You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/07/30 18:22:06 UTC
git commit: Started work on the CXF plugin
Repository: cxf-fediz
Updated Branches:
refs/heads/master 84a57eead -> 60325dc51
Started work on the CXF plugin
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/60325dc5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/60325dc5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/60325dc5
Branch: refs/heads/master
Commit: 60325dc516d10dbfce5e7f5a57f1451ec788361e
Parents: 84a57ee
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 30 17:21:52 2014 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 30 17:21:52 2014 +0100
----------------------------------------------------------------------
.../cxf/fediz/core/FederationConstants.java | 24 ++----
.../apache/cxf/fediz/core/FedizConstants.java | 44 +++++++++++
.../apache/cxf/fediz/core/SAMLSSOConstants.java | 42 ++++++++++
.../cxf/fediz/core/metadata/MetadataWriter.java | 6 +-
.../fediz/core/processor/SAMLProcessorImpl.java | 11 +--
.../core/samlsso/EHCacheSPStateManager.java | 45 +++++++++++
.../cxf/fediz/core/samlsso/ResponseState.java | 81 ++++++++++++++++++++
.../cxf/fediz/core/samlsso/SPStateManager.java | 4 +
.../fediz/core/AbstractSAMLCallbackHandler.java | 2 +-
.../fediz/core/samlsso/SAMLResponseTest.java | 4 +-
plugins/cxf/pom.xml | 12 +++
.../fediz/jetty/FederationAuthenticator.java | 12 +--
.../web/FederationAuthenticationFilter.java | 14 ++--
.../web/FederationAuthenticationFilter.java | 14 ++--
.../fediz/tomcat/FederationAuthenticator.java | 20 ++---
15 files changed, 279 insertions(+), 56 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
index 3ffa654..1ca70b0 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
@@ -24,13 +24,13 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
-public final class FederationConstants {
+/**
+ * Constants specific to WS-Federation
+ */
+public final class FederationConstants extends FedizConstants {
public static final String WSFED_METHOD = "WSFED";
- public static final URI DEFAULT_ROLE_URI = URI
- .create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
-
/**
* Constants defined in following spec:
* http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html
@@ -207,23 +207,9 @@ public final class FederationConstants {
public static final URI AUTH_TYPE_SMARTCARD = URI
.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard");
- public static final String WS_TRUST_13_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
-
- public static final String WS_TRUST_2005_02_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
-
- public static final String SAML2_METADATA_NS = "urn:oasis:names:tc:SAML:2.0:metadata";
-
- public static final String WS_FEDERATION_NS = "http://docs.oasis-open.org/wsfed/federation/200706";
-
- public static final String WS_ADDRESSING_NS = "http://www.w3.org/2005/08/addressing";
-
- public static final String SCHEMA_INSTANCE_NS = "http://www.w3.org/2001/XMLSchema-instance";
-
public static final String METADATA_PATH_URI = "FederationMetadata/2007-06/FederationMetadata.xml";
- public static final String FEDIZ_SAML_METADATA_PATH_URI = "SAML/Metadata.xml";
-
private FederationConstants() {
-
+ super();
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
new file mode 100644
index 0000000..f5205f4
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import java.net.URI;
+
+public class FedizConstants {
+
+ public static final URI DEFAULT_ROLE_URI = URI
+ .create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+
+ public static final String WS_TRUST_13_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
+
+ public static final String WS_TRUST_2005_02_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+
+ public static final String SAML2_METADATA_NS = "urn:oasis:names:tc:SAML:2.0:metadata";
+
+ public static final String WS_FEDERATION_NS = "http://docs.oasis-open.org/wsfed/federation/200706";
+
+ public static final String WS_ADDRESSING_NS = "http://www.w3.org/2005/08/addressing";
+
+ public static final String SCHEMA_INSTANCE_NS = "http://www.w3.org/2001/XMLSchema-instance";
+
+ protected FedizConstants() {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
new file mode 100644
index 0000000..e82bd7d
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+/**
+ * Constants specific to SAML SSO
+ */
+public final class SAMLSSOConstants extends FedizConstants {
+
+ public static final String FEDIZ_SAML_METADATA_PATH_URI = "SAML/Metadata.xml";
+
+ public static final String SAML_REQUEST = "SAMLRequest";
+
+ public static final String SAML_RESPONSE = "SAMLResponse";
+
+ public static final String RELAY_STATE = "RelayState";
+
+ public static final String SIG_ALG = "SigAlg";
+
+ public static final String SIGNATURE = "Signature";
+
+ private SAMLSSOConstants() {
+ super();
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index 333d039..fe5efc3 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -48,10 +48,10 @@ import org.apache.xml.security.utils.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import static org.apache.cxf.fediz.core.FederationConstants.SAML2_METADATA_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.SCHEMA_INSTANCE_NS;
-import static org.apache.cxf.fediz.core.FederationConstants.WS_ADDRESSING_NS;
import static org.apache.cxf.fediz.core.FederationConstants.WS_FEDERATION_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SAML2_METADATA_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.SCHEMA_INSTANCE_NS;
+import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
public class MetadataWriter {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 73404d7..1679da2 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -37,6 +37,7 @@ import javax.servlet.http.HttpServletRequest;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.TokenValidator;
import org.apache.cxf.fediz.core.TokenValidatorRequest;
import org.apache.cxf.fediz.core.TokenValidatorResponse;
@@ -333,15 +334,15 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
URLEncoder.encode(authnRequestEncoded, "UTF-8");
StringBuilder sb = new StringBuilder();
- sb.append("SAMLRequest").append('=').append(urlEncodedRequest);
- sb.append("&RelayState").append('=').append(relayState);
+ sb.append(SAMLSSOConstants.SAML_REQUEST).append('=').append(urlEncodedRequest);
+ sb.append("&" + SAMLSSOConstants.RELAY_STATE).append('=').append(relayState);
if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
String signature = signRequest(config, sb);
- sb.append("&Signature").append('=').append(signature);
+ sb.append("&" + SAMLSSOConstants.SIGNATURE).append('=').append(signature);
}
- String contextCookie = createCookie("RelayState",
+ String contextCookie = createCookie(SAMLSSOConstants.RELAY_STATE,
relayState,
request.getRequestURI(),
webAppDomain,
@@ -405,7 +406,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
Signature signature = Signature.getInstance(jceSigAlgo);
signature.initSign(privateKey);
- sb.append("&SigAlg").append('=').append(URLEncoder.encode(sigAlgo, "UTF-8"));
+ sb.append("&" + SAMLSSOConstants.SIG_ALG).append('=').append(URLEncoder.encode(sigAlgo, "UTF-8"));
String requestToSign = sb.toString();
signature.update(requestToSign.getBytes("UTF-8"));
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
index 4ec8f8e..d6d9c5b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/EHCacheSPStateManager.java
@@ -41,6 +41,7 @@ public class EHCacheSPStateManager implements SPStateManager {
public static final String RESPONSE_CACHE_KEY = "cxf.fediz.samlp.response.state.cache";
private Ehcache requestCache;
+ private Ehcache responseCache;
private CacheManager cacheManager;
private long ttl = DEFAULT_TTL;
@@ -59,6 +60,11 @@ public class EHCacheSPStateManager implements SPStateManager {
Ehcache newCache = new Cache(requestCC);
requestCache = cacheManager.addCacheIfAbsent(newCache);
+
+ CacheConfiguration responseCC = EHCacheManagerHolder.getCacheConfiguration(RESPONSE_CACHE_KEY, cacheManager);
+
+ newCache = new Cache(responseCC);
+ responseCache = cacheManager.addCacheIfAbsent(newCache);
}
private static URL getConfigFileURL(Object o) {
@@ -120,11 +126,50 @@ public class EHCacheSPStateManager implements SPStateManager {
return null;
}
+ public ResponseState getResponseState(String securityContextKey) {
+ Element element = responseCache.get(securityContextKey);
+ if (element != null) {
+ if (responseCache.isExpired(element)) {
+ responseCache.remove(securityContextKey);
+ return null;
+ }
+ return (ResponseState)element.getObjectValue();
+ }
+ return null;
+ }
+
+ public ResponseState removeResponseState(String securityContextKey) {
+ Element element = responseCache.get(securityContextKey);
+ if (element != null) {
+ responseCache.remove(securityContextKey);
+ return (ResponseState)element.getObjectValue();
+ }
+ return null;
+ }
+
+ public void setResponseState(String securityContextKey, ResponseState state) {
+ if (securityContextKey == null || "".equals(securityContextKey)) {
+ return;
+ }
+
+ int parsedTTL = (int)ttl;
+ if (ttl != (long)parsedTTL) {
+ // Fall back to 5 minutes if the default TTL is set incorrectly
+ parsedTTL = 60 * 5;
+ }
+ Element element = new Element(securityContextKey, state);
+ element.setTimeToLive(parsedTTL);
+ element.setTimeToIdle(parsedTTL);
+
+ responseCache.put(element);
+ }
+
public void close() throws IOException {
if (cacheManager != null) {
cacheManager.shutdown();
cacheManager = null;
requestCache = null;
+ responseCache = null;
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
new file mode 100644
index 0000000..dfbf9ff
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/ResponseState.java
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.core.samlsso;
+
+import java.io.Serializable;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class ResponseState implements Serializable {
+
+ private static final long serialVersionUID = -3247188797004342462L;
+
+ private String assertion;
+ private String relayState;
+ private String webAppContext;
+ private String webAppDomain;
+ private long createdAt;
+ private long expiresAt;
+
+ public ResponseState() {
+
+ }
+
+ public ResponseState(String assertion,
+ String relayState,
+ String webAppContext,
+ String webAppDomain,
+ long createdAt,
+ long expiresAt) {
+ this.assertion = assertion;
+ this.relayState = relayState;
+ this.webAppContext = webAppContext;
+ this.webAppDomain = webAppDomain;
+ this.createdAt = createdAt;
+ this.expiresAt = expiresAt;
+ }
+
+ public long getCreatedAt() {
+ return createdAt;
+ }
+
+ public long getExpiresAt() {
+ return expiresAt;
+ }
+
+ public String getRelayState() {
+ return relayState;
+ }
+
+ public String getWebAppContext() {
+ return webAppContext;
+ }
+
+ public String getWebAppDomain() {
+ return webAppDomain;
+ }
+
+ public String getAssertion() {
+ return assertion;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
index d55c5d4..d55dce0 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SPStateManager.java
@@ -36,5 +36,9 @@ public interface SPStateManager extends Closeable {
void setRequestState(String relayState, RequestState state);
RequestState removeRequestState(String relayState);
+ void setResponseState(String contextKey, ResponseState state);
+ ResponseState getResponseState(String contextKey);
+ ResponseState removeResponseState(String contextKey);
+
void close() throws IOException;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
index 78629b0..238a88c 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
@@ -88,7 +88,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
protected Map<String, String> claims;
protected MultiValue multiValueType = MultiValue.MULTI_VALUE;
protected String roleSeperator = ",";
- protected String roleAttributeName = FederationConstants.DEFAULT_ROLE_URI.toString();
+ protected String roleAttributeName = FedizConstants.DEFAULT_ROLE_URI.toString();
protected String countryClaimName = ClaimTypes.COUNTRY.toString();
protected String customClaimName = CLAIM_TYPE_LANGUAGE.toString();
protected String attributeNameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
index a4b2772..e51b120 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
@@ -44,7 +44,7 @@ import org.apache.cxf.fediz.core.AbstractSAMLCallbackHandler;
import org.apache.cxf.fediz.core.AbstractSAMLCallbackHandler.MultiValue;
import org.apache.cxf.fediz.core.Claim;
import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.FedizConstants;
import org.apache.cxf.fediz.core.KeystoreCallbackHandler;
import org.apache.cxf.fediz.core.SAML1CallbackHandler;
import org.apache.cxf.fediz.core.SAML2CallbackHandler;
@@ -187,7 +187,7 @@ public class SAMLResponseTest {
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
.size());
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
- assertClaims(wfRes.getClaims(), FederationConstants.DEFAULT_ROLE_URI.toString());
+ assertClaims(wfRes.getClaims(), FedizConstants.DEFAULT_ROLE_URI.toString());
}
/**
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/cxf/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/cxf/pom.xml b/plugins/cxf/pom.xml
index da898ab..e7a2ca6 100644
--- a/plugins/cxf/pom.xml
+++ b/plugins/cxf/pom.xml
@@ -50,6 +50,18 @@
<version>${cxf.version}</version>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-core</artifactId>
+ <version>${cxf.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+ <version>${cxf.version}</version>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
<build>
<plugins>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
index ebb40e3..ac09cc5 100644
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
+++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
@@ -35,6 +35,7 @@ import javax.servlet.http.HttpSession;
import javax.xml.bind.JAXBException;
import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.config.FederationProtocol;
import org.apache.cxf.fediz.core.config.FedizConfigurator;
import org.apache.cxf.fediz.core.config.FedizContext;
@@ -173,7 +174,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
FedizContext fedConfig = getContextConfiguration(contextName);
try {
- String action = request.getParameter("wa");
+ String action = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request, fedConfig);
// Handle a request for authentication.
@@ -371,10 +372,11 @@ public class FederationAuthenticator extends LoginAuthenticator {
private boolean isSignInRequest(ServletRequest request, FedizContext fedConfig) {
if (fedConfig.getProtocol() instanceof FederationProtocol
- && FederationConstants.ACTION_SIGNIN.equals(request.getParameter("wa"))) {
+ && FederationConstants.ACTION_SIGNIN.equals(
+ request.getParameter(FederationConstants.PARAM_ACTION))) {
return true;
} else if (fedConfig.getProtocol() instanceof SAMLProtocol
- && request.getParameter("RelayState") != null) {
+ && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
return true;
}
@@ -383,9 +385,9 @@ public class FederationAuthenticator extends LoginAuthenticator {
private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
if (fedConfig.getProtocol() instanceof FederationProtocol) {
- return request.getParameter("wresult");
+ return request.getParameter(FederationConstants.PARAM_RESULT);
} else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
- return request.getParameter("SAMLResponse");
+ return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
}
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 2c6d85b..906246b 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -26,6 +26,8 @@ import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.processor.FedizRequest;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
@@ -46,12 +48,12 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
throws AuthenticationException, IOException {
- String wa = request.getParameter("wa");
+ String wa = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request);
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(wa);
wfReq.setResponseToken(responseToken);
- wfReq.setState(request.getParameter("RelayState"));
+ wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
wfReq.setRequest(request);
X509Certificate certs[] =
@@ -66,10 +68,10 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
}
private String getResponseToken(ServletRequest request) {
- if (request.getParameter("wresult") != null) {
- return request.getParameter("wresult");
- } else if (request.getParameter("SAMLResponse") != null) {
- return request.getParameter("SAMLResponse");
+ if (request.getParameter(FederationConstants.PARAM_RESULT) != null) {
+ return request.getParameter(FederationConstants.PARAM_RESULT);
+ } else if (request.getParameter(SAMLSSOConstants.SAML_RESPONSE) != null) {
+ return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
}
return null;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index eeb7190..8449b53 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -25,6 +25,8 @@ import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.processor.FedizRequest;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
@@ -59,12 +61,12 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
- String wa = request.getParameter("wa");
+ String wa = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request);
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(wa);
wfReq.setResponseToken(responseToken);
- wfReq.setState(request.getParameter("RelayState"));
+ wfReq.setState(request.getParameter(SAMLSSOConstants.RELAY_STATE));
wfReq.setRequest(request);
X509Certificate certs[] =
@@ -79,10 +81,10 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
}
private String getResponseToken(ServletRequest request) {
- if (request.getParameter("wresult") != null) {
- return request.getParameter("wresult");
- } else if (request.getParameter("SAMLResponse") != null) {
- return request.getParameter("SAMLResponse");
+ if (request.getParameter(FederationConstants.PARAM_RESULT) != null) {
+ return request.getParameter(FederationConstants.PARAM_RESULT);
+ } else if (request.getParameter(SAMLSSOConstants.SAML_RESPONSE) != null) {
+ return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
}
return null;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/60325dc5/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
index d99670e..a67a6d3 100644
--- a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
+++ b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
@@ -47,6 +47,7 @@ import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.config.FederationProtocol;
import org.apache.cxf.fediz.core.config.FedizConfigurator;
import org.apache.cxf.fediz.core.config.FedizContext;
@@ -224,7 +225,7 @@ public class FederationAuthenticator extends FormAuthenticator {
}
}
- String wa = request.getParameter("wa");
+ String wa = request.getParameter(FederationConstants.PARAM_ACTION);
if (FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(wa)) {
if (LOG.isDebugEnabled()) {
LOG.debug("SignOutCleanup request found");
@@ -260,7 +261,7 @@ public class FederationAuthenticator extends FormAuthenticator {
} else if (fedConfig.getProtocol() instanceof FederationProtocol) {
return FederationConstants.METADATA_PATH_URI;
} else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
- return FederationConstants.FEDIZ_SAML_METADATA_PATH_URI;
+ return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
}
return FederationConstants.METADATA_PATH_URI;
@@ -402,7 +403,7 @@ public class FederationAuthenticator extends FormAuthenticator {
// Check whether it is the signin request, validate the token.
// If failed, redirect to the error page if they are not correct
FedizResponse wfRes = null;
- String action = request.getParameter("wa");
+ String action = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request, fedConfig);
// Handle a request for authentication.
@@ -569,10 +570,10 @@ public class FederationAuthenticator extends FormAuthenticator {
private boolean isSignInRequired(Request request, FedizContext fedConfig) {
if (fedConfig.getProtocol() instanceof FederationProtocol
- && request.getParameter("wa") == null) {
+ && request.getParameter(FederationConstants.PARAM_ACTION) == null) {
return true;
} else if (fedConfig.getProtocol() instanceof SAMLProtocol
- && request.getParameter("RelayState") == null) {
+ && request.getParameter(SAMLSSOConstants.RELAY_STATE) == null) {
return true;
}
@@ -581,10 +582,11 @@ public class FederationAuthenticator extends FormAuthenticator {
private boolean isSignInRequest(Request request, FedizContext fedConfig) {
if (fedConfig.getProtocol() instanceof FederationProtocol
- && FederationConstants.ACTION_SIGNIN.equals(request.getParameter("wa"))) {
+ && FederationConstants.ACTION_SIGNIN.equals(
+ request.getParameter(FederationConstants.PARAM_ACTION))) {
return true;
} else if (fedConfig.getProtocol() instanceof SAMLProtocol
- && request.getParameter("RelayState") != null) {
+ && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
return true;
}
@@ -593,9 +595,9 @@ public class FederationAuthenticator extends FormAuthenticator {
private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
if (fedConfig.getProtocol() instanceof FederationProtocol) {
- return request.getParameter("wresult");
+ return request.getParameter(FederationConstants.PARAM_RESULT);
} else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
- return request.getParameter("SAMLResponse");
+ return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
}
return null;