You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/03/29 15:22:18 UTC
[1/2] cxf-fediz git commit: FEDIZ-197: wsdlLocation shouldn't be
changed
Repository: cxf-fediz
Updated Branches:
refs/heads/master 2e4dac9be -> 36480e970
FEDIZ-197: wsdlLocation shouldn't be changed
We should change wsdlLocation to use localPort
only if port 0 has been explicitly set.
Otherwise, we should use wsdlLocation as is.
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/07ce8579
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/07ce8579
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/07ce8579
Branch: refs/heads/master
Commit: 07ce85792079b36a962f9ba39dd296894c76d779
Parents: 2e4dac9
Author: gonzalad <ad...@yahoo.fr>
Authored: Wed Mar 29 09:15:10 2017 +0200
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Mar 29 16:08:06 2017 +0100
----------------------------------------------------------------------
.../service/idp/beans/STSClientAction.java | 2 +-
.../cxf/fediz/service/idp/util/WebUtils.java | 17 ++--
.../service/idp/beans/STSClientActionTest.java | 87 ++++++++++++++++++++
3 files changed, 96 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/07ce8579/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index e0d324e..ff9f65f 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -116,7 +116,7 @@ public class STSClientAction {
this.wsdlLocation = wsdlLocation;
try {
URL url = new URL(wsdlLocation);
- isPortSet = url.getPort() > 0;
+ isPortSet = url.getPort() != 0;
if (!isPortSet) {
LOG.info("Port is 0 for 'wsdlLocation'. Port evaluated when processing first request.");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/07ce8579/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
index edf9fde..a1da71a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
@@ -24,7 +24,6 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.util.Assert;
-import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.RequestContext;
/**
@@ -38,12 +37,12 @@ public final class WebUtils {
public static HttpServletRequest getHttpServletRequest(
final RequestContext context) {
- Assert.isInstanceOf(ServletExternalContext.class,
- context.getExternalContext(),
+ Object request = context.getExternalContext().getNativeRequest();
+ Assert.isInstanceOf(HttpServletRequest.class,
+ request,
"Cannot obtain HttpServletRequest from event of type: "
+ context.getExternalContext().getClass().getName());
- return (HttpServletRequest) context.getExternalContext()
- .getNativeRequest();
+ return (HttpServletRequest) request;
}
public static HttpSession getHttpSession(final RequestContext context) {
@@ -53,12 +52,12 @@ public final class WebUtils {
public static HttpServletResponse getHttpServletResponse(
final RequestContext context) {
- Assert.isInstanceOf(ServletExternalContext.class,
- context.getExternalContext(),
+ Object response = context.getExternalContext().getNativeResponse();
+ Assert.isInstanceOf(HttpServletResponse.class,
+ response,
"Cannot obtain HttpServletResponse from event of type: "
+ context.getExternalContext().getClass().getName());
- return (HttpServletResponse) context.getExternalContext()
- .getNativeResponse();
+ return (HttpServletResponse) response;
}
public static String getHttpHeader(RequestContext requestContext, String headerName) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/07ce8579/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/beans/STSClientActionTest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/beans/STSClientActionTest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/beans/STSClientActionTest.java
new file mode 100644
index 0000000..6f4ae76
--- /dev/null
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/beans/STSClientActionTest.java
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.beans;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.webflow.execution.RequestContext;
+import org.springframework.webflow.test.MockRequestContext;
+import static org.junit.Assert.assertEquals;
+
+public class STSClientActionTest {
+
+ private static final int LOCAL_PORT = 8080;
+
+ @Test
+ public void testWsdlWithDefaultPort() {
+ String wsdlLocation = "http://someserver/sts";
+ STSClientAction action = new STSClientAction();
+ action.setWsdlLocation(wsdlLocation);
+ callProcessWsdlLocation(action, mockRequestContext());
+ assertEquals(wsdlLocation, action.getWsdlLocation());
+ }
+
+ @Test
+ public void testWsdlWithExplicitPort() {
+ String wsdlLocation = "http://someserver:91/sts";
+ STSClientAction action = new STSClientAction();
+ action.setWsdlLocation(wsdlLocation);
+ callProcessWsdlLocation(action, mockRequestContext());
+ assertEquals(wsdlLocation, action.getWsdlLocation());
+ }
+
+ @Test
+ public void testWsdlWithPort0() {
+ String wsdlLocation = "http://someserver:0/sts";
+ STSClientAction action = new STSClientAction();
+ action.setWsdlLocation(wsdlLocation);
+ callProcessWsdlLocation(action, mockRequestContext());
+ assertEquals("http://someserver:" + LOCAL_PORT + "/sts", action.getWsdlLocation());
+ }
+
+ private void callProcessWsdlLocation(STSClientAction action, RequestContext requestContext) {
+ Method method = null;
+ try {
+ method = action.getClass().getDeclaredMethod("processWsdlLocation", RequestContext.class);
+ } catch (NoSuchMethodException e) {
+ throw new RuntimeException(e);
+ }
+ method.setAccessible(true);
+ try {
+ method.invoke(action, requestContext);
+ } catch (IllegalAccessException | InvocationTargetException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Forces local port to pre-defined value to test if it's used
+ * by STSClientAction to compute STS urls.
+ */
+ private RequestContext mockRequestContext() {
+ MockRequestContext requestContext = new MockRequestContext();
+ MockHttpServletRequest servletRequest = new MockHttpServletRequest();
+ servletRequest.setLocalPort(LOCAL_PORT);
+ requestContext.getMockExternalContext().setNativeRequest(servletRequest);
+ return requestContext;
+ }
+}
[2/2] cxf-fediz git commit: FEDIZ-197: Use local Port to call STS.
Posted by co...@apache.org.
FEDIZ-197: Use local Port to call STS.
This closes #15
STSAuthenticationProvider now handles
local port (:0) on wsdlLocation.
If such a port is used for wsdlLocation,
STSAuthenticationProvider will use the localServer port
to retrieve the wsdl.
Note: org.springframework.web.filter.RequestContextFilter needs
to be set for this to work.
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/36480e97
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/36480e97
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/36480e97
Branch: refs/heads/master
Commit: 36480e97003185385e81bf5cbf8c23cee08dffef
Parents: 07ce857
Author: gonzalad <ad...@yahoo.fr>
Authored: Wed Mar 29 13:39:03 2017 +0200
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Mar 29 16:08:18 2017 +0100
----------------------------------------------------------------------
.../service/idp/STSAuthenticationProvider.java | 92 +++++++++---------
.../idp/STSKrbAuthenticationProvider.java | 2 +-
.../idp/STSPreAuthAuthenticationProvider.java | 2 +-
.../idp/STSUPAuthenticationProvider.java | 2 +-
.../service/idp/beans/STSClientAction.java | 87 +++++++----------
.../service/idp/util/LocalServerResolver.java | 98 ++++++++++++++++++++
6 files changed, 178 insertions(+), 105 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/36480e97/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
index d42904b..9310d5c 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
@@ -29,9 +29,9 @@ import org.w3c.dom.Element;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
-//import org.apache.cxf.endpoint.Client;
import org.apache.cxf.fediz.core.Claim;
import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.service.idp.util.LocalServerResolver;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
@@ -41,8 +41,6 @@ import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
-//import org.apache.cxf.transport.http.HTTPConduit;
-//import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
/**
* A base class for authenticating credentials to the STS
@@ -50,45 +48,34 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
public abstract class STSAuthenticationProvider implements AuthenticationProvider {
public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
- "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
+ "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
- "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+ "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
public static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST =
- "http://schemas.xmlsoap.org/ws/2005/02/trust";
+ "http://schemas.xmlsoap.org/ws/2005/02/trust";
private static final Logger LOG = LoggerFactory.getLogger(STSAuthenticationProvider.class);
-
- protected String wsdlLocation;
-
protected String namespace = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512;
-
protected String wsdlService;
-
protected String wsdlEndpoint;
-
protected String appliesTo;
-
protected boolean use200502Namespace;
-
protected String tokenType;
-
protected Bus bus;
-
protected Integer lifetime;
-
- //Required to get IDP roles to use the IDP application, used in future release
+ // Required to get IDP roles to use the IDP application, used in future release
protected String roleURI;
-
protected Map<String, Object> properties = new HashMap<>();
-
+ private String wsdlLocation;
+ private boolean isPortSet;
private String customSTSParameter;
protected List<GrantedAuthority> createAuthorities(SecurityToken token) throws WSSecurityException {
List<GrantedAuthority> authorities = new ArrayList<>();
- //authorities.add(new SimpleGrantedAuthority("ROLE_AUTHENTICATED"));
- //Not needed because AuthenticatedVoter has been added for SecurityFlowExecutionListener
+ // authorities.add(new SimpleGrantedAuthority("ROLE_AUTHENTICATED"));
+ // Not needed because AuthenticatedVoter has been added for SecurityFlowExecutionListener
if (roleURI != null) {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token.getToken());
@@ -98,7 +85,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
Object oValue = c.getValue();
if ((oValue instanceof List<?>) && !((List<?>)oValue).isEmpty()) {
List<?> values = (List<?>)oValue;
- for (Object role: values) {
+ for (Object role : values) {
if (role instanceof String) {
authorities.add(new SimpleGrantedAuthority((String)role));
}
@@ -113,18 +100,27 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
}
}
- //Add IDP_LOGIN role to be able to access resource Idp, TrustedIdp, etc.
+ // Add IDP_LOGIN role to be able to access resource Idp, TrustedIdp, etc.
authorities.add(new SimpleGrantedAuthority("ROLE_IDP_LOGIN"));
return authorities;
}
public String getWsdlLocation() {
+ if (!isPortSet) {
+ setSTSWsdlUrl(LocalServerResolver.resolve(this.wsdlLocation));
+ }
return wsdlLocation;
}
public void setWsdlLocation(String wsdlLocation) {
this.wsdlLocation = wsdlLocation;
+ this.isPortSet = !LocalServerResolver.isLocal(this.wsdlLocation);
+ }
+
+ private synchronized void setSTSWsdlUrl(String wsdlUrl) {
+ this.wsdlLocation = wsdlUrl;
+ this.isPortSet = true;
}
public String getWsdlService() {
@@ -159,15 +155,15 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
this.appliesTo = appliesTo;
}
- public void setBus(Bus bus) {
- this.bus = bus;
- }
-
public Bus getBus() {
// do not store a referance to the default bus
return (bus != null) ? bus : BusFactory.getDefaultBus();
}
+ public void setBus(Bus bus) {
+ this.bus = bus;
+ }
+
public String getTokenType() {
return tokenType;
}
@@ -186,7 +182,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
protected List<Claim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion
- .getAttributeStatements();
+ .getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
LOG.debug("No attribute statements found");
return Collections.emptyList();
@@ -197,8 +193,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
LOG.debug("parsing statement: {}", statement.getElementQName());
- List<org.opensaml.saml.saml2.core.Attribute> attributes = statement
- .getAttributes();
+ List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
LOG.debug("parsing attribute: {}", attribute.getName());
Claim c = new Claim();
@@ -230,20 +225,19 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
}
- protected void mergeClaimToMap(Map<String, Claim> claimsMap, Claim c,
- List<String> valueList) {
+ protected void mergeClaimToMap(Map<String, Claim> claimsMap, Claim c, List<String> valueList) {
Claim t = claimsMap.get(c.getClaimType().toString());
if (t != null) {
- //same SAML attribute already processed. Thus Claim object already created.
+ // same SAML attribute already processed. Thus Claim object already created.
Object oValue = t.getValue();
if (oValue instanceof String) {
- //one child element AttributeValue only
+ // one child element AttributeValue only
List<String> values = new ArrayList<>();
- values.add((String)oValue); //add existing value
+ values.add((String)oValue); // add existing value
values.addAll(valueList);
t.setValue(values);
} else if (oValue instanceof List<?>) {
- //more than one child element AttributeValue
+ // more than one child element AttributeValue
@SuppressWarnings("unchecked")
List<String> values = (List<String>)oValue;
values.addAll(valueList);
@@ -271,14 +265,14 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
this.roleURI = roleURI;
}
- public void setProperties(Map<String, Object> p) {
- properties.putAll(p);
- }
-
public Map<String, Object> getProperties() {
return properties;
}
+ public void setProperties(Map<String, Object> p) {
+ properties.putAll(p);
+ }
+
public boolean isUse200502Namespace() {
return use200502Namespace;
}
@@ -295,13 +289,13 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
this.customSTSParameter = customSTSParameter;
}
-//May be uncommented for debugging
-// private void setTimeout(Client client, Long timeout) {
-// HTTPConduit conduit = (HTTPConduit) client.getConduit();
-// HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-// httpClientPolicy.setConnectionTimeout(timeout);
-// httpClientPolicy.setReceiveTimeout(timeout);
-// conduit.setClient(httpClientPolicy);
-// }
+ // May be uncommented for debugging
+ // private void setTimeout(Client client, Long timeout) {
+ // HTTPConduit conduit = (HTTPConduit) client.getConduit();
+ // HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+ // httpClientPolicy.setConnectionTimeout(timeout);
+ // httpClientPolicy.setReceiveTimeout(timeout);
+ // conduit.setClient(httpClientPolicy);
+ // }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/36480e97/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
index 5e80466..3efbf08 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
@@ -80,7 +80,7 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
}
sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
- sts.setWsdlLocation(wsdlLocation);
+ sts.setWsdlLocation(getWsdlLocation());
sts.setServiceQName(new QName(namespace, wsdlService));
sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/36480e97/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
index e6e3629..38bfa7c 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
@@ -61,7 +61,7 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
}
sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
- sts.setWsdlLocation(wsdlLocation);
+ sts.setWsdlLocation(getWsdlLocation());
sts.setServiceQName(new QName(namespace, wsdlService));
sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/36480e97/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
index 7e166f3..97e96db 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
@@ -65,7 +65,7 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
}
sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
- sts.setWsdlLocation(wsdlLocation);
+ sts.setWsdlLocation(getWsdlLocation());
sts.setServiceQName(new QName(namespace, wsdlService));
sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/36480e97/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index ff9f65f..3817380 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -20,8 +20,6 @@ package org.apache.cxf.fediz.service.idp.beans;
import java.io.IOException;
import java.io.StringReader;
-import java.net.MalformedURLException;
-import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
@@ -34,6 +32,7 @@ import javax.xml.stream.XMLStreamException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
+
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.binding.soap.SoapFault;
@@ -45,6 +44,7 @@ import org.apache.cxf.fediz.service.idp.IdpSTSClient;
import org.apache.cxf.fediz.service.idp.domain.Application;
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
+import org.apache.cxf.fediz.service.idp.util.LocalServerResolver;
import org.apache.cxf.fediz.service.idp.util.WebUtils;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -76,12 +76,11 @@ public class STSClientAction {
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
private static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST =
- "http://schemas.xmlsoap.org/ws/2005/02/trust";
+ "http://schemas.xmlsoap.org/ws/2005/02/trust";
private static final String SECURITY_TOKEN_SERVICE = "SecurityTokenService";
- private static final Logger LOG = LoggerFactory
- .getLogger(STSClientAction.class);
+ private static final Logger LOG = LoggerFactory.getLogger(STSClientAction.class);
protected String namespace = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512;
@@ -107,21 +106,15 @@ public class STSClientAction {
private String customSTSParameter;
-
public String getWsdlLocation() {
return wsdlLocation;
}
public void setWsdlLocation(String wsdlLocation) {
this.wsdlLocation = wsdlLocation;
- try {
- URL url = new URL(wsdlLocation);
- isPortSet = url.getPort() != 0;
- if (!isPortSet) {
- LOG.info("Port is 0 for 'wsdlLocation'. Port evaluated when processing first request.");
- }
- } catch (MalformedURLException e) {
- LOG.error("Invalid Url '" + wsdlLocation + "': " + e.getMessage());
+ isPortSet = !LocalServerResolver.isLocal(wsdlLocation);
+ if (!isPortSet) {
+ LOG.info("Port is 0 for 'wsdlLocation'. Port evaluated when processing first request.");
}
}
@@ -149,15 +142,15 @@ public class STSClientAction {
this.namespace = namespace;
}
- public void setBus(Bus bus) {
- this.bus = bus;
- }
-
public Bus getBus() {
// do not store a referance to the default bus
return (bus != null) ? bus : BusFactory.getDefaultBus();
}
+ public void setBus(Bus bus) {
+ this.bus = bus;
+ }
+
public String getTokenType() {
return tokenType;
}
@@ -188,13 +181,12 @@ public class STSClientAction {
* @return a RP security token
* @throws Exception
*/
- public Element submit(RequestContext context, String realm, String homeRealm)
- throws Exception {
+ public Element submit(RequestContext context, String realm, String homeRealm) throws Exception {
SecurityToken idpToken = getSecurityToken(context, homeRealm);
Bus cxfBus = getBus();
- Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, "idpConfig");
+ Idp idpConfig = (Idp)WebUtils.getAttributeFromFlowScope(context, "idpConfig");
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace(HTTP_WWW_W3_ORG_2005_08_ADDRESSING);
@@ -216,13 +208,13 @@ public class STSClientAction {
if (wreqElement != null && "RequestSecurityToken".equals(wreqElement.getLocalName())
&& (STSUtils.WST_NS_05_12.equals(wreqElement.getNamespaceURI())
|| HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST.equals(wreqElement.getNamespaceURI()))) {
- Element tokenTypeElement =
- DOMUtils.getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "TokenType");
+ Element tokenTypeElement = DOMUtils
+ .getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "TokenType");
if (tokenTypeElement != null) {
stsTokenType = tokenTypeElement.getTextContent();
}
- Element keyTypeElement =
- DOMUtils.getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "KeyType");
+ Element keyTypeElement = DOMUtils
+ .getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "KeyType");
if (keyTypeElement != null) {
stsKeyType = keyTypeElement.getTextContent();
}
@@ -251,8 +243,8 @@ public class STSClientAction {
if (HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY.equals(stsKeyType)) {
HttpServletRequest servletRequest = WebUtils.getHttpServletRequest(context);
if (servletRequest != null) {
- X509Certificate certs[] =
- (X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate");
+ X509Certificate certs[] = (X509Certificate[])servletRequest
+ .getAttribute("javax.servlet.request.X509Certificate");
if (certs != null && certs.length > 0) {
sts.setUseCertificateForConfirmationKeyInfo(true);
sts.setUseKeyCertificate(certs[0]);
@@ -300,8 +292,7 @@ public class STSClientAction {
rpToken = sts.requestSecurityTokenResponse(realm);
} catch (SoapFault ex) {
LOG.error("Error in retrieving a token", ex.getMessage());
- if (ex.getFaultCode() != null
- && "RequestFailed".equals(ex.getFaultCode().getLocalPart())) {
+ if (ex.getFaultCode() != null && "RequestFailed".equals(ex.getFaultCode().getLocalPart())) {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
throw ex;
@@ -310,8 +301,8 @@ public class STSClientAction {
if (LOG.isInfoEnabled()) {
String id = getIdFromToken(rpToken);
- LOG.info("[RP_TOKEN={}] successfully created for realm [{}] on behalf of [IDP_TOKEN={}]",
- id, realm, idpToken.getId());
+ LOG.info("[RP_TOKEN={}] successfully created for realm [{}] on behalf of [IDP_TOKEN={}]", id,
+ realm, idpToken.getId());
}
return rpToken;
}
@@ -327,7 +318,7 @@ public class STSClientAction {
}
if (nd.getLength() > 0) {
- Element e = (Element) nd.item(0);
+ Element e = (Element)nd.item(0);
if (e.hasAttributeNS(null, identifier)) {
return e.getAttributeNS(null, identifier);
}
@@ -337,12 +328,13 @@ public class STSClientAction {
return "";
}
- private SecurityToken getSecurityToken(RequestContext context, String homeRealm) throws ProcessingException {
+ private SecurityToken getSecurityToken(RequestContext context, String homeRealm)
+ throws ProcessingException {
- SecurityToken idpToken = (SecurityToken) WebUtils.getAttributeFromFlowScope(context, "idpToken");
+ SecurityToken idpToken = (SecurityToken)WebUtils.getAttributeFromFlowScope(context, "idpToken");
if (idpToken != null) {
- LOG.debug("[IDP_TOKEN={} successfully retrieved from cache for home realm [{}]",
- idpToken.getId(), homeRealm);
+ LOG.debug("[IDP_TOKEN={} successfully retrieved from cache for home realm [{}]", idpToken.getId(),
+ homeRealm);
} else {
LOG.error("IDP_TOKEN not found");
throw new ProcessingException(TYPE.BAD_REQUEST);
@@ -350,19 +342,11 @@ public class STSClientAction {
return idpToken;
}
-
private void processWsdlLocation(RequestContext context) {
if (!isPortSet) {
- try {
- URL url = new URL(this.wsdlLocation);
- URL updatedUrl = new URL(url.getProtocol(), url.getHost(),
- WebUtils.getHttpServletRequest(context).getLocalPort(), url.getFile());
-
- setSTSWsdlUrl(updatedUrl.toString());
- LOG.info("STS WSDL URL updated to {}", updatedUrl.toString());
- } catch (MalformedURLException e) {
- LOG.error("Invalid Url '{}': {}", this.wsdlLocation, e.getMessage());
- }
+ String updatedUrl = LocalServerResolver.resolve(this.wsdlLocation, context);
+ setSTSWsdlUrl(updatedUrl);
+ LOG.info("STS WSDL URL updated to {}", updatedUrl.toString());
}
}
@@ -384,16 +368,13 @@ public class STSClientAction {
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "Claims", STSUtils.WST_NS_05_12);
writer.writeNamespace("wst", STSUtils.WST_NS_05_12);
- writer.writeNamespace("ic",
- HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
- writer.writeAttribute("Dialect",
- HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
+ writer.writeNamespace("ic", HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
+ writer.writeAttribute("Dialect", HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
if (!realmClaims.isEmpty()) {
for (RequestClaim item : realmClaims) {
LOG.debug(" {}", item.getClaimType().toString());
- writer.writeStartElement("ic", "ClaimType",
- HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
+ writer.writeStartElement("ic", "ClaimType", HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
writer.writeAttribute("Uri", item.getClaimType().toString());
writer.writeAttribute("Optional", Boolean.toString(item.isOptional()));
writer.writeEndElement();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/36480e97/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/LocalServerResolver.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/LocalServerResolver.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/LocalServerResolver.java
new file mode 100644
index 0000000..eac1d9c
--- /dev/null
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/LocalServerResolver.java
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.util;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.webflow.execution.RequestContext;
+
+/**
+ * Detects if a given URL means the local server (useful in case IDP/STS are co-located). If port 0 is
+ * explicitly set, then {@link #resolve(String, RequestContext)} will replace the original URL with a url
+ * containing the local server port.
+ */
+public final class LocalServerResolver {
+
+ private static final Logger LOG = LoggerFactory.getLogger(LocalServerResolver.class);
+
+ private LocalServerResolver() {
+ }
+
+ /**
+ * If url contains a 0 port, replaces it with the local server port. Otherwise returns url as-is (no
+ * modification).
+ */
+ public static String resolve(String url) {
+ RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
+ if (!(requestAttributes instanceof ServletRequestAttributes)) {
+ return url;
+ }
+ return resolve(url, ((ServletRequestAttributes)requestAttributes).getRequest());
+ }
+
+ public static String resolve(String url, RequestContext context) {
+ if (context == null) {
+ return url;
+ }
+ return resolve(url, WebUtils.getHttpServletRequest(context));
+ }
+
+ public static String resolve(String url, HttpServletRequest request) {
+ if (request == null) {
+ return url;
+ }
+ if (isLocal(url)) {
+ try {
+ URL urlValue = new URL(url);
+ URL updatedUrl = new URL(urlValue.getProtocol(), urlValue.getHost(), request.getLocalPort(),
+ urlValue.getFile());
+ LOG.debug("URL updated to {}", updatedUrl.toString());
+ return updatedUrl.toString();
+ } catch (MalformedURLException e) {
+ LOG.error("Invalid Url '{}': {}", url, e.getMessage());
+ }
+ }
+ return url;
+ }
+
+ /**
+ * Returns true if the url represents a local server (that is port is explicitly set to 0)
+ */
+ public static boolean isLocal(String url) {
+ boolean isLocal = false;
+ try {
+ URL urlValue = new URL(url);
+ isLocal = urlValue.getPort() == 0;
+ if (isLocal) {
+ LOG.info("Port is 0 used for {}. Local server port will be used.", url);
+ }
+ } catch (MalformedURLException e) {
+ LOG.error("Invalid Url '" + url + "': " + e.getMessage());
+ }
+ return isLocal;
+ }
+}