You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2018/05/16 13:56:11 UTC

[cxf-fediz] branch 1.4.x-fixes updated (159a36b -> 344df90)

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git.


    from 159a36b  Ensure relayState is url-encoded as well
     new f7f4df6  Merge pull request #27 from amergey/master
     new 344df90  Fixing failing test

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../org/apache/cxf/fediz/core/FederationConstants.java |  6 ++++++
 .../apache/cxf/fediz/core/handler/SigninHandler.java   | 13 ++++++++++++-
 .../cxf/fediz/core/processor/SAMLProcessorImpl.java    |  3 ++-
 .../fediz/core/federation/AudienceRestrictionTest.java | 18 ++++++------------
 .../cxf/fediz/tomcat8/FederationAuthenticator.java     |  9 +++++++--
 5 files changed, 33 insertions(+), 16 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

[cxf-fediz] 02/02: Fixing failing test

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git

commit 344df902392cfd6cbbf5f8d02626751b22997a44
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed May 16 14:28:00 2018 +0100

    Fixing failing test
---
 .../fediz/core/federation/AudienceRestrictionTest.java | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/AudienceRestrictionTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/AudienceRestrictionTest.java
index 0e80926..0f1fdf6 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/AudienceRestrictionTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/AudienceRestrictionTest.java
@@ -153,8 +153,7 @@ public class AudienceRestrictionTest {
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
             .andReturn(FederationConstants.ACTION_SIGNIN);
-        String relayState = "asfnaosif123123";
-        EasyMock.expect(req.getParameter("RelayState")).andReturn(relayState);
+        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
         EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
         EasyMock.expect(req.getQueryString()).andReturn(null);
         EasyMock.replay(req);
@@ -197,8 +196,7 @@ public class AudienceRestrictionTest {
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
             .andReturn(FederationConstants.ACTION_SIGNIN);
-        String relayState = "asfnaosif123123";
-        EasyMock.expect(req.getParameter("RelayState")).andReturn(relayState);
+        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
         EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
         EasyMock.expect(req.getQueryString()).andReturn(null);
         EasyMock.replay(req);
@@ -241,8 +239,7 @@ public class AudienceRestrictionTest {
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
             .andReturn(FederationConstants.ACTION_SIGNIN);
-        String relayState = "asfnaosif123123";
-        EasyMock.expect(req.getParameter("RelayState")).andReturn(relayState);
+        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
         EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
         EasyMock.expect(req.getQueryString()).andReturn(null);
         EasyMock.replay(req);
@@ -282,8 +279,7 @@ public class AudienceRestrictionTest {
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
             .andReturn(FederationConstants.ACTION_SIGNIN);
-        String relayState = "asfnaosif123123";
-        EasyMock.expect(req.getParameter("RelayState")).andReturn(relayState);
+        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
         EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
         EasyMock.expect(req.getQueryString()).andReturn(null);
         EasyMock.replay(req);
@@ -323,8 +319,7 @@ public class AudienceRestrictionTest {
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
             .andReturn(FederationConstants.ACTION_SIGNIN);
-        String relayState = "asfnaosif123123";
-        EasyMock.expect(req.getParameter("RelayState")).andReturn(relayState);
+        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
         EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
         EasyMock.expect(req.getQueryString()).andReturn(null);
         EasyMock.replay(req);
@@ -367,8 +362,7 @@ public class AudienceRestrictionTest {
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
         EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
             .andReturn(FederationConstants.ACTION_SIGNIN);
-        String relayState = "asfnaosif123123";
-        EasyMock.expect(req.getParameter("RelayState")).andReturn(relayState);
+        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
         EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
         EasyMock.expect(req.getQueryString()).andReturn(null);
         EasyMock.replay(req);

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

[cxf-fediz] 01/02: Merge pull request #27 from amergey/master

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git

commit f7f4df6b058a0cce4ad8e80af127a87ad55484b8
Author: Colm O hEigeartaigh <co...@users.noreply.github.com>
AuthorDate: Wed May 16 14:04:46 2018 +0100

    Merge pull request #27 from amergey/master
    
    [FEDIZ-217] Fix SAML authentication in Plugin
---
 .../java/org/apache/cxf/fediz/core/FederationConstants.java |  6 ++++++
 .../org/apache/cxf/fediz/core/handler/SigninHandler.java    | 13 ++++++++++++-
 .../apache/cxf/fediz/core/processor/SAMLProcessorImpl.java  |  3 ++-
 .../apache/cxf/fediz/tomcat8/FederationAuthenticator.java   |  9 +++++++--
 4 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
index 6839ff5..88bd273 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
@@ -150,6 +150,12 @@ public final class FederationConstants extends FedizConstants {
      * element.
      */
     public static final String PARAM_RESULT_PTR = "wresultptr";
+    
+    /**
+     * This OPTIONAL session attribute prefix append to request RelayState value specifies 
+     * initial RequestState created before redirecting to IDP
+     */
+    public static final String SESSION_SAVED_REQUEST_STATE_PREFIX = "SAVED_REQUEST_STATE_";
 
     public static final Map<String, URI> AUTH_TYPE_MAP;
     static {
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index 31aefcd..125e9fc 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -23,8 +23,10 @@ import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.config.FederationProtocol;
 import org.apache.cxf.fediz.core.config.FedizContext;
@@ -101,13 +103,22 @@ public class SigninHandler<T> implements RequestHandler<T> {
         FedizRequest federationRequest = new FedizRequest();
 
         String wa = req.getParameter(FederationConstants.PARAM_ACTION);
+        
+        String relayState = req.getParameter("RelayState");
 
         federationRequest.setAction(wa);
         federationRequest.setResponseToken(responseToken);
-        federationRequest.setState(req.getParameter("RelayState"));
+        federationRequest.setState(relayState);
         federationRequest.setRequest(req);
         federationRequest.setCerts((X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate"));
 
+        if (relayState != null) {
+            HttpSession session = req.getSession();
+            federationRequest.setRequestState((RequestState) 
+                 session.getAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState));
+            session.removeAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState);
+        }
+        
         FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedizContext.getProtocol());
         return processor.processRequest(federationRequest, fedizContext);
     }
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 7b2abc9..4ae304d 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -135,6 +135,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
                 tokenStream = CompressionUtils.inflate(deflatedToken);
             }
         } catch (DataFormatException ex) {
+            LOG.warn("Invalid data format", ex);
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         } catch (Base64DecodingException e) {
             throw new ProcessingException(TYPE.INVALID_REQUEST);
@@ -147,7 +148,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             el = doc.getDocumentElement();
 
         } catch (Exception e) {
-            LOG.warn("Failed to parse token: " + e.getMessage());
+            LOG.warn("Failed to parse token", e);
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
 
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
index e3da1db..6f357e8 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
@@ -43,6 +43,7 @@ import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.FedizPrincipal;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
 import org.apache.cxf.fediz.core.config.FedizContext;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
@@ -299,7 +300,7 @@ public class FederationAuthenticator extends FormAuthenticator {
 
                 // Save original request in our session
                 try {
-                    saveRequest(request, redirectionResponse.getRequestState().getState());
+                    saveRequest(request, redirectionResponse.getRequestState());
                 } catch (IOException ioe) {
                     LOG.debug("Request body too big to save during authentication");
                     response.sendError(HttpServletResponse.SC_FORBIDDEN, sm
@@ -333,7 +334,8 @@ public class FederationAuthenticator extends FormAuthenticator {
         return false;
     }
 
-    protected void saveRequest(Request request, String contextId) throws IOException {
+    protected void saveRequest(Request request, RequestState requestState) throws IOException {
+        String contextId = requestState.getState();
         String uri = request.getDecodedRequestURI();
         Session session = request.getSessionInternal(true);
         if (session != null) {
@@ -352,6 +354,9 @@ public class FederationAuthenticator extends FormAuthenticator {
                 sb.append(saved.getQueryString());
             }
             session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString());
+            //we set Request State as session attribute for later retrieval in SigninHandler
+            request.getSession().setAttribute(
+                FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + requestState.getState(), requestState);
         }
     }
 

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.