You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/13 11:36:27 UTC
[11/18] cxf-fediz git commit: Whitespace cleanup
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
index 846d522..9979789 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
@@ -36,7 +36,7 @@ import org.eclipse.jetty.util.log.Logger;
* This service handles only role reference maps passed in an
* associated {@link org.eclipse.jetty.server.UserIdentity.Scope}. If there are roles
* refs present, then associate will wrap the UserIdentity with one
- * that uses the role references in the
+ * that uses the role references in the
* {@link org.eclipse.jetty.server.UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
* implementation. All other operations are effectively noops.
*
@@ -48,8 +48,8 @@ public class FederationIdentityService implements IdentityService {
}
- /**
- * If there are roles refs present in the scope, then wrap the UserIdentity
+ /**
+ * If there are roles refs present in the scope, then wrap the UserIdentity
* with one that uses the role references in the
* {@link UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
*/
@@ -77,7 +77,7 @@ public class FederationIdentityService implements IdentityService {
public UserIdentity newUserIdentity(
final Subject subject, final Principal userPrincipal, final String[] roles) {
-
+
try {
FederationUserPrincipal fup = (FederationUserPrincipal)userPrincipal;
return new FederationUserIdentity(subject, userPrincipal, roles, fup.getFedizResponse());
@@ -85,8 +85,8 @@ public class FederationIdentityService implements IdentityService {
LOG.warn("Principal must be instance of FederationUserPrincipal");
throw new IllegalStateException("Principal must be instance of FederationUserPrincipal");
}
-
-
+
+
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
index d5daa5c..9dfc105 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
@@ -44,11 +44,11 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
protected IdentityService identityService = new FederationIdentityService();
protected String name;
-
+
public FederationLoginService() {
}
-
+
public FederationLoginService(String name) {
this.name = name;
}
@@ -62,7 +62,7 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
if (isRunning()) {
throw new IllegalStateException("Running");
}
-
+
this.name = name;
}
@@ -76,17 +76,17 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
* username will be null since the credentials will contain all the relevant info
*/
public UserIdentity login(String username, Object credentials, FedizContext config) {
-
+
try {
FedizResponse wfRes = null;
FedizRequest wfReq = (FedizRequest)credentials;
-
+
if (LOG.isDebugEnabled()) {
LOG.debug("Process SignIn request");
LOG.debug("token=\n" + wfReq.getResponseToken());
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(config.getProtocol());
try {
wfRes = wfProc.processRequest(wfReq, config);
@@ -96,7 +96,7 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
}
- // Validate the AudienceRestriction in Security Token (e.g. SAML)
+ // Validate the AudienceRestriction in Security Token (e.g. SAML)
// against the configured list of audienceURIs
if (wfRes.getAudience() != null) {
List<String> audienceURIs = config.getAudienceUris();
@@ -123,15 +123,15 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
roles = new ArrayList<>(roles);
roles.add("Authenticated");
}
-
+
FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(), wfRes);
Subject subject = new Subject();
subject.getPrincipals().add(user);
-
+
String[] aRoles = new String[roles.size()];
roles.toArray(aRoles);
-
+
return identityService.newUserIdentity(subject, user, aRoles);
} catch (Exception ex) {
@@ -161,8 +161,8 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
identityService = service;
}
- public void logout(UserIdentity user) {
-
+ public void logout(UserIdentity user) {
+
}
@Override
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
index 4c70ab4..23a978b 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
@@ -31,7 +31,7 @@ import org.apache.cxf.fediz.core.processor.FedizResponse;
import org.eclipse.jetty.server.UserIdentity;
public class FederationUserIdentity implements UserIdentity {
-
+
private Subject subject;
private Principal principal;
private String[] roles;
@@ -60,7 +60,7 @@ public class FederationUserIdentity implements UserIdentity {
if (scope != null && scope.getRoleRefMap() != null) {
role = scope.getRoleRefMap().get(role);
}
-
+
if (this.roles != null) {
for (String r : this.roles) {
if (r.equals(role)) {
@@ -70,23 +70,23 @@ public class FederationUserIdentity implements UserIdentity {
}
return false;
}
-
+
public Date getExpiryDate() {
return fedResponse.getTokenExpires();
}
-
+
public String getIssuer() {
return fedResponse.getIssuer();
}
-
+
public String getAudience() {
return fedResponse.getAudience();
}
-
+
public String getId() {
return fedResponse.getUniqueTokenId();
}
-
+
public Element getToken() {
return fedResponse.getToken();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
index 549e5da..7122176 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
@@ -53,7 +53,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
public ClaimCollection getClaims() {
return claims;
}
-
+
// not public available
//[TODO] maybe find better approach, custom UserIdentity
FedizResponse getFedizResponse() {
@@ -64,7 +64,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
public Element getLoginToken() {
return response.getToken();
}
-
+
public List<String> getRoleClaims() {
return Collections.unmodifiableList(roles);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
index d5ce68c..9ce5603 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
@@ -72,22 +72,22 @@ import org.eclipse.jetty.util.log.Logger;
* by sending a WS-Federation SignIn request.
* </p>
* <p>
- * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
+ * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
* mechanism to authenticate the user.
* FederationAuthentication uses {@link SessionAuthentication} to wrap Authentication results so that they are
* associated with the session.
* </p>
*/
public class FederationAuthenticator extends LoginAuthenticator {
-
+
public static final String J_URI = "org.eclipse.jetty.security.form_URI";
public static final String J_POST = "org.eclipse.jetty.security.form_POST";
public static final String J_CONTEXT = "org.eclipse.jetty.security.form_CONTEXT";
private static final Logger LOG = Log.getLogger(FederationAuthenticator.class);
-
+
private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-
+
private String configFile;
private FedizConfigurator configurator;
private String encoding = "UTF-8";
@@ -97,7 +97,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
/**
- *
+ *
*/
@Override
public void setConfiguration(AuthConfiguration configuration) {
@@ -122,7 +122,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
//throw new ServerAuthException("Failed to load Fediz configuration",
// e);
}
-
+
}
/* ------------------------------------------------------------ */
@@ -137,7 +137,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
public void setConfigFile(String configFile) {
this.configFile = configFile;
}
-
+
public String getEncoding() {
return encoding;
}
@@ -145,22 +145,22 @@ public class FederationAuthenticator extends LoginAuthenticator {
public void setEncoding(String encoding) {
this.encoding = encoding;
}
-
+
/* ------------------------------------------------------------ */
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
throws ServerAuthException {
-
+
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
HttpSession session = request.getSession(true);
-
+
String contextName = request.getSession().getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
FedizContext fedConfig = getContextConfiguration(contextName);
-
+
// Check to see if it is a metadata request
MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedConfig);
if (mdHandler.canHandleRequest(request)) {
@@ -174,17 +174,17 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (!mandatory) {
return new DeferredAuthentication(this);
}
-
+
try {
req.setCharacterEncoding(this.encoding);
} catch (UnsupportedEncodingException ex) {
LOG.warn("Unsupported encoding '" + this.encoding + "'", ex);
}
-
+
try {
String action = request.getParameter(FederationConstants.PARAM_ACTION);
Authentication authentication = null;
-
+
// Handle a request for authentication.
if (isSignInRequest(request, fedConfig)) {
authentication = handleSignInRequest(request, response, session, fedConfig);
@@ -195,7 +195,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
authentication = Authentication.UNAUTHENTICATED;
}
-
+
if (authentication != null) {
return authentication;
}
@@ -211,28 +211,28 @@ public class FederationAuthenticator extends LoginAuthenticator {
LOG.debug("auth deferred {}", session.getId());
return Authentication.UNAUTHENTICATED;
}
-
+
// remember the current URI
synchronized (session) {
// But only if it is not set already, or we save every uri that leads to a login form redirect
- if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)
+ if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)
StringBuffer buf = request.getRequestURL();
if (request.getQueryString() != null) {
buf.append("?").append(request.getQueryString());
}
session.setAttribute(J_URI, buf.toString());
-
- if (MimeTypes.Type.FORM_ENCODED.asString().equals(req.getContentType())
+
+ if (MimeTypes.Type.FORM_ENCODED.asString().equals(req.getContentType())
&& HttpMethod.POST.asString().equals(request.getMethod())) {
- Request baseRequest = (Request)req;
+ Request baseRequest = (Request)req;
//(req instanceof Request)?(Request)req:HttpConnection.getCurrentConnection().getRequest();
- baseRequest.extractParameters();
+ baseRequest.extractParameters();
session.setAttribute(J_POST, new MultiMap<String>(baseRequest.getQueryParameters()));
}
}
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signInRedirectToIssuer(request, response, wfProc, session);
@@ -245,8 +245,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
* catch (ServletException e) { throw new ServerAuthException(e); }
*/
}
-
- private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
+
+ private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FedizContext fedConfig) throws IOException {
FedizResponse wfRes = null;
if (LOG.isDebugEnabled()) {
@@ -269,7 +269,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
wfReq.setState(request.getParameter("RelayState"));
wfReq.setRequest(request);
- X509Certificate[] certs =
+ X509Certificate[] certs =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
@@ -289,23 +289,23 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.UNAUTHENTICATED;
}
-
+
nuri = (String) session.getAttribute(J_URI);
if (nuri == null || nuri.length() == 0) {
nuri = request.getContextPath();
- if (nuri.length() == 0) {
+ if (nuri.length() == 0) {
nuri = URIUtil.SLASH;
}
}
Authentication cached = new SessionAuthentication(getAuthMethod(), user, wfRes);
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
}
-
+
FederationUserIdentity fui = (FederationUserIdentity)user;
session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());
-
- response.setContentLength(0);
+
+ response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL(nuri));
return new FederationAuthentication(getAuthMethod(), user);
@@ -321,7 +321,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
return Authentication.UNAUTHENTICATED;
}
}
-
+
private Authentication handleSignOutCleanup(HttpServletResponse response, HttpSession session) throws IOException {
if (LOG.isDebugEnabled()) {
LOG.debug("SignOutCleanup request found");
@@ -344,10 +344,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
responseOutputStream.flush();
return Authentication.SEND_SUCCESS;
}
-
- private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
+
+ private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FedizContext fedConfig) throws IOException {
- Authentication authentication =
+ Authentication authentication =
(Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
if (authentication != null) {
// Has authentication been revoked?
@@ -359,21 +359,21 @@ public class FederationAuthenticator extends LoginAuthenticator {
String action = request.getParameter(FederationConstants.PARAM_ACTION);
boolean logout = FederationConstants.ACTION_SIGNOUT.equals(action);
String logoutUrl = fedConfig.getLogoutURL();
-
+
String uri = request.getRequestURI();
if (uri == null) {
uri = URIUtil.SLASH;
}
-
+
String contextName = request.getSession().getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
-
+
if (logout || logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
session.invalidate();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signOutRedirectToIssuer(request, response, wfProc);
@@ -393,8 +393,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
// This is a retry of an original POST request
// so restore method and parameters
- session.removeAttribute(J_POST);
- Request baseRequest = (Request)request;
+ session.removeAttribute(J_POST);
+ Request baseRequest = (Request)request;
// (req instanceof Request)?(Request)
// req:HttpConnection.getCurrentConnection().getRequest();
baseRequest.setMethod(HttpMethod.POST.asString());
@@ -403,13 +403,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
} else if (jUri != null) {
session.removeAttribute(J_URI);
}
-
+
return authentication;
}
}
return null;
}
-
+
private boolean isTokenExpired(FedizContext fedConfig, UserIdentity userIdentity) {
if (fedConfig.isDetectExpiredTokens()) {
try {
@@ -419,13 +419,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
LOG.debug("Token doesn't expire");
return false;
}
-
+
Date currentTime = new Date();
if (!currentTime.after(tokenExpires)) {
return false;
} else {
LOG.warn("Token already expired. Clean up and redirect");
-
+
return true;
}
} catch (ClassCastException ex) {
@@ -433,7 +433,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
throw new IllegalStateException("UserIdentity must be instance of FederationUserIdentity");
}
}
-
+
return false;
}
@@ -449,7 +449,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
return false;
}
-
+
private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
if (fedConfig.getProtocol() instanceof FederationProtocol) {
return request.getParameter(FederationConstants.PARAM_RESULT);
@@ -458,16 +458,16 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
return null;
}
-
+
/* ------------------------------------------------------------ */
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
User validatedUser) throws ServerAuthException {
return true;
- }
-
+ }
+
/**
* Called to redirect sign-in to the IDP/Issuer
- *
+ *
* @param request
* Request we are processing
* @param response
@@ -480,7 +480,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
* {@link HttpServletResponse#sendError(int, String)} throws an
* {@link IOException}
*/
- protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
+ protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
FedizProcessor processor, HttpSession session)
throws IOException {
@@ -501,11 +501,11 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
synchronized (session) {
session.setAttribute(J_CONTEXT, redirectionResponse.getRequestState().getState());
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignInRequest.");
@@ -517,10 +517,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
-
+
}
- protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
+ protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
FedizProcessor processor)
throws IOException {
@@ -532,7 +532,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
FedizContext fedCtx = this.configurator.getFedizContext(contextName);
try {
- RedirectionResponse redirectionResponse =
+ RedirectionResponse redirectionResponse =
processor.createSignOutRequest(request, null, fedCtx); //TODO
String redirectURL = redirectionResponse.getRedirectionURL();
if (redirectURL != null) {
@@ -542,7 +542,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignOutRequest.");
@@ -555,7 +555,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
}
}
-
+
private FedizContext getContextConfiguration(String contextName) {
if (configurator == null) {
throw new IllegalStateException("No Fediz configuration available");
@@ -564,7 +564,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (config == null) {
throw new IllegalStateException("No Fediz configuration for context :" + contextName);
}
-
+
String jettyHome = System.getProperty("jetty.home");
if (jettyHome != null && jettyHome.length() > 0) {
config.setRelativePath(jettyHome);
@@ -579,7 +579,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
*/
public static class FederationAuthentication extends UserAuthentication implements
Authentication.ResponseSent {
-
+
public FederationAuthentication(String method, UserIdentity userIdentity) {
super(method, userIdentity);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java
index b742e05..95867f1 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java
@@ -36,7 +36,7 @@ import org.eclipse.jetty.util.log.Logger;
* This service handles only role reference maps passed in an
* associated {@link org.eclipse.jetty.server.UserIdentity.Scope}. If there are roles
* refs present, then associate will wrap the UserIdentity with one
- * that uses the role references in the
+ * that uses the role references in the
* {@link org.eclipse.jetty.server.UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
* implementation. All other operations are effectively noops.
*
@@ -48,8 +48,8 @@ public class FederationIdentityService implements IdentityService {
}
- /**
- * If there are roles refs present in the scope, then wrap the UserIdentity
+ /**
+ * If there are roles refs present in the scope, then wrap the UserIdentity
* with one that uses the role references in the
* {@link UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
*/
@@ -77,7 +77,7 @@ public class FederationIdentityService implements IdentityService {
public UserIdentity newUserIdentity(
final Subject subject, final Principal userPrincipal, final String[] roles) {
-
+
try {
FederationUserPrincipal fup = (FederationUserPrincipal)userPrincipal;
return new FederationUserIdentity(subject, userPrincipal, roles, fup.getFedizResponse());
@@ -85,8 +85,8 @@ public class FederationIdentityService implements IdentityService {
LOG.warn("Principal must be instance of FederationUserPrincipal");
throw new IllegalStateException("Principal must be instance of FederationUserPrincipal");
}
-
-
+
+
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
index 17bafad..6e666bd 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
@@ -45,11 +45,11 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
protected IdentityService identityService = new FederationIdentityService();
protected String name;
-
+
public FederationLoginService() {
}
-
+
public FederationLoginService(String name) {
this.name = name;
}
@@ -63,7 +63,7 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
if (isRunning()) {
throw new IllegalStateException("Running");
}
-
+
this.name = name;
}
@@ -77,17 +77,17 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
* username will be null since the credentials will contain all the relevant info
*/
public UserIdentity login(String username, Object credentials, FedizContext config) {
-
+
try {
FedizResponse wfRes = null;
FedizRequest wfReq = (FedizRequest)credentials;
-
+
if (LOG.isDebugEnabled()) {
LOG.debug("Process SignIn request");
LOG.debug("token=\n" + wfReq.getResponseToken());
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(config.getProtocol());
try {
wfRes = wfProc.processRequest(wfReq, config);
@@ -97,7 +97,7 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
}
- // Validate the AudienceRestriction in Security Token (e.g. SAML)
+ // Validate the AudienceRestriction in Security Token (e.g. SAML)
// against the configured list of audienceURIs
if (wfRes.getAudience() != null) {
List<String> audienceURIs = config.getAudienceUris();
@@ -124,15 +124,15 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
roles = new ArrayList<>(roles);
roles.add("Authenticated");
}
-
+
FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(), wfRes);
Subject subject = new Subject();
subject.getPrincipals().add(user);
-
+
String[] aRoles = new String[roles.size()];
roles.toArray(aRoles);
-
+
return identityService.newUserIdentity(subject, user, aRoles);
} catch (Exception ex) {
@@ -162,8 +162,8 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
identityService = service;
}
- public void logout(UserIdentity user) {
-
+ public void logout(UserIdentity user) {
+
}
@Override
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java
index 5102fb8..0c6f366 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java
@@ -31,7 +31,7 @@ import org.apache.cxf.fediz.core.processor.FedizResponse;
import org.eclipse.jetty.server.UserIdentity;
public class FederationUserIdentity implements UserIdentity {
-
+
private Subject subject;
private Principal principal;
private String[] roles;
@@ -60,7 +60,7 @@ public class FederationUserIdentity implements UserIdentity {
if (scope != null && scope.getRoleRefMap() != null) {
role = scope.getRoleRefMap().get(role);
}
-
+
if (this.roles != null) {
for (String r : this.roles) {
if (r.equals(role)) {
@@ -70,23 +70,23 @@ public class FederationUserIdentity implements UserIdentity {
}
return false;
}
-
+
public Date getExpiryDate() {
return fedResponse.getTokenExpires();
}
-
+
public String getIssuer() {
return fedResponse.getIssuer();
}
-
+
public String getAudience() {
return fedResponse.getAudience();
}
-
+
public String getId() {
return fedResponse.getUniqueTokenId();
}
-
+
public Element getToken() {
return fedResponse.getToken();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
index 76b2986..46d5f6e 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
@@ -53,7 +53,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
public ClaimCollection getClaims() {
return claims;
}
-
+
// not public available
//[TODO] maybe find better approach, custom UserIdentity
FedizResponse getFedizResponse() {
@@ -64,7 +64,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
public Element getLoginToken() {
return response.getToken();
}
-
+
public List<String> getRoleClaims() {
return Collections.unmodifiableList(roles);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
index 9707536..4c5ba20 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
@@ -26,8 +26,8 @@ import org.apache.cxf.fediz.core.config.FedizContext;
public interface FederationConfig {
List<FedizContext> getFedizContextList();
-
+
FedizContext getFedizContext(String contextName);
-
+
FedizContext getFedizContext();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
index 0deaaca..f2884d2 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
@@ -35,14 +35,14 @@ import org.springframework.web.context.ServletContextAware;
public class FederationConfigImpl implements FederationConfig, ServletContextAware {
private static final Logger LOG = LoggerFactory.getLogger(FederationConfigImpl.class);
-
+
private Resource configFile;
private String contextName;
-
+
private ServletContext servletContext;
private FedizConfigurator configurator = new FedizConfigurator();
-
-
+
+
public Resource getConfigFile() {
return configFile;
}
@@ -50,7 +50,7 @@ public class FederationConfigImpl implements FederationConfig, ServletContextAwa
public void setConfigFile(Resource configFile) {
this.configFile = configFile;
}
-
+
public String getContextName() {
return contextName;
}
@@ -58,7 +58,7 @@ public class FederationConfigImpl implements FederationConfig, ServletContextAwa
public void setContextName(String contextName) {
this.contextName = contextName;
}
-
+
public void init() {
Assert.notNull(this.configFile, "property 'configFile' mandatory");
try {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
index 5928820..fdf5b6b 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
@@ -28,16 +28,16 @@ import org.springframework.security.core.userdetails.User;
public class FederationUser extends User {
private static final long serialVersionUID = -2231762973730849416L;
-
+
private ClaimCollection claims;
-
+
public FederationUser(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked,
Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
-
- public FederationUser(String username, String password,
+
+ public FederationUser(String username, String password,
Collection<? extends GrantedAuthority> authorities, ClaimCollection claims) {
super(username, password, true, true, true, true, authorities);
this.claims = claims;
@@ -47,7 +47,7 @@ public class FederationUser extends User {
return this.claims;
}
-
-
-
+
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
index 82444c6..544ee18 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
@@ -33,7 +33,7 @@ public abstract class AbstractFederationUserDetailsService
}
/**
- * Protected template method for construct a {@link org.springframework.security.core.userdetails.UserDetails}
+ * Protected template method for construct a {@link org.springframework.security.core.userdetails.UserDetails}
* via the supplied FedizResponse
*
* @return the newly created UserDetails object.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
index 7e7b0f8..1b986ea 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
@@ -25,9 +25,9 @@ import org.springframework.security.core.AuthenticationException;
* To be called when a token has expired
*/
public class ExpiredTokenException extends AuthenticationException {
-
+
private static final long serialVersionUID = 7639463618762010981L;
-
+
public ExpiredTokenException(String errorMessage) {
super(errorMessage);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
index 9621ef9..8b1a496 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
@@ -52,15 +52,15 @@ import org.springframework.util.Assert;
*/
public class FederationAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationProvider.class);
-
+
protected MessageSourceAccessor messages = SpringFedizMessageSource.getAccessor();
-
+
private AuthenticationUserDetailsService<FederationResponseAuthenticationToken> authenticationUserDetailsService;
private FederationConfig federationConfig;
-
+
private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
-
+
public AuthenticationUserDetailsService<FederationResponseAuthenticationToken>
getAuthenticationUserDetailsService() {
return authenticationUserDetailsService;
@@ -70,7 +70,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
AuthenticationUserDetailsService<FederationResponseAuthenticationToken> authenticationUserDetailsService) {
this.authenticationUserDetailsService = authenticationUserDetailsService;
}
-
+
public FederationConfig getFederationConfig() {
return federationConfig;
}
@@ -78,7 +78,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
public void setFederationConfig(FederationConfig federationConfig) {
this.federationConfig = federationConfig;
}
-
+
public void afterPropertiesSet() throws Exception {
@@ -111,9 +111,9 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
throws AuthenticationException {
try {
FedizRequest wfReq = (FedizRequest)authentication.getCredentials();
-
+
FedizContext fedContext = federationConfig.getFedizContext();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
FedizResponse wfRes = wfProc.processRequest(wfReq, fedContext);
@@ -141,7 +141,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
public void setMessageSource(final MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
-
+
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
this.authoritiesMapper = authoritiesMapper;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
index ad099d1..5ed8d57 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
@@ -47,7 +47,7 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
private final FedizResponse response;
private List<String> roles = Collections.emptyList();
-
+
public FederationAuthenticationToken(final Object principal, final Object credentials,
final Collection<? extends GrantedAuthority> authorities, final UserDetails userDetails,
final FedizResponse response) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
index 138a9ed..c75dd09 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
@@ -46,7 +46,7 @@ public final class FederationResponseAuthenticationToken extends AbstractAuthent
public Object getCredentials() {
return this.response;
}
-
+
public FedizResponse getResponse() {
return this.response;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
index 50db700..fc8a511 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
@@ -35,25 +35,25 @@ public class GrantedAuthoritiesUserDetailsFederationService
extends AbstractFederationUserDetailsService {
private boolean convertToUpperCase = true;
-
+
@Override
protected UserDetails loadUserDetails(FedizResponse response) {
-
+
final List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
-
+
if (response.getRoles() != null) {
for (final String role : response.getRoles()) {
-
+
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_"
+ (this.convertToUpperCase ? role.toUpperCase() : role)));
}
}
return new FederationUser(response.getUsername(), "N/A",
grantedAuthorities, new ClaimCollection(response.getClaims()));
-
+
}
-
-
+
+
/**
* Converts the role value to uppercase value.
*
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
index 55c628e..7322a62 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
@@ -35,7 +35,7 @@ import org.springframework.security.web.authentication.preauth.AbstractPreAuthen
public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-
+
/**
* Return the J2EE user name.
*/
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
index f74bc28..2551d0e 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
@@ -61,9 +61,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService
Assert.notNull(token.getDetails());
Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails());
Assert.isInstanceOf(FedizPrincipal.class, token.getPrincipal());
- Collection<? extends GrantedAuthority> authorities =
+ Collection<? extends GrantedAuthority> authorities =
((GrantedAuthoritiesContainer) token.getDetails()).getGrantedAuthorities();
-
+
return createuserDetails(token, authorities, ((FedizPrincipal)token.getPrincipal()).getClaims());
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index 4993cd4..d8b6611 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -55,14 +55,14 @@ import org.springframework.util.Assert;
*/
public class FederationAuthenticationEntryPoint implements AuthenticationEntryPoint,
InitializingBean, ApplicationContextAware {
-
+
/**
* The key used to save the context of the request
*/
public static final String SAVED_CONTEXT = "SAVED_CONTEXT";
-
+
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationEntryPoint.class);
-
+
private ApplicationContext appContext;
private FederationConfig federationConfig;
@@ -84,48 +84,48 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
FedizContext fedContext = federationConfig.getFedizContext();
LOG.debug("Federation context: {}", fedContext);
-
+
// Check to see if it is a metadata request
MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedContext);
if (mdHandler.canHandleRequest(servletRequest)) {
mdHandler.handleRequest(servletRequest, response);
return;
}
-
+
String redirectUrl = null;
try {
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
RedirectionResponse redirectionResponse =
wfProc.createSignInRequest(servletRequest, fedContext);
redirectUrl = redirectionResponse.getRedirectionURL();
-
+
if (redirectUrl == null) {
LOG.warn("Failed to create SignInRequest. Redirect URL null");
throw new ServletException("Failed to create SignInRequest. Redirect URL null");
}
-
+
Map<String, String> headers = redirectionResponse.getHeaders();
if (!headers.isEmpty()) {
for (Entry<String, String> entry : headers.entrySet()) {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
HttpSession session = servletRequest.getSession(true);
session.setAttribute(SAVED_CONTEXT, redirectionResponse.getRequestState().getState());
} catch (ProcessingException ex) {
LOG.warn("Failed to create SignInRequest", ex);
throw new ServletException("Failed to create SignInRequest: " + ex.getMessage());
}
-
+
preCommence(servletRequest, response);
if (LOG.isInfoEnabled()) {
LOG.info("Redirecting to IDP: " + redirectUrl);
}
response.sendRedirect(redirectUrl);
}
-
+
/**
* Template method for you to do your own pre-processing before the redirect occurs.
*
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
index c1dd134..8b98982 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
@@ -43,55 +43,55 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
* A AuthenticationFailureHandler which will redirect a expired user (token) back to the IdP.
*/
public class FederationAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
-
+
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationFailureHandler.class);
-
+
private FederationConfig federationConfig;
-
+
public FederationAuthenticationFailureHandler() {
super();
}
-
+
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
-
+
if (exception instanceof ExpiredTokenException) {
String redirectUrl = null;
try {
FedizContext fedContext = federationConfig.getFedizContext();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
RedirectionResponse redirectionResponse =
wfProc.createSignInRequest(request, fedContext);
redirectUrl = redirectionResponse.getRedirectionURL();
-
+
if (redirectUrl == null) {
LOG.warn("Failed to create SignInRequest. Redirect URL null");
throw new ServletException("Failed to create SignInRequest. Redirect URL null");
}
-
+
Map<String, String> headers = redirectionResponse.getHeaders();
if (!headers.isEmpty()) {
for (Entry<String, String> entry : headers.entrySet()) {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
} catch (ProcessingException ex) {
LOG.warn("Failed to create SignInRequest", ex);
throw new ServletException("Failed to create SignInRequest: " + ex.getMessage());
}
-
+
if (LOG.isInfoEnabled()) {
LOG.info("Redirecting to IDP: " + redirectUrl);
}
response.sendRedirect(redirectUrl);
}
-
+
super.onAuthenticationFailure(request, response, exception);
}
-
+
public FederationConfig getFederationConfig() {
return federationConfig;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 3f172e5..db61219 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -45,9 +45,9 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
public class FederationAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
-
+
private FederationConfig federationConfig;
-
+
public FederationAuthenticationFilter() {
super("/j_spring_fediz_security_check");
setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
@@ -60,37 +60,37 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
if (isTokenExpired()) {
throw new ExpiredTokenException("Token is expired");
}
-
+
verifySavedState(request);
-
+
String wa = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(wa);
wfReq.setResponseToken(responseToken);
wfReq.setState(getState(request));
wfReq.setRequest(request);
-
- X509Certificate certs[] =
+
+ X509Certificate certs[] =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
-
+
final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(null, wfReq);
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
return this.getAuthenticationManager().authenticate(authRequest);
}
-
+
private boolean isTokenExpired() {
SecurityContext context = SecurityContextHolder.getContext();
- boolean detectExpiredTokens =
+ boolean detectExpiredTokens =
federationConfig != null && federationConfig.getFedizContext().isDetectExpiredTokens();
if (context != null && detectExpiredTokens) {
Authentication authentication = context.getAuthentication();
if (authentication instanceof FederationAuthenticationToken) {
- Date tokenExpires =
+ Date tokenExpires =
((FederationAuthenticationToken)authentication).getResponse().getTokenExpires();
if (tokenExpires == null) {
return false;
@@ -102,27 +102,27 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
}
}
}
-
+
return false;
}
-
+
private String getResponseToken(ServletRequest request) {
if (request.getParameter(FederationConstants.PARAM_RESULT) != null) {
return request.getParameter(FederationConstants.PARAM_RESULT);
} else if (request.getParameter(SAMLSSOConstants.SAML_RESPONSE) != null) {
return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
}
-
+
return null;
}
-
+
private String getState(ServletRequest request) {
if (request.getParameter(FederationConstants.PARAM_CONTEXT) != null) {
return request.getParameter(FederationConstants.PARAM_CONTEXT);
} else if (request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
return request.getParameter(SAMLSSOConstants.RELAY_STATE);
}
-
+
return null;
}
@@ -137,9 +137,9 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
}
}
}
-
+
/**
- *
+ *
*/
@Override
protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
@@ -158,5 +158,5 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
public void setFederationConfig(FederationConfig fedConfig) {
this.federationConfig = fedConfig;
}
-
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
index e0356a9..d33607d 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
@@ -50,7 +50,7 @@ public class FederationLogoutFilter extends LogoutFilter {
// Default WS-Federation logout action
return true;
}
-
+
if (this.logoutUrl == null) {
String contextName = request.getContextPath();
if (contextName == null || contextName.isEmpty()) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
index e803e4b..6e01592 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
@@ -58,7 +58,7 @@ public class FederationLogoutSuccessHandler implements LogoutSuccessHandler {
}
FedizContext fedCtx = federationConfig.getFedizContext(contextName);
try {
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedCtx.getProtocol());
RedirectionResponse redirectionResponse =
wfProc.createSignOutRequest(request, null, fedCtx); //TODO
@@ -70,7 +70,7 @@ public class FederationLogoutSuccessHandler implements LogoutSuccessHandler {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignOutRequest.");
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
index 9707536..4c5ba20 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
@@ -26,8 +26,8 @@ import org.apache.cxf.fediz.core.config.FedizContext;
public interface FederationConfig {
List<FedizContext> getFedizContextList();
-
+
FedizContext getFedizContext(String contextName);
-
+
FedizContext getFedizContext();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
index 80b27e9..706bb91 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
@@ -34,14 +34,14 @@ import org.springframework.util.Assert;
public class FederationConfigImpl implements FederationConfig {
private static final Logger LOG = LoggerFactory.getLogger(FederationConfigImpl.class);
-
+
private Resource configFile;
private String contextName;
-
+
//private ServletContext servletContext;
private FedizConfigurator configurator = new FedizConfigurator();
-
-
+
+
public Resource getConfigFile() {
return configFile;
}
@@ -49,7 +49,7 @@ public class FederationConfigImpl implements FederationConfig {
public void setConfigFile(Resource configFile) {
this.configFile = configFile;
}
-
+
public String getContextName() {
return contextName;
}
@@ -57,7 +57,7 @@ public class FederationConfigImpl implements FederationConfig {
public void setContextName(String contextName) {
this.contextName = contextName;
}
-
+
public void init() {
Assert.notNull(this.configFile, "property 'configFile' mandatory");
try {
@@ -83,7 +83,7 @@ public class FederationConfigImpl implements FederationConfig {
return ctx;
}
-
+
@Override
public FedizContext getFedizContext() {
if (contextName != null) {
@@ -94,7 +94,7 @@ public class FederationConfigImpl implements FederationConfig {
return getFedizContext(contextName);
}
}
-
+
/*
@Override
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
index dd444b5..5125be2 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
@@ -26,19 +26,19 @@ import org.springframework.security.userdetails.User;
public class FederationUser extends User {
private static final long serialVersionUID = -2231762973730849416L;
-
+
private ClaimCollection claims;
-
+
public FederationUser(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked,
//Collection<? extends GrantedAuthority> authorities) {
- GrantedAuthority[] authorities) {
+ GrantedAuthority[] authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
-
- public FederationUser(String username, String password,
+
+ public FederationUser(String username, String password,
// Collection<? extends GrantedAuthority> authorities, ClaimCollection claims) {
- GrantedAuthority[] authorities, ClaimCollection claims) {
+ GrantedAuthority[] authorities, ClaimCollection claims) {
super(username, password, true, true, true, true, authorities);
this.claims = claims;
}
@@ -47,7 +47,7 @@ public class FederationUser extends User {
return this.claims;
}
-
-
-
+
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
index c34de45..d27af7b 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
@@ -32,7 +32,7 @@ public abstract class AbstractFederationUserDetailsService
/*
public final UserDetails loadUserDetails(final Authentication token) {
-
+
}*/
@Override
public final UserDetails loadUserDetails(Authentication token) throws UsernameNotFoundException {
@@ -44,12 +44,12 @@ public abstract class AbstractFederationUserDetailsService
}
/**
- * Protected template method for construct a {@link org.springframework.security.core.userdetails.UserDetails}
+ * Protected template method for construct a {@link org.springframework.security.core.userdetails.UserDetails}
* via the supplied FedizResponse
*
* @return the newly created UserDetails object.
*/
protected abstract UserDetails loadUserDetails(FedizResponse response);
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
index 42e23fe..4f8691a 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
@@ -25,9 +25,9 @@ import org.springframework.security.AuthenticationException;
* To be called when a token has expired
*/
public class ExpiredTokenException extends AuthenticationException {
-
+
private static final long serialVersionUID = 7639463618762010981L;
-
+
public ExpiredTokenException(String errorMessage) {
super(errorMessage);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
index 9796608..42d1c92 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
@@ -52,15 +52,15 @@ import org.springframework.util.Assert;
*/
public class FederationAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationProvider.class);
-
+
protected MessageSourceAccessor messages = SpringFedizMessageSource.getAccessor();
-
+
private AuthenticationUserDetailsService authenticationUserDetailsService;
private FederationConfig federationConfig;
-
+
private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
//private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
-
+
public AuthenticationUserDetailsService getAuthenticationUserDetailsService() {
return authenticationUserDetailsService;
}
@@ -69,7 +69,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
AuthenticationUserDetailsService authenticationUserDetailsService) {
this.authenticationUserDetailsService = authenticationUserDetailsService;
}
-
+
public FederationConfig getFederationConfig() {
return federationConfig;
}
@@ -77,7 +77,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
public void setFederationConfig(FederationConfig federationConfig) {
this.federationConfig = federationConfig;
}
-
+
public void afterPropertiesSet() throws Exception {
@@ -102,7 +102,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
}
FederationAuthenticationToken result = null;
-
+
if (result == null) {
result = this.authenticateNow(authentication);
result.setDetails(authentication.getDetails());
@@ -116,7 +116,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
try {
FedizRequest wfReq = (FedizRequest)authentication.getCredentials();
FedizContext context = federationConfig.getFedizContext();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(context.getProtocol());
FedizResponse wfRes = wfProc.processRequest(wfReq, context);
@@ -153,7 +153,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
return FederationAuthenticationToken.class.isAssignableFrom(authentication);
}
}
-
+
/*
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
this.authoritiesMapper = authoritiesMapper;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
index 14e1047..5e48e5c 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
@@ -45,7 +45,7 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
private final FedizResponse response;
private List<String> roles = Collections.emptyList();
-
+
public FederationAuthenticationToken(final Object principal, final Object credentials,
final GrantedAuthority[] authorities, final UserDetails userDetails,
final FedizResponse response) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
index 55d7a33..d7f380c 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
@@ -42,7 +42,7 @@ public final class FederationResponseAuthenticationToken extends AbstractAuthent
public Object getCredentials() {
return this.response;
}
-
+
public FedizResponse getResponse() {
return this.response;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
index 770916d..c229dde 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
@@ -35,15 +35,15 @@ public class GrantedAuthoritiesUserDetailsFederationService
extends AbstractFederationUserDetailsService {
private boolean convertToUpperCase = true;
-
+
@Override
protected UserDetails loadUserDetails(FedizResponse response) {
-
+
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
-
+
if (response.getRoles() != null) {
for (final String role : response.getRoles()) {
-
+
grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_"
+ (this.convertToUpperCase ? role.toUpperCase() : role)));
}
@@ -52,10 +52,10 @@ public class GrantedAuthoritiesUserDetailsFederationService
(GrantedAuthority[]) grantedAuthorities.toArray(
new GrantedAuthority[grantedAuthorities.size()]),
new ClaimCollection(response.getClaims()));
-
+
}
-
-
+
+
/**
* Converts the role value to uppercase value.
*
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
index 39ea329..dde6d4a 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
@@ -36,7 +36,7 @@ import org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessin
public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-
+
/**
* Return the J2EE user name.
*/
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
index e10831b..1c75b5c 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
@@ -60,9 +60,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService
Assert.notNull(token.getDetails());
Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails());
Assert.isInstanceOf(FedizPrincipal.class, token.getPrincipal());
- GrantedAuthority[] authorities =
+ GrantedAuthority[] authorities =
((GrantedAuthoritiesContainer) token.getDetails()).getGrantedAuthorities();
-
+
return createuserDetails(token, authorities, ((FedizPrincipal)token.getPrincipal()).getClaims());
}
@@ -83,9 +83,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService
Assert.isInstanceOf(PreAuthenticatedAuthenticationToken.class, token);
Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails());
Assert.isInstanceOf(FedizPrincipal.class, token.getPrincipal());
- GrantedAuthority[] authorities =
+ GrantedAuthority[] authorities =
((GrantedAuthoritiesContainer) token.getDetails()).getGrantedAuthorities();
-
+
return createuserDetails(token, authorities, ((FedizPrincipal)token.getPrincipal()).getClaims());
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index eeff761..6786290 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -57,14 +57,14 @@ import org.springframework.util.Assert;
*/
public class FederationAuthenticationEntryPoint implements AuthenticationEntryPoint,
InitializingBean, ApplicationContextAware {
-
+
/**
* The key used to save the context of the request
*/
public static final String SAVED_CONTEXT = "SAVED_CONTEXT";
-
+
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationEntryPoint.class);
-
+
private ApplicationContext appContext;
private FederationConfig federationConfig;
//private String servletContext;
@@ -100,41 +100,41 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
@Override
public void commence(ServletRequest request, ServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
-
+
HttpServletRequest hrequest = (HttpServletRequest)request;
HttpServletResponse hresponse = (HttpServletResponse)response;
FedizContext fedContext = federationConfig.getFedizContext();
LOG.debug("Federation context: {}", fedContext);
-
+
// Check to see if it is a metadata request
MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedContext);
if (mdHandler.canHandleRequest(hrequest)) {
mdHandler.handleRequest(hrequest, hresponse);
return;
}
-
+
String redirectUrl = null;
try {
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
-
+
RedirectionResponse redirectionResponse =
wfProc.createSignInRequest(hrequest, fedContext);
redirectUrl = redirectionResponse.getRedirectionURL();
-
+
if (redirectUrl == null) {
LOG.warn("Failed to create SignInRequest.");
hresponse.sendError(
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
-
+
Map<String, String> headers = redirectionResponse.getHeaders();
if (!headers.isEmpty()) {
for (Entry<String, String> entry : headers.entrySet()) {
hresponse.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
HttpSession session = ((HttpServletRequest)request).getSession(true);
session.setAttribute(SAVED_CONTEXT, redirectionResponse.getRequestState().getState());
} catch (ProcessingException ex) {
@@ -143,13 +143,13 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
hresponse.sendError(
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
-
+
preCommence(hrequest, hresponse);
if (LOG.isInfoEnabled()) {
LOG.info("Redirecting to IDP: " + redirectUrl);
}
hresponse.sendRedirect(redirectUrl);
-
+
}
}