b40248..8269aa8 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -522,6 +522,8 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
String urlEncodedRequest =
URLEncoder.encode(authnRequestEncoded, "UTF-8");
+ String signInQuery = resolveSignInQuery(request, config);
+
StringBuilder sb = new StringBuilder();
sb.append(SAMLSSOConstants.SAML_REQUEST).append('=').append(urlEncodedRequest);
sb.append('&').append(SAMLSSOConstants.RELAY_STATE).append('=').append(relayState);
@@ -531,6 +533,11 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
sb.append('&').append(SAMLSSOConstants.SIGNATURE).append('=').append(signature);
}
+ // add signin query extensions
+ if (signInQuery != null && signInQuery.length() > 0) {
+ sb.append('&').append(signInQuery);
+ }
+
RedirectionResponse response = new RedirectionResponse();
response.addHeader("Cache-Control", "no-cache, no-store");
response.addHeader("Pragma", "no-cache");
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index 4441594..63924bb 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -155,7 +155,6 @@
<xs:element ref="homeRealm" />
<xs:element ref="freshness" />
<xs:element ref="request" />
- <xs:element ref="signInQuery" />
<xs:element ref="signOutQuery" />
</xs:sequence>
<xs:attribute name="version" use="required" type="xs:string" />
@@ -205,6 +204,7 @@
<xs:element ref="tokenValidators" />
<xs:element ref="metadataURI" />
<xs:element ref="reply" />
+ <xs:element ref="signInQuery" />
</xs:sequence>
</xs:complexType>