You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/13 11:36:25 UTC
[09/18] cxf-fediz git commit: Whitespace cleanup
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
index 53feb73..3bd4c53 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
@@ -81,7 +81,7 @@ public class AuthnRequestParser {
public void parseSAMLRequest(RequestContext context, Idp idp, String samlRequest,
String signature, String relayState) throws ProcessingException {
LOG.debug("Received SAML Request: {}", samlRequest);
-
+
if (samlRequest == null) {
WebUtils.removeAttribute(context, IdpConstants.SAML_AUTHN_REQUEST);
throw new ProcessingException(TYPE.BAD_REQUEST);
@@ -93,35 +93,35 @@ public class AuthnRequestParser {
LOG.warn("Error parsing request: {}", ex.getMessage());
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
// Store various attributes from the AuthnRequest
SAMLAuthnRequest authnRequest = new SAMLAuthnRequest(parsedRequest);
WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, authnRequest);
-
- validateSignature(context, parsedRequest, idp, signature, relayState,
+
+ validateSignature(context, parsedRequest, idp, signature, relayState,
samlRequest, authnRequest.getIssuer());
validateRequest(parsedRequest);
-
+
LOG.debug("SAML Request with id '{}' successfully parsed", parsedRequest.getID());
}
}
-
+
public String retrieveRealm(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
-
+
if (authnRequest != null) {
String issuer = authnRequest.getIssuer();
LOG.debug("Parsed SAML AuthnRequest Issuer: {}", issuer);
return issuer;
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return null;
}
-
+
public String retrieveConsumerURL(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest != null && authnRequest.getConsumerServiceURL() != null) {
@@ -129,13 +129,13 @@ public class AuthnRequestParser {
LOG.debug("Parsed SAML AuthnRequest Consumer URL: {}", consumerURL);
return consumerURL;
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return null;
}
-
+
public String retrieveRequestId(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest != null && authnRequest.getRequestId() != null) {
@@ -143,13 +143,13 @@ public class AuthnRequestParser {
LOG.debug("Parsed SAML AuthnRequest Id: {}", id);
return id;
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return null;
}
-
+
public String retrieveRequestIssuer(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest != null && authnRequest.getIssuer() != null) {
@@ -157,39 +157,39 @@ public class AuthnRequestParser {
LOG.debug("Parsed SAML AuthnRequest Issuer: {}", issuer);
return issuer;
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return null;
}
-
+
public boolean isForceAuthentication(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest != null) {
return authnRequest.isForceAuthn();
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return false;
}
-
+
protected AuthnRequest extractRequest(RequestContext context, String samlRequest) throws Exception {
byte[] deflatedToken = Base64Utility.decode(samlRequest);
String httpMethod = WebUtils.getHttpServletRequest(context).getMethod();
-
+
InputStream tokenStream = supportDeflateEncoding || "GET".equals(httpMethod)
? new DeflateEncoderDecoder().inflateToken(deflatedToken)
: new ByteArrayInputStream(deflatedToken);
Document responseDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
- AuthnRequest request =
+ AuthnRequest request =
(AuthnRequest)OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
if (LOG.isDebugEnabled()) {
LOG.debug(DOM2Writer.nodeToString(responseDoc));
}
return request;
}
-
+
public boolean isSupportDeflateEncoding() {
return supportDeflateEncoding;
}
@@ -197,59 +197,59 @@ public class AuthnRequestParser {
public void setSupportDeflateEncoding(boolean supportDeflateEncoding) {
this.supportDeflateEncoding = supportDeflateEncoding;
}
-
+
private void validateRequest(AuthnRequest parsedRequest) throws ProcessingException {
if (parsedRequest.getIssuer() == null) {
LOG.debug("No Issuer is present in the AuthnRequest");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
String format = parsedRequest.getIssuer().getFormat();
if (format != null
&& !"urn:oasis:names:tc:SAML:2.0:nameid-format:entity".equals(format)) {
LOG.debug("An invalid Format attribute was received: {}", format);
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
// No SubjectConfirmation Elements are allowed
- if (parsedRequest.getSubject() != null
+ if (parsedRequest.getSubject() != null
&& parsedRequest.getSubject().getSubjectConfirmations() != null
&& !parsedRequest.getSubject().getSubjectConfirmations().isEmpty()) {
LOG.debug("An invalid SubjectConfirmation Element was received");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
- private void validateSignature(RequestContext context, AuthnRequest authnRequest, Idp idp,
- String signature, String relayState, String samlRequest,
+
+ private void validateSignature(RequestContext context, AuthnRequest authnRequest, Idp idp,
+ String signature, String relayState, String samlRequest,
String realm) throws ProcessingException {
try {
if (authnRequest.isSigned()) {
// Check destination
checkDestination(context, authnRequest);
-
+
// Check signature
X509Certificate validatingCert = getValidatingCertificate(idp, realm);
- Crypto issuerCrypto =
+ Crypto issuerCrypto =
new CertificateStore(Collections.singletonList(validatingCert).toArray(new X509Certificate[0]));
validateAuthnRequestSignature(authnRequest.getSignature(), issuerCrypto);
} else if (signature != null) {
// Check destination
checkDestination(context, authnRequest);
-
+
// Check signature
X509Certificate validatingCert = getValidatingCertificate(idp, realm);
-
+
java.security.Signature sig = java.security.Signature.getInstance("SHA1withRSA");
sig.initVerify(validatingCert);
-
+
// Recreate request to sign
String requestToSign = SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(samlRequest, "UTF-8")
- + "&" + SSOConstants.RELAY_STATE + "=" + relayState + "&" + SSOConstants.SIG_ALG
+ + "&" + SSOConstants.RELAY_STATE + "=" + relayState + "&" + SSOConstants.SIG_ALG
+ "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
sig.update(requestToSign.getBytes(StandardCharsets.UTF_8));
-
+
if (!sig.verify(Base64.decode(signature))) {
LOG.debug("Signature validation failed");
throw new ProcessingException(TYPE.BAD_REQUEST);
@@ -265,30 +265,30 @@ public class AuthnRequestParser {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
- private X509Certificate getValidatingCertificate(Idp idp, String realm)
+
+ private X509Certificate getValidatingCertificate(Idp idp, String realm)
throws Exception {
Application serviceConfig = idp.findApplication(realm);
if (serviceConfig == null || serviceConfig.getValidatingCertificate() == null) {
LOG.debug("No validating certificate found for realm {}", realm);
throw new ProcessingException(TYPE.ISSUER_NOT_TRUSTED);
}
-
+
return CertsUtils.parseX509Certificate(serviceConfig.getValidatingCertificate());
}
-
+
private void checkDestination(RequestContext context, AuthnRequest authnRequest) throws ProcessingException {
// Check destination
String destination = authnRequest.getDestination();
LOG.debug("Validating destination: {}", destination);
-
+
String localAddr = WebUtils.getHttpServletRequest(context).getRequestURL().toString();
if (destination == null || !localAddr.startsWith(destination)) {
LOG.debug("The destination {} does not match the local address {}", destination, localAddr);
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
+
/**
* Validate the AuthnRequest signature
*/
@@ -317,7 +317,7 @@ public class AuthnRequestParser {
throw ex;
}
}
-
+
if (samlKeyInfo == null) {
LOG.debug("No KeyInfo supplied in the AuthnRequest signature");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
@@ -384,5 +384,5 @@ public class AuthnRequestParser {
public void setRequireSignature(boolean requireSignature) {
this.requireSignature = requireSignature;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java
index 9dfd626..0111c2c 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java
@@ -35,20 +35,20 @@ public class LocalRedirectCreator {
public String createRedirectURL(RequestContext context, Idp idp) throws UnsupportedEncodingException {
StringBuilder redirectURL = new StringBuilder();
redirectURL.append(idp.getIdpUrl().toString()).append("?");
-
+
String relayState = (String)WebUtils.getAttributeFromFlowScope(context, "RelayState");
redirectURL.append("RelayState=").append(relayState).append("&");
String samlRequest = (String)WebUtils.getAttributeFromFlowScope(context, "SAMLRequest");
redirectURL.append("SAMLRequest=").append(URLEncoder.encode(samlRequest, "UTF-8"));
-
+
String signature = (String)WebUtils.getAttributeFromFlowScope(context, "Signature");
if (signature != null) {
redirectURL.append("&");
redirectURL.append("Signature=").append(URLEncoder.encode(signature, "UTF-8"));
}
-
+
return redirectURL.toString();
}
-
-
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
index 742797d..dadbe13 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
@@ -67,25 +67,25 @@ public class SamlResponseCreator {
private boolean supportDeflateEncoding;
public String createSAMLResponse(RequestContext context, Idp idp, Element rpToken,
- String consumerURL, String requestId, String requestIssuer)
+ String consumerURL, String requestId, String requestIssuer)
throws ProcessingException {
- List<Element> samlTokens =
+ List<Element> samlTokens =
DOMUtils.findAllElementsByTagNameNS(rpToken, WSConstants.SAML2_NS, "Assertion");
if (samlTokens.isEmpty() || samlTokens.size() != 1) {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
try {
SamlAssertionWrapper wrapper = new SamlAssertionWrapper(samlTokens.get(0));
if (wrapper.getSaml2() == null) {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
String remoteAddr = WebUtils.getHttpServletRequest(context).getRemoteAddr();
- Assertion saml2Assertion =
- createSAML2Assertion(context, idp, wrapper, requestId, requestIssuer,
+ Assertion saml2Assertion =
+ createSAML2Assertion(context, idp, wrapper, requestId, requestIssuer,
remoteAddr, consumerURL);
-
+
Element response = createResponse(idp, requestId, saml2Assertion);
return encodeResponse(response);
} catch (Exception ex) {
@@ -93,17 +93,17 @@ public class SamlResponseCreator {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
+
private Assertion createSAML2Assertion(RequestContext context, Idp idp, SamlAssertionWrapper receivedToken,
- String requestID, String requestIssuer,
+ String requestID, String requestIssuer,
String remoteAddr, String racs) throws Exception {
// Create an AuthenticationAssertion
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setIssuer(idp.getRealm());
callbackHandler.setSubject(receivedToken.getSaml2().getSubject());
-
+
// Test Subject against received Subject (if applicable)
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest.getSubjectNameId() != null && receivedToken.getSaml2().getSubject().getNameID() != null) {
NameID issuedNameId = receivedToken.getSaml2().getSubject().getNameID();
@@ -113,7 +113,7 @@ public class SamlResponseCreator {
throw new ProcessingException(ProcessingException.TYPE.INVALID_REQUEST);
}
}
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(remoteAddr);
@@ -121,45 +121,45 @@ public class SamlResponseCreator {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(racs);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
// Audience Restriction
ConditionsBean conditions = new ConditionsBean();
conditions.setTokenPeriodMinutes(5);
-
+
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(requestIssuer));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(conditions);
-
+
// Attributes
callbackHandler.setAttributeStatements(receivedToken.getSaml2().getAttributeStatements());
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
Crypto issuerCrypto = CertsUtils.getCryptoFromCertificate(idp.getCertificate());
- assertion.signAssertion(issuerCrypto.getDefaultX509Identifier(), idp.getCertificatePassword(),
+ assertion.signAssertion(issuerCrypto.getDefaultX509Identifier(), idp.getCertificatePassword(),
issuerCrypto, false);
-
+
return assertion.getSaml2();
}
-
+
protected Element createResponse(Idp idp, String requestID, Assertion assertion) throws Exception {
Document doc = DOMUtils.newDocument();
-
- Status status =
+
+ Status status =
SAML2PResponseComponentBuilder.createStatus(
"urn:oasis:names:tc:SAML:2.0:status:Success", null
);
- Response response =
+ Response response =
SAML2PResponseComponentBuilder.createSAMLResponse(requestID, idp.getRealm(), status);
-
+
response.getAssertions().add(assertion);
-
+
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
-
+
return policyElement;
}
@@ -173,10 +173,10 @@ public class SamlResponseCreator {
return Base64Utility.encode(deflatedBytes);
}
-
+
return Base64Utility.encode(responseMessage.getBytes());
}
-
+
public boolean isSupportDeflateEncoding() {
return supportDeflateEncoding;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
index ce257e0..a35e3c2 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
@@ -49,22 +49,22 @@ public class SamlResponseErrorCreator {
private boolean supportDeflateEncoding;
public String createSAMLResponse(RequestContext context, boolean requestor,
- Idp idp, String requestID) throws ProcessingException {
+ Idp idp, String requestID) throws ProcessingException {
Document doc = DOMUtils.newDocument();
-
+
String statusValue = "urn:oasis:names:tc:SAML:2.0:status:Responder";
if (requestor) {
statusValue = "urn:oasis:names:tc:SAML:2.0:status:Requester";
}
- Status status =
+ Status status =
SAML2PResponseComponentBuilder.createStatus(statusValue, null);
- Response response =
+ Response response =
SAML2PResponseComponentBuilder.createSAMLResponse(requestID, idp.getRealm(), status);
-
+
try {
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
-
+
Element responseElement = policyElement;
return encodeResponse(responseElement);
} catch (Exception e) {
@@ -83,10 +83,10 @@ public class SamlResponseErrorCreator {
return Base64Utility.encode(deflatedBytes);
}
-
+
return Base64Utility.encode(responseMessage.getBytes());
}
-
+
public boolean isSupportDeflateEncoding() {
return supportDeflateEncoding;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
index 148d24b..f9dee3a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
@@ -28,7 +28,7 @@ import org.springframework.stereotype.Component;
import org.springframework.webflow.execution.RequestContext;
/**
- * This class is responsible to parse the 'wfresh' parameter
+ * This class is responsible to parse the 'wfresh' parameter
*/
@Component
public class WfreshParser {
@@ -37,13 +37,13 @@ public class WfreshParser {
public boolean authenticationRequired(String wfresh, String whr, RequestContext context)
throws Exception {
-
- SecurityToken idpToken =
+
+ SecurityToken idpToken =
(SecurityToken) WebUtils.getAttributeFromExternalContext(context, whr);
if (idpToken == null) {
return true;
}
-
+
if (wfresh == null || wfresh.trim().isEmpty()) {
return false;
}
@@ -58,7 +58,7 @@ public class WfreshParser {
if (ttl == 0) {
return true;
}
-
+
long ttlMs = ttl * 60L * 1000L;
if (ttlMs > 0) {
Date createdDate = idpToken.getCreated();
@@ -80,5 +80,5 @@ public class WfreshParser {
}
return false;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
index 814e342..1373000 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
@@ -36,16 +36,16 @@ import javax.xml.bind.annotation.XmlType;
"policyNamespace", "passiveRequestorEndpoint", "passiveRequestorEndpointConstraint", "id",
"validatingCertificate", "enableAppliesTo"})
public class Application implements Serializable {
-
+
private static final long serialVersionUID = 5644327504861846964L;
-
-
+
+
protected int id;
-
-
+
+
//Could be imported from Metadata document or manually filled
-
+
//@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
protected String realm; //wtrealm, whr
@@ -53,52 +53,52 @@ public class Application implements Serializable {
// "http://docs.oasis-open.org/wsfed/federation/200706"
// Metadata could provide more than one but one must be chosen
protected String protocol;
-
+
// Public key only
// Could be read from Metadata, md:KeyDescriptor, use="encryption"
protected String encryptionCertificate;
-
+
// Certificate for Signature verification
protected String validatingCertificate;
-
+
// Could be read from Metadata, fed:ClaimTypesRequested
protected List<RequestClaim> requestedClaims = new ArrayList<>();
-
+
//Could be read from Metadata, ServiceDisplayName
//usage for list of application where user is logged in
protected String serviceDisplayName;
-
+
//Could be read from Metadata, ServiceDescription
//usage for list of application where user is logged in
protected String serviceDescription;
-
+
//Could be read from Metadata, RoleDescriptor
//fed:ApplicationServiceType, fed:SecurityTokenServiceType
protected String role;
-
+
// Not in Metadata, configured in IDP or passed in wreq parameter
protected String tokenType;
-
+
// Not in Metadata, configured in IDP or passed in wreq parameter
protected int lifeTime;
-
+
// WS-Policy Namespace for AppliesTo element
protected String policyNamespace;
-
+
// Request audience restriction in token for this application (default is true)
private boolean enableAppliesTo = true;
-
+
private URI href;
-
+
//Could be read from Metadata, PassiveRequestorEndpoint
//fed:ApplicationServiceType, fed:SecurityTokenServiceType
private String passiveRequestorEndpoint;
-
+
// A regular expression constraint on the passiveRequestorEndpoint
private String passiveRequestorEndpointConstraint;
private Pattern compiledPassiveRequestorEndpointConstraint;
-
-
+
+
@XmlAttribute
public int getId() {
return id;
@@ -107,7 +107,7 @@ public class Application implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
@XmlAttribute
public URI getHref() {
return href;
@@ -219,11 +219,11 @@ public class Application implements Serializable {
compiledPassiveRequestorEndpointConstraint = null;
}
}
-
+
public Pattern getCompiledPassiveRequestorEndpointConstraint() {
return compiledPassiveRequestorEndpointConstraint;
}
-
+
public String getValidatingCertificate() {
return validatingCertificate;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java
index 96afed9..a703b64 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java
@@ -26,15 +26,15 @@ import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "claim", namespace = "http://org.apache.cxf.fediz/")
public class Claim implements Serializable {
-
+
private static final long serialVersionUID = 2635896159019665467L;
-
+
protected URI claimType;
protected String displayName;
protected String description;
protected int id;
private URI href;
-
+
@XmlAttribute
public URI getHref() {
return href;
@@ -43,7 +43,7 @@ public class Claim implements Serializable {
public void setHref(URI href) {
this.href = href;
}
-
+
@XmlAttribute
public int getId() {
return id;
@@ -52,11 +52,11 @@ public class Claim implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public void setClaimType(URI claimType) {
this.claimType = claimType;
}
-
+
public URI getClaimType() {
return claimType;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
index c926386..67b54b4 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
@@ -27,14 +27,14 @@ import javax.xml.bind.annotation.XmlType;
@XmlRootElement(name = "entitlement", namespace = "http://org.apache.cxf.fediz/")
@XmlType(propOrder = {"name", "description", "internal", "id" })
public class Entitlement implements Serializable {
-
+
private static final long serialVersionUID = 2635896159019665467L;
-
+
protected String name;
protected String description;
protected int id;
protected boolean internal;
-
+
@XmlAttribute
public int getId() {
return id;
@@ -43,7 +43,7 @@ public class Entitlement implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public String getName() {
return name;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java
index 2dcc296..de6265f 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java
@@ -1,40 +1,40 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.domain;
-
-import javax.xml.bind.annotation.XmlEnum;
-
-@XmlEnum
-public enum FederationType {
-
- FEDERATE_IDENTITY("FederateIdentity"),
- FEDERATE_CLAIMS("FederateClaims");
-
- private String name;
-
- FederationType(final String name) {
- this.name = name;
- }
-
- @Override
- public String toString() {
- return name;
- }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.domain;
+
+import javax.xml.bind.annotation.XmlEnum;
+
+@XmlEnum
+public enum FederationType {
+
+ FEDERATE_IDENTITY("FederateIdentity"),
+ FEDERATE_CLAIMS("FederateClaims");
+
+ private String name;
+
+ FederationType(final String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String toString() {
+ return name;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
index d382184..0674b5a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
@@ -40,9 +40,9 @@ public class Idp implements Serializable {
private static final long serialVersionUID = -5570301342547139039L;
-
+
protected int id;
-
+
// Unique
// fed:TargetScope
protected String realm; // wtrealm, whr
@@ -111,13 +111,13 @@ public class Idp implements Serializable {
// ServiceDescription
protected String serviceDescription;
-
+
// The user/browser must explicitly confirm to logout from all applications
private boolean rpSingleSignOutConfirmation;
-
+
// Is explicit confirmation required when the "cleanup" URL is called
private boolean rpSingleSignOutCleanupConfirmation;
-
+
@XmlAttribute
public int getId() {
return id;
@@ -126,7 +126,7 @@ public class Idp implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public String getRealm() {
return realm;
}
@@ -216,7 +216,7 @@ public class Idp implements Serializable {
}
return null;
}
-
+
@XmlElementWrapper(name = "applications")
@XmlElementRef(name = "application")
public List<Application> getApplications() {
@@ -235,7 +235,7 @@ public class Idp implements Serializable {
}
return null;
}
-
+
@XmlElementWrapper(name = "trustedIdps")
@XmlElementRef(name = "trustedIdp")
public List<TrustedIdp> getTrustedIdps() {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java
index 008e75a..fc2b232 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java
@@ -22,15 +22,15 @@ import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "requestClaim", namespace = "http://org.apache.cxf.fediz/")
public class RequestClaim extends Claim {
-
+
private static final long serialVersionUID = 8097560995225077866L;
-
+
protected boolean optional;
-
+
public RequestClaim() {
super();
}
-
+
public RequestClaim(Claim c) {
super();
this.setClaimType(c.getClaimType());
@@ -38,11 +38,11 @@ public class RequestClaim extends Claim {
this.setDisplayName(c.getDisplayName());
this.setId(c.getId());
}
-
+
public void setOptional(boolean optional) {
this.optional = optional;
}
-
+
public boolean isOptional() {
return optional;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
index f403546..3af82a0 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
@@ -29,15 +29,15 @@ import javax.xml.bind.annotation.XmlType;
@XmlRootElement(name = "role", namespace = "http://org.apache.cxf.fediz/")
@XmlType(propOrder = {"name", "description", "entitlements", "id" })
public class Role implements Serializable {
-
+
private static final long serialVersionUID = 2635896159019665467L;
-
+
protected String name;
protected String description;
protected int id;
-
+
protected List<Entitlement> entitlements = new ArrayList<>();
-
+
@XmlAttribute
public int getId() {
return id;
@@ -46,7 +46,7 @@ public class Role implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public String getName() {
return name;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java
index 50efb25..0bfd084 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java
@@ -1,40 +1,40 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.domain;
-
-import javax.xml.bind.annotation.XmlEnum;
-
-@XmlEnum
-public enum TrustType {
-
- PEER_TRUST("PeerTrust"),
- INDIRECT_TRUST("IndirectTrust");
-
- private String name;
-
- TrustType(final String name) {
- this.name = name;
- }
-
- @Override
- public String toString() {
- return name;
- }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.domain;
+
+import javax.xml.bind.annotation.XmlEnum;
+
+@XmlEnum
+public enum TrustType {
+
+ PEER_TRUST("PeerTrust"),
+ INDIRECT_TRUST("IndirectTrust");
+
+ private String name;
+
+ TrustType(final String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String toString() {
+ return name;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
index b3262b5..013456c 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
@@ -34,50 +34,50 @@ public class TrustedIdp implements Serializable {
private static final long serialVersionUID = -6520081722646469178L;
-
+
protected int id;
//@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
protected String realm; //wtrealm, whr
-
+
//@Column(name = "Issuer", nullable = true, length = FIELD_LENGTH)
protected String issuer; //SAMLResponse issuer name
// Should tokens be cached from trusted IDPs
// to avoid redirection to the trusted IDP again for next SignIn request
protected boolean cacheTokens;
-
+
//Could be read from Metadata, PassiveRequestorEndpoint
protected String url;
-
+
//Could be read from Metadata, md:KeyDescriptor, use="signing"
//Store certificate in DB or filesystem, provide options?
protected String certificate;
-
+
//Direct trust (signing cert imported), Indirect trust (CA certs imported, subject configured)
protected TrustType trustType;
-
+
//Could be read from Metadata, RoleDescriptor protocolSupportEnumeration=
// "http://docs.oasis-open.org/wsfed/federation/200706"
// Metadata could provide more than one but one must be chosen
protected String protocol;
-
+
//FederateIdentity, FederateClaims
protected FederationType federationType;
-
+
//optional (to provide a list of IDPs)
protected String name;
-
+
//optional (to provide a list of IDPs)
protected String description;
-
+
//optional (to provide a list of IDPs)
protected String logo;
-
+
// Additional (possibly protocol specific parameters)
protected Map<String, String> parameters = new HashMap<>();
-
+
@XmlAttribute
public int getId() {
return id;
@@ -86,15 +86,15 @@ public class TrustedIdp implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public String getIssuer() {
return issuer;
}
-
+
public void setIssuer(String issuer) {
this.issuer = issuer;
}
-
+
public String getRealm() {
return realm;
}
@@ -182,6 +182,6 @@ public class TrustedIdp implements Serializable {
public void setParameters(Map<String, String> parameters) {
this.parameters = parameters;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
index 8e39e85..5594b58 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
@@ -18,7 +18,7 @@
*/
/*
* Copyright 2002-2008 the original author or authors.
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -68,7 +68,7 @@ import org.springframework.web.filter.GenericFilterBean;
* @see KerberosEntryPoint
*/
public class KerberosAuthenticationProcessingFilter extends GenericFilterBean {
- private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource =
+ private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource =
new WebAuthenticationDetailsSource();
private AuthenticationManager authenticationManager;
private AuthenticationSuccessHandler successHandler;
@@ -81,7 +81,7 @@ public class KerberosAuthenticationProcessingFilter extends GenericFilterBean {
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
index 457a60e..2115cb1 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
@@ -18,7 +18,7 @@
*/
/*
* Copyright 2009 the original author or authors.
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -53,9 +53,9 @@ import org.springframework.security.web.AuthenticationEntryPoint;
* @see KerberosAuthenticationProcessingFilter
*/
public class KerberosEntryPoint implements AuthenticationEntryPoint {
-
+
private static final Log LOG = LogFactory.getLog(KerberosEntryPoint.class);
-
+
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException ex) throws IOException, ServletException {
if (LOG.isDebugEnabled()) {
@@ -65,6 +65,6 @@ public class KerberosEntryPoint implements AuthenticationEntryPoint {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.flushBuffer();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
index 2aba9cf..b1a2cbf 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
@@ -18,7 +18,7 @@
*/
/*
* Copyright 2009 the original author or authors.
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -56,15 +56,15 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = 395488921064775014L;
private final byte[] token;
private final Object principal;
-
+
/** Creates an authenticated token, normally used as an output of an authentication provider.
* @param principal the user principal (mostly of instance <code>UserDetails</code>
* @param authorities the authorities which are granted to the user
* @param token the Kerberos/SPNEGO token
* @see UserDetails
*/
- public KerberosServiceRequestToken(Object principal,
- Collection<? extends GrantedAuthority> authorities,
+ public KerberosServiceRequestToken(Object principal,
+ Collection<? extends GrantedAuthority> authorities,
byte[] token) {
super(authorities);
if (token != null) {
@@ -75,7 +75,7 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
this.principal = principal;
super.setAuthenticated(true);
}
-
+
/**
* Creates an unauthenticated instance which should then be authenticated by
* <code>KerberosServiceAuthenticationProvider/code>
@@ -92,7 +92,7 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
}
this.principal = null;
}
-
+
/**
* Calculates hashcode based on the Kerberos token
*/
@@ -103,7 +103,7 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
result = prime * result + Arrays.hashCode(token);
return result;
}
-
+
/**
* equals() is based only on the Kerberos token
*/
@@ -124,21 +124,21 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
}
return true;
}
-
+
/* (non-Javadoc)
* @see org.springframework.security.core.Authentication#getCredentials()
*/
public Object getCredentials() {
return null;
}
-
+
/* (non-Javadoc)
* @see org.springframework.security.core.Authentication#getPrincipal()
*/
public Object getPrincipal() {
return this.principal;
}
-
+
/** Returns the Kerberos token
*/
public byte[] getToken() {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java
index c9b0cd7..6b25ac4 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java
@@ -95,7 +95,7 @@ public class KerberosTokenValidator {
return serviceName;
}
- public KerberosServiceContext validate(KerberosServiceRequestToken token)
+ public KerberosServiceContext validate(KerberosServiceRequestToken token)
throws LoginException, PrivilegedActionException {
if (LOG.isDebugEnabled()) {
try {
@@ -133,8 +133,8 @@ public class KerberosTokenValidator {
}
// Validate the ticket
- KerberosServiceExceptionAction action =
- new KerberosServiceExceptionAction(token.getToken(), service,
+ KerberosServiceExceptionAction action =
+ new KerberosServiceExceptionAction(token.getToken(), service,
isUsernameServiceNameForm(), spnego);
KerberosServiceContext krbServiceCtx = Subject.doAs(subject, action);
@@ -148,15 +148,15 @@ public class KerberosTokenValidator {
/**
* SPN can be configured to be in either <b>"hostbased"</b> or <b>"username"</b> form.<br/>
* - <b>"hostbased"</b> - specifies that the service principal name should be interpreted
- * as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service
+ * as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service
* Name Form" - The service name, as it is specified in LDAP/AD, as it is listed in the
* KDC.<br/>
* - <b>"username"</b> - specifies that the service principal name should be interpreted
- * as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form"
+ * as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form"
* This is usually the client username in LDAP/AD used for authentication to the KDC.
- *
+ *
* <br/><br/>Default is <b>"hostbased"</b>.
- *
+ *
* @return the isUsernameServiceNameForm
*/
public boolean isUsernameServiceNameForm() {
@@ -166,9 +166,9 @@ public class KerberosTokenValidator {
/**
* If true - sets the SPN form to "username"
* <br/>If false<b>(default)</b> - the SPN form is "hostbased"
- *
+ *
* @see KerberosSecurity#retrieveServiceTicket(String, CallbackHandler, String, boolean)
- *
+ *
* @param isUsernameServiceNameForm the isUsernameServiceNameForm to set
*/
public void setUsernameServiceNameForm(boolean isUsernameServiceNameForm) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
index d75b812..012b6da 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
@@ -31,12 +31,12 @@ import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.xml.security.utils.Base64;
/**
- * Override the default CXF KerberosClient just to create a BinarySecurityToken from a
- * give Kerberos token. This is used to pass a received Kerberos token through to the
+ * Override the default CXF KerberosClient just to create a BinarySecurityToken from a
+ * give Kerberos token. This is used to pass a received Kerberos token through to the
* STS, without retrieving a new token.
*/
public class PassThroughKerberosClient extends KerberosClient {
-
+
private byte[] token;
public PassThroughKerberosClient() {
@@ -50,7 +50,7 @@ public class PassThroughKerberosClient extends KerberosClient {
bst.setToken(token);
bst.addWSUNamespace();
bst.setID(WSSConfig.getNewInstance().getIdAllocator().createSecureId("BST-", bst));
-
+
SecurityToken securityToken = new SecurityToken(bst.getID());
securityToken.setToken(bst.getElement());
securityToken.setWsuId(bst.getID());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
index 7c5baec..d3f59d8 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
@@ -43,9 +43,9 @@ import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
import static org.apache.cxf.fediz.core.FedizConstants.WS_FEDERATION_NS;
public class IdpMetadataWriter {
-
+
private static final Logger LOG = LoggerFactory.getLogger(IdpMetadataWriter.class);
-
+
//CHECKSTYLE:OFF
public Document getMetaData(Idp config) throws RuntimeException {
try {
@@ -83,7 +83,7 @@ public class IdpMetadataWriter {
LOG.debug("***************** unsigned ****************");
}
- Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
+ Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
writer.getDocument(), referenceID);
if (result != null) {
return result;
@@ -96,7 +96,7 @@ public class IdpMetadataWriter {
}
}
-
+
private void writeFederationMetadata(
XMLStreamWriter writer, Idp config, Crypto crypto
) throws XMLStreamException {
@@ -176,5 +176,5 @@ public class IdpMetadataWriter {
writer.writeEndElement(); // RoleDescriptor
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
index 3118d8f..815edf0 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
@@ -46,7 +46,7 @@ import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
import static org.apache.cxf.fediz.core.FedizConstants.WS_FEDERATION_NS;
public class ServiceMetadataWriter {
-
+
private static final Logger LOG = LoggerFactory.getLogger(ServiceMetadataWriter.class);
//CHECKSTYLE:OFF
@@ -54,7 +54,7 @@ public class ServiceMetadataWriter {
try {
Crypto crypto = CertsUtils.getCryptoFromFile(config.getCertificate());
-
+
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartDocument("UTF-8", "1.0");
@@ -62,10 +62,10 @@ public class ServiceMetadataWriter {
String referenceID = IDGenerator.generateID("_");
writer.writeStartElement("md", "EntityDescriptor", SAML2_METADATA_NS);
writer.writeAttribute("ID", referenceID);
-
+
String serviceURL = config.getIdpUrl().toString();
writer.writeAttribute("entityID", config.getRealm());
-
+
writer.writeNamespace("md", SAML2_METADATA_NS);
writer.writeNamespace("fed", WS_FEDERATION_NS);
writer.writeNamespace("wsa", WS_ADDRESSING_NS);
@@ -77,11 +77,11 @@ public class ServiceMetadataWriter {
} else if ("urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser".equals(serviceConfig.getProtocol())) {
writeSAMLMetadata(writer, serviceConfig, serviceURL, crypto);
}
-
+
writer.writeEndElement(); // EntityDescriptor
writer.writeEndDocument();
-
+
writer.close();
if (LOG.isDebugEnabled()) {
@@ -91,7 +91,7 @@ public class ServiceMetadataWriter {
LOG.debug("***************** unsigned ****************");
}
- Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
+ Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
writer.getDocument(), referenceID);
if (result != null) {
return result;
@@ -108,7 +108,7 @@ public class ServiceMetadataWriter {
}
private void writeFederationMetadata(
- XMLStreamWriter writer,
+ XMLStreamWriter writer,
TrustedIdp config,
String serviceURL
) throws XMLStreamException {
@@ -122,7 +122,7 @@ public class ServiceMetadataWriter {
writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
writer.writeCharacters(serviceURL);
-
+
writer.writeEndElement(); // Address
writer.writeEndElement(); // EndpointReference
writer.writeEndElement(); // ApplicationServiceEndpoint
@@ -146,68 +146,68 @@ public class ServiceMetadataWriter {
writer.writeEndElement(); // PassiveRequestorEndpoint
writer.writeEndElement(); // RoleDescriptor
}
-
+
private void writeSAMLMetadata(
- XMLStreamWriter writer,
+ XMLStreamWriter writer,
TrustedIdp config,
String serviceURL,
Crypto crypto
) throws Exception {
-
+
writer.writeStartElement("md", "SPSSODescriptor", SAML2_METADATA_NS);
- boolean signRequest =
+ boolean signRequest =
isPropertyConfigured(config, TrustedIdpSAMLProtocolHandler.SIGN_REQUEST, true);
writer.writeAttribute("AuthnRequestsSigned", Boolean.toString(signRequest));
writer.writeAttribute("WantAssertionsSigned", "true");
writer.writeAttribute("protocolSupportEnumeration", "urn:oasis:names:tc:SAML:2.0:protocol");
-
+
writer.writeStartElement("md", "AssertionConsumerService", SAML2_METADATA_NS);
writer.writeAttribute("Location", serviceURL);
writer.writeAttribute("index", "0");
writer.writeAttribute("isDefault", "true");
writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
writer.writeEndElement(); // AssertionConsumerService
-
+
if (signRequest) {
writer.writeStartElement("md", "KeyDescriptor", SAML2_METADATA_NS);
writer.writeAttribute("use", "signing");
-
+
writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
writer.writeStartElement("ds", "X509Data", "http://www.w3.org/2000/09/xmldsig#");
writer.writeStartElement("ds", "X509Certificate", "http://www.w3.org/2000/09/xmldsig#");
// Write the Base-64 encoded certificate
-
+
String keyAlias = crypto.getDefaultX509Identifier();
X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, keyAlias);
-
+
if (cert == null) {
throw new ProcessingException(
- "No signing certs were found to insert into the metadata using name: "
+ "No signing certs were found to insert into the metadata using name: "
+ keyAlias);
}
byte data[] = cert.getEncoded();
String encodedCertificate = Base64.encode(data);
writer.writeCharacters(encodedCertificate);
-
+
writer.writeEndElement(); // X509Certificate
writer.writeEndElement(); // X509Data
writer.writeEndElement(); // KeyInfo
writer.writeEndElement(); // KeyDescriptor
}
-
+
writer.writeEndElement(); // SPSSODescriptor
}
-
+
// Is a property configured. Defaults to "true" if not
private boolean isPropertyConfigured(TrustedIdp trustedIdp, String property, boolean defaultValue) {
Map<String, String> parameters = trustedIdp.getParameters();
-
+
if (parameters != null && parameters.containsKey(property)) {
return Boolean.parseBoolean(parameters.get(property));
}
-
+
return defaultValue;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
index 9b9c5cd..8ffa6a9 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
@@ -32,11 +32,11 @@ public class IDPConfig extends Idp {
public void setServices(Map<String, Application> applications) {
this.applications = new ArrayList<>(applications.values());
}
-
+
public void setTrustedIdps(Map<String, TrustedIDPConfig> trustedIdps) {
this.trustedIdpList = new ArrayList<TrustedIdp>(trustedIdps.values());
}
-
+
@Deprecated
public void setTrustedIDPs(Map<String, TrustedIDPConfig> trustedIdps) {
setTrustedIdps(trustedIdps);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
index 6fd3d05..cf6a67f 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
@@ -20,7 +20,7 @@ package org.apache.cxf.fediz.service.idp.model;
//@XmlRootElement(name = "Claim", namespace = "http://org.apache.cxf.fediz")
public class RequestClaim extends org.apache.cxf.fediz.service.idp.domain.RequestClaim {
-
+
private static final long serialVersionUID = 2635896159019665467L;
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
index fdae8f5..3bd27e1 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
@@ -29,7 +29,7 @@ import org.apache.cxf.fediz.service.idp.domain.Application;
//@Table(name = "SERVICE")
//@XmlRootElement(name = "Service", namespace = "http://org.apache.cxf.fediz")
public class ServiceConfig extends Application {
-
- private static final long serialVersionUID = 585676715065240699L;
+
+ private static final long serialVersionUID = 585676715065240699L;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java
index 44cb3a2..4797c74 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java
@@ -23,7 +23,7 @@ import java.io.Serializable;
public class TrustedIDPSelection implements Serializable {
private static final long serialVersionUID = 1L;
-
+
private String homeRealm;
public String getHomeRealm() {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
index 84a70ca..f5182c8 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
@@ -48,42 +48,42 @@ import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;
public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTrustedIdpProtocolHandler {
-
+
/**
* The client_id value to send to the IdP.
*/
public static final String CLIENT_ID = "client.id";
-
+
/**
* The secret associated with the client to authenticate to the IdP.
*/
public static final String CLIENT_SECRET = "client.secret";
-
+
/**
* The Token endpoint. The authorization endpoint is specified by TrustedIdp.url.
*/
public static final String TOKEN_ENDPOINT = "token.endpoint";
-
+
/**
* Additional (space-separated) parameters to be sent in the "scope" to the authorization endpoint.
* The default value depends on the subclass.
*/
public static final String SCOPE = "scope";
-
+
private static final Logger LOG = LoggerFactory.getLogger(AbstractTrustedIdpOAuth2ProtocolHandler.class);
@Override
public URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp) {
-
+
String clientId = getProperty(trustedIdp, CLIENT_ID);
if (clientId == null || clientId.isEmpty()) {
LOG.warn("A CLIENT_ID must be configured for OAuth 2.0");
throw new IllegalStateException("No CLIENT_ID specified");
}
-
+
String scope = getScope(trustedIdp);
LOG.debug("Using scope: {}", scope);
-
+
try {
StringBuilder sb = new StringBuilder();
sb.append(trustedIdp.getUrl());
@@ -99,11 +99,11 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
sb.append("&");
sb.append("scope").append('=');
sb.append(URLEncoder.encode(scope, "UTF-8"));
-
+
String state = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT);
sb.append("&").append("state").append('=');
sb.append(state);
-
+
return new URL(sb.toString());
} catch (MalformedURLException ex) {
LOG.error("Invalid Redirect URL for Trusted Idp", ex);
@@ -113,7 +113,7 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
throw new IllegalStateException("Invalid Redirect URL for Trusted Idp");
}
}
-
+
protected SamlAssertionWrapper createSamlAssertion(Idp idp, TrustedIdp trustedIdp, String subjectName,
Date notBefore,
Date expires) throws Exception {
@@ -125,12 +125,12 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
if (issuer != null) {
callbackHandler.setIssuer(issuer);
}
-
+
// Subject
SubjectBean subjectBean =
new SubjectBean(subjectName, SAML2Constants.NAMEID_FORMAT_UNSPECIFIED, SAML2Constants.CONF_BEARER);
callbackHandler.setSubjectBean(subjectBean);
-
+
// Conditions
ConditionsBean conditionsBean = new ConditionsBean();
conditionsBean.setNotAfter(new DateTime(expires));
@@ -141,45 +141,45 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
conditionsBean.setNotBefore(new DateTime());
}
callbackHandler.setConditionsBean(conditionsBean);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
-
+
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
Crypto crypto = CertsUtils.getCryptoFromCertificate(idp.getCertificate());
- assertion.signAssertion(crypto.getDefaultX509Identifier(), idp.getCertificatePassword(),
+ assertion.signAssertion(crypto.getDefaultX509Identifier(), idp.getCertificatePassword(),
crypto, false);
-
+
return assertion;
}
-
+
private static class SamlCallbackHandler implements CallbackHandler {
private ConditionsBean conditionsBean;
private SubjectBean subjectBean;
private String issuer;
-
+
/**
* Set the SubjectBean
*/
public void setSubjectBean(SubjectBean subjectBean) {
this.subjectBean = subjectBean;
}
-
+
/**
* Set the ConditionsBean
*/
public void setConditionsBean(ConditionsBean conditionsBean) {
this.conditionsBean = conditionsBean;
}
-
+
/**
* Set the issuer name
*/
public void setIssuer(String issuerName) {
this.issuer = issuerName;
}
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof SAMLCallback) {
@@ -190,7 +190,7 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
samlCallback.setSubject(subjectBean);
}
samlCallback.setSamlVersion(Version.SAML_20);
-
+
// Set the issuer
samlCallback.setIssuer(issuer);
@@ -199,9 +199,9 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
}
}
}
-
+
}
-
+
abstract String getScope(TrustedIdp trustedIdp);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
index 2329eb2..c1e9c2c 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
@@ -27,7 +27,7 @@ import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
public abstract class AbstractTrustedIdpProtocolHandler implements TrustedIdpProtocolHandler {
-
+
@Override
public boolean canHandleRequest(HttpServletRequest request) {
// TODO Auto-generated method stub
@@ -36,23 +36,23 @@ public abstract class AbstractTrustedIdpProtocolHandler implements TrustedIdpPro
protected String getProperty(TrustedIdp trustedIdp, String property) {
Map<String, String> parameters = trustedIdp.getParameters();
-
+
if (parameters != null && parameters.containsKey(property)) {
return parameters.get(property);
}
-
+
return null;
}
-
+
// Is a property configured. Defaults to the boolean "defaultValue" if not
protected boolean isBooleanPropertyConfigured(TrustedIdp trustedIdp, String property, boolean defaultValue) {
Map<String, String> parameters = trustedIdp.getParameters();
-
+
if (parameters != null && parameters.containsKey(property)) {
return Boolean.parseBoolean(parameters.get(property));
}
-
+
return defaultValue;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
index c2be3eb..55e8b9a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
@@ -33,10 +33,10 @@ import org.springframework.stereotype.Component;
public class ApplicationProtocolControllerImpl implements ProtocolController<ApplicationProtocolHandler> {
private static final Logger LOG = LoggerFactory.getLogger(ApplicationProtocolControllerImpl.class);
-
+
@Autowired
private List<ApplicationProtocolHandler> protocolHandlers;
-
+
@Override
public ApplicationProtocolHandler getProtocolHandler(String protocol) {
for (ApplicationProtocolHandler protocolHandler : protocolHandlers) {
@@ -47,7 +47,7 @@ public class ApplicationProtocolControllerImpl implements ProtocolController<App
LOG.warn("No protocol handler found for {}", protocol);
return null;
}
-
+
@Override
public List<String> getProtocols() {
List<String> protocols = new ArrayList<>();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java
index ebab362..5d7307a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java
@@ -28,7 +28,7 @@ import org.springframework.webflow.execution.RequestContext;
@Component
public class ApplicationSAMLSSOProtocolHandler implements ApplicationProtocolHandler {
-
+
public static final String PROTOCOL = "urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser";
//private static final Logger LOG = LoggerFactory.getLogger(ApplicationWSFedProtocolHandler.class);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
index 2024e3d..d583823 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
@@ -28,7 +28,7 @@ import org.springframework.webflow.execution.RequestContext;
@Component
public class ApplicationWSFedProtocolHandler implements ApplicationProtocolHandler {
-
+
public static final String PROTOCOL = "http://docs.oasis-open.org/wsfed/federation/200706";
//private static final Logger LOG = LoggerFactory.getLogger(ApplicationWSFedProtocolHandler.class);