You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/13 11:36:17 UTC
[01/18] cxf-fediz git commit: Whitespace cleanup
Repository: cxf-fediz
Updated Branches:
refs/heads/master 29bf8de22 -> 2ca318630
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/webapps/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/systests/webapps/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/systests/webapps/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index 5d90f9c..3746936 100644
--- a/systests/webapps/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/systests/webapps/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -44,7 +44,7 @@ import org.springframework.security.context.SecurityContextHolder;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -9019993850246851112L;
@@ -68,11 +68,11 @@ public class FederationServlet extends HttpServlet {
// Access Spring security context
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
+
if (auth instanceof FederationAuthenticationToken) {
FederationAuthenticationToken fedToken = (FederationAuthenticationToken)auth;
List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
-
+
for (String item : roleListToCheck) {
boolean found = false;
for (GrantedAuthority ga : fedToken.getAuthorities()) {
@@ -83,26 +83,26 @@ public class FederationServlet extends HttpServlet {
}
out.println("<p>role:" + item + "=" + (found ? "true" : "false") + "</p>");
}
-
+
ClaimCollection claims = fedToken.getClaims();
for (Claim c : claims) {
out.println("<p>" + c.getClaimType().toString() + "=" + c.getValue() + "</p>");
}
-
+
Element el = fedToken.getLoginToken();
if (el != null) {
out.println("loginToken=FOUND{FedizPrincipal}<p>");
}
-
+
el = SecurityTokenThreadLocal.getToken();
if (el != null) {
out.println("loginToken=FOUND{SecurityTokenThreadLocal}<p>");
}
-
+
}
-
+
out.println("</body>");
-
+
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/webapps/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/systests/webapps/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/systests/webapps/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index d23281c..1d2cc7a 100644
--- a/systests/webapps/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/systests/webapps/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -44,7 +44,7 @@ import org.springframework.util.Assert;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -9019993850246851112L;
@@ -78,31 +78,31 @@ public class FederationServlet extends HttpServlet {
for (Claim c : claims) {
out.println("<p>" + c.getClaimType().toString() + "=" + c.getValue() + "</p>");
}
-
+
Element el = fp.getLoginToken();
if (el != null) {
out.println("loginToken=FOUND{FedizPrincipal}<p>");
}
-
+
el = SecurityTokenThreadLocal.getToken();
if (el != null) {
out.println("loginToken=FOUND{SecurityTokenThreadLocal}<p>");
}
}
-
+
out.println("</body>");
-
+
// Access Spring security context
Assert.notNull(SecurityContextHolder.getContext().getAuthentication(),
"SecurityContextHolder Authentication not null");
-
+
Authentication obj = SecurityContextHolder.getContext().getAuthentication();
System.out.println("getCredentials: " + obj.getCredentials().toString());
System.out.println("getDetails: " + obj.getDetails().toString());
System.out.println("getName: " + obj.getName().toString());
System.out.println("getAuthorities: " + obj.getAuthorities().toString());
System.out.println("getPrincipal: " + obj.getPrincipal().toString());
-
+
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/webapps/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/systests/webapps/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/systests/webapps/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index df0ce26..c846ca3 100644
--- a/systests/webapps/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/systests/webapps/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -44,7 +44,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -9019993850246851112L;
@@ -68,11 +68,11 @@ public class FederationServlet extends HttpServlet {
// Access Spring security context
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
+
if (auth instanceof FederationAuthenticationToken) {
FederationAuthenticationToken fedToken = (FederationAuthenticationToken)auth;
List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
-
+
for (String item : roleListToCheck) {
boolean found = false;
for (GrantedAuthority ga : fedToken.getAuthorities()) {
@@ -83,26 +83,26 @@ public class FederationServlet extends HttpServlet {
}
out.println("<p>role:" + item + "=" + (found ? "true" : "false") + "</p>");
}
-
+
ClaimCollection claims = fedToken.getClaims();
for (Claim c : claims) {
out.println("<p>" + c.getClaimType().toString() + "=" + c.getValue() + "</p>");
}
-
+
Element el = fedToken.getLoginToken();
if (el != null) {
out.println("loginToken=FOUND{FedizPrincipal}<p>");
}
-
+
el = SecurityTokenThreadLocal.getToken();
if (el != null) {
out.println("loginToken=FOUND{SecurityTokenThreadLocal}<p>");
}
-
+
}
-
+
out.println("</body>");
-
+
}
}
[03/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
index c805467..556e966 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
@@ -82,13 +82,13 @@ public class OIDCTest {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
private static String storedClientId;
private static String storedClient2Id;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -98,8 +98,8 @@ public class OIDCTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -107,11 +107,11 @@ public class OIDCTest {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
-
+
loginToClientsPage(rpHttpsPort, idpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -146,13 +146,13 @@ public class OIDCTest {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-oidc");
Context cxt = server.addWebapp("/fediz-oidc", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config.xml");
@@ -161,13 +161,13 @@ public class OIDCTest {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config.xml");
@@ -178,7 +178,7 @@ public class OIDCTest {
return server;
}
-
+
@AfterClass
public static void cleanup() throws Exception {
try {
@@ -188,7 +188,7 @@ public class OIDCTest {
shutdownServer(rpServer);
}
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -210,38 +210,38 @@ public class OIDCTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
// Runs as BeforeClass: Login to the OIDC Clients page + create two new clients
private static void loginToClientsPage(String rpPort, String idpPort) throws Exception {
String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, idpPort);
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
- HtmlPage registeredClientPage =
+ HtmlPage registeredClientPage =
registerNewClient(webClient, url, "new-client", "https://127.0.0.1",
"https://cxf.apache.org");
String registeredClientPageBody = registeredClientPage.getBody().getTextContent();
Assert.assertTrue(registeredClientPageBody.contains("Registered Clients"));
Assert.assertTrue(registeredClientPageBody.contains("new-client"));
Assert.assertTrue(registeredClientPageBody.contains("https://127.0.0.1"));
-
+
HtmlTable table = registeredClientPage.getHtmlElementById("registered_clients");
storedClientId = table.getCellAt(1, 1).asText().trim();
Assert.assertNotNull(storedClientId);
-
+
// Try to register another new client
- registeredClientPage =
+ registeredClientPage =
registerNewClient(webClient, url, "new-client2", "https://127.0.1.1",
"https://ws.apache.org");
registeredClientPageBody = registeredClientPage.getBody().getTextContent();
@@ -250,24 +250,24 @@ public class OIDCTest {
Assert.assertTrue(registeredClientPageBody.contains("https://127.0.0.1"));
Assert.assertTrue(registeredClientPageBody.contains("new-client2"));
Assert.assertTrue(registeredClientPageBody.contains("https://127.0.1.1"));
-
+
table = registeredClientPage.getHtmlElementById("registered_clients");
storedClient2Id = table.getCellAt(2, 1).asText().trim();
if (storedClient2Id.equals(storedClientId)) {
storedClient2Id = table.getCellAt(1, 1).asText().trim();
}
Assert.assertNotNull(storedClient2Id);
-
+
webClient.close();
}
-
+
private static HtmlPage registerNewClient(WebClient webClient, String url,
String clientName, String redirectURI,
String clientAudience) throws Exception {
HtmlPage registerPage = webClient.getPage(url + "/register");
-
+
final HtmlForm form = registerPage.getForms().get(0);
-
+
// Set new client values
final HtmlTextInput clientNameInput = form.getInputByName("client_name");
clientNameInput.setValueAttribute(clientName);
@@ -281,113 +281,113 @@ public class OIDCTest {
final HtmlButton button = form.getButtonByName("submit_button");
return button.click();
}
-
+
// Runs as AfterClass: Login to the OIDC Clients page + delete the created clients!
private static void loginToClientsPageAndDeleteClient(String rpPort, String idpPort) throws Exception {
String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, idpPort);
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Get the client identifier
HtmlTable table = loginPage.getHtmlElementById("registered_clients");
String clientId = table.getCellAt(1, 1).asText().trim();
Assert.assertNotNull(clientId);
String clientId2 = table.getCellAt(2, 1).asText().trim();
Assert.assertNotNull(clientId2);
-
+
// Now go to the specific client page
HtmlPage registeredClientsPage = deleteClient(webClient, url, clientId);
// Check we have one more registered clients
table = registeredClientsPage.getHtmlElementById("registered_clients");
Assert.assertEquals(2, table.getRowCount());
-
+
// Now delete the other client
registeredClientsPage = deleteClient(webClient, url, clientId2);
// Check we have no more registered clients
table = registeredClientsPage.getHtmlElementById("registered_clients");
Assert.assertEquals(1, table.getRowCount());
-
+
webClient.close();
}
-
+
private static HtmlPage deleteClient(WebClient webClient, String url, String clientId) throws Exception {
HtmlPage clientPage = webClient.getPage(url + "/" + clientId);
-
+
final HtmlForm deleteForm = clientPage.getFormByName("deleteForm");
Assert.assertNotNull(deleteForm);
-
+
// Delete the client
final HtmlButton button = deleteForm.getButtonByName("submit_delete_button");
return button.click();
}
-
+
// Test that we managed to create the clients ok
@org.junit.Test
public void testCreatedClients() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Get the new client identifier
HtmlTable table = loginPage.getHtmlElementById("registered_clients");
-
+
// 2 clients
Assert.assertEquals(table.getRows().size(), 3);
-
+
// Now check the first client
String clientId = table.getCellAt(1, 1).asText().trim();
Assert.assertNotNull(clientId);
-
+
// Check the Date
String date = table.getCellAt(1, 2).asText().trim();
SimpleDateFormat dateFormat = new SimpleDateFormat("dd MMM yyyy", Locale.US);
dateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
Assert.assertEquals(dateFormat.format(new Date()), date);
-
+
// Check the redirect URI
String redirectURI = table.getCellAt(1, 3).asText().trim();
Assert.assertTrue("https://127.0.0.1".equals(redirectURI)
|| "https://127.0.1.1".equals(redirectURI));
-
+
// Now check the specific client page
HtmlPage clientPage = webClient.getPage(url + "/" + clientId);
HtmlTable clientTable = clientPage.getHtmlElementById("client");
Assert.assertEquals(clientId, clientTable.getCellAt(1, 0).asText().trim());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testOIDCLoginForClient1() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNotNull(authorizationCode);
-
+
// Now use the code to get an IdToken
-
+
url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
@@ -395,7 +395,7 @@ public class OIDCTest {
request.getRequestParameters().add(new NameValuePair("client_id", storedClientId));
request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code"));
request.getRequestParameters().add(new NameValuePair("code", authorizationCode));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
final UnexpectedPage responsePage = webClient.getPage(request);
String response = responsePage.getWebResponse().getContentAsString();
@@ -404,27 +404,27 @@ public class OIDCTest {
String idToken = getIdToken(response);
Assert.assertNotNull(idToken);
validateIdToken(idToken, storedClientId);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testOIDCLoginForClient2() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=" + storedClient2Id;
url += "&response_type=code";
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNotNull(authorizationCode);
-
+
// Now use the code to get an IdToken
-
+
url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
@@ -432,7 +432,7 @@ public class OIDCTest {
request.getRequestParameters().add(new NameValuePair("client_id", storedClient2Id));
request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code"));
request.getRequestParameters().add(new NameValuePair("code", authorizationCode));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
final UnexpectedPage responsePage = webClient.getPage(request);
String response = responsePage.getWebResponse().getContentAsString();
@@ -441,10 +441,10 @@ public class OIDCTest {
String idToken = getIdToken(response);
Assert.assertNotNull(idToken);
validateIdToken(idToken, storedClient2Id);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testUsingCodeForOtherClient() throws Exception {
// Get the code for the first client
@@ -454,12 +454,12 @@ public class OIDCTest {
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNotNull(authorizationCode);
-
+
// Now try and get a token for the second client
url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
@@ -468,7 +468,7 @@ public class OIDCTest {
request.getRequestParameters().add(new NameValuePair("client_id", storedClient2Id));
request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code"));
request.getRequestParameters().add(new NameValuePair("code", authorizationCode));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(request);
@@ -477,48 +477,48 @@ public class OIDCTest {
// expected
}
}
-
+
@org.junit.Test
public void testBadClientId() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=" + storedClientId + 2;
url += "&response_type=code";
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
-
+
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNull(authorizationCode);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testEmptyClientId() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=";
url += "&response_type=code";
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
-
+
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNull(authorizationCode);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testIncorrectRedirectURI() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
@@ -526,28 +526,28 @@ public class OIDCTest {
url += "&redirect_uri=https://127.0.0.5";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
-
+
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNull(authorizationCode);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testCreateClientWithInvalidRegistrationURI() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
try {
HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1//",
@@ -556,22 +556,22 @@ public class OIDCTest {
} catch (Exception ex) {
// expected
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testCreateClientWithRegistrationURIFragment() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
try {
HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1#fragment",
@@ -580,22 +580,22 @@ public class OIDCTest {
} catch (Exception ex) {
// expected
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testCreateClientWithInvalidAudienceURI() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
try {
HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1/",
@@ -604,22 +604,22 @@ public class OIDCTest {
} catch (Exception ex) {
// expected
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testCreateClientWithAudienceURIFragment() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
try {
HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1",
@@ -628,10 +628,10 @@ public class OIDCTest {
} catch (Exception ex) {
// expected
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testClientCredentialsSTS() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
@@ -641,7 +641,7 @@ public class OIDCTest {
request.getRequestParameters().add(new NameValuePair("client_id", "alice"));
request.getRequestParameters().add(new NameValuePair("client_secret", "ecila"));
request.getRequestParameters().add(new NameValuePair("grant_type", "client_credentials"));
-
+
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setJavaScriptEnabled(false);
@@ -649,10 +649,10 @@ public class OIDCTest {
String response = responsePage.getWebResponse().getContentAsString();
Assert.assertTrue(response.contains("access_token"));
-
+
webClient.close();
}
-
+
private static WebClient setupWebClient(String user, String password, String idpPort) {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
@@ -661,10 +661,10 @@ public class OIDCTest {
new UsernamePasswordCredentials(user, password));
webClient.getOptions().setJavaScriptEnabled(false);
-
+
return webClient;
}
-
+
private static HtmlPage login(String url, WebClient webClient) throws IOException {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
@@ -681,7 +681,7 @@ public class OIDCTest {
break;
}
}
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:bearer"));
final HtmlForm form = idpPage.getFormByName("signinresponseform");
@@ -689,7 +689,7 @@ public class OIDCTest {
return button.click();
}
-
+
private static String loginAndGetAuthorizationCode(
String url, WebClient webClient
) throws Exception {
@@ -697,7 +697,7 @@ public class OIDCTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
String wresult = null;
@@ -707,7 +707,7 @@ public class OIDCTest {
break;
}
}
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:bearer"));
final HtmlForm form = idpPage.getFormByName("signinresponseform");
@@ -716,7 +716,7 @@ public class OIDCTest {
// Bit of a hack here to get the authorization code - necessary as HtmlUnit tries
// to follow the server redirect to "https://127.0.0.1" - the redirect URI
CodeWebConnectionWrapper wrapper = new CodeWebConnectionWrapper(webClient);
-
+
try {
button.click();
} catch (Throwable t) {
@@ -726,10 +726,10 @@ public class OIDCTest {
wrapper.close();
return wrapper.getCode();
}
-
+
private String getIdToken(String parentString) {
String foundString =
- parentString.substring(parentString.indexOf("id_token")
+ parentString.substring(parentString.indexOf("id_token")
+ ("id_token" + "\":\"").length());
int ampersandIndex = foundString.indexOf('\"');
if (ampersandIndex < 1) {
@@ -737,7 +737,7 @@ public class OIDCTest {
}
return foundString.substring(0, ampersandIndex);
}
-
+
private void validateIdToken(String idToken, String audience)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
@@ -755,32 +755,32 @@ public class OIDCTest {
Certificate cert = keystore.getCertificate("alice");
Assert.assertNotNull(cert);
- Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
+ Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
SignatureAlgorithm.RS256));
}
-
+
private static class CodeWebConnectionWrapper extends WebConnectionWrapper {
private String code;
-
+
CodeWebConnectionWrapper(WebClient webClient) throws IllegalArgumentException {
super(webClient);
}
-
+
public WebResponse getResponse(WebRequest request) throws IOException {
WebResponse response = super.getResponse(request);
String location = response.getResponseHeaderValue("Location");
if (location != null && location.contains("code=")) {
code = getSubstring(location, "code");
}
-
+
return response;
}
-
+
public String getCode() {
return code;
}
-
+
private String getSubstring(String parentString, String substringName) {
String foundString =
parentString.substring(parentString.indexOf(substringName + "=") + (substringName + "=").length());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 00a8b78..9e0a4f9 100644
--- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -118,7 +118,7 @@ public class IdpTest {
WSSConfig.init();
}
- private static Tomcat startServer(String port)
+ private static Tomcat startServer(String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -161,7 +161,7 @@ public class IdpTest {
public static void cleanup() {
shutdownServer(idpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -187,7 +187,7 @@ public class IdpTest {
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
//
// Successful tests
//
@@ -195,20 +195,20 @@ public class IdpTest {
@org.junit.Test
public void testBrowser() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -218,9 +218,9 @@ public class IdpTest {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
-
+
System.out.println("URL: " + url);
-
+
Thread.sleep(60 * 1000);
}
@@ -228,20 +228,20 @@ public class IdpTest {
@org.junit.Test
public void testSuccessfulInvokeOnIdP() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -265,12 +265,12 @@ public class IdpTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -282,26 +282,26 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testSuccessfulInvokeOnIdPUsingPOST() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
-
+
// Don't inflate the token...
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8"));
@@ -319,24 +319,24 @@ public class IdpTest {
new UsernamePasswordCredentials(user, password));
webClient.getOptions().setJavaScriptEnabled(false);
-
+
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
request.getRequestParameters().add(new NameValuePair(SSOConstants.RELAY_STATE, relayState));
request.getRequestParameters().add(new NameValuePair(SSOConstants.SAML_REQUEST, authnRequestEncoded));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(request);
-
+
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -348,52 +348,52 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -412,12 +412,12 @@ public class IdpTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -429,24 +429,24 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdP() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -463,7 +463,7 @@ public class IdpTest {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode((user + ":" + password).getBytes()));
-
+
//
// First invocation
//
@@ -472,12 +472,12 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -486,23 +486,23 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
//
// Second invocation - change the credentials to make sure the session is set up correctly
//
-
+
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode(("mallory" + ":" + password).getBytes()));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
@@ -514,25 +514,25 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdPWithForceAuthn() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -542,7 +542,7 @@ public class IdpTest {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
-
+
String user = "alice";
String password = "ecila";
@@ -553,7 +553,7 @@ public class IdpTest {
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(user, password));
-
+
//
// First invocation
//
@@ -562,12 +562,12 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -576,20 +576,20 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
//
// Second invocation
//
-
+
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
@@ -598,80 +598,80 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
webClient.close();
-
+
//
// Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
// ...this should fail
//
-
+
WebClient newWebClient = new WebClient();
newWebClient.setCookieManager(cookieManager);
newWebClient.getOptions().setUseInsecureSSL(true);
newWebClient.getOptions().setJavaScriptEnabled(false);
-
+
try {
newWebClient.getPage(url);
Assert.fail("Failure expected on no credentials");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
-
+
newWebClient.close();
}
-
+
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdPWithForceAuthnSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
url += "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, StandardCharsets.UTF_8.name());
-
+
String user = "alice";
String password = "ecila";
@@ -682,7 +682,7 @@ public class IdpTest {
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(user, password));
-
+
//
// First invocation
//
@@ -691,12 +691,12 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -705,20 +705,20 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
//
// Second invocation
//
-
+
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
@@ -729,48 +729,48 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
-
+
//
// Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
// ...this should fail
//
-
+
WebClient newWebClient = new WebClient();
newWebClient.setCookieManager(cookieManager);
newWebClient.getOptions().setUseInsecureSSL(true);
newWebClient.getOptions().setJavaScriptEnabled(false);
-
+
try {
newWebClient.getPage(url);
Assert.fail("Failure expected on no credentials");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
-
+
newWebClient.close();
}
-
+
//
// Negative tests
//
-
+
@org.junit.Test
public void testBadIssuer() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -792,32 +792,32 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testNoIssuer() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, null, consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -839,35 +839,35 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testBadIssuerFormat() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
-
+
String issuerId = "urn:org:apache:cxf:fediz:fedizhelloworld";
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
issuer.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
-
+
String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
-
+
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
@@ -877,22 +877,22 @@ public class IdpTest {
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
-
+
String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest(
- consumerURL,
- false,
+ consumerURL,
false,
- protocolBinding,
+ false,
+ protocolBinding,
SAMLVersion.VERSION_20,
- issuer,
- nameIDPolicy,
+ issuer,
+ nameIDPolicy,
authnCtx
);
-
+
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -914,31 +914,31 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testMissingDestination() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -960,32 +960,32 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Ignore
public void testMissingRelayState() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -1010,26 +1010,26 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testUnsignedRequest() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -1051,38 +1051,38 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testEmptySeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -1099,60 +1099,60 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
-
+
@org.junit.Test
public void testBase64DecodingErrorSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -1170,55 +1170,55 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
-
+
@org.junit.Test
public void testChangedSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
if (signBytes[1] != (byte)1) {
@@ -1226,9 +1226,9 @@ public class IdpTest {
} else {
signBytes[1] = (byte)2;
}
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -1245,61 +1245,61 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
-
+
@org.junit.Test
public void testSeparateSignatureWrongSignedContent() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name())
+ "asf=xyz";
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -1316,32 +1316,32 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
-
+
@org.junit.Test
public void testUnknownRACS() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/insecure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -1363,34 +1363,34 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testProblemWithParsingRequest() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
-
+
// Don't inflate the token...
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8"));
@@ -1418,28 +1418,28 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testForceAuthnWrongCredentials() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -1449,14 +1449,14 @@ public class IdpTest {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
-
+
String user = "alice";
String password = "ecila";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode((user + ":" + password).getBytes()));
-
+
//
// First invocation
//
@@ -1465,12 +1465,12 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -1479,14 +1479,14 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
//
// Second invocation - change the credentials, this should fail
//
-
+
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode(("mallory" + ":" + password).getBytes()));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(url);
@@ -1494,43 +1494,43 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
-
+
webClient.close();
}
-
+
private String encodeAuthnRequest(Element authnRequest) throws IOException {
String requestMessage = DOM2Writer.nodeToString(authnRequest);
-
+
DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
byte[] deflatedBytes = encoder.deflateToken(requestMessage.getBytes("UTF-8"));
return Base64Utility.encode(deflatedBytes);
}
-
+
private void signAuthnRequest(AuthnRequest authnRequest) throws Exception {
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
String sigAlgo = SSOConstants.RSA_SHA1;
-
+
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
// Create the signature
Signature signature = OpenSAMLUtil.buildSignature();
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(sigAlgo);
-
+
BasicX509Credential signingCredential = new BasicX509Credential(issuerCerts[0], privateKey);
signature.setSigningCredential(signingCredential);
X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
kiFactory.setEmitEntityCertificate(true);
-
+
try {
KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(keyInfo);
@@ -1538,21 +1538,21 @@ public class IdpTest {
throw new Exception(
"Error generating KeyInfo from signing credential", ex);
}
-
+
SignableSAMLObject signableObject = (SignableSAMLObject) authnRequest;
signableObject.setSignature(signature);
signableObject.releaseDOM();
signableObject.releaseChildrenDOM(true);
-
+
}
-
- private org.opensaml.saml.saml2.core.Response parseSAMLResponse(HtmlPage idpPage,
- String relayState,
+
+ private org.opensaml.saml.saml2.core.Response parseSAMLResponse(HtmlPage idpPage,
+ String relayState,
String consumerURL,
String authnRequestId
) throws Exception {
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
// Parse the form to get the token (SAMLResponse)
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
@@ -1569,28 +1569,28 @@ public class IdpTest {
Assert.assertNotNull(samlResponse);
Assert.assertTrue(foundRelayState);
-
+
// Check the "action"
DomNodeList<DomElement> formResults = idpPage.getElementsByTagName("form");
Assert.assertFalse(formResults.isEmpty());
-
+
DomElement formResult = formResults.get(0);
String action = formResult.getAttributeNS(null, "action");
Assert.assertTrue(action.equals(consumerURL));
-
+
// Decode + verify response
byte[] deflatedToken = Base64Utility.decode(samlResponse);
InputStream inputStream = new ByteArrayInputStream(deflatedToken);
-
+
Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));
-
+
XMLObject responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
Assert.assertTrue(responseObject instanceof org.opensaml.saml.saml2.core.Response);
-
- org.opensaml.saml.saml2.core.Response samlResponseObject =
+
+ org.opensaml.saml.saml2.core.Response samlResponseObject =
(org.opensaml.saml.saml2.core.Response)responseObject;
Assert.assertTrue(authnRequestId.equals(samlResponseObject.getInResponseTo()));
-
+
return samlResponseObject;
}
}
[16/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
index 342f404..b56d558 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
@@ -42,27 +42,27 @@ import org.opensaml.saml.saml2.core.SessionIndex;
* A set of utility methods to construct SAMLP Request statements
*/
public final class SamlpRequestComponentBuilder {
-
+
private static volatile SAMLObjectBuilder<AuthnRequest> authnRequestBuilder;
-
+
private static volatile SAMLObjectBuilder<LogoutRequest> logoutRequestBuilder;
-
+
private static volatile SAMLObjectBuilder<SessionIndex> sessionIndexBuilder;
-
+
private static volatile SAMLObjectBuilder<Issuer> issuerBuilder;
-
+
private static volatile SAMLObjectBuilder<NameIDPolicy> nameIDBuilder;
-
+
private static volatile SAMLObjectBuilder<RequestedAuthnContext> requestedAuthnCtxBuilder;
-
+
private static volatile SAMLObjectBuilder<AuthnContextClassRef> requestedAuthnCtxClassRefBuilder;
-
- private static volatile XMLObjectBuilderFactory builderFactory =
+
+ private static volatile XMLObjectBuilderFactory builderFactory =
XMLObjectProviderRegistrySupport.getBuilderFactory();
-
+
private SamlpRequestComponentBuilder() {
}
-
+
@SuppressWarnings("unchecked")
//CHECKSTYLE:OFF
public static AuthnRequest createAuthnRequest(
@@ -75,7 +75,7 @@ public final class SamlpRequestComponentBuilder {
NameIDPolicy nameIDPolicy,
RequestedAuthnContext requestedAuthnCtx
) {
- //CHECKSTYLE:ON
+ //CHECKSTYLE:ON
if (authnRequestBuilder == null) {
authnRequestBuilder = (SAMLObjectBuilder<AuthnRequest>)
builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
@@ -88,14 +88,14 @@ public final class SamlpRequestComponentBuilder {
authnRequest.setIssueInstant(new DateTime());
authnRequest.setProtocolBinding(protocolBinding);
authnRequest.setVersion(version);
-
+
authnRequest.setIssuer(issuer);
authnRequest.setNameIDPolicy(nameIDPolicy);
authnRequest.setRequestedAuthnContext(requestedAuthnCtx);
-
+
return authnRequest;
}
-
+
@SuppressWarnings("unchecked")
public static LogoutRequest createLogoutRequest(
Issuer issuer,
@@ -111,19 +111,19 @@ public final class SamlpRequestComponentBuilder {
sessionIndexBuilder = (SAMLObjectBuilder<SessionIndex>)
builderFactory.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME);
}
-
+
LogoutRequest logoutRequest = logoutRequestBuilder.buildObject();
-
+
logoutRequest.setID(UUID.randomUUID().toString());
logoutRequest.setIssueInstant(new DateTime());
-
+
if (reason != null) {
logoutRequest.setReason(reason);
}
if (nameId != null) {
logoutRequest.setNameID(nameId);
}
-
+
if (sessionIndices != null && !sessionIndices.isEmpty()) {
for (String sessionIndex : sessionIndices) {
SessionIndex sessionIndexObj = sessionIndexBuilder.buildObject();
@@ -136,7 +136,7 @@ public final class SamlpRequestComponentBuilder {
return logoutRequest;
}
-
+
@SuppressWarnings("unchecked")
public static Issuer createIssuer(
String issuerValue
@@ -147,10 +147,10 @@ public final class SamlpRequestComponentBuilder {
}
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerValue);
-
+
return issuer;
}
-
+
@SuppressWarnings("unchecked")
public static NameIDPolicy createNameIDPolicy(
boolean allowCreate,
@@ -165,10 +165,10 @@ public final class SamlpRequestComponentBuilder {
nameId.setAllowCreate(allowCreate);
nameId.setFormat(format);
nameId.setSPNameQualifier(spNameQualifier);
-
+
return nameId;
}
-
+
@SuppressWarnings("unchecked")
public static RequestedAuthnContext createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration comparison,
@@ -181,20 +181,20 @@ public final class SamlpRequestComponentBuilder {
}
RequestedAuthnContext authnCtx = requestedAuthnCtxBuilder.buildObject();
authnCtx.setComparison(comparison);
-
+
if (authnCtxClassRefList != null) {
List<AuthnContextClassRef> classRefList = authnCtx.getAuthnContextClassRefs();
classRefList.addAll(authnCtxClassRefList);
}
-
+
if (authnCtxDeclRefList != null) {
List<AuthnContextDeclRef> declRefList = authnCtx.getAuthnContextDeclRefs();
declRefList.addAll(authnCtxDeclRefList);
}
-
+
return authnCtx;
}
-
+
@SuppressWarnings("unchecked")
public static AuthnContextClassRef createAuthnCtxClassRef(
String authnCtxClassRefValue
@@ -205,8 +205,8 @@ public final class SamlpRequestComponentBuilder {
}
AuthnContextClassRef authnCtxClassRef = requestedAuthnCtxClassRefBuilder.buildObject();
authnCtxClassRef.setAuthnContextClassRef(authnCtxClassRefValue);
-
+
return authnCtxClassRef;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
index 24d6be1..f1a2882 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
@@ -43,13 +43,13 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public final class CertsUtils {
-
+
private static final Logger LOG = LoggerFactory.getLogger(CertsUtils.class);
-
+
private CertsUtils() {
super();
}
-
+
/**
* Load an X.509 Certificate from a certificate file
*/
@@ -57,16 +57,16 @@ public final class CertsUtils {
return getX509CertificateFromFile(filename,
Thread.currentThread().getContextClassLoader());
}
-
+
/**
* Load an X.509 Certificate from a certificate file
*/
- public static X509Certificate getX509CertificateFromFile(String filename, ClassLoader classLoader)
+ public static X509Certificate getX509CertificateFromFile(String filename, ClassLoader classLoader)
throws CertificateException {
if (filename == null) {
return null;
}
-
+
ClassLoader cl = classLoader;
if (cl == null) {
cl = Thread.currentThread().getContextClassLoader();
@@ -87,7 +87,7 @@ public final class CertsUtils {
if (bis.available() > 0) {
LOG.warn("There are more certificates configured in " + filename + ". Only first is parsed");
}
- return (X509Certificate)cert;
+ return (X509Certificate)cert;
} else {
LOG.error("No bytes can be read in certificate file " + filename);
throw new RuntimeException("No bytes can be read in certificate file " + filename);
@@ -100,20 +100,20 @@ public final class CertsUtils {
throw new RuntimeException("Failed to read keystore");
}
}
-
+
/**
* Load an X.509 Certificate from a WSS4J Crypto instance using a keystore alias
*/
- public static X509Certificate getX509CertificateFromCrypto(Crypto crypto, String keyAlias)
+ public static X509Certificate getX509CertificateFromCrypto(Crypto crypto, String keyAlias)
throws WSSecurityException {
if (keyAlias == null || "".equals(keyAlias)) {
keyAlias = crypto.getDefaultX509Identifier();
}
-
+
if (keyAlias == null) {
throw new RuntimeException("No keystore alias was specified to sign the metadata");
}
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(keyAlias);
X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
@@ -124,17 +124,17 @@ public final class CertsUtils {
}
return issuerCerts[0];
}
-
+
/**
* Parse a String parameter into an X.509 Certificate. The parameter can be either the encoded cert, or else
* a filename containing the certificate.
*/
- public static X509Certificate parseX509Certificate(String certificate)
+ public static X509Certificate parseX509Certificate(String certificate)
throws CertificateException, WSSecurityException, ProcessingException, Base64DecodingException, IOException {
if (certificate == null) {
return null;
}
-
+
boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
if (isCertificateLocation) {
try {
@@ -146,8 +146,8 @@ public final class CertsUtils {
return CertsUtils.getX509CertificateFromCrypto(crypto, null);
}
}
- }
-
+ }
+
// Here the certificate is encoded in the configuration file
try {
return CertsUtils.parseCertificate(certificate);
@@ -156,7 +156,7 @@ public final class CertsUtils {
throw new ProcessingException("Failed to parse trusted certificate");
}
}
-
+
/**
* Get a Crypto instance from a file
*/
@@ -177,7 +177,7 @@ public final class CertsUtils {
}
return crypto;
}
-
+
/**
* Get a crypto instance using a certificate
*/
@@ -185,7 +185,7 @@ public final class CertsUtils {
if (certificate == null) {
return null;
}
-
+
boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
if (isCertificateLocation) {
try {
@@ -198,8 +198,8 @@ public final class CertsUtils {
// Maybe it's a WSS4J properties file...
return CertsUtils.getCryptoFromFile(certificate);
}
- }
-
+ }
+
// Here the certificate is encoded in the configuration file
X509Certificate cert;
try {
@@ -210,10 +210,10 @@ public final class CertsUtils {
}
return new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0]));
}
-
+
private static X509Certificate parseCertificate(String certificate)
throws CertificateException, Base64DecodingException, IOException {
-
+
//before decoding we need to get rid off the prefix and suffix
byte[] decoded = Base64.decode(certificate.replaceAll("-----BEGIN CERTIFICATE-----", "").
replaceAll("-----END CERTIFICATE-----", ""));
@@ -222,5 +222,5 @@ public final class CertsUtils {
return (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(is);
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/ClassLoaderUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/ClassLoaderUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/ClassLoaderUtils.java
index 6803ef2..d2611f0 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/ClassLoaderUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/ClassLoaderUtils.java
@@ -34,20 +34,20 @@ import java.util.List;
* tolerant manner that works across different applications servers. Do not
* touch this unless you're a grizzled classloading guru veteran who is going to
* verify any change on 6 different application servers.
- *
+ *
* Original: org.apache.cxf.common.classloader.ClassLoaderUtils
*/
public final class ClassLoaderUtils {
-
+
private ClassLoaderUtils() {
}
-
+
public static class ClassLoaderHolder {
ClassLoader loader;
ClassLoaderHolder(ClassLoader c) {
loader = c;
}
-
+
public void reset() {
ClassLoaderUtils.setThreadContextClassloader(loader);
}
@@ -61,7 +61,7 @@ public final class ClassLoaderUtils {
}
});
}
-
+
public static ClassLoader getURLClassLoader(
final URL[] urls, final ClassLoader parent
) {
@@ -77,7 +77,7 @@ public final class ClassLoaderUtils {
) {
return getURLClassLoader(urlList.toArray(new URL[urlList.size()]), parent);
}
-
+
/**
* Load a given resource. This method will try to load the resource
* using the following methods (in order):
@@ -86,7 +86,7 @@ public final class ClassLoaderUtils {
* <li>From ClassLoaderUtil.class.getClassLoader()
* <li>callingClass.getClassLoader()
* </ul>
- *
+ *
* @param resourceName The name of the resource to load
* @param callingClass The Class object of the calling object
*/
@@ -121,14 +121,14 @@ public final class ClassLoaderUtils {
if (url == null) {
url = callingClass.getResource(resourceName);
}
-
+
if ((url == null) && (resourceName != null) && (resourceName.charAt(0) != '/')) {
return getResource('/' + resourceName, callingClass);
}
return url;
}
-
+
/**
* Load a given resources. <p/> This method will try to load the resources
* using the following methods (in order):
@@ -137,7 +137,7 @@ public final class ClassLoaderUtils {
* <li>From ClassLoaderUtil.class.getClassLoader()
* <li>callingClass.getClassLoader()
* </ul>
- *
+ *
* @param resourceName The name of the resource to load
* @param callingClass The Class object of the calling object
*/
@@ -150,7 +150,7 @@ public final class ClassLoaderUtils {
public URL nextElement() {
return null;
}
-
+
};
try {
urls = Thread.currentThread().getContextClassLoader()
@@ -210,7 +210,7 @@ public final class ClassLoaderUtils {
ret.add(urls.nextElement());
}
-
+
if (ret.isEmpty() && (resourceName != null) && (resourceName.charAt(0) != '/')) {
return getResources('/' + resourceName, callingClass);
}
@@ -221,7 +221,7 @@ public final class ClassLoaderUtils {
/**
* This is a convenience method to load a resource as a stream. <p/> The
* algorithm used to find the resource is given in getResource()
- *
+ *
* @param resourceName The name of the resource to load
* @param callingClass The Class object of the calling object
*/
@@ -244,7 +244,7 @@ public final class ClassLoaderUtils {
* <li>From ClassLoaderUtil.class.getClassLoader()
* <li>From the callingClass.getClassLoader()
* </ul>
- *
+ *
* @param className The name of the class to load
* @param callingClass The Class object of the calling object
* @throws ClassNotFoundException If the class cannot be found anywhere.
@@ -256,7 +256,7 @@ public final class ClassLoaderUtils {
if (cl != null) {
return cl.loadClass(className);
- }
+ }
} catch (ClassNotFoundException e) {
//ignore
}
@@ -269,7 +269,7 @@ public final class ClassLoaderUtils {
if (cl != null) {
return cl.loadClass(className).asSubclass(type);
- }
+ }
} catch (ClassNotFoundException e) {
//ignore
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java
index 232514d..e8b5edd 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CookieUtils.java
@@ -28,17 +28,17 @@ import java.util.TimeZone;
* Some Utility methods for manipulating cookies
*/
public final class CookieUtils {
-
+
private CookieUtils() {
// complete
}
- public static String createCookie(String name,
- String value,
+ public static String createCookie(String name,
+ String value,
String path,
String domain,
- long stateTimeToLive) {
-
+ long stateTimeToLive) {
+
String contextCookie = name + "=" + value;
// Setting a specific path restricts the browsers
// to return a cookie only to the web applications
@@ -46,25 +46,25 @@ public final class CookieUtils {
if (path != null) {
contextCookie += ";Path=" + path;
}
-
+
// Setting a specific domain further restricts the browsers
// to return a cookie only to the web applications
// listening on the specific context path within a particular domain
if (domain != null) {
contextCookie += ";Domain=" + domain;
}
-
+
// Keep the cookie across the browser restarts until it actually expires.
- // Note that the Expires property has been deprecated but apparently is
- // supported better than 'max-age' property by different browsers
+ // Note that the Expires property has been deprecated but apparently is
+ // supported better than 'max-age' property by different browsers
// (Firefox, IE, etc)
Date expiresDate = new Date(System.currentTimeMillis() + stateTimeToLive);
String cookieExpires = getHttpDateFormat().format(expiresDate);
contextCookie += ";Expires=" + cookieExpires;
-
+
return contextCookie;
}
-
+
public static SimpleDateFormat getHttpDateFormat() {
SimpleDateFormat dateFormat =
new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US);
@@ -72,15 +72,15 @@ public final class CookieUtils {
dateFormat.setTimeZone(tZone);
return dateFormat;
}
-
+
public static boolean isStateExpired(long stateCreatedAt, boolean detectExpiredTokens,
long expiresAt, long stateTTL) {
Date currentTime = new Date();
if (currentTime.after(new Date(stateCreatedAt + stateTTL))) {
return true;
}
-
+
return detectExpiredTokens && expiresAt > 0 && currentTime.after(new Date(expiresAt));
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/DOMUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/DOMUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/DOMUtils.java
index 6d66e8e..31120e2 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/DOMUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/DOMUtils.java
@@ -57,7 +57,7 @@ import org.xml.sax.SAXException;
/**
* Few simple utils to read DOM. This is originally from the Jakarta Commons Modeler.
- *
+ *
* @author Costin Manolache
*/
public final class DOMUtils {
@@ -89,7 +89,7 @@ public final class DOMUtils {
/**
* This function is much like getAttribute, but returns null, not "", for a nonexistent attribute.
- *
+ *
* @param e
* @param attributeName
*/
@@ -143,7 +143,7 @@ public final class DOMUtils {
/**
* Get the first element child.
- *
+ *
* @param parent lookup direct childs
* @param name name of the element. If null return the first element.
*/
@@ -223,7 +223,7 @@ public final class DOMUtils {
/**
* Find the first direct child with a given attribute.
- *
+ *
* @param parent
* @param elemName name of the element, or null for any
* @param attName attribute we're looking for
@@ -295,7 +295,7 @@ public final class DOMUtils {
/**
* Return the first element child with the specified qualified name.
- *
+ *
* @param parent
* @param q
*/
@@ -307,7 +307,7 @@ public final class DOMUtils {
/**
* Return the first element child with the specified qualified name.
- *
+ *
* @param parent
* @param ns
* @param lp
@@ -327,7 +327,7 @@ public final class DOMUtils {
/**
* Return child elements with specified name.
- *
+ *
* @param parent
* @param ns
* @param localName
@@ -348,7 +348,7 @@ public final class DOMUtils {
/**
* Returns all child elements with specified namespace.
- *
+ *
* @param parent the element to search under
* @param ns the namespace to find elements in
* @return all child elements with specified namespace
@@ -369,7 +369,7 @@ public final class DOMUtils {
/**
* Get the first child of the specified type.
- *
+ *
* @param parent
* @param type
*/
@@ -423,7 +423,7 @@ public final class DOMUtils {
return new InputSource(new StringReader(""));
}
}
-
+
private static DocumentBuilderFactory createDocumentBuilderFactory() throws ParserConfigurationException {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
@@ -434,7 +434,7 @@ public final class DOMUtils {
dbf.setNamespaceAware(true);
// dbf.setCoalescing(true);
// dbf.setExpandEntityReferences(true);
-
+
return dbf;
}
@@ -512,7 +512,7 @@ public final class DOMUtils {
/**
* Get all prefixes defined, up to the root, for a namespace URI.
- *
+ *
* @param element
* @param namespaceUri
* @param prefixes
@@ -527,7 +527,7 @@ public final class DOMUtils {
/**
* Get all prefixes defined on this element for the specified namespace.
- *
+ *
* @param element
* @param namespaceUri
* @param prefixes
@@ -558,7 +558,7 @@ public final class DOMUtils {
/**
* Starting from a node, find the namespace declaration for a prefix. for a matching namespace
* declaration.
- *
+ *
* @param node search up from here to search for namespace definitions
* @param searchPrefix the prefix we are searching for
* @return the namespace if found.
@@ -648,7 +648,7 @@ public final class DOMUtils {
* Set a namespace/prefix on an element if it is not set already. First off, it searches for the element
* for the prefix associated with the specified namespace. If the prefix isn't null, then this is
* returned. Otherwise, it creates a new attribute using the namespace/prefix passed as parameters.
- *
+ *
* @param element
* @param namespace
* @param prefix
@@ -665,7 +665,7 @@ public final class DOMUtils {
/**
* Add a namespace prefix definition to an element.
- *
+ *
* @param element
* @param namespaceUri
* @param prefix
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
index 5ea2b12..26263a9 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
@@ -49,12 +49,12 @@ import org.slf4j.LoggerFactory;
public final class SignatureUtils {
private static final Logger LOG = LoggerFactory.getLogger(SignatureUtils.class);
-
+
private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");
-
+
private SignatureUtils() {
}
-
+
public static Document signMetaInfo(Crypto crypto, String keyAlias, String keyPassword,
Document doc, String referenceID) throws Exception {
if (keyAlias == null || "".equals(keyAlias)) {
@@ -62,17 +62,17 @@ public final class SignatureUtils {
}
X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, keyAlias);
// }
-
+
/* public static ByteArrayOutputStream signMetaInfo(FederationContext config, InputStream metaInfo,
String referenceID)
throws Exception {
KeyManager keyManager = config.getSigningKey();
String keyAlias = keyManager.getKeyAlias();
- String keypass = keyManager.getKeyPassword();
-
+ String keypass = keyManager.getKeyPassword();
+
// in case we did not specify the key alias, we assume there is only one key in the keystore ,
- // we use this key's alias as default.
+ // we use this key's alias as default.
if (keyAlias == null || "".equals(keyAlias)) {
//keyAlias = getDefaultX509Identifier(ks);
keyAlias = keyManager.getCrypto().getDefaultX509Identifier();
@@ -86,7 +86,7 @@ public final class SignatureUtils {
+ keyAlias);
}
X509Certificate cert = issuerCerts[0];
-*/
+*/
String signatureMethod = null;
if ("SHA1withDSA".equals(cert.getSigAlgName())) {
signatureMethod = SignatureMethod.DSA_SHA1;
@@ -98,12 +98,12 @@ public final class SignatureUtils {
LOG.error("Unsupported signature method: " + cert.getSigAlgName());
throw new RuntimeException("Unsupported signature method: " + cert.getSigAlgName());
}
-
+
List<Transform> transformList = new ArrayList<>();
transformList.add(XML_SIGNATURE_FACTORY.newTransform(Transform.ENVELOPED, (TransformParameterSpec)null));
transformList.add(XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
(C14NMethodParameterSpec)null));
-
+
// Create a Reference to the enveloped document (in this case,
// you are signing the whole document, so a URI of "" signifies
// that, and also specify the SHA1 digest algorithm and
@@ -123,9 +123,9 @@ public final class SignatureUtils {
// step 2
// Load the KeyStore and get the signing key and certificate.
-
+
PrivateKey keyEntry = crypto.getPrivateKey(keyAlias, keyPassword);
-
+
// Create the KeyInfo containing the X509Data.
KeyInfoFactory kif = XML_SIGNATURE_FACTORY.getKeyInfoFactory();
List<Object> x509Content = new ArrayList<>();
@@ -151,8 +151,8 @@ public final class SignatureUtils {
// step 4
// Output the resulting document.
-
+
return doc;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/StringUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/StringUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/StringUtils.java
index 04f2112..f23ee74 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/StringUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/StringUtils.java
@@ -208,7 +208,7 @@ public final class StringUtils {
/**
* Return input string with first character in upper case.
- *
+ *
* @param name
* input string.
* @return capitalized form.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/common/STSUtil.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/common/STSUtil.java b/plugins/core/src/test/java/org/apache/cxf/fediz/common/STSUtil.java
index 3698672..273f2c1 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/common/STSUtil.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/common/STSUtil.java
@@ -26,9 +26,9 @@ import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
public class STSUtil {
-
-
- public static final String SAMPLE_RSTR_COLL_MSG =
+
+
+ public static final String SAMPLE_RSTR_COLL_MSG =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<RequestSecurityTokenResponseCollection "
+ "xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\"> "
@@ -37,34 +37,34 @@ public class STSUtil {
+ "</RequestedSecurityToken>"
+ "</RequestSecurityTokenResponse>"
+ "</RequestSecurityTokenResponseCollection>";
-
- public static final String SAMPLE_RSTR_MSG =
+
+ public static final String SAMPLE_RSTR_MSG =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<RequestSecurityTokenResponse "
+ "xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\"> "
+ "<RequestedSecurityToken>"
+ "</RequestedSecurityToken>"
+ "</RequestSecurityTokenResponse>";
-
- public static final String SAMPLE_RSTR_2005_02_MSG =
+
+ public static final String SAMPLE_RSTR_2005_02_MSG =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<RequestSecurityTokenResponse "
+ "xmlns=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"> "
+ "<RequestedSecurityToken>"
+ "</RequestedSecurityToken>"
+ "</RequestSecurityTokenResponse>";
-
-
+
+
private static DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-
+
static {
factory.setNamespaceAware(true);
}
-
+
protected STSUtil() {
-
+
}
-
+
/**
* Convert an XML document as a String to a org.w3c.dom.Document.
*/
@@ -74,5 +74,5 @@ public class STSUtil {
return builder.parse(in);
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java b/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
index 62997e0..d63fdd8 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/common/SecurityTestUtil.java
@@ -24,11 +24,11 @@ import java.io.File;
* A utility class for security tests
*/
public final class SecurityTestUtil {
-
+
private SecurityTestUtil() {
// complete
}
-
+
public static void cleanup() {
String tmpDir = System.getProperty("java.io.tmpdir");
if (tmpDir != null) {
@@ -42,5 +42,5 @@ public final class SecurityTestUtil {
}
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
index bd69b14..b4b926f 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
@@ -56,18 +56,18 @@ import org.apache.wss4j.dom.message.WSSecEncryptedKey;
* authentication assertion.
*/
public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
-
+
public enum Statement {
AUTHN, ATTR, AUTHZ
};
-
+
public enum MultiValue {
MULTI_VALUE, MULTI_ATTR, ENC_VALUE
};
-
- public static final URI CLAIM_TYPE_LANGUAGE =
+
+ public static final URI CLAIM_TYPE_LANGUAGE =
URI.create("http://schemas.mycompany.com/claims/language");
-
+
protected String subjectName;
protected String subjectQualifier;
protected String confirmationMethod;
@@ -93,60 +93,60 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
protected String customClaimName = CLAIM_TYPE_LANGUAGE.toString();
protected String attributeNameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
protected boolean useNameFormatAsNamespace;
-
+
public void setSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationData) {
this.subjectConfirmationData = subjectConfirmationData;
}
-
+
public void setConditions(ConditionsBean conditionsBean) {
this.conditions = conditionsBean;
}
-
+
public void setConfirmationMethod(String confMethod) {
confirmationMethod = confMethod;
}
-
+
public void setStatement(Statement statement) {
this.statement = statement;
}
-
+
public void setCertIdentifier(CERT_IDENTIFIER certIdentifier) {
this.certIdentifier = certIdentifier;
}
-
+
public void setCerts(X509Certificate[] certs) {
this.certs = certs;
}
-
+
public byte[] getEphemeralKey() {
return ephemeralKey;
}
-
+
public void setIssuer(String issuer) {
this.issuer = issuer;
}
-
+
public void setSubjectNameIDFormat(String subjectNameIDFormat) {
this.subjectNameIDFormat = subjectNameIDFormat;
}
-
+
public void setSubjectName(String subjectName) {
this.subjectName = subjectName;
}
-
+
public void setSubjectLocality(String ipAddress, String dnsAddress) {
this.subjectLocalityIpAddress = ipAddress;
this.subjectLocalityDnsAddress = dnsAddress;
}
-
+
public void setResource(String resource) {
this.resource = resource;
}
-
+
public void setCustomAttributeValues(List<?> customAttributeValues) {
this.customAttributeValues = customAttributeValues;
}
-
+
public void setRoles(List<String> roles) {
this.roles = roles;
}
@@ -158,19 +158,19 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
public void setMultiValueType(MultiValue multiValueType) {
this.multiValueType = multiValueType;
}
-
+
public void setRoleAttributeName(String roleAttributeName) {
this.roleAttributeName = roleAttributeName;
}
-
+
public String getRoleAttributeName() {
return this.roleAttributeName;
}
-
+
public void setCountryClaimName(String countryClaimName) {
this.countryClaimName = countryClaimName;
}
-
+
public String getCountryClaimName() {
return this.countryClaimName;
}
@@ -178,7 +178,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
public void setCustomClaimName(String customClaimName) {
this.customClaimName = customClaimName;
}
-
+
public String getCustomClaimName() {
return this.customClaimName;
}
@@ -186,11 +186,11 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
public void setAttributeNameFormat(String attributeNameFormat) {
this.attributeNameFormat = attributeNameFormat;
}
-
+
public String getAttributeNameFormat() {
return this.attributeNameFormat;
}
-
+
public boolean isUseNameFormatAsNamespace() {
return useNameFormatAsNamespace;
}
@@ -218,13 +218,13 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
authBean.setAuthenticationMethod("Password");
callback.setAuthenticationStatementData(Collections.singletonList(authBean));
}
-
+
if (statement == Statement.ATTR) {
AttributeStatementBean attrStateBean = new AttributeStatementBean();
if (subjectBean != null) {
attrStateBean.setSubject(subjectBean);
}
-
+
if (this.roles == null) {
AttributeBean attributeBean = new AttributeBean();
if (subjectBean != null) {
@@ -238,9 +238,9 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
callback.setAttributeStatementData(Collections.singletonList(attrStateBean));
return;
}
-
+
List<AttributeBean> attributeList = new ArrayList<>();
-
+
if (this.multiValueType.equals(MultiValue.MULTI_VALUE)
|| this.multiValueType.equals(MultiValue.ENC_VALUE)) {
// <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
@@ -248,7 +248,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
// <saml:AttributeValue>Value1</saml:AttributeValue>
// <saml:AttributeValue>Value2</saml:AttributeValue>
// </saml:Attribute>
-// or
+// or
// <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
// AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="roles">
// <saml:AttributeValue>Value1,Value2</saml:AttributeValue>
@@ -293,7 +293,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
// AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="roles">
// <saml:AttributeValue>Value2</saml:AttributeValue>
// </saml:Attribute>
-
+
//List<AttributeBean> attrBeans = new ArrayList<>();
for (String role: roles) {
AttributeBean attributeBean = new AttributeBean();
@@ -318,7 +318,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
attributeList.add(attributeBean);
}
}
-
+
//ClaimTypes.COUNTRY
AttributeBean attributeBean = new AttributeBean();
if (subjectBean != null) {
@@ -326,7 +326,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
attributeBean.setSimpleName(getNameOfClaimType(this.countryClaimName));
//QualifiedName maps to AttributeNamespace in SAML1ComponentBuilder.createSamlv1Attribute()
attributeBean.setQualifiedName(getNamespaceOfClaimType(this.countryClaimName));
-
+
} else {
//SAML 2.0
attributeBean.setQualifiedName(this.countryClaimName);
@@ -334,7 +334,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
}
attributeBean.addAttributeValue("CH");
attributeList.add(attributeBean);
-
+
//custom claim language
AttributeBean attributeBean2 = new AttributeBean();
if (subjectBean != null) {
@@ -362,10 +362,10 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
attributeBean2.addAttributeValue("CH");
}
attributeList.add(attributeBean2);
-
+
attrStateBean.setSamlAttributes(attributeList);
callback.setAttributeStatementData(Collections.singletonList(attrStateBean));
-
+
} else if (statement == Statement.AUTHZ) {
AuthDecisionStatementBean authzBean = new AuthDecisionStatementBean();
if (subjectBean != null) {
@@ -380,7 +380,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
callback.setAuthDecisionStatementData(Collections.singletonList(authzBean));
}
}
-
+
protected KeyInfoBean createKeyInfo() throws Exception {
KeyInfoBean keyInfo = new KeyInfoBean();
if (alsoAddAuthnStatement || statement == Statement.AUTHN) {
@@ -388,12 +388,12 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
keyInfo.setCertIdentifer(certIdentifier);
} else if (statement == Statement.ATTR) {
// Build a new Document
- DocumentBuilderFactory docBuilderFactory =
+ DocumentBuilderFactory docBuilderFactory =
DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
-
+
// Create an Encrypted Key
WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
@@ -401,9 +401,9 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
encrKey.prepare(doc, null);
ephemeralKey = encrKey.getEphemeralKey();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
-
+
// Append the EncryptedKey to a KeyInfo element
- Element keyInfoElement =
+ Element keyInfoElement =
doc.createElementNS(
WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
);
@@ -411,22 +411,22 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
);
keyInfoElement.appendChild(encryptedKeyElement);
-
+
keyInfo.setElement(keyInfoElement);
}
return keyInfo;
}
-
+
protected String getNamespaceOfClaimType(String claimType) {
int i = claimType.lastIndexOf("/");
return claimType.substring(0, i);
}
-
+
protected String getNameOfClaimType(String claimType) {
int i = claimType.lastIndexOf("/");
return claimType.substring(i + 1);
}
-
+
public boolean isAlsoAddAuthnStatement() {
return alsoAddAuthnStatement;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java
index 880c94d..d80fdee 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java
@@ -30,20 +30,20 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.wss4j.common.ext.WSPasswordCallback;
/**
- * A Callback Handler implementation for the case of finding a password to access a
+ * A Callback Handler implementation for the case of finding a password to access a
* cert/private key in a keystore.
*/
public class KeystoreCallbackHandler implements CallbackHandler {
-
+
private Map<String, String> users = new HashMap<>();
-
+
public KeystoreCallbackHandler() {
users.put("mystskey", "stskpass");
users.put("myclientkey", "ckpass");
users.put("realma", "realma");
users.put("realmb", "realmb");
}
-
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
index 10fb4ce..73fdb36 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
@@ -36,7 +36,7 @@ import org.apache.wss4j.common.saml.builder.SAML2Constants;
* authentication assertion using Sender Vouches.
*/
public class SAML1CallbackHandler extends AbstractSAMLCallbackHandler {
-
+
public SAML1CallbackHandler() throws Exception {
// Required for Holder-Of-Key. Commented out.
/*
@@ -47,12 +47,12 @@ public class SAML1CallbackHandler extends AbstractSAMLCallbackHandler {
certs = crypto.getX509Certificates(cryptoType);
}
*/
-
+
subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com";
subjectQualifier = "www.example.com";
confirmationMethod = SAML2Constants.CONF_BEARER;
}
-
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
@@ -63,8 +63,8 @@ public class SAML1CallbackHandler extends AbstractSAMLCallbackHandler {
if (conditions != null) {
callback.setConditions(conditions);
}
-
- SubjectBean subjectBean =
+
+ SubjectBean subjectBean =
new SubjectBean(
subjectName, subjectQualifier, confirmationMethod
);
@@ -85,6 +85,6 @@ public class SAML1CallbackHandler extends AbstractSAMLCallbackHandler {
}
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
index 754d430..b590cec 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
@@ -35,7 +35,7 @@ import org.apache.wss4j.common.saml.builder.SAML2Constants;
* authentication assertion using Bearer.
*/
public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler {
-
+
public SAML2CallbackHandler() throws Exception {
// Required for Holder-Of-Key. Commented out.
/*
@@ -46,12 +46,12 @@ public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler {
certs = crypto.getX509Certificates(cryptoType);
}
*/
-
+
subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com";
subjectQualifier = "www.example.com";
confirmationMethod = SAML2Constants.CONF_BEARER;
}
-
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
@@ -62,8 +62,8 @@ public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler {
if (conditions != null) {
callback.setConditions(conditions);
}
-
- SubjectBean subjectBean =
+
+ SubjectBean subjectBean =
new SubjectBean(
subjectName, subjectQualifier, confirmationMethod
);
@@ -86,5 +86,5 @@ public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler {
}
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
index 1699691..58267c8 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/CallbackHandlerTest.java
@@ -68,19 +68,19 @@ public class CallbackHandlerTest {
private static final String KEYSTORE_PASSWORD = "passw0rd1";
private static final String KEYSTORE_RESOURCE_PATH = "org.apache.fediz.kestore1";
private static final String AUDIENCE_URI = "http://host_one:port/url";
-
+
private static final String ROLE_DELIMITER = ";";
private static final String ROLE_URI = "http://someserver:8080/path/roles.uri";
private static final String CLAIM_TYPE = "a particular claim type";
private static final String SUBJECT_VALUE = ".*CN=www.sts1.com.*";
private static final String TEST_SIGNIN_QUERY = "pubid=myid";
-
-
+
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private FedizConfig createConfiguration(boolean federation) throws JAXBException {
FedizConfig rootConfig = new FedizConfig();
@@ -91,16 +91,16 @@ public class CallbackHandlerTest {
config.setMaximumClockSkew(new BigInteger(CLOCK_SKEW));
CertificateStores certStores = new CertificateStores();
-
- TrustManagersType tm0 = new TrustManagersType();
+
+ TrustManagersType tm0 = new TrustManagersType();
KeyStoreType ks0 = new KeyStoreType();
ks0.setType("JKS");
ks0.setPassword(KEYSTORE_PASSWORD);
ks0.setResource(KEYSTORE_RESOURCE_PATH);
tm0.setKeyStore(ks0);
- certStores.getTrustManager().add(tm0);
+ certStores.getTrustManager().add(tm0);
config.setCertificateStores(certStores);
-
+
TrustedIssuers trustedIssuers = new TrustedIssuers();
TrustedIssuerType ti0 = new TrustedIssuerType();
ti0.setCertificateValidation(ValidationType.CHAIN_TRUST);
@@ -108,24 +108,24 @@ public class CallbackHandlerTest {
ti0.setSubject(SUBJECT_VALUE);
trustedIssuers.getIssuer().add(ti0);
config.setTrustedIssuers(trustedIssuers);
-
+
AudienceUris audienceUris = new AudienceUris();
audienceUris.getAudienceItem().add(AUDIENCE_URI);
config.setAudienceUris(audienceUris);
ProtocolType protocol = null;
-
+
if (federation) {
protocol = new FederationProtocolType();
-
+
CallbackType freshness = new CallbackType();
freshness.setValue(FRESHNESS_VALUE);
((FederationProtocolType)protocol).setFreshness(freshness);
-
+
CallbackType realm = new CallbackType();
realm.setValue(TARGET_REALM);
protocol.setRealm(freshness);
-
+
CallbackType reply = new CallbackType();
reply.setValue(REPLY);
((FederationProtocolType)protocol).setReply(reply);
@@ -134,7 +134,7 @@ public class CallbackHandlerTest {
protocol = new SamlProtocolType();
}
config.setProtocol(protocol);
-
+
protocol.setRoleDelimiter(ROLE_DELIMITER);
protocol.setRoleURI(ROLE_URI);
@@ -144,106 +144,106 @@ public class CallbackHandlerTest {
claimType.setType(CLAIM_TYPE);
claimTypeReq.getClaimType().add(claimType);
protocol.setClaimTypesRequested(claimTypeReq);
-
+
return rootConfig;
}
-
+
private FedizConfig createConfigWithoutCB(boolean federation) throws JAXBException {
-
+
FedizConfig config = createConfiguration(federation);
ProtocolType protocol = config.getContextConfig().get(0).getProtocol();
-
+
CallbackType issuer = new CallbackType();
issuer.setType(ArgumentType.STRING);
issuer.setValue(TestCallbackHandler.TEST_IDP);
protocol.setIssuer(issuer);
-
+
if (protocol instanceof FederationProtocolType) {
CallbackType homeRealm = new CallbackType();
homeRealm.setType(ArgumentType.STRING);
homeRealm.setValue(TestCallbackHandler.TEST_HOME_REALM);
((FederationProtocolType)protocol).setHomeRealm(homeRealm);
-
+
CallbackType authType = new CallbackType();
authType.setType(ArgumentType.STRING);
authType.setValue(TestCallbackHandler.TEST_WAUTH);
((FederationProtocolType)protocol).setAuthenticationType(authType);
-
+
CallbackType tokenRequest = new CallbackType();
tokenRequest.setType(ArgumentType.STRING);
tokenRequest.setValue(TestCallbackHandler.TEST_WREQ);
((FederationProtocolType)protocol).setRequest(tokenRequest);
-
+
CallbackType signInQueryType = new CallbackType();
signInQueryType.setType(ArgumentType.STRING);
signInQueryType.setValue(TEST_SIGNIN_QUERY);
((FederationProtocolType)protocol).setSignInQuery(signInQueryType);
}
-
+
return config;
}
-
+
private FedizConfig createConfigCB(boolean federation) throws JAXBException {
-
+
FedizConfig config = createConfiguration(federation);
ProtocolType protocol = config.getContextConfig().get(0).getProtocol();
-
+
CallbackType realmType = new CallbackType();
realmType.setType(ArgumentType.CLASS);
realmType.setValue(CALLBACKHANDLER_CLASS);
protocol.setRealm(realmType);
-
+
CallbackType issuer = new CallbackType();
issuer.setType(ArgumentType.CLASS);
issuer.setValue(CALLBACKHANDLER_CLASS);
protocol.setIssuer(issuer);
-
+
if (protocol instanceof FederationProtocolType) {
CallbackType homeRealm = new CallbackType();
homeRealm.setType(ArgumentType.CLASS);
homeRealm.setValue(CALLBACKHANDLER_CLASS);
((FederationProtocolType)protocol).setHomeRealm(homeRealm);
-
+
CallbackType authType = new CallbackType();
authType.setType(ArgumentType.CLASS);
authType.setValue(CALLBACKHANDLER_CLASS);
((FederationProtocolType)protocol).setAuthenticationType(authType);
-
+
CallbackType tokenRequest = new CallbackType();
tokenRequest.setType(ArgumentType.CLASS);
tokenRequest.setValue(CALLBACKHANDLER_CLASS);
((FederationProtocolType)protocol).setRequest(tokenRequest);
-
+
CallbackType signInQueryType = new CallbackType();
signInQueryType.setType(ArgumentType.CLASS);
signInQueryType.setValue(CALLBACKHANDLER_CLASS);
((FederationProtocolType)protocol).setSignInQuery(signInQueryType);
-
+
CallbackType replyType = new CallbackType();
replyType.setType(ArgumentType.CLASS);
replyType.setValue(CALLBACKHANDLER_CLASS);
((FederationProtocolType)protocol).setReply(replyType);
}
-
+
return config;
}
-
+
@org.junit.Test
public void testParamsWithCallbackHandlerFederation() throws Exception {
-
+
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
FedizConfig configOut = createConfigCB(true);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
-
+
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
-
+
FedizContext ctx = configurator.getFedizContext(CONFIG_NAME);
-
+
FederationProtocol fp = (FederationProtocol)ctx.getProtocol();
-
+
Object issuerObj = fp.getIssuer();
Assert.assertTrue(issuerObj instanceof CallbackHandler);
CallbackHandler issuerCB = (CallbackHandler)issuerObj;
@@ -251,7 +251,7 @@ public class CallbackHandlerTest {
issuerCB.handle(new Callback[] {callbackIDP});
String issuerURL = callbackIDP.getIssuerUrl().toString();
Assert.assertEquals(TestCallbackHandler.TEST_IDP, issuerURL);
-
+
Object wAuthObj = fp.getAuthenticationType();
Assert.assertTrue(wAuthObj instanceof CallbackHandler);
CallbackHandler wauthCB = (CallbackHandler)wAuthObj;
@@ -259,7 +259,7 @@ public class CallbackHandlerTest {
wauthCB.handle(new Callback[] {callbackWA});
String wAuth = callbackWA.getWauth();
Assert.assertEquals(TestCallbackHandler.TEST_WAUTH, wAuth);
-
+
Object wReqObj = fp.getRequest();
Assert.assertTrue(wReqObj instanceof CallbackHandler);
CallbackHandler wreqCB = (CallbackHandler)wReqObj;
@@ -267,7 +267,7 @@ public class CallbackHandlerTest {
wreqCB.handle(new Callback[] {callbackReq});
String wReq = callbackReq.getWreq();
Assert.assertEquals(TestCallbackHandler.TEST_WREQ, wReq);
-
+
Object homeRealmObj = fp.getHomeRealm();
Assert.assertTrue(homeRealmObj instanceof CallbackHandler);
CallbackHandler hrCB = (CallbackHandler)homeRealmObj;
@@ -275,7 +275,7 @@ public class CallbackHandlerTest {
hrCB.handle(new Callback[] {callbackHR});
String hr = callbackHR.getHomeRealm();
Assert.assertEquals(TestCallbackHandler.TEST_HOME_REALM, hr);
-
+
Object wtRealmObj = fp.getRealm();
Assert.assertTrue(wtRealmObj instanceof CallbackHandler);
CallbackHandler wtrCB = (CallbackHandler)wtRealmObj;
@@ -283,7 +283,7 @@ public class CallbackHandlerTest {
wtrCB.handle(new Callback[]{callbackWTR});
String wtr = callbackWTR.getRealm();
Assert.assertEquals(TestCallbackHandler.TEST_WTREALM, wtr);
-
+
Object signInQueryObj = fp.getSignInQuery();
Assert.assertTrue(signInQueryObj instanceof CallbackHandler);
CallbackHandler siqCB = (CallbackHandler)signInQueryObj;
@@ -293,7 +293,7 @@ public class CallbackHandlerTest {
Assert.assertEquals(2, signinQueryMap.size());
Assert.assertEquals("myid", signinQueryMap.get("pubid"));
Assert.assertEquals("<=>", signinQueryMap.get("testenc"));
-
+
Object replyObj = fp.getReply();
Assert.assertTrue(replyObj instanceof CallbackHandler);
CallbackHandler replyCB = (CallbackHandler)replyObj;
@@ -301,25 +301,25 @@ public class CallbackHandlerTest {
replyCB.handle(new Callback[] {callbackReply});
String reply = callbackReply.getReply();
Assert.assertEquals(TestCallbackHandler.TEST_REPLY, reply);
-
+
}
-
+
@org.junit.Test
public void testParamsWithCallbackHandlerSAML() throws Exception {
-
+
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
FedizConfig configOut = createConfigCB(false);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
-
+
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
-
+
FedizContext ctx = configurator.getFedizContext(CONFIG_NAME);
-
+
SAMLProtocol protocol = (SAMLProtocol)ctx.getProtocol();
-
+
Object issuerObj = protocol.getIssuer();
Assert.assertTrue(issuerObj instanceof CallbackHandler);
CallbackHandler issuerCB = (CallbackHandler)issuerObj;
@@ -328,70 +328,70 @@ public class CallbackHandlerTest {
String issuerURL = callbackIDP.getIssuerUrl().toString();
Assert.assertEquals(TestCallbackHandler.TEST_IDP, issuerURL);
}
-
+
@org.junit.Test
public void testParamsWithoutCallbackHandlerFederation() throws Exception {
-
+
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
FedizConfig configOut = createConfigWithoutCB(true);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
-
+
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
-
+
FedizContext ctx = configurator.getFedizContext(CONFIG_NAME);
-
+
FederationProtocol fp = (FederationProtocol)ctx.getProtocol();
-
+
Object issuerObj = fp.getIssuer();
Assert.assertTrue(issuerObj instanceof String);
String issuerURL = (String)issuerObj;
Assert.assertEquals(TestCallbackHandler.TEST_IDP, issuerURL);
-
+
Object wAuthObj = fp.getAuthenticationType();
Assert.assertTrue(wAuthObj instanceof String);
String wAuth = (String)wAuthObj;
Assert.assertEquals(TestCallbackHandler.TEST_WAUTH, wAuth);
-
+
Object wReqObj = fp.getRequest();
Assert.assertTrue(wReqObj instanceof String);
String wReq = (String)wReqObj;
Assert.assertEquals(TestCallbackHandler.TEST_WREQ, wReq);
-
+
Object homeRealmObj = fp.getHomeRealm();
Assert.assertTrue(homeRealmObj instanceof String);
String hr = (String)homeRealmObj;
Assert.assertEquals(TestCallbackHandler.TEST_HOME_REALM, hr);
-
+
Object signInQueryObj = fp.getSignInQuery();
Assert.assertTrue(signInQueryObj instanceof String);
String signInQuery = (String)signInQueryObj;
Assert.assertEquals(TestCallbackHandler.TEST_SIGNIN_QUERY, signInQuery);
}
-
+
@org.junit.Test
public void testParamsWithoutCallbackHandlerSAML() throws Exception {
-
+
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
FedizConfig configOut = createConfigWithoutCB(false);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
-
+
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
-
+
FedizContext ctx = configurator.getFedizContext(CONFIG_NAME);
-
+
Protocol protocol = ctx.getProtocol();
-
+
Object issuerObj = protocol.getIssuer();
Assert.assertTrue(issuerObj instanceof String);
String issuerURL = (String)issuerObj;
Assert.assertEquals(TestCallbackHandler.TEST_IDP, issuerURL);
}
-
-
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
index 7d05960..9b25e26 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
@@ -83,10 +83,10 @@ public class FedizConfigurationTest {
private static final String SUBJECT_VALUE_1 = ".*CN=www.sts1.com.*";
private static final String SUBJECT_VALUE_2 = ".*CN=www.sts2.com.*";
private static final String SUBJECT_VALUE_3 = ".*CN=www.sts3.com.*";
-
+
private static final String CONFIG_FILE = "./target/fedizconfig.xml";
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
@@ -103,68 +103,68 @@ public class FedizConfigurationTest {
config.setMaximumClockSkew(new BigInteger(CLOCK_SKEW));
CertificateStores certStores = new CertificateStores();
-
- TrustManagersType tm0 = new TrustManagersType();
+
+ TrustManagersType tm0 = new TrustManagersType();
KeyStoreType ks0 = new KeyStoreType();
ks0.setType("JKS");
ks0.setPassword(KEYSTORE_PASSWORD_1);
ks0.setResource(KEYSTORE_RESOURCE_PATH_1);
tm0.setKeyStore(ks0);
-
+
certStores.getTrustManager().add(tm0);
-
+
TrustManagersType tm1 = new TrustManagersType();
KeyStoreType ks1 = new KeyStoreType();
ks1.setType("JKS");
ks1.setPassword(KEYSTORE_PASSWORD_2);
ks1.setResource(KEYSTORE_RESOURCE_PATH_2);
tm1.setKeyStore(ks1);
-
+
certStores.getTrustManager().add(tm1);
-
+
TrustManagersType tm2 = new TrustManagersType();
KeyStoreType ks2 = new KeyStoreType();
ks2.setType("JKS");
ks2.setPassword(KEYSTORE_PASSWORD_3);
ks2.setResource(KEYSTORE_RESOURCE_PATH_3);
tm2.setKeyStore(ks2);
-
+
certStores.getTrustManager().add(tm2);
-
+
config.setCertificateStores(certStores);
-
+
TrustedIssuers trustedIssuers = new TrustedIssuers();
-
+
TrustedIssuerType ti0 = new TrustedIssuerType();
ti0.setCertificateValidation(ValidationType.CHAIN_TRUST);
ti0.setName("issuer1");
ti0.setSubject(SUBJECT_VALUE_1);
trustedIssuers.getIssuer().add(ti0);
-
+
TrustedIssuerType ti1 = new TrustedIssuerType();
ti1.setCertificateValidation(ValidationType.CHAIN_TRUST);
ti1.setName("issuer1");
ti1.setSubject(SUBJECT_VALUE_2);
trustedIssuers.getIssuer().add(ti1);
-
+
TrustedIssuerType ti2 = new TrustedIssuerType();
ti2.setCertificateValidation(ValidationType.CHAIN_TRUST);
ti2.setName("issuer1");
ti2.setSubject(SUBJECT_VALUE_3);
trustedIssuers.getIssuer().add(ti2);
-
+
config.setTrustedIssuers(trustedIssuers);
-
+
ProtocolType protocol = null;
-
+
if (federation) {
protocol = new FederationProtocolType();
-
+
CallbackType authType = new CallbackType();
authType.setType(ArgumentType.STRING);
authType.setValue(AUTH_TYPE_VALUE);
((FederationProtocolType)protocol).setAuthenticationType(authType);
-
+
CallbackType freshness = new CallbackType();
freshness.setValue(FRESHNESS_VALUE);
((FederationProtocolType)protocol).setFreshness(freshness);
@@ -173,7 +173,7 @@ public class FedizConfigurationTest {
homeRealm.setType(ArgumentType.CLASS);
homeRealm.setValue(HOME_REALM_CLASS);
((FederationProtocolType)protocol).setHomeRealm(homeRealm);
-
+
CallbackType reply = new CallbackType();
reply.setValue(REPLY);
((FederationProtocolType)protocol).setReply(reply);
@@ -182,7 +182,7 @@ public class FedizConfigurationTest {
protocol = new SamlProtocolType();
}
config.setProtocol(protocol);
-
+
AudienceUris audienceUris = new AudienceUris();
audienceUris.getAudienceItem().add(AUDIENCE_URI_1);
audienceUris.getAudienceItem().add(AUDIENCE_URI_2);
@@ -208,7 +208,7 @@ public class FedizConfigurationTest {
CallbackType realm = new CallbackType();
realm.setValue(TARGET_REALM);
protocol.setRealm(realm);
-
+
CallbackType issuer = new CallbackType();
issuer.setValue(ISSUER);
protocol.setIssuer(issuer);
@@ -226,11 +226,11 @@ public class FedizConfigurationTest {
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
-
+
StringReader reader = new StringReader(writer.toString());
jaxbContext.createUnmarshaller().unmarshal(reader);
}
-
+
@org.junit.Test
public void readWriteConfigSAML() throws JAXBException {
@@ -240,7 +240,7 @@ public class FedizConfigurationTest {
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
-
+
StringReader reader = new StringReader(writer.toString());
jaxbContext.createUnmarshaller().unmarshal(reader);
}
@@ -254,7 +254,7 @@ public class FedizConfigurationTest {
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
-
+
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
@@ -262,12 +262,12 @@ public class FedizConfigurationTest {
f.createNewFile();
configurator.saveConfiguration(f);
-
+
configurator = new FedizConfigurator();
f = new File(CONFIG_FILE);
configurator.loadConfig(f);
}
-
+
@org.junit.Test
public void testSaveAndLoadConfigSAML() throws JAXBException, IOException {
final JAXBContext jaxbContext = JAXBContext
@@ -277,7 +277,7 @@ public class FedizConfigurationTest {
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
-
+
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
@@ -285,7 +285,7 @@ public class FedizConfigurationTest {
f.createNewFile();
configurator.saveConfiguration(f);
-
+
configurator = new FedizConfigurator();
f = new File(CONFIG_FILE);
configurator.loadConfig(f);
@@ -315,7 +315,7 @@ public class FedizConfigurationTest {
Assert.assertEquals(HOME_REALM_CLASS, fp.getHomeRealm().getValue());
}
-
+
@org.junit.Test
public void verifyConfigSAML() throws JAXBException {
@@ -336,74 +336,74 @@ public class FedizConfigurationTest {
Assert.assertTrue(config.getProtocol() instanceof SamlProtocolType);
}
-
+
@org.junit.Test
public void testTokenReplayCacheFederation() throws JAXBException, IOException {
FedizConfig config = createConfiguration(true);
-
+
// Test the default TokenReplayCache
ReplayCache defaultReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(defaultReplayCache);
Assert.assertTrue(defaultReplayCache instanceof EHCacheReplayCache);
-
+
// Now test setting another TokenReplayCache
ContextConfig contextConfig = config.getContextConfig().get(0);
contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.MemoryReplayCache");
-
+
ReplayCache newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
Assert.assertTrue(newReplayCache instanceof MemoryReplayCache);
-
+
// Now test setting another TokenReplayCache
contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.EHCacheReplayCache");
-
+
newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
Assert.assertTrue(newReplayCache instanceof EHCacheReplayCache);
}
-
+
@org.junit.Test
public void testTokenReplayCacheSAML() throws JAXBException, IOException {
FedizConfig config = createConfiguration(false);
-
+
// Test the default TokenReplayCache
ReplayCache defaultReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(defaultReplayCache);
Assert.assertTrue(defaultReplayCache instanceof EHCacheReplayCache);
-
+
// Now test setting another TokenReplayCache
ContextConfig contextConfig = config.getContextConfig().get(0);
contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.MemoryReplayCache");
-
+
ReplayCache newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
Assert.assertTrue(newReplayCache instanceof MemoryReplayCache);
-
+
// Now test setting another TokenReplayCache
contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.EHCacheReplayCache");
-
+
newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
Assert.assertTrue(newReplayCache instanceof EHCacheReplayCache);
}
-
- private ReplayCache parseConfigAndReturnTokenReplayCache(FedizConfig config)
+
+ private ReplayCache parseConfigAndReturnTokenReplayCache(FedizConfig config)
throws JAXBException {
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
-
+
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(config, writer);
StringReader reader = new StringReader(writer.toString());
-
+
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
FedizContext fedContext = configurator.getFedizContext(CONFIG_NAME);
Assert.assertNotNull(fedContext);
-
+
return fedContext.getTokenReplayCache();
}
-
+
@org.junit.Test
public void testDefaultValues() throws JAXBException, IOException {
ContextConfig config = new ContextConfig();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
index 4b60206..d4d4bf3 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
@@ -74,7 +74,7 @@ public class FedizConfigurationWriterTest {
private static final String KEYSTORE_PASSWORD = "storepass";
private static final String KEY_PASSWORD = "stskpass";
private static final String KEY_ALIAS = "mystskey";
-
+
private static final String AUDIENCE_URI_1 = "http://host_one:port/url";
private static final String AUTH_TYPE_VALUE = "some auth type";
@@ -83,14 +83,14 @@ public class FedizConfigurationWriterTest {
private static final String CLAIM_TYPE_2 = "another claim type";
private static final String CONFIG_FILE = "./target/fediz_test_config.xml";
-
- private static final String TEST_WREQ =
+
+ private static final String TEST_WREQ =
"<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ "<t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>"
+ "</RequestSecurityToken>";
-
-
-
+
+
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
@@ -109,17 +109,17 @@ public class FedizConfigurationWriterTest {
KeyManagersType sigManager = new KeyManagersType();
sigManager.setKeyPassword(KEY_PASSWORD);
sigManager.setKeyAlias(KEY_ALIAS);
-
+
KeyStoreType sigStore = new KeyStoreType();
sigStore.setType(JKS_TYPE);
sigStore.setPassword(KEYSTORE_PASSWORD);//integrity password
sigStore.setFile(KEYSTORE_FILE);
sigManager.setKeyStore(sigStore);
-
+
config.setSigningKey(sigManager);
-
+
TrustedIssuers trustedIssuers = new TrustedIssuers();
-
+
TrustedIssuerType trustedIssuer = new TrustedIssuerType();
trustedIssuer.setCertificateValidation(ValidationType.CHAIN_TRUST);
trustedIssuer.setName(TRUST_ISSUER_NAME);
@@ -129,7 +129,7 @@ public class FedizConfigurationWriterTest {
CertificateStores certStores = new CertificateStores();
TrustManagersType truststore = new TrustManagersType();
-
+
KeyStoreType ks1 = new KeyStoreType();
ks1.setType(JKS_TYPE);
ks1.setPassword(KEYSTORE_PASSWORD);
@@ -141,7 +141,7 @@ public class FedizConfigurationWriterTest {
CallbackType authType = new CallbackType();
authType.setType(ArgumentType.STRING);
authType.setValue(AUTH_TYPE_VALUE);
-
+
CallbackType tokenRequest = new CallbackType();
tokenRequest.setType(ArgumentType.STRING);
tokenRequest.setValue(TEST_WREQ);
@@ -149,15 +149,15 @@ public class FedizConfigurationWriterTest {
AudienceUris audienceUris = new AudienceUris();
audienceUris.getAudienceItem().add(AUDIENCE_URI_1);
config.setAudienceUris(audienceUris);
-
+
ProtocolType protocol = null;
-
+
if (federation) {
protocol = new FederationProtocolType();
-
+
((FederationProtocolType)protocol).setAuthenticationType(authType);
((FederationProtocolType)protocol).setRequest(tokenRequest);
-
+
CallbackType freshness = new CallbackType();
freshness.setValue(FRESHNESS_VALUE);
((FederationProtocolType)protocol).setFreshness(freshness);
@@ -166,7 +166,7 @@ public class FedizConfigurationWriterTest {
homeRealm.setType(ArgumentType.CLASS);
homeRealm.setValue(HOME_REALM_CLASS);
((FederationProtocolType)protocol).setHomeRealm(homeRealm);
-
+
CallbackType reply = new CallbackType();
reply.setValue(REPLY);
((FederationProtocolType)protocol).setReply(reply);
@@ -194,11 +194,11 @@ public class FedizConfigurationWriterTest {
CallbackType realm = new CallbackType();
realm.setValue(TARGET_REALM);
protocol.setRealm(realm);
-
+
CallbackType issuer = new CallbackType();
issuer.setValue(ISSUER);
protocol.setIssuer(issuer);
-
+
TokenValidators x = new TokenValidators();
x.getValidator().add("org.apache.cxf.fediz.CustomValidator");
x.getValidator().add("org.apache.cxf.fediz.core.NonexistentCustomValidator");
@@ -221,7 +221,7 @@ public class FedizConfigurationWriterTest {
StringReader reader = new StringReader(writer.toString());
jaxbContext.createUnmarshaller().unmarshal(reader);
}
-
+
@org.junit.Test
public void readWriteConfigSAML() throws JAXBException {
@@ -252,12 +252,12 @@ public class FedizConfigurationWriterTest {
f.createNewFile();
configurator.saveConfiguration(f);
-
+
configurator = new FedizConfigurator();
f = new File(CONFIG_FILE);
configurator.loadConfig(f);
}
-
+
@org.junit.Test
public void testSaveAndLoadConfigSAML() throws JAXBException, IOException {
final JAXBContext jaxbContext = JAXBContext
@@ -274,7 +274,7 @@ public class FedizConfigurationWriterTest {
f.createNewFile();
configurator.saveConfiguration(f);
-
+
configurator = new FedizConfigurator();
f = new File(CONFIG_FILE);
configurator.loadConfig(f);
@@ -285,7 +285,7 @@ public class FedizConfigurationWriterTest {
final JAXBContext jaxbContext = JAXBContext
.newInstance(FedizConfig.class);
-
+
/**
* Test JAXB part
*/
@@ -306,7 +306,7 @@ public class FedizConfigurationWriterTest {
Assert.assertEquals(HOME_REALM_CLASS, fp.getHomeRealm().getValue());
//Assert.assertEquals(config.getCertificateValidation(),ValidationType.CHAIN_TRUST);
-
+
/**
* Check Runtime configuration
*/
@@ -315,15 +315,15 @@ public class FedizConfigurationWriterTest {
Assert.assertTrue(protocol instanceof FederationProtocol);
FederationProtocol fedProtocol = (FederationProtocol) protocol;
Assert.assertEquals(TARGET_REALM, fedProtocol.getRealm());
-
+
Object auth = fedProtocol.getAuthenticationType();
Assert.assertTrue(auth instanceof String);
Assert.assertEquals((String)auth, AUTH_TYPE_VALUE);
-
+
Object wreq = fedProtocol.getRequest();
Assert.assertTrue(wreq instanceof String);
Assert.assertEquals((String)wreq, TEST_WREQ);
-
+
//Assert.assertEquals(ValidationMethod.CHAIN_TRUST, fedContext.getCertificateValidation());
List<String> audienceUris = fedContext.getAudienceUris();
Assert.assertEquals(1, audienceUris.size());
@@ -333,18 +333,18 @@ public class FedizConfigurationWriterTest {
Assert.assertEquals(TRUST_ISSUER_NAME, issuer.getName());
Assert.assertEquals(CertificateValidationMethod.CHAIN_TRUST, issuer.getCertificateValidationMethod());
Assert.assertEquals(TRUST_ISSUER_CERT_CONSTRAINT, issuer.getSubject());
-
+
List<TrustManager> trustManagers = fedContext.getCertificateStores();
Assert.assertEquals(1, trustManagers.size());
}
-
+
@org.junit.Test
public void verifyConfigSAML() throws JAXBException {
final JAXBContext jaxbContext = JAXBContext
.newInstance(FedizConfig.class);
-
+
/**
* Test JAXB part
*/
@@ -370,7 +370,7 @@ public class FedizConfigurationWriterTest {
Assert.assertTrue(protocol instanceof SAMLProtocol);
SAMLProtocol samlProtocol = (SAMLProtocol) protocol;
Assert.assertEquals(TARGET_REALM, samlProtocol.getRealm());
-
+
List<String> audienceUris = fedContext.getAudienceUris();
Assert.assertEquals(1, audienceUris.size());
List<TrustedIssuer> trustedIssuers = fedContext.getTrustedIssuers();
@@ -379,7 +379,7 @@ public class FedizConfigurationWriterTest {
Assert.assertEquals(TRUST_ISSUER_NAME, issuer.getName());
Assert.assertEquals(CertificateValidationMethod.CHAIN_TRUST, issuer.getCertificateValidationMethod());
Assert.assertEquals(TRUST_ISSUER_CERT_CONSTRAINT, issuer.getSubject());
-
+
List<TrustManager> trustManagers = fedContext.getCertificateStores();
Assert.assertEquals(1, trustManagers.size());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java
index 4302c32..a4af63c 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/TestCallbackHandler.java
@@ -44,11 +44,11 @@ public class TestCallbackHandler implements CallbackHandler {
static final String TEST_WAUTH = "up";
static final String TEST_SIGNIN_QUERY = "pubid=myid";
static final String TEST_REPLY = "http://apache.org/reply";
- static final String TEST_WREQ =
+ static final String TEST_WREQ =
"<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ "<TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType>"
+ "</RequestSecurityToken>";
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof HomeRealmCallback) {
[15/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/AudienceRestrictionTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/AudienceRestrictionTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/AudienceRestrictionTest.java
index bf55170..0e80926 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/AudienceRestrictionTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/AudienceRestrictionTest.java
@@ -60,7 +60,7 @@ import org.junit.BeforeClass;
* Some tests for audience restriction
*/
public class AudienceRestrictionTest {
- public static final String SAMPLE_MULTIPLE_RSTR_COLL_MSG =
+ public static final String SAMPLE_MULTIPLE_RSTR_COLL_MSG =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<RequestSecurityTokenResponseCollection "
+ "xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\"> "
@@ -73,20 +73,20 @@ public class AudienceRestrictionTest {
+ "</RequestedSecurityToken>"
+ "</RequestSecurityTokenResponse>"
+ "</RequestSecurityTokenResponseCollection>";
-
+
static final String TEST_USER = "alice";
static final String TEST_RSTR_ISSUER = "FedizSTSIssuer";
static final String TEST_AUDIENCE = "https://localhost/fedizhelloworld";
static final String TEST_REQUEST_URL = "https://localhost/fedizhelloworld/";
static final String TEST_REQUEST_URI = "/fedizhelloworld";
-
+
private static final String CONFIG_FILE = "fediz_test_config_aud.xml";
-
+
private static Crypto crypto;
private static CallbackHandler cbPasswordHandler;
private static FedizConfigurator configurator;
-
-
+
+
@BeforeClass
public static void init() {
try {
@@ -99,12 +99,12 @@ public class AudienceRestrictionTest {
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -135,15 +135,15 @@ public class AudienceRestrictionTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("AUD1");
-
+
// Mock up the servet request/response
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
@@ -158,15 +158,15 @@ public class AudienceRestrictionTest {
EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
EasyMock.expect(req.getQueryString()).andReturn(null);
EasyMock.replay(req);
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
-
+
// Now validate the request
TestSigninHandler signinHandler = new TestSigninHandler(config);
Assert.assertNotNull(signinHandler.handleRequest(req, resp));
}
-
+
@org.junit.Test
public void validateAudienceThatIsRequiredAgainstMultipleAudiences() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -179,15 +179,15 @@ public class AudienceRestrictionTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("AUD2");
-
+
// Mock up the servet request/response
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
@@ -202,15 +202,15 @@ public class AudienceRestrictionTest {
EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
EasyMock.expect(req.getQueryString()).andReturn(null);
EasyMock.replay(req);
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
-
+
// Now validate the request
TestSigninHandler signinHandler = new TestSigninHandler(config);
Assert.assertNotNull(signinHandler.handleRequest(req, resp));
}
-
+
@org.junit.Test
public void validateBadAudienceThatIsRequired() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -223,15 +223,15 @@ public class AudienceRestrictionTest {
audienceRestriction.getAudienceURIs().add("https://localhost/badfedizhelloworld");
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("AUD1");
-
+
// Mock up the servet request/response
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
@@ -246,15 +246,15 @@ public class AudienceRestrictionTest {
EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
EasyMock.expect(req.getQueryString()).andReturn(null);
EasyMock.replay(req);
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
-
+
// Now validate the request
TestSigninHandler signinHandler = new TestSigninHandler(config);
Assert.assertNull(signinHandler.handleRequest(req, resp));
}
-
+
@org.junit.Test
public void validateNoAudienceThatIsRequired() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -264,15 +264,15 @@ public class AudienceRestrictionTest {
callbackHandler.setSubjectName(TEST_USER);
ConditionsBean cp = new ConditionsBean();
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("AUD1");
-
+
// Mock up the servet request/response
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
@@ -287,15 +287,15 @@ public class AudienceRestrictionTest {
EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
EasyMock.expect(req.getQueryString()).andReturn(null);
EasyMock.replay(req);
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
-
+
// Now validate the request
TestSigninHandler signinHandler = new TestSigninHandler(config);
Assert.assertNull(signinHandler.handleRequest(req, resp));
}
-
+
@org.junit.Test
public void validateNoAudienceThatIsNotRequired() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -305,15 +305,15 @@ public class AudienceRestrictionTest {
callbackHandler.setSubjectName(TEST_USER);
ConditionsBean cp = new ConditionsBean();
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("NOAUD");
-
+
// Mock up the servet request/response
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
@@ -328,15 +328,15 @@ public class AudienceRestrictionTest {
EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
EasyMock.expect(req.getQueryString()).andReturn(null);
EasyMock.replay(req);
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
-
+
// Now validate the request
TestSigninHandler signinHandler = new TestSigninHandler(config);
Assert.assertNotNull(signinHandler.handleRequest(req, resp));
}
-
+
@org.junit.Test
public void validateAudienceThatIsNotRequired() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -349,15 +349,15 @@ public class AudienceRestrictionTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("NOAUD");
-
+
// Mock up the servet request/response
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
@@ -372,20 +372,20 @@ public class AudienceRestrictionTest {
EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
EasyMock.expect(req.getQueryString()).andReturn(null);
EasyMock.replay(req);
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
-
+
// Now validate the request
TestSigninHandler signinHandler = new TestSigninHandler(config);
Assert.assertNull(signinHandler.handleRequest(req, resp));
}
-
+
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
return createSamlToken(assertion, alias, sign, STSUtil.SAMPLE_RSTR_COLL_MSG);
}
-
+
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
WSPasswordCallback[] cb = {
@@ -409,5 +409,5 @@ public class AudienceRestrictionTest {
e.appendChild(token);
return DOM2Writer.nodeToString(doc);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/CustomValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/CustomValidator.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/CustomValidator.java
index 30faea8..835f94e 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/CustomValidator.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/CustomValidator.java
@@ -40,7 +40,7 @@ public class CustomValidator implements TokenValidator {
@Override
public TokenValidatorResponse validateAndProcessToken(
- TokenValidatorRequest request,
+ TokenValidatorRequest request,
FedizContext config
) {
return new TokenValidatorResponse(null,
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
index 09842dd..886d991 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
@@ -47,29 +47,29 @@ public class FederationLogoutTest {
private static final String LOGOUT_URI = "/secure/logout";
private static final String REPLY_URL = "https://localhost/fedizhelloworld/secure/wreply.html";
private static final String BAD_REPLY_URL = "https://localhost/fedizhelloworld/secure/badreply.html";
-
+
private static final String CONFIG_FILE = "fediz_test_config_logout.xml";
-
+
private static FedizConfigurator configurator;
private static DocumentBuilderFactory docBuilderFactory;
-
+
static {
docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
}
-
-
+
+
@BeforeClass
public static void init() {
getFederationConfigurator();
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -87,11 +87,11 @@ public class FederationLogoutTest {
return null;
}
}
-
+
@org.junit.Test
public void testSignoutCustomURL() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(null);
@@ -99,23 +99,23 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCustomURLWithWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
@@ -123,23 +123,23 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=" + URLEncoder.encode(REPLY_URL, "UTF-8");
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCustomURLWithBadWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(BAD_REPLY_URL).anyTimes();
@@ -147,23 +147,23 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCustomURLWithNoConfiguredConstraint() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT2");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
@@ -171,23 +171,23 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutWithAbsoluteURL() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT4");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(null);
@@ -195,23 +195,23 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutAction() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT).anyTimes();
@@ -220,23 +220,23 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn("/secure");
EasyMock.expect(req.getContextPath()).andReturn("/secure");
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutActionWithWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT).anyTimes();
@@ -245,23 +245,23 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn("/secure");
EasyMock.expect(req.getContextPath()).andReturn("/secure");
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=" + URLEncoder.encode(REPLY_URL, "UTF-8");
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutActionWithBadWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT).anyTimes();
@@ -270,23 +270,23 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn("/secure");
EasyMock.expect(req.getContextPath()).andReturn("/secure");
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutActionWithNoConfiguredConstraint() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT2");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT).anyTimes();
@@ -295,34 +295,34 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn("/secure");
EasyMock.expect(req.getContextPath()).andReturn("/secure");
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCleanupWithWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
- HttpSession session = EasyMock.createMock(HttpSession.class);
+ HttpSession session = EasyMock.createMock(HttpSession.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT_CLEANUP).anyTimes();
EasyMock.expect(req.getSession()).andReturn(session);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirect = URLEncoder.encode(REPLY_URL, "UTF-8");
resp.sendRedirect(expectedRedirect);
@@ -330,22 +330,22 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCleanupWithBadWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
- HttpSession session = EasyMock.createMock(HttpSession.class);
+ HttpSession session = EasyMock.createMock(HttpSession.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT_CLEANUP).anyTimes();
EasyMock.expect(req.getSession()).andReturn(session);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(BAD_REPLY_URL).anyTimes();
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
resp.setContentType("image/jpeg");
ServletOutputStream outputStream = EasyMock.createMock(ServletOutputStream.class);
@@ -354,22 +354,22 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCleanupWithNoConfiguredConstraint() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT2");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
- HttpSession session = EasyMock.createMock(HttpSession.class);
+ HttpSession session = EasyMock.createMock(HttpSession.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT_CLEANUP).anyTimes();
EasyMock.expect(req.getSession()).andReturn(session);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
resp.setContentType("image/jpeg");
ServletOutputStream outputStream = EasyMock.createMock(ServletOutputStream.class);
@@ -378,11 +378,11 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCustomQueryParameter() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT3");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(null);
@@ -390,12 +390,12 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
+ String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html"
+ "&custom=param";
resp.sendRedirect(expectedRedirectToIdP);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
index 8ed7c05..bfcdc9a 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java
@@ -48,15 +48,15 @@ import static org.junit.Assert.fail;
public class FederationMetaDataTest {
private static final String CONFIG_FILE = "fediz_meta_test_config.xml";
- private static final String TEST_REQUEST_URL =
+ private static final String TEST_REQUEST_URL =
"https://localhost/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml";
private static final String CONTEXT_PATH = "/fedizhelloworld";
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private FedizContext loadConfig(String context) {
try {
@@ -71,7 +71,7 @@ public class FederationMetaDataTest {
return null;
}
}
-
+
@org.junit.Test
public void validateMetaDataWithAlias() throws ProcessingException, XMLSignatureException, XMLSecurityException {
@@ -81,18 +81,18 @@ public class FederationMetaDataTest {
FedizProcessor wfProc = new FederationProcessorImpl();
Document doc = wfProc.getMetaData(null, config);
Assert.assertNotNull(doc);
-
+
Node signatureNode = doc.getElementsByTagName("Signature").item(0);
Assert.assertNotNull(signatureNode);
-
+
doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
try {
DOMUtils.writeXml(doc, System.out);
} catch (TransformerException e) {
- fail("Exception not expected: " + e.getMessage());
+ fail("Exception not expected: " + e.getMessage());
}
-
+
// Validate the signature
XMLSignature signature = new XMLSignature((Element)signatureNode, "");
KeyInfo ki = signature.getKeyInfo();
@@ -112,7 +112,7 @@ public class FederationMetaDataTest {
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
Document doc = wfProc.getMetaData(req, config);
Assert.assertNull(doc);
@@ -121,7 +121,7 @@ public class FederationMetaDataTest {
//Expected as signing store contains more than one certificate
}
}
-
+
@org.junit.Test
public void validateMetaDataNoSigningKey() throws ProcessingException {
@@ -131,15 +131,15 @@ public class FederationMetaDataTest {
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(2);
EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH).times(2);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
Document doc = wfProc.getMetaData(req, config);
Assert.assertNotNull(doc);
-
+
try {
DOMUtils.writeXml(doc, System.out);
} catch (TransformerException e) {
- fail("Exception not expected: " + e.getMessage());
+ fail("Exception not expected: " + e.getMessage());
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java
index c5489d0..3f22e24 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationRequestTest.java
@@ -47,29 +47,29 @@ public class FederationRequestTest {
static final String TEST_REQUEST_URL = "https://localhost/fedizhelloworld/";
static final String TEST_REQUEST_URI = "/fedizhelloworld";
static final String TEST_IDP_ISSUER = "http://url_to_the_issuer";
-
+
private static final String CONFIG_FILE = "fediz_test_config.xml";
-
+
private static FedizConfigurator configurator;
private static DocumentBuilderFactory docBuilderFactory;
-
+
static {
docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
}
-
-
+
+
@BeforeClass
public static void init() {
getFederationConfigurator();
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -87,22 +87,22 @@ public class FederationRequestTest {
return null;
}
}
-
+
@org.junit.Test
public void createFederationSignInRequest() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2);
EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
EasyMock.expect(req.getQueryString()).andReturn(null);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
RedirectionResponse response = wfProc.createSignInRequest(req, config);
-
+
String redirectionURL = response.getRedirectionURL();
Assert.assertTrue(redirectionURL.startsWith(TEST_IDP_ISSUER));
Assert.assertTrue(redirectionURL.contains("wa=wsignin1.0"));
@@ -112,7 +112,7 @@ public class FederationRequestTest {
Assert.assertTrue(redirectionURL.contains("wtrealm=target+realm"));
Assert.assertTrue(redirectionURL.contains("wreply="));
}
-
+
@org.junit.Test
public void createFederationSignInRequestWithUrlDefinedHomeRealm() throws Exception {
// Mock up a Request
@@ -140,24 +140,24 @@ public class FederationRequestTest {
Assert.assertTrue(redirectionURL.contains("whr="
+ URLEncoder.encode("urn:org:apache:cxf:fediz:idp:realm-A", "UTF-8")));
}
-
+
@org.junit.Test
public void createFederationSignOutRequest() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(null);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2);
EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
RedirectionResponse response = wfProc.createSignOutRequest(req, null, config);
-
+
String redirectionURL = response.getRedirectionURL();
Assert.assertTrue(redirectionURL.startsWith(TEST_IDP_ISSUER));
Assert.assertTrue(redirectionURL.contains("wa=wsignout1.0"));
}
-
+
}
\ No newline at end of file
[11/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
index 846d522..9979789 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationIdentityService.java
@@ -36,7 +36,7 @@ import org.eclipse.jetty.util.log.Logger;
* This service handles only role reference maps passed in an
* associated {@link org.eclipse.jetty.server.UserIdentity.Scope}. If there are roles
* refs present, then associate will wrap the UserIdentity with one
- * that uses the role references in the
+ * that uses the role references in the
* {@link org.eclipse.jetty.server.UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
* implementation. All other operations are effectively noops.
*
@@ -48,8 +48,8 @@ public class FederationIdentityService implements IdentityService {
}
- /**
- * If there are roles refs present in the scope, then wrap the UserIdentity
+ /**
+ * If there are roles refs present in the scope, then wrap the UserIdentity
* with one that uses the role references in the
* {@link UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
*/
@@ -77,7 +77,7 @@ public class FederationIdentityService implements IdentityService {
public UserIdentity newUserIdentity(
final Subject subject, final Principal userPrincipal, final String[] roles) {
-
+
try {
FederationUserPrincipal fup = (FederationUserPrincipal)userPrincipal;
return new FederationUserIdentity(subject, userPrincipal, roles, fup.getFedizResponse());
@@ -85,8 +85,8 @@ public class FederationIdentityService implements IdentityService {
LOG.warn("Principal must be instance of FederationUserPrincipal");
throw new IllegalStateException("Principal must be instance of FederationUserPrincipal");
}
-
-
+
+
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
index d5daa5c..9dfc105 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
@@ -44,11 +44,11 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
protected IdentityService identityService = new FederationIdentityService();
protected String name;
-
+
public FederationLoginService() {
}
-
+
public FederationLoginService(String name) {
this.name = name;
}
@@ -62,7 +62,7 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
if (isRunning()) {
throw new IllegalStateException("Running");
}
-
+
this.name = name;
}
@@ -76,17 +76,17 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
* username will be null since the credentials will contain all the relevant info
*/
public UserIdentity login(String username, Object credentials, FedizContext config) {
-
+
try {
FedizResponse wfRes = null;
FedizRequest wfReq = (FedizRequest)credentials;
-
+
if (LOG.isDebugEnabled()) {
LOG.debug("Process SignIn request");
LOG.debug("token=\n" + wfReq.getResponseToken());
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(config.getProtocol());
try {
wfRes = wfProc.processRequest(wfReq, config);
@@ -96,7 +96,7 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
}
- // Validate the AudienceRestriction in Security Token (e.g. SAML)
+ // Validate the AudienceRestriction in Security Token (e.g. SAML)
// against the configured list of audienceURIs
if (wfRes.getAudience() != null) {
List<String> audienceURIs = config.getAudienceUris();
@@ -123,15 +123,15 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
roles = new ArrayList<>(roles);
roles.add("Authenticated");
}
-
+
FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(), wfRes);
Subject subject = new Subject();
subject.getPrincipals().add(user);
-
+
String[] aRoles = new String[roles.size()];
roles.toArray(aRoles);
-
+
return identityService.newUserIdentity(subject, user, aRoles);
} catch (Exception ex) {
@@ -161,8 +161,8 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
identityService = service;
}
- public void logout(UserIdentity user) {
-
+ public void logout(UserIdentity user) {
+
}
@Override
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
index 4c70ab4..23a978b 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserIdentity.java
@@ -31,7 +31,7 @@ import org.apache.cxf.fediz.core.processor.FedizResponse;
import org.eclipse.jetty.server.UserIdentity;
public class FederationUserIdentity implements UserIdentity {
-
+
private Subject subject;
private Principal principal;
private String[] roles;
@@ -60,7 +60,7 @@ public class FederationUserIdentity implements UserIdentity {
if (scope != null && scope.getRoleRefMap() != null) {
role = scope.getRoleRefMap().get(role);
}
-
+
if (this.roles != null) {
for (String r : this.roles) {
if (r.equals(role)) {
@@ -70,23 +70,23 @@ public class FederationUserIdentity implements UserIdentity {
}
return false;
}
-
+
public Date getExpiryDate() {
return fedResponse.getTokenExpires();
}
-
+
public String getIssuer() {
return fedResponse.getIssuer();
}
-
+
public String getAudience() {
return fedResponse.getAudience();
}
-
+
public String getId() {
return fedResponse.getUniqueTokenId();
}
-
+
public Element getToken() {
return fedResponse.getToken();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
index 549e5da..7122176 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
@@ -53,7 +53,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
public ClaimCollection getClaims() {
return claims;
}
-
+
// not public available
//[TODO] maybe find better approach, custom UserIdentity
FedizResponse getFedizResponse() {
@@ -64,7 +64,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
public Element getLoginToken() {
return response.getToken();
}
-
+
public List<String> getRoleClaims() {
return Collections.unmodifiableList(roles);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
index d5ce68c..9ce5603 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
@@ -72,22 +72,22 @@ import org.eclipse.jetty.util.log.Logger;
* by sending a WS-Federation SignIn request.
* </p>
* <p>
- * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
+ * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
* mechanism to authenticate the user.
* FederationAuthentication uses {@link SessionAuthentication} to wrap Authentication results so that they are
* associated with the session.
* </p>
*/
public class FederationAuthenticator extends LoginAuthenticator {
-
+
public static final String J_URI = "org.eclipse.jetty.security.form_URI";
public static final String J_POST = "org.eclipse.jetty.security.form_POST";
public static final String J_CONTEXT = "org.eclipse.jetty.security.form_CONTEXT";
private static final Logger LOG = Log.getLogger(FederationAuthenticator.class);
-
+
private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-
+
private String configFile;
private FedizConfigurator configurator;
private String encoding = "UTF-8";
@@ -97,7 +97,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
/**
- *
+ *
*/
@Override
public void setConfiguration(AuthConfiguration configuration) {
@@ -122,7 +122,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
//throw new ServerAuthException("Failed to load Fediz configuration",
// e);
}
-
+
}
/* ------------------------------------------------------------ */
@@ -137,7 +137,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
public void setConfigFile(String configFile) {
this.configFile = configFile;
}
-
+
public String getEncoding() {
return encoding;
}
@@ -145,22 +145,22 @@ public class FederationAuthenticator extends LoginAuthenticator {
public void setEncoding(String encoding) {
this.encoding = encoding;
}
-
+
/* ------------------------------------------------------------ */
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
throws ServerAuthException {
-
+
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
HttpSession session = request.getSession(true);
-
+
String contextName = request.getSession().getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
FedizContext fedConfig = getContextConfiguration(contextName);
-
+
// Check to see if it is a metadata request
MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedConfig);
if (mdHandler.canHandleRequest(request)) {
@@ -174,17 +174,17 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (!mandatory) {
return new DeferredAuthentication(this);
}
-
+
try {
req.setCharacterEncoding(this.encoding);
} catch (UnsupportedEncodingException ex) {
LOG.warn("Unsupported encoding '" + this.encoding + "'", ex);
}
-
+
try {
String action = request.getParameter(FederationConstants.PARAM_ACTION);
Authentication authentication = null;
-
+
// Handle a request for authentication.
if (isSignInRequest(request, fedConfig)) {
authentication = handleSignInRequest(request, response, session, fedConfig);
@@ -195,7 +195,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
authentication = Authentication.UNAUTHENTICATED;
}
-
+
if (authentication != null) {
return authentication;
}
@@ -211,28 +211,28 @@ public class FederationAuthenticator extends LoginAuthenticator {
LOG.debug("auth deferred {}", session.getId());
return Authentication.UNAUTHENTICATED;
}
-
+
// remember the current URI
synchronized (session) {
// But only if it is not set already, or we save every uri that leads to a login form redirect
- if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)
+ if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)
StringBuffer buf = request.getRequestURL();
if (request.getQueryString() != null) {
buf.append("?").append(request.getQueryString());
}
session.setAttribute(J_URI, buf.toString());
-
- if (MimeTypes.Type.FORM_ENCODED.asString().equals(req.getContentType())
+
+ if (MimeTypes.Type.FORM_ENCODED.asString().equals(req.getContentType())
&& HttpMethod.POST.asString().equals(request.getMethod())) {
- Request baseRequest = (Request)req;
+ Request baseRequest = (Request)req;
//(req instanceof Request)?(Request)req:HttpConnection.getCurrentConnection().getRequest();
- baseRequest.extractParameters();
+ baseRequest.extractParameters();
session.setAttribute(J_POST, new MultiMap<String>(baseRequest.getQueryParameters()));
}
}
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signInRedirectToIssuer(request, response, wfProc, session);
@@ -245,8 +245,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
* catch (ServletException e) { throw new ServerAuthException(e); }
*/
}
-
- private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
+
+ private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FedizContext fedConfig) throws IOException {
FedizResponse wfRes = null;
if (LOG.isDebugEnabled()) {
@@ -269,7 +269,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
wfReq.setState(request.getParameter("RelayState"));
wfReq.setRequest(request);
- X509Certificate[] certs =
+ X509Certificate[] certs =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
@@ -289,23 +289,23 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.UNAUTHENTICATED;
}
-
+
nuri = (String) session.getAttribute(J_URI);
if (nuri == null || nuri.length() == 0) {
nuri = request.getContextPath();
- if (nuri.length() == 0) {
+ if (nuri.length() == 0) {
nuri = URIUtil.SLASH;
}
}
Authentication cached = new SessionAuthentication(getAuthMethod(), user, wfRes);
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
}
-
+
FederationUserIdentity fui = (FederationUserIdentity)user;
session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());
-
- response.setContentLength(0);
+
+ response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL(nuri));
return new FederationAuthentication(getAuthMethod(), user);
@@ -321,7 +321,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
return Authentication.UNAUTHENTICATED;
}
}
-
+
private Authentication handleSignOutCleanup(HttpServletResponse response, HttpSession session) throws IOException {
if (LOG.isDebugEnabled()) {
LOG.debug("SignOutCleanup request found");
@@ -344,10 +344,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
responseOutputStream.flush();
return Authentication.SEND_SUCCESS;
}
-
- private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
+
+ private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FedizContext fedConfig) throws IOException {
- Authentication authentication =
+ Authentication authentication =
(Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
if (authentication != null) {
// Has authentication been revoked?
@@ -359,21 +359,21 @@ public class FederationAuthenticator extends LoginAuthenticator {
String action = request.getParameter(FederationConstants.PARAM_ACTION);
boolean logout = FederationConstants.ACTION_SIGNOUT.equals(action);
String logoutUrl = fedConfig.getLogoutURL();
-
+
String uri = request.getRequestURI();
if (uri == null) {
uri = URIUtil.SLASH;
}
-
+
String contextName = request.getSession().getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
-
+
if (logout || logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
session.invalidate();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signOutRedirectToIssuer(request, response, wfProc);
@@ -393,8 +393,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
// This is a retry of an original POST request
// so restore method and parameters
- session.removeAttribute(J_POST);
- Request baseRequest = (Request)request;
+ session.removeAttribute(J_POST);
+ Request baseRequest = (Request)request;
// (req instanceof Request)?(Request)
// req:HttpConnection.getCurrentConnection().getRequest();
baseRequest.setMethod(HttpMethod.POST.asString());
@@ -403,13 +403,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
} else if (jUri != null) {
session.removeAttribute(J_URI);
}
-
+
return authentication;
}
}
return null;
}
-
+
private boolean isTokenExpired(FedizContext fedConfig, UserIdentity userIdentity) {
if (fedConfig.isDetectExpiredTokens()) {
try {
@@ -419,13 +419,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
LOG.debug("Token doesn't expire");
return false;
}
-
+
Date currentTime = new Date();
if (!currentTime.after(tokenExpires)) {
return false;
} else {
LOG.warn("Token already expired. Clean up and redirect");
-
+
return true;
}
} catch (ClassCastException ex) {
@@ -433,7 +433,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
throw new IllegalStateException("UserIdentity must be instance of FederationUserIdentity");
}
}
-
+
return false;
}
@@ -449,7 +449,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
return false;
}
-
+
private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
if (fedConfig.getProtocol() instanceof FederationProtocol) {
return request.getParameter(FederationConstants.PARAM_RESULT);
@@ -458,16 +458,16 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
return null;
}
-
+
/* ------------------------------------------------------------ */
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
User validatedUser) throws ServerAuthException {
return true;
- }
-
+ }
+
/**
* Called to redirect sign-in to the IDP/Issuer
- *
+ *
* @param request
* Request we are processing
* @param response
@@ -480,7 +480,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
* {@link HttpServletResponse#sendError(int, String)} throws an
* {@link IOException}
*/
- protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
+ protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
FedizProcessor processor, HttpSession session)
throws IOException {
@@ -501,11 +501,11 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
synchronized (session) {
session.setAttribute(J_CONTEXT, redirectionResponse.getRequestState().getState());
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignInRequest.");
@@ -517,10 +517,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
-
+
}
- protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
+ protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
FedizProcessor processor)
throws IOException {
@@ -532,7 +532,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
FedizContext fedCtx = this.configurator.getFedizContext(contextName);
try {
- RedirectionResponse redirectionResponse =
+ RedirectionResponse redirectionResponse =
processor.createSignOutRequest(request, null, fedCtx); //TODO
String redirectURL = redirectionResponse.getRedirectionURL();
if (redirectURL != null) {
@@ -542,7 +542,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignOutRequest.");
@@ -555,7 +555,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
}
}
-
+
private FedizContext getContextConfiguration(String contextName) {
if (configurator == null) {
throw new IllegalStateException("No Fediz configuration available");
@@ -564,7 +564,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (config == null) {
throw new IllegalStateException("No Fediz configuration for context :" + contextName);
}
-
+
String jettyHome = System.getProperty("jetty.home");
if (jettyHome != null && jettyHome.length() > 0) {
config.setRelativePath(jettyHome);
@@ -579,7 +579,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
*/
public static class FederationAuthentication extends UserAuthentication implements
Authentication.ResponseSent {
-
+
public FederationAuthentication(String method, UserIdentity userIdentity) {
super(method, userIdentity);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java
index b742e05..95867f1 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationIdentityService.java
@@ -36,7 +36,7 @@ import org.eclipse.jetty.util.log.Logger;
* This service handles only role reference maps passed in an
* associated {@link org.eclipse.jetty.server.UserIdentity.Scope}. If there are roles
* refs present, then associate will wrap the UserIdentity with one
- * that uses the role references in the
+ * that uses the role references in the
* {@link org.eclipse.jetty.server.UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
* implementation. All other operations are effectively noops.
*
@@ -48,8 +48,8 @@ public class FederationIdentityService implements IdentityService {
}
- /**
- * If there are roles refs present in the scope, then wrap the UserIdentity
+ /**
+ * If there are roles refs present in the scope, then wrap the UserIdentity
* with one that uses the role references in the
* {@link UserIdentity#isUserInRole(String, org.eclipse.jetty.server.UserIdentity.Scope)}
*/
@@ -77,7 +77,7 @@ public class FederationIdentityService implements IdentityService {
public UserIdentity newUserIdentity(
final Subject subject, final Principal userPrincipal, final String[] roles) {
-
+
try {
FederationUserPrincipal fup = (FederationUserPrincipal)userPrincipal;
return new FederationUserIdentity(subject, userPrincipal, roles, fup.getFedizResponse());
@@ -85,8 +85,8 @@ public class FederationIdentityService implements IdentityService {
LOG.warn("Principal must be instance of FederationUserPrincipal");
throw new IllegalStateException("Principal must be instance of FederationUserPrincipal");
}
-
-
+
+
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
index 17bafad..6e666bd 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
@@ -45,11 +45,11 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
protected IdentityService identityService = new FederationIdentityService();
protected String name;
-
+
public FederationLoginService() {
}
-
+
public FederationLoginService(String name) {
this.name = name;
}
@@ -63,7 +63,7 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
if (isRunning()) {
throw new IllegalStateException("Running");
}
-
+
this.name = name;
}
@@ -77,17 +77,17 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
* username will be null since the credentials will contain all the relevant info
*/
public UserIdentity login(String username, Object credentials, FedizContext config) {
-
+
try {
FedizResponse wfRes = null;
FedizRequest wfReq = (FedizRequest)credentials;
-
+
if (LOG.isDebugEnabled()) {
LOG.debug("Process SignIn request");
LOG.debug("token=\n" + wfReq.getResponseToken());
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(config.getProtocol());
try {
wfRes = wfProc.processRequest(wfReq, config);
@@ -97,7 +97,7 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
}
- // Validate the AudienceRestriction in Security Token (e.g. SAML)
+ // Validate the AudienceRestriction in Security Token (e.g. SAML)
// against the configured list of audienceURIs
if (wfRes.getAudience() != null) {
List<String> audienceURIs = config.getAudienceUris();
@@ -124,15 +124,15 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
roles = new ArrayList<>(roles);
roles.add("Authenticated");
}
-
+
FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(), wfRes);
Subject subject = new Subject();
subject.getPrincipals().add(user);
-
+
String[] aRoles = new String[roles.size()];
roles.toArray(aRoles);
-
+
return identityService.newUserIdentity(subject, user, aRoles);
} catch (Exception ex) {
@@ -162,8 +162,8 @@ public class FederationLoginService extends AbstractLifeCycle implements LoginSe
identityService = service;
}
- public void logout(UserIdentity user) {
-
+ public void logout(UserIdentity user) {
+
}
@Override
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java
index 5102fb8..0c6f366 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserIdentity.java
@@ -31,7 +31,7 @@ import org.apache.cxf.fediz.core.processor.FedizResponse;
import org.eclipse.jetty.server.UserIdentity;
public class FederationUserIdentity implements UserIdentity {
-
+
private Subject subject;
private Principal principal;
private String[] roles;
@@ -60,7 +60,7 @@ public class FederationUserIdentity implements UserIdentity {
if (scope != null && scope.getRoleRefMap() != null) {
role = scope.getRoleRefMap().get(role);
}
-
+
if (this.roles != null) {
for (String r : this.roles) {
if (r.equals(role)) {
@@ -70,23 +70,23 @@ public class FederationUserIdentity implements UserIdentity {
}
return false;
}
-
+
public Date getExpiryDate() {
return fedResponse.getTokenExpires();
}
-
+
public String getIssuer() {
return fedResponse.getIssuer();
}
-
+
public String getAudience() {
return fedResponse.getAudience();
}
-
+
public String getId() {
return fedResponse.getUniqueTokenId();
}
-
+
public Element getToken() {
return fedResponse.getToken();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
index 76b2986..46d5f6e 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
@@ -53,7 +53,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
public ClaimCollection getClaims() {
return claims;
}
-
+
// not public available
//[TODO] maybe find better approach, custom UserIdentity
FedizResponse getFedizResponse() {
@@ -64,7 +64,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
public Element getLoginToken() {
return response.getToken();
}
-
+
public List<String> getRoleClaims() {
return Collections.unmodifiableList(roles);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
index 9707536..4c5ba20 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
@@ -26,8 +26,8 @@ import org.apache.cxf.fediz.core.config.FedizContext;
public interface FederationConfig {
List<FedizContext> getFedizContextList();
-
+
FedizContext getFedizContext(String contextName);
-
+
FedizContext getFedizContext();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
index 0deaaca..f2884d2 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
@@ -35,14 +35,14 @@ import org.springframework.web.context.ServletContextAware;
public class FederationConfigImpl implements FederationConfig, ServletContextAware {
private static final Logger LOG = LoggerFactory.getLogger(FederationConfigImpl.class);
-
+
private Resource configFile;
private String contextName;
-
+
private ServletContext servletContext;
private FedizConfigurator configurator = new FedizConfigurator();
-
-
+
+
public Resource getConfigFile() {
return configFile;
}
@@ -50,7 +50,7 @@ public class FederationConfigImpl implements FederationConfig, ServletContextAwa
public void setConfigFile(Resource configFile) {
this.configFile = configFile;
}
-
+
public String getContextName() {
return contextName;
}
@@ -58,7 +58,7 @@ public class FederationConfigImpl implements FederationConfig, ServletContextAwa
public void setContextName(String contextName) {
this.contextName = contextName;
}
-
+
public void init() {
Assert.notNull(this.configFile, "property 'configFile' mandatory");
try {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
index 5928820..fdf5b6b 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
@@ -28,16 +28,16 @@ import org.springframework.security.core.userdetails.User;
public class FederationUser extends User {
private static final long serialVersionUID = -2231762973730849416L;
-
+
private ClaimCollection claims;
-
+
public FederationUser(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked,
Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
-
- public FederationUser(String username, String password,
+
+ public FederationUser(String username, String password,
Collection<? extends GrantedAuthority> authorities, ClaimCollection claims) {
super(username, password, true, true, true, true, authorities);
this.claims = claims;
@@ -47,7 +47,7 @@ public class FederationUser extends User {
return this.claims;
}
-
-
-
+
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
index 82444c6..544ee18 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
@@ -33,7 +33,7 @@ public abstract class AbstractFederationUserDetailsService
}
/**
- * Protected template method for construct a {@link org.springframework.security.core.userdetails.UserDetails}
+ * Protected template method for construct a {@link org.springframework.security.core.userdetails.UserDetails}
* via the supplied FedizResponse
*
* @return the newly created UserDetails object.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
index 7e7b0f8..1b986ea 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
@@ -25,9 +25,9 @@ import org.springframework.security.core.AuthenticationException;
* To be called when a token has expired
*/
public class ExpiredTokenException extends AuthenticationException {
-
+
private static final long serialVersionUID = 7639463618762010981L;
-
+
public ExpiredTokenException(String errorMessage) {
super(errorMessage);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
index 9621ef9..8b1a496 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
@@ -52,15 +52,15 @@ import org.springframework.util.Assert;
*/
public class FederationAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationProvider.class);
-
+
protected MessageSourceAccessor messages = SpringFedizMessageSource.getAccessor();
-
+
private AuthenticationUserDetailsService<FederationResponseAuthenticationToken> authenticationUserDetailsService;
private FederationConfig federationConfig;
-
+
private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
-
+
public AuthenticationUserDetailsService<FederationResponseAuthenticationToken>
getAuthenticationUserDetailsService() {
return authenticationUserDetailsService;
@@ -70,7 +70,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
AuthenticationUserDetailsService<FederationResponseAuthenticationToken> authenticationUserDetailsService) {
this.authenticationUserDetailsService = authenticationUserDetailsService;
}
-
+
public FederationConfig getFederationConfig() {
return federationConfig;
}
@@ -78,7 +78,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
public void setFederationConfig(FederationConfig federationConfig) {
this.federationConfig = federationConfig;
}
-
+
public void afterPropertiesSet() throws Exception {
@@ -111,9 +111,9 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
throws AuthenticationException {
try {
FedizRequest wfReq = (FedizRequest)authentication.getCredentials();
-
+
FedizContext fedContext = federationConfig.getFedizContext();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
FedizResponse wfRes = wfProc.processRequest(wfReq, fedContext);
@@ -141,7 +141,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
public void setMessageSource(final MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
-
+
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
this.authoritiesMapper = authoritiesMapper;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
index ad099d1..5ed8d57 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
@@ -47,7 +47,7 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
private final FedizResponse response;
private List<String> roles = Collections.emptyList();
-
+
public FederationAuthenticationToken(final Object principal, final Object credentials,
final Collection<? extends GrantedAuthority> authorities, final UserDetails userDetails,
final FedizResponse response) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
index 138a9ed..c75dd09 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
@@ -46,7 +46,7 @@ public final class FederationResponseAuthenticationToken extends AbstractAuthent
public Object getCredentials() {
return this.response;
}
-
+
public FedizResponse getResponse() {
return this.response;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
index 50db700..fc8a511 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
@@ -35,25 +35,25 @@ public class GrantedAuthoritiesUserDetailsFederationService
extends AbstractFederationUserDetailsService {
private boolean convertToUpperCase = true;
-
+
@Override
protected UserDetails loadUserDetails(FedizResponse response) {
-
+
final List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
-
+
if (response.getRoles() != null) {
for (final String role : response.getRoles()) {
-
+
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_"
+ (this.convertToUpperCase ? role.toUpperCase() : role)));
}
}
return new FederationUser(response.getUsername(), "N/A",
grantedAuthorities, new ClaimCollection(response.getClaims()));
-
+
}
-
-
+
+
/**
* Converts the role value to uppercase value.
*
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
index 55c628e..7322a62 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
@@ -35,7 +35,7 @@ import org.springframework.security.web.authentication.preauth.AbstractPreAuthen
public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-
+
/**
* Return the J2EE user name.
*/
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
index f74bc28..2551d0e 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
@@ -61,9 +61,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService
Assert.notNull(token.getDetails());
Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails());
Assert.isInstanceOf(FedizPrincipal.class, token.getPrincipal());
- Collection<? extends GrantedAuthority> authorities =
+ Collection<? extends GrantedAuthority> authorities =
((GrantedAuthoritiesContainer) token.getDetails()).getGrantedAuthorities();
-
+
return createuserDetails(token, authorities, ((FedizPrincipal)token.getPrincipal()).getClaims());
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index 4993cd4..d8b6611 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -55,14 +55,14 @@ import org.springframework.util.Assert;
*/
public class FederationAuthenticationEntryPoint implements AuthenticationEntryPoint,
InitializingBean, ApplicationContextAware {
-
+
/**
* The key used to save the context of the request
*/
public static final String SAVED_CONTEXT = "SAVED_CONTEXT";
-
+
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationEntryPoint.class);
-
+
private ApplicationContext appContext;
private FederationConfig federationConfig;
@@ -84,48 +84,48 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
FedizContext fedContext = federationConfig.getFedizContext();
LOG.debug("Federation context: {}", fedContext);
-
+
// Check to see if it is a metadata request
MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedContext);
if (mdHandler.canHandleRequest(servletRequest)) {
mdHandler.handleRequest(servletRequest, response);
return;
}
-
+
String redirectUrl = null;
try {
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
RedirectionResponse redirectionResponse =
wfProc.createSignInRequest(servletRequest, fedContext);
redirectUrl = redirectionResponse.getRedirectionURL();
-
+
if (redirectUrl == null) {
LOG.warn("Failed to create SignInRequest. Redirect URL null");
throw new ServletException("Failed to create SignInRequest. Redirect URL null");
}
-
+
Map<String, String> headers = redirectionResponse.getHeaders();
if (!headers.isEmpty()) {
for (Entry<String, String> entry : headers.entrySet()) {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
HttpSession session = servletRequest.getSession(true);
session.setAttribute(SAVED_CONTEXT, redirectionResponse.getRequestState().getState());
} catch (ProcessingException ex) {
LOG.warn("Failed to create SignInRequest", ex);
throw new ServletException("Failed to create SignInRequest: " + ex.getMessage());
}
-
+
preCommence(servletRequest, response);
if (LOG.isInfoEnabled()) {
LOG.info("Redirecting to IDP: " + redirectUrl);
}
response.sendRedirect(redirectUrl);
}
-
+
/**
* Template method for you to do your own pre-processing before the redirect occurs.
*
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
index c1dd134..8b98982 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFailureHandler.java
@@ -43,55 +43,55 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
* A AuthenticationFailureHandler which will redirect a expired user (token) back to the IdP.
*/
public class FederationAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
-
+
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationFailureHandler.class);
-
+
private FederationConfig federationConfig;
-
+
public FederationAuthenticationFailureHandler() {
super();
}
-
+
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
-
+
if (exception instanceof ExpiredTokenException) {
String redirectUrl = null;
try {
FedizContext fedContext = federationConfig.getFedizContext();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
RedirectionResponse redirectionResponse =
wfProc.createSignInRequest(request, fedContext);
redirectUrl = redirectionResponse.getRedirectionURL();
-
+
if (redirectUrl == null) {
LOG.warn("Failed to create SignInRequest. Redirect URL null");
throw new ServletException("Failed to create SignInRequest. Redirect URL null");
}
-
+
Map<String, String> headers = redirectionResponse.getHeaders();
if (!headers.isEmpty()) {
for (Entry<String, String> entry : headers.entrySet()) {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
} catch (ProcessingException ex) {
LOG.warn("Failed to create SignInRequest", ex);
throw new ServletException("Failed to create SignInRequest: " + ex.getMessage());
}
-
+
if (LOG.isInfoEnabled()) {
LOG.info("Redirecting to IDP: " + redirectUrl);
}
response.sendRedirect(redirectUrl);
}
-
+
super.onAuthenticationFailure(request, response, exception);
}
-
+
public FederationConfig getFederationConfig() {
return federationConfig;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 3f172e5..db61219 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -45,9 +45,9 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
public class FederationAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
-
+
private FederationConfig federationConfig;
-
+
public FederationAuthenticationFilter() {
super("/j_spring_fediz_security_check");
setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
@@ -60,37 +60,37 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
if (isTokenExpired()) {
throw new ExpiredTokenException("Token is expired");
}
-
+
verifySavedState(request);
-
+
String wa = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(wa);
wfReq.setResponseToken(responseToken);
wfReq.setState(getState(request));
wfReq.setRequest(request);
-
- X509Certificate certs[] =
+
+ X509Certificate certs[] =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
-
+
final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(null, wfReq);
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
return this.getAuthenticationManager().authenticate(authRequest);
}
-
+
private boolean isTokenExpired() {
SecurityContext context = SecurityContextHolder.getContext();
- boolean detectExpiredTokens =
+ boolean detectExpiredTokens =
federationConfig != null && federationConfig.getFedizContext().isDetectExpiredTokens();
if (context != null && detectExpiredTokens) {
Authentication authentication = context.getAuthentication();
if (authentication instanceof FederationAuthenticationToken) {
- Date tokenExpires =
+ Date tokenExpires =
((FederationAuthenticationToken)authentication).getResponse().getTokenExpires();
if (tokenExpires == null) {
return false;
@@ -102,27 +102,27 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
}
}
}
-
+
return false;
}
-
+
private String getResponseToken(ServletRequest request) {
if (request.getParameter(FederationConstants.PARAM_RESULT) != null) {
return request.getParameter(FederationConstants.PARAM_RESULT);
} else if (request.getParameter(SAMLSSOConstants.SAML_RESPONSE) != null) {
return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
}
-
+
return null;
}
-
+
private String getState(ServletRequest request) {
if (request.getParameter(FederationConstants.PARAM_CONTEXT) != null) {
return request.getParameter(FederationConstants.PARAM_CONTEXT);
} else if (request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
return request.getParameter(SAMLSSOConstants.RELAY_STATE);
}
-
+
return null;
}
@@ -137,9 +137,9 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
}
}
}
-
+
/**
- *
+ *
*/
@Override
protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
@@ -158,5 +158,5 @@ public class FederationAuthenticationFilter extends AbstractAuthenticationProces
public void setFederationConfig(FederationConfig fedConfig) {
this.federationConfig = fedConfig;
}
-
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
index e0356a9..d33607d 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
@@ -50,7 +50,7 @@ public class FederationLogoutFilter extends LogoutFilter {
// Default WS-Federation logout action
return true;
}
-
+
if (this.logoutUrl == null) {
String contextName = request.getContextPath();
if (contextName == null || contextName.isEmpty()) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
index e803e4b..6e01592 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutSuccessHandler.java
@@ -58,7 +58,7 @@ public class FederationLogoutSuccessHandler implements LogoutSuccessHandler {
}
FedizContext fedCtx = federationConfig.getFedizContext(contextName);
try {
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedCtx.getProtocol());
RedirectionResponse redirectionResponse =
wfProc.createSignOutRequest(request, null, fedCtx); //TODO
@@ -70,7 +70,7 @@ public class FederationLogoutSuccessHandler implements LogoutSuccessHandler {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignOutRequest.");
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
index 9707536..4c5ba20 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfig.java
@@ -26,8 +26,8 @@ import org.apache.cxf.fediz.core.config.FedizContext;
public interface FederationConfig {
List<FedizContext> getFedizContextList();
-
+
FedizContext getFedizContext(String contextName);
-
+
FedizContext getFedizContext();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
index 80b27e9..706bb91 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationConfigImpl.java
@@ -34,14 +34,14 @@ import org.springframework.util.Assert;
public class FederationConfigImpl implements FederationConfig {
private static final Logger LOG = LoggerFactory.getLogger(FederationConfigImpl.class);
-
+
private Resource configFile;
private String contextName;
-
+
//private ServletContext servletContext;
private FedizConfigurator configurator = new FedizConfigurator();
-
-
+
+
public Resource getConfigFile() {
return configFile;
}
@@ -49,7 +49,7 @@ public class FederationConfigImpl implements FederationConfig {
public void setConfigFile(Resource configFile) {
this.configFile = configFile;
}
-
+
public String getContextName() {
return contextName;
}
@@ -57,7 +57,7 @@ public class FederationConfigImpl implements FederationConfig {
public void setContextName(String contextName) {
this.contextName = contextName;
}
-
+
public void init() {
Assert.notNull(this.configFile, "property 'configFile' mandatory");
try {
@@ -83,7 +83,7 @@ public class FederationConfigImpl implements FederationConfig {
return ctx;
}
-
+
@Override
public FedizContext getFedizContext() {
if (contextName != null) {
@@ -94,7 +94,7 @@ public class FederationConfigImpl implements FederationConfig {
return getFedizContext(contextName);
}
}
-
+
/*
@Override
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
index dd444b5..5125be2 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/FederationUser.java
@@ -26,19 +26,19 @@ import org.springframework.security.userdetails.User;
public class FederationUser extends User {
private static final long serialVersionUID = -2231762973730849416L;
-
+
private ClaimCollection claims;
-
+
public FederationUser(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked,
//Collection<? extends GrantedAuthority> authorities) {
- GrantedAuthority[] authorities) {
+ GrantedAuthority[] authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
-
- public FederationUser(String username, String password,
+
+ public FederationUser(String username, String password,
// Collection<? extends GrantedAuthority> authorities, ClaimCollection claims) {
- GrantedAuthority[] authorities, ClaimCollection claims) {
+ GrantedAuthority[] authorities, ClaimCollection claims) {
super(username, password, true, true, true, true, authorities);
this.claims = claims;
}
@@ -47,7 +47,7 @@ public class FederationUser extends User {
return this.claims;
}
-
-
-
+
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
index c34de45..d27af7b 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/AbstractFederationUserDetailsService.java
@@ -32,7 +32,7 @@ public abstract class AbstractFederationUserDetailsService
/*
public final UserDetails loadUserDetails(final Authentication token) {
-
+
}*/
@Override
public final UserDetails loadUserDetails(Authentication token) throws UsernameNotFoundException {
@@ -44,12 +44,12 @@ public abstract class AbstractFederationUserDetailsService
}
/**
- * Protected template method for construct a {@link org.springframework.security.core.userdetails.UserDetails}
+ * Protected template method for construct a {@link org.springframework.security.core.userdetails.UserDetails}
* via the supplied FedizResponse
*
* @return the newly created UserDetails object.
*/
protected abstract UserDetails loadUserDetails(FedizResponse response);
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
index 42e23fe..4f8691a 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/ExpiredTokenException.java
@@ -25,9 +25,9 @@ import org.springframework.security.AuthenticationException;
* To be called when a token has expired
*/
public class ExpiredTokenException extends AuthenticationException {
-
+
private static final long serialVersionUID = 7639463618762010981L;
-
+
public ExpiredTokenException(String errorMessage) {
super(errorMessage);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
index 9796608..42d1c92 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationProvider.java
@@ -52,15 +52,15 @@ import org.springframework.util.Assert;
*/
public class FederationAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationProvider.class);
-
+
protected MessageSourceAccessor messages = SpringFedizMessageSource.getAccessor();
-
+
private AuthenticationUserDetailsService authenticationUserDetailsService;
private FederationConfig federationConfig;
-
+
private final UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
//private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
-
+
public AuthenticationUserDetailsService getAuthenticationUserDetailsService() {
return authenticationUserDetailsService;
}
@@ -69,7 +69,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
AuthenticationUserDetailsService authenticationUserDetailsService) {
this.authenticationUserDetailsService = authenticationUserDetailsService;
}
-
+
public FederationConfig getFederationConfig() {
return federationConfig;
}
@@ -77,7 +77,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
public void setFederationConfig(FederationConfig federationConfig) {
this.federationConfig = federationConfig;
}
-
+
public void afterPropertiesSet() throws Exception {
@@ -102,7 +102,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
}
FederationAuthenticationToken result = null;
-
+
if (result == null) {
result = this.authenticateNow(authentication);
result.setDetails(authentication.getDetails());
@@ -116,7 +116,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
try {
FedizRequest wfReq = (FedizRequest)authentication.getCredentials();
FedizContext context = federationConfig.getFedizContext();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(context.getProtocol());
FedizResponse wfRes = wfProc.processRequest(wfReq, context);
@@ -153,7 +153,7 @@ public class FederationAuthenticationProvider implements AuthenticationProvider,
return FederationAuthenticationToken.class.isAssignableFrom(authentication);
}
}
-
+
/*
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
this.authoritiesMapper = authoritiesMapper;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
index 14e1047..5e48e5c 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
@@ -45,7 +45,7 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
private final FedizResponse response;
private List<String> roles = Collections.emptyList();
-
+
public FederationAuthenticationToken(final Object principal, final Object credentials,
final GrantedAuthority[] authorities, final UserDetails userDetails,
final FedizResponse response) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
index 55d7a33..d7f380c 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationResponseAuthenticationToken.java
@@ -42,7 +42,7 @@ public final class FederationResponseAuthenticationToken extends AbstractAuthent
public Object getCredentials() {
return this.response;
}
-
+
public FedizResponse getResponse() {
return this.response;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
index 770916d..c229dde 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/GrantedAuthoritiesUserDetailsFederationService.java
@@ -35,15 +35,15 @@ public class GrantedAuthoritiesUserDetailsFederationService
extends AbstractFederationUserDetailsService {
private boolean convertToUpperCase = true;
-
+
@Override
protected UserDetails loadUserDetails(FedizResponse response) {
-
+
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
-
+
if (response.getRoles() != null) {
for (final String role : response.getRoles()) {
-
+
grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_"
+ (this.convertToUpperCase ? role.toUpperCase() : role)));
}
@@ -52,10 +52,10 @@ public class GrantedAuthoritiesUserDetailsFederationService
(GrantedAuthority[]) grantedAuthorities.toArray(
new GrantedAuthority[grantedAuthorities.size()]),
new ClaimCollection(response.getClaims()));
-
+
}
-
-
+
+
/**
* Converts the role value to uppercase value.
*
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
index 39ea329..dde6d4a 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/FederationPreAuthenticatedProcessingFilter.java
@@ -36,7 +36,7 @@ import org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessin
public class FederationPreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-
+
/**
* Return the J2EE user name.
*/
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
index e10831b..1c75b5c 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/preauth/PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
@@ -60,9 +60,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService
Assert.notNull(token.getDetails());
Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails());
Assert.isInstanceOf(FedizPrincipal.class, token.getPrincipal());
- GrantedAuthority[] authorities =
+ GrantedAuthority[] authorities =
((GrantedAuthoritiesContainer) token.getDetails()).getGrantedAuthorities();
-
+
return createuserDetails(token, authorities, ((FedizPrincipal)token.getPrincipal()).getClaims());
}
@@ -83,9 +83,9 @@ public class PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService
Assert.isInstanceOf(PreAuthenticatedAuthenticationToken.class, token);
Assert.isInstanceOf(GrantedAuthoritiesContainer.class, token.getDetails());
Assert.isInstanceOf(FedizPrincipal.class, token.getPrincipal());
- GrantedAuthority[] authorities =
+ GrantedAuthority[] authorities =
((GrantedAuthoritiesContainer) token.getDetails()).getGrantedAuthorities();
-
+
return createuserDetails(token, authorities, ((FedizPrincipal)token.getPrincipal()).getClaims());
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index eeff761..6786290 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -57,14 +57,14 @@ import org.springframework.util.Assert;
*/
public class FederationAuthenticationEntryPoint implements AuthenticationEntryPoint,
InitializingBean, ApplicationContextAware {
-
+
/**
* The key used to save the context of the request
*/
public static final String SAVED_CONTEXT = "SAVED_CONTEXT";
-
+
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationEntryPoint.class);
-
+
private ApplicationContext appContext;
private FederationConfig federationConfig;
//private String servletContext;
@@ -100,41 +100,41 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
@Override
public void commence(ServletRequest request, ServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
-
+
HttpServletRequest hrequest = (HttpServletRequest)request;
HttpServletResponse hresponse = (HttpServletResponse)response;
FedizContext fedContext = federationConfig.getFedizContext();
LOG.debug("Federation context: {}", fedContext);
-
+
// Check to see if it is a metadata request
MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedContext);
if (mdHandler.canHandleRequest(hrequest)) {
mdHandler.handleRequest(hrequest, hresponse);
return;
}
-
+
String redirectUrl = null;
try {
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
-
+
RedirectionResponse redirectionResponse =
wfProc.createSignInRequest(hrequest, fedContext);
redirectUrl = redirectionResponse.getRedirectionURL();
-
+
if (redirectUrl == null) {
LOG.warn("Failed to create SignInRequest.");
hresponse.sendError(
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
-
+
Map<String, String> headers = redirectionResponse.getHeaders();
if (!headers.isEmpty()) {
for (Entry<String, String> entry : headers.entrySet()) {
hresponse.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
HttpSession session = ((HttpServletRequest)request).getSession(true);
session.setAttribute(SAVED_CONTEXT, redirectionResponse.getRequestState().getState());
} catch (ProcessingException ex) {
@@ -143,13 +143,13 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo
hresponse.sendError(
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
-
+
preCommence(hrequest, hresponse);
if (LOG.isInfoEnabled()) {
LOG.info("Redirecting to IDP: " + redirectUrl);
}
hresponse.sendRedirect(redirectUrl);
-
+
}
}
[10/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 154aab1..4104e8f 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -54,17 +54,17 @@ import org.springframework.security.ui.FilterChainOrder;
public class FederationAuthenticationFilter extends AbstractProcessingFilter {
-
+
private static final Logger LOG = LoggerFactory.getLogger(FederationAuthenticationFilter.class);
-
+
private FederationConfig federationConfig;
-
+
public FederationAuthenticationFilter() {
super();
}
/**
- *
+ *
*/
@Override
protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) {
@@ -75,15 +75,15 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
}
return result;
}
-
+
private boolean isTokenExpired() {
SecurityContext context = SecurityContextHolder.getContext();
- boolean detectExpiredTokens =
+ boolean detectExpiredTokens =
federationConfig != null && federationConfig.getFedizContext().isDetectExpiredTokens();
if (context != null && detectExpiredTokens) {
Authentication authentication = context.getAuthentication();
if (authentication instanceof FederationAuthenticationToken) {
- Date tokenExpires =
+ Date tokenExpires =
((FederationAuthenticationToken)authentication).getResponse().getTokenExpires();
if (tokenExpires == null) {
return false;
@@ -95,7 +95,7 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
}
}
}
-
+
return false;
}
@@ -106,13 +106,13 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
-
+
if (isTokenExpired()) {
throw new ExpiredTokenException("Token is expired");
}
-
+
verifySavedState(request);
-
+
String wa = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request);
FedizRequest wfReq = new FedizRequest();
@@ -120,18 +120,18 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
wfReq.setResponseToken(responseToken);
wfReq.setState(getState(request));
wfReq.setRequest(request);
-
- X509Certificate certs[] =
+
+ X509Certificate certs[] =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
-
+
final UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(null, wfReq);
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
return this.getAuthenticationManager().authenticate(authRequest);
}
-
+
private void verifySavedState(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session != null) {
@@ -143,17 +143,17 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
}
}
}
-
+
private String getState(ServletRequest request) {
if (request.getParameter(FederationConstants.PARAM_CONTEXT) != null) {
return request.getParameter(FederationConstants.PARAM_CONTEXT);
} else if (request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
return request.getParameter(SAMLSSOConstants.RELAY_STATE);
}
-
+
return null;
}
-
+
@Override
public void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) {
@@ -161,29 +161,29 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
String redirectUrl = null;
try {
FedizContext fedContext = federationConfig.getFedizContext();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol());
RedirectionResponse redirectionResponse =
wfProc.createSignInRequest(request, fedContext);
redirectUrl = redirectionResponse.getRedirectionURL();
-
+
if (redirectUrl == null) {
LOG.warn("Failed to create SignInRequest. Redirect URL null");
throw new BadCredentialsException("Failed to create SignInRequest. Redirect URL null");
}
-
+
Map<String, String> headers = redirectionResponse.getHeaders();
if (!headers.isEmpty()) {
for (Entry<String, String> entry : headers.entrySet()) {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
} catch (ProcessingException ex) {
LOG.warn("Failed to create SignInRequest", ex);
throw new BadCredentialsException("Failed to create SignInRequest: " + ex.getMessage());
}
-
+
if (LOG.isInfoEnabled()) {
LOG.info("Redirecting to IDP: " + redirectUrl);
}
@@ -193,21 +193,21 @@ public class FederationAuthenticationFilter extends AbstractProcessingFilter {
throw new BadCredentialsException(ex.getMessage(), ex);
}
}
-
+
try {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} catch (IOException e) {
throw authException;
}
}
-
+
private String getResponseToken(ServletRequest request) {
if (request.getParameter(FederationConstants.PARAM_RESULT) != null) {
return request.getParameter(FederationConstants.PARAM_RESULT);
} else if (request.getParameter(SAMLSSOConstants.SAML_RESPONSE) != null) {
return request.getParameter(SAMLSSOConstants.SAML_RESPONSE);
}
-
+
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java
index 142e166..6b39c13 100644
--- a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationAuthenticator.java
@@ -195,16 +195,16 @@ public class FederationAuthenticator extends FormAuthenticator {
@Override
public boolean authenticate(Request request, HttpServletResponse response,
LoginConfig config) throws IOException {
-
+
LOG.debug("authenticate invoked");
-
+
String contextName = request.getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
LOG.debug("reading configuration for context path: {}", contextName);
FedizContext fedCtx = getContextConfiguration(contextName);
-
+
// Handle Signin requests
TomcatSigninHandler signinHandler = new TomcatSigninHandler(fedCtx);
signinHandler.setLandingPage(landingPage);
@@ -219,7 +219,7 @@ public class FederationAuthenticator extends FormAuthenticator {
// The actual login will take place after redirect
return false;
}
-
+
// Is this the re-submit of the original request URI after successful
// authentication? If so, forward the *original* request instead.
if (matchRequest(request)) {
@@ -241,12 +241,12 @@ public class FederationAuthenticator extends FormAuthenticator {
if (contextId == null) {
LOG.warn("The 'wctx' parameter has not been provided back with signin request.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
+
} else {
Session session = ((Request)request).getSessionInternal();
String originalURL = (String)session.getNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId);
session.removeNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId); // Cleanup session
-
+
try {
if (originalURL != null) {
LOG.debug("Restore request to {}", originalURL);
@@ -267,7 +267,7 @@ public class FederationAuthenticator extends FormAuthenticator {
}
}
}
-
+
protected boolean restoreRequest(Request request, HttpServletResponse response) throws IOException {
Session session = request.getSessionInternal();
@@ -288,7 +288,7 @@ public class FederationAuthenticator extends FormAuthenticator {
}
}
- protected void redirectToIdp(Request request, HttpServletResponse response, FedizContext fedCtx)
+ protected void redirectToIdp(Request request, HttpServletResponse response, FedizContext fedCtx)
throws IOException {
FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedCtx.getProtocol());
@@ -322,7 +322,7 @@ public class FederationAuthenticator extends FormAuthenticator {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
}
-
+
@Override
protected boolean matchRequest(Request request) {
Session session = request.getSessionInternal(false);
@@ -335,10 +335,10 @@ public class FederationAuthenticator extends FormAuthenticator {
return super.matchRequest(request);
}
}
- }
+ }
return false;
}
-
+
protected void saveRequest(Request request, String contextId) throws IOException {
String uri = request.getDecodedRequestURI();
Session session = request.getSessionInternal(true);
@@ -360,7 +360,7 @@ public class FederationAuthenticator extends FormAuthenticator {
session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString());
}
}
-
+
protected boolean restoreRequest(Request request) throws IOException {
Session session = request.getSessionInternal(false);
String uri = request.getDecodedRequestURI();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
index 964701a..4beee9f 100644
--- a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
@@ -52,7 +52,7 @@ public class FederationPrincipalImpl extends GenericPrincipal implements FedizPr
public Element getLoginToken() {
return loginToken;
}
-
+
public List<String> getRoleClaims() {
return Collections.unmodifiableList(roles);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
index 485d2aa..af70d88 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
@@ -185,16 +185,16 @@ public class FederationAuthenticator extends FormAuthenticator {
@Override
public boolean authenticate(Request request, HttpServletResponse response) throws IOException {
-
+
LOG.debug("authenticate invoked");
-
+
String contextName = request.getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
LOG.debug("reading configuration for context path: {}", contextName);
FedizContext fedCtx = getContextConfiguration(contextName);
-
+
// Handle Signin requests
TomcatSigninHandler signinHandler = new TomcatSigninHandler(fedCtx);
signinHandler.setLandingPage(landingPage);
@@ -209,7 +209,7 @@ public class FederationAuthenticator extends FormAuthenticator {
// The actual login will take place after redirect
return false;
}
-
+
// Is this the re-submit of the original request URI after successful
// authentication? If so, forward the *original* request instead.
if (matchRequest(request)) {
@@ -231,12 +231,12 @@ public class FederationAuthenticator extends FormAuthenticator {
if (contextId == null) {
LOG.warn("The 'wctx' parameter has not been provided back with signin request.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
+
} else {
Session session = ((Request)request).getSessionInternal();
String originalURL = (String)session.getNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId);
session.removeNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId); // Cleanup session
-
+
try {
if (originalURL != null) {
LOG.debug("Restore request to {}", originalURL);
@@ -257,7 +257,7 @@ public class FederationAuthenticator extends FormAuthenticator {
}
}
}
-
+
protected boolean restoreRequest(Request request, HttpServletResponse response) throws IOException {
Session session = request.getSessionInternal();
@@ -278,7 +278,7 @@ public class FederationAuthenticator extends FormAuthenticator {
}
}
- protected void redirectToIdp(Request request, HttpServletResponse response, FedizContext fedCtx)
+ protected void redirectToIdp(Request request, HttpServletResponse response, FedizContext fedCtx)
throws IOException {
FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedCtx.getProtocol());
@@ -312,7 +312,7 @@ public class FederationAuthenticator extends FormAuthenticator {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
}
-
+
@Override
protected boolean matchRequest(Request request) {
Session session = request.getSessionInternal(false);
@@ -325,10 +325,10 @@ public class FederationAuthenticator extends FormAuthenticator {
return super.matchRequest(request);
}
}
- }
+ }
return false;
}
-
+
protected void saveRequest(Request request, String contextId) throws IOException {
String uri = request.getDecodedRequestURI();
Session session = request.getSessionInternal(true);
@@ -350,7 +350,7 @@ public class FederationAuthenticator extends FormAuthenticator {
session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString());
}
}
-
+
protected boolean restoreRequest(Request request) throws IOException {
Session session = request.getSessionInternal(false);
String uri = request.getDecodedRequestURI();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java
index 7b3ee9e..8a49e44 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/Constants.java
@@ -24,12 +24,12 @@ package org.apache.cxf.fediz.was;
*/
//CHECKSTYLE:OFF
public interface Constants {
-
+
String HTTP_POST_METHOD = "POST";
//String UTF_8_ENCODING_SCHEME = "UTF-8";
String VERSION = "1.2.0";
String TIMESTAMP_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
-
+
String USER_REGISTRY_JNDI_NAME = "UserRegistry";
String SUBJECT_TOKEN_KEY = "_security.token";
@@ -69,13 +69,13 @@ public interface Constants {
* default value is set to 'false', thus the UserRegistry will be invoked.
*/
String PROPERTY_KEY_DIRECT_GROUP_MAPPING = "directGroupMapping";
-
+
/**
* The session cookie name can be renamed in WebSphere. If it is renamed, it is required to change it in the
* interceptor configuration too. A misconfiguration would lead to performance loss.
*/
String PROPERTY_SESSION_COOKIE_NAME = "sessionCookieName";
-
+
/**
* Default name of the session cookie in wbesphere
*/
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java
index f0c2c0a..3374853 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java
@@ -80,7 +80,7 @@ public class FileBasedRoleToGroupMapper implements RoleToGroupMapper {
if (roles == null) {
return null;
}
-
+
List<String> groups = new ArrayList<>(20);
for (String key : roles) {
List<String> groupList = mappings.get(key);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java
index 04e515c..29cb70c 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/RoleToGroupMapper.java
@@ -26,9 +26,9 @@ import java.util.Properties;
*/
public interface RoleToGroupMapper {
/**
- * Convenience Method to allow initialization of a GroupMapper
+ * Convenience Method to allow initialization of a GroupMapper
* from the Properties defined in the WAS Server configuration
- *
+ *
*/
void initialize(Properties properties);
@@ -39,8 +39,8 @@ public interface RoleToGroupMapper {
/**
* Convenience Method to allow cleanup of allocated resources
- *
- */
-
+ *
+ */
+
void cleanup();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
index 8ad301b..d79b6e7 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/servlet/filter/SecurityContextTTLChecker.java
@@ -127,10 +127,10 @@ public class SecurityContextTTLChecker extends HttpServlet implements Filter {
long currentTime = System.currentTimeMillis();
return response.getTokenExpires().getTime() > currentTime;
}
-
+
private FedizResponse getCachedFederationResponse(Subject subject) {
Iterator<?> i = subject.getPublicCredentials().iterator();
-
+
while (i.hasNext()) {
Object o = i.next();
if (o instanceof Hashtable) {
@@ -141,7 +141,7 @@ public class SecurityContextTTLChecker extends HttpServlet implements Filter {
}
return null;
}
-
+
/*
* (non-Java-doc)
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
index c7a28de..e458604 100644
--- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
+++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java
@@ -78,7 +78,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
private FedizConfigurator configurator;
private RoleToGroupMapper mapper;
private String cookieName = "LtpaToken2";
-
+
/**
* @see org.apache.cxf.fediz.was.Constants#PROPERTY_KEY_DIRECT_GROUP_MAPPING
*/
@@ -123,7 +123,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
/**
* Registers a WebApplication using its contextPath as a key. This method must be called by the associated
* security ServletFilter instance of a secured application at initialization time
- *
+ *
* @param contextPath
* @deprecated Not used/needed any longer since version 1.2.0
*/
@@ -134,7 +134,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
/**
* Deregister a WebApplication using its contextPath as a key. This method must be called by the
* associated security ServletFilter instance of a secured application in the #destroy() method
- *
+ *
* @param contextPath
* @deprecated Not used/needed any longer since version 1.2.0
*/
@@ -214,7 +214,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
* This method decides weather the interceptor shall be called for #negotiateValidateandEstablishTrust. If
* the request is applicable for a metadata document, logout URL, or provides a signin token, this method
* returns true. I the use , otherwise this interceptor will not be called.
- *
+ *
* @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#isTargetInterceptor(HttpServletRequest)
*/
@Override
@@ -390,7 +390,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
throw new WebTrustAssociationFailedException(e.getMessage());
}
}
-
+
protected void terminateSession(HttpServletRequest request) {
HttpSession session = request.getSession();
session.removeAttribute(Constants.SECURITY_TOKEN_SESSION_ATTRIBUTE_KEY);
@@ -583,7 +583,7 @@ public class FedizInterceptor implements TrustAssociationInterceptor {
/**
* Convenience method for converting a list of group names to their unique group IDs
- *
+ *
* @param reg
* @param group
* @return
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java
----------------------------------------------------------------------
diff --git a/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java b/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java
index 2159816..14e96c5 100644
--- a/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java
+++ b/plugins/websphere/src/test/java/org/apache/cxf/fediz/was/tai/FedizInterceptorTest.java
@@ -35,15 +35,15 @@ import static org.junit.Assert.assertNotNull;
public class FedizInterceptorTest {
-
+
@Test
public void testGroupMappingWithNull() throws WebTrustAssociationFailedException {
-
+
FedizResponse resp = EasyMock.createMock(FedizResponse.class);
EasyMock.expect(resp.getRoles()).andReturn(null);
EasyMock.expect(resp.getUsername()).andReturn("Test-User").anyTimes();
EasyMock.replay(resp);
-
+
FedizInterceptor fedizInterceptor = new FedizInterceptor();
Properties properties = new Properties();
properties.put(Constants.PROPERTY_KEY_CONFIG_LOCATION, "src/test/resources/fediz_config.xml");
@@ -52,20 +52,20 @@ public class FedizInterceptorTest {
assertNotNull(result);
assertEquals(0, result.size());
}
-
+
@Test
public void testDirectGroupMapping() throws WebTrustAssociationFailedException {
-
+
FedizResponse resp = EasyMock.createMock(FedizResponse.class);
EasyMock.expect(resp.getRoles()).andReturn(Arrays.asList("Admin", "Manager"));
EasyMock.expect(resp.getUsername()).andReturn("Test-User").anyTimes();
EasyMock.replay(resp);
-
+
FedizInterceptor fedizInterceptor = new FedizInterceptor();
Properties properties = new Properties();
properties.put(Constants.PROPERTY_KEY_CONFIG_LOCATION, "src/test/resources/fediz_config.xml");
properties.put(Constants.PROPERTY_KEY_DIRECT_GROUP_MAPPING, "true");
-
+
fedizInterceptor.initialize(properties);
List<String> result = fedizInterceptor.groupIdsFromTokenRoles(resp);
assertNotNull(result);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
index 0aab857..dca1b46 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
@@ -44,26 +44,26 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
public class MetadataServlet extends HttpServlet {
public static final String PARAM_REALM = "realm";
-
+
private static final Logger LOG = LoggerFactory
.getLogger(MetadataServlet.class);
private static final long serialVersionUID = 1L;
-
+
private ApplicationContext applicationContext;
private String realm;
-
-
+
+
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
response.setContentType("text/xml; charset=utf-8");
PrintWriter out = response.getWriter();
-
+
ConfigService cs = (ConfigService)getApplicationContext().getBean("config");
Idp idpConfig = cs.getIDP(realm);
try {
if (request.getServletPath() != null && request.getServletPath().startsWith("/metadata")) {
- String serviceRealm =
+ String serviceRealm =
request.getRequestURI().substring(request.getRequestURI().indexOf("/metadata")
+ "/metadata".length());
if (serviceRealm != null && serviceRealm.charAt(0) == '/') {
@@ -107,5 +107,5 @@ public class MetadataServlet extends HttpServlet {
}
return applicationContext;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
index 4e8ed11..d42904b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
@@ -49,49 +49,49 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
*/
public abstract class STSAuthenticationProvider implements AuthenticationProvider {
- public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
+ public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
-
- public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
+
+ public static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-
+
public static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST =
"http://schemas.xmlsoap.org/ws/2005/02/trust";
-
+
private static final Logger LOG = LoggerFactory.getLogger(STSAuthenticationProvider.class);
protected String wsdlLocation;
-
+
protected String namespace = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512;
-
+
protected String wsdlService;
protected String wsdlEndpoint;
protected String appliesTo;
-
+
protected boolean use200502Namespace;
-
+
protected String tokenType;
-
+
protected Bus bus;
-
+
protected Integer lifetime;
-
+
//Required to get IDP roles to use the IDP application, used in future release
protected String roleURI;
-
+
protected Map<String, Object> properties = new HashMap<>();
-
+
private String customSTSParameter;
-
+
protected List<GrantedAuthority> createAuthorities(SecurityToken token) throws WSSecurityException {
List<GrantedAuthority> authorities = new ArrayList<>();
//authorities.add(new SimpleGrantedAuthority("ROLE_AUTHENTICATED"));
//Not needed because AuthenticatedVoter has been added for SecurityFlowExecutionListener
if (roleURI != null) {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token.getToken());
-
+
List<Claim> claims = parseClaimsInAssertion(assertion.getSaml2());
for (Claim c : claims) {
if (c.getClaimType() != null && roleURI.equals(c.getClaimType().toString())) {
@@ -112,13 +112,13 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
}
}
}
-
+
//Add IDP_LOGIN role to be able to access resource Idp, TrustedIdp, etc.
authorities.add(new SimpleGrantedAuthority("ROLE_IDP_LOGIN"));
-
+
return authorities;
}
-
+
public String getWsdlLocation() {
return wsdlLocation;
}
@@ -142,7 +142,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
public void setWsdlEndpoint(String wsdlEndpoint) {
this.wsdlEndpoint = wsdlEndpoint;
}
-
+
public String getNamespace() {
return namespace;
}
@@ -158,7 +158,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
public void setAppliesTo(String appliesTo) {
this.appliesTo = appliesTo;
}
-
+
public void setBus(Bus bus) {
this.bus = bus;
}
@@ -175,7 +175,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
public void setTokenType(String tokenType) {
this.tokenType = tokenType;
}
-
+
public Integer getLifetime() {
return lifetime;
}
@@ -202,7 +202,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
LOG.debug("parsing attribute: {}", attribute.getName());
Claim c = new Claim();
- // Workaround for CXF-4484
+ // Workaround for CXF-4484
// Value of Attribute Name not fully qualified
// if NameFormat is http://schemas.xmlsoap.org/ws/2005/05/identity/claims
// but ClaimType value must be fully qualified as Namespace attribute goes away
@@ -229,7 +229,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
return collection;
}
-
+
protected void mergeClaimToMap(Map<String, Claim> claimsMap, Claim c,
List<String> valueList) {
Claim t = claimsMap.get(c.getClaimType().toString());
@@ -270,7 +270,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
public void setRoleURI(String roleURI) {
this.roleURI = roleURI;
}
-
+
public void setProperties(Map<String, Object> p) {
properties.putAll(p);
}
@@ -295,7 +295,7 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
this.customSTSParameter = customSTSParameter;
}
-//May be uncommented for debugging
+//May be uncommented for debugging
// private void setTimeout(Client client, Long timeout) {
// HTTPConduit conduit = (HTTPConduit) client.getConduit();
// HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
@@ -303,5 +303,5 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
// httpClientPolicy.setReceiveTimeout(timeout);
// conduit.setClient(httpClientPolicy);
// }
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
index 62f4817..5e80466 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSKrbAuthenticationProvider.java
@@ -56,21 +56,21 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
private static final Logger LOG = LoggerFactory.getLogger(STSKrbAuthenticationProvider.class);
private KerberosTokenValidator kerberosTokenValidator;
-
+
private CallbackHandler kerberosCallbackHandler;
-
+
private boolean kerberosUsernameServiceNameForm;
-
+
private boolean requireDelegation;
-
-
+
+
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// We only handle KerberosServiceRequestTokens
if (!(authentication instanceof KerberosServiceRequestToken)) {
return null;
}
-
+
Bus cxfBus = getBus();
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
@@ -83,26 +83,26 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
sts.setWsdlLocation(wsdlLocation);
sts.setServiceQName(new QName(namespace, wsdlService));
sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-
+
sts.getProperties().putAll(properties);
if (use200502Namespace) {
sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
}
-
+
if (lifetime != null) {
sts.setEnableLifetime(true);
sts.setTtl(lifetime.intValue());
}
-
+
return handleKerberos((KerberosServiceRequestToken)authentication, sts);
}
-
+
private Authentication handleKerberos(
KerberosServiceRequestToken kerberosRequestToken,
IdpSTSClient sts
) {
Principal kerberosPrincipal = null;
- //
+ //
// If delegation is required then validate the received token + store the
// Delegated Credential so that we can retrieve a new kerberos token for the
// STS with it. If delegation is not required, then we just get the received
@@ -118,36 +118,36 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
kerberosClient.setToken(kerberosRequestToken.getToken());
sts.getProperties().put(SecurityConstants.KERBEROS_CLIENT, kerberosClient);
}
-
+
try {
- // Line below may be uncommented for debugging
+ // Line below may be uncommented for debugging
// setTimeout(sts.getClient(), 3600000L);
SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-
+
if (kerberosPrincipal == null && token.getToken() != null
&& "Assertion".equals(token.getToken().getLocalName())) {
// For the pass-through Kerberos case, we don't know the Principal name...
- kerberosPrincipal =
+ kerberosPrincipal =
new SAMLTokenPrincipalImpl(new SamlAssertionWrapper(token.getToken()));
}
-
+
if (kerberosPrincipal == null) {
LOG.info("Failed to authenticate user '" + kerberosRequestToken.getName());
return null;
}
-
+
List<GrantedAuthority> authorities = createAuthorities(token);
-
- KerberosServiceRequestToken ksrt =
+
+ KerberosServiceRequestToken ksrt =
new KerberosServiceRequestToken(kerberosPrincipal, authorities, kerberosRequestToken.getToken());
-
+
STSUserDetails details = new STSUserDetails(kerberosPrincipal.getName(),
"",
authorities,
token);
ksrt.setDetails(details);
-
+
LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), kerberosPrincipal.getName());
return ksrt;
} catch (Exception ex) {
@@ -155,7 +155,7 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
return null;
}
}
-
+
private Principal validateKerberosToken(
KerberosServiceRequestToken token,
IdpSTSClient sts
@@ -174,7 +174,7 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
return null;
}
GSSCredential delegatedCredential = kerberosContext.getDelegationCredential();
- sts.getProperties().put(SecurityConstants.DELEGATED_CREDENTIAL,
+ sts.getProperties().put(SecurityConstants.DELEGATED_CREDENTIAL,
delegatedCredential);
sts.getProperties().put(SecurityConstants.KERBEROS_USE_CREDENTIAL_DELEGATION, "true");
kerberosPrincipal = kerberosContext.getPrincipal();
@@ -187,7 +187,7 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
}
if (kerberosTokenValidator.getContextName() != null) {
- sts.getProperties().put(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME,
+ sts.getProperties().put(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME,
kerberosTokenValidator.getContextName());
}
if (kerberosTokenValidator.getServiceName() != null) {
@@ -195,17 +195,17 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
kerberosTokenValidator.getServiceName());
}
if (kerberosCallbackHandler != null) {
- sts.getProperties().put(SecurityConstants.CALLBACK_HANDLER,
+ sts.getProperties().put(SecurityConstants.CALLBACK_HANDLER,
kerberosCallbackHandler);
}
if (kerberosUsernameServiceNameForm) {
- sts.getProperties().put(SecurityConstants.KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,
+ sts.getProperties().put(SecurityConstants.KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,
"true");
}
-
+
return kerberosPrincipal;
}
-
+
protected GSSContext createGSSContext() throws GSSException {
Oid oid = new Oid("1.2.840.113554.1.2.2");
@@ -223,7 +223,7 @@ public class STSKrbAuthenticationProvider extends STSAuthenticationProvider {
public boolean supports(Class<?> authentication) {
return authentication.equals(KerberosServiceRequestToken.class);
}
-
+
public KerberosTokenValidator getKerberosTokenValidator() {
return kerberosTokenValidator;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
index 889dadd..3c1ecd2 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPortFilter.java
@@ -38,23 +38,23 @@ import org.springframework.web.filter.GenericFilterBean;
public class STSPortFilter extends GenericFilterBean implements ApplicationContextAware {
private static final Logger LOG = LoggerFactory.getLogger(STSPortFilter.class);
-
+
private ApplicationContext applicationContext;
private STSAuthenticationProvider authenticationProvider;
-
+
private boolean isPortSet;
-
+
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
-
+
Assert.isTrue(applicationContext != null, "Application context must not be null");
STSAuthenticationProvider authProvider = authenticationProvider;
if (authProvider == null) {
authProvider = applicationContext.getBean(STSAuthenticationProvider.class);
}
Assert.isTrue(authProvider != null, "STSAuthenticationProvider must be configured");
-
+
//Only update the port if HTTPS is used, otherwise ignored (like retrieving the WADL over HTTP)
if (!isPortSet && request.isSecure()) {
try {
@@ -70,7 +70,7 @@ public class STSPortFilter extends GenericFilterBean implements ApplicationConte
LOG.error("Invalid Url '" + authProvider.getWsdlLocation() + "': " + e.getMessage());
}
}
-
+
chain.doFilter(request, response);
}
@@ -78,7 +78,7 @@ public class STSPortFilter extends GenericFilterBean implements ApplicationConte
authProvider.setWsdlLocation(wsdlUrl);
this.isPortSet = true;
}
-
+
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
index 45ec0a3..e6e3629 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSPreAuthAuthenticationProvider.java
@@ -51,7 +51,7 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
if (!(authentication instanceof PreAuthenticatedAuthenticationToken)) {
return null;
}
-
+
Bus cxfBus = getBus();
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
@@ -64,20 +64,20 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
sts.setWsdlLocation(wsdlLocation);
sts.setServiceQName(new QName(namespace, wsdlService));
sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-
+
sts.getProperties().putAll(properties);
if (use200502Namespace) {
sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
}
-
+
if (lifetime != null) {
sts.setEnableLifetime(true);
sts.setTtl(lifetime.intValue());
}
-
+
return handlePreAuthenticated((PreAuthenticatedAuthenticationToken)authentication, sts);
}
-
+
private Authentication handlePreAuthenticated(
PreAuthenticatedAuthenticationToken preauthenticatedToken,
IdpSTSClient sts
@@ -86,7 +86,7 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
if (cert == null) {
return null;
}
-
+
// Convert the received certificate to a DOM Element to write it out "OnBehalfOf"
Document doc = DOMUtils.createDocument();
X509Data certElem = new X509Data(doc);
@@ -97,25 +97,25 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
LOG.debug("Error parsing a client certificate", e);
return null;
}
-
+
try {
- // Line below may be uncommented for debugging
+ // Line below may be uncommented for debugging
// setTimeout(sts.getClient(), 3600000L);
SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-
+
List<GrantedAuthority> authorities = createAuthorities(token);
-
+
STSUserDetails details = new STSUserDetails(preauthenticatedToken.getName(),
"",
authorities,
token);
-
+
preauthenticatedToken.setDetails(details);
-
+
LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), preauthenticatedToken.getName());
return preauthenticatedToken;
-
+
} catch (Exception ex) {
LOG.info("Failed to authenticate user '" + preauthenticatedToken.getName() + "'", ex);
return null;
@@ -126,5 +126,5 @@ public class STSPreAuthAuthenticationProvider extends STSAuthenticationProvider
public boolean supports(Class<?> authentication) {
return authentication.equals(PreAuthenticatedAuthenticationToken.class);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
index 6e9130c..6db919b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUPAuthenticationProvider.java
@@ -42,14 +42,14 @@ import org.springframework.web.context.request.ServletRequestAttributes;
public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
private static final Logger LOG = LoggerFactory.getLogger(STSUPAuthenticationProvider.class);
-
+
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// We only handle UsernamePasswordAuthenticationTokens
if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
return null;
}
-
+
Bus cxfBus = getBus();
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
@@ -62,31 +62,31 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
sts.setWsdlLocation(wsdlLocation);
sts.setServiceQName(new QName(namespace, wsdlService));
sts.setEndpointQName(new QName(namespace, wsdlEndpoint));
-
+
sts.getProperties().putAll(properties);
if (use200502Namespace) {
sts.setNamespace(HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST);
}
-
+
if (lifetime != null) {
sts.setEnableLifetime(true);
sts.setTtl(lifetime.intValue());
}
-
+
return handleUsernamePassword((UsernamePasswordAuthenticationToken)authentication, sts);
}
-
+
private Authentication handleUsernamePassword(
UsernamePasswordAuthenticationToken usernamePasswordToken,
IdpSTSClient sts
) {
sts.getProperties().put(SecurityConstants.USERNAME, usernamePasswordToken.getName());
sts.getProperties().put(SecurityConstants.PASSWORD, (String)usernamePasswordToken.getCredentials());
-
+
try {
-
+
if (getCustomSTSParameter() != null) {
- HttpServletRequest request =
+ HttpServletRequest request =
((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
String authRealmParameter = request.getParameter(getCustomSTSParameter());
LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
@@ -95,16 +95,16 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
}
}
- // Line below may be uncommented for debugging
+ // Line below may be uncommented for debugging
// setTimeout(sts.getClient(), 3600000L);
SecurityToken token = sts.requestSecurityToken(this.appliesTo);
-
+
List<GrantedAuthority> authorities = createAuthorities(token);
-
- UsernamePasswordAuthenticationToken upat =
- new UsernamePasswordAuthenticationToken(usernamePasswordToken.getName(),
- usernamePasswordToken.getCredentials(),
+
+ UsernamePasswordAuthenticationToken upat =
+ new UsernamePasswordAuthenticationToken(usernamePasswordToken.getName(),
+ usernamePasswordToken.getCredentials(),
authorities);
STSUserDetails details = new STSUserDetails(usernamePasswordToken.getName(),
@@ -115,17 +115,17 @@ public class STSUPAuthenticationProvider extends STSAuthenticationProvider {
LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), usernamePasswordToken.getName());
return upat;
-
+
} catch (Exception ex) {
LOG.info("Failed to authenticate user '" + usernamePasswordToken.getName() + "'", ex);
return null;
}
-
+
}
-
+
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
index 080bcb4..4178b07 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/STSUserDetails.java
@@ -25,18 +25,18 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
public class STSUserDetails extends User {
-
+
private static final long serialVersionUID = 1975259365978165675L;
-
+
private SecurityToken token;
-
+
public STSUserDetails(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked,
Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
-
- public STSUserDetails(String username, String password,
+
+ public STSUserDetails(String username, String password,
Collection<? extends GrantedAuthority> authorities, SecurityToken token) {
super(username, password, true, true, true, true, authorities);
this.token = token;
@@ -51,23 +51,23 @@ public class STSUserDetails extends User {
if (!(object instanceof STSUserDetails)) {
return false;
}
-
+
if (token != null && !token.equals(((STSUserDetails)object).token)) {
return false;
} else if (token == null && ((STSUserDetails)object).token != null) {
return false;
}
-
+
return super.equals(object);
}
-
+
@Override
public int hashCode() {
int hashCode = 17;
if (token != null) {
hashCode *= 31 * token.hashCode();
}
-
+
return hashCode * super.hashCode();
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
index 25780d2..fa40a55 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/CommonsURLValidator.java
@@ -37,7 +37,7 @@ public class CommonsURLValidator {
if (endpointAddress == null) {
return true;
}
-
+
// The endpointAddress address must be a valid URL + start with http(s)
// Validate it first using commons-validator
UrlValidator urlValidator = new UrlValidator(new String[] {"http", "https"}, UrlValidator.ALLOW_LOCAL_URLS);
@@ -45,8 +45,8 @@ public class CommonsURLValidator {
LOG.warn("The given endpointAddress parameter {} is not a valid URL", endpointAddress);
return false;
}
-
+
return true;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
index cbe4ee8..b65fe09 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
@@ -37,13 +37,13 @@ public class IdpTokenExpiredAction {
public boolean isTokenExpired(String homeRealm, RequestContext context)
throws Exception {
-
- SecurityToken idpToken =
+
+ SecurityToken idpToken =
(SecurityToken) WebUtils.getAttributeFromExternalContext(context, homeRealm);
if (idpToken == null) {
return true;
}
-
+
if (tokenExpirationValidation && idpToken.isExpired()) {
LOG.info("[IDP_TOKEN=" + idpToken.getId() + "] is expired.");
return true;
@@ -57,7 +57,7 @@ public class IdpTokenExpiredAction {
}
/**
- * Set whether the token validation (e.g. lifetime) shall be performed on every request (true) or only
+ * Set whether the token validation (e.g. lifetime) shall be performed on every request (true) or only
* once at initial authentication (false). The default is "true" (note that the plugins default for this
* configuration option is "true").
* @param tokenExpirationValidation Whether to perform token expiration validation per request
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
index 3f5be36..7ef61b2 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/PassiveRequestorValidator.java
@@ -42,25 +42,25 @@ public class PassiveRequestorValidator {
if (endpointAddress == null) {
return true;
}
-
+
Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, "idpConfig");
Application serviceConfig = idpConfig.findApplication(realm);
if (serviceConfig == null) {
LOG.warn("No service config found for " + realm);
return false;
}
-
- if (serviceConfig.getPassiveRequestorEndpoint() == null
+
+ if (serviceConfig.getPassiveRequestorEndpoint() == null
&& serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) {
LOG.error("Either the 'passiveRequestorEndpoint' or the 'passiveRequestorEndpointConstraint' "
+ "configuration values must be specified for the application");
- } else if (serviceConfig.getPassiveRequestorEndpoint() != null
+ } else if (serviceConfig.getPassiveRequestorEndpoint() != null
&& serviceConfig.getPassiveRequestorEndpoint().equals(endpointAddress)) {
- LOG.debug("The supplied endpoint address {} matches the configured passive requestor endpoint value",
+ LOG.debug("The supplied endpoint address {} matches the configured passive requestor endpoint value",
endpointAddress);
return true;
} else if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() != null) {
- Matcher matcher =
+ Matcher matcher =
serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress);
if (matcher.matches()) {
return true;
@@ -69,8 +69,8 @@ public class PassiveRequestorValidator {
endpointAddress);
}
}
-
+
return false;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
index c2a8e26..5984fa4 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
@@ -61,20 +61,20 @@ import org.springframework.webflow.execution.RequestContext;
public class STSClientAction {
- private static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY =
+ private static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY =
"http://schemas.xmlsoap.org/ws/2005/05/identity";
- private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
+ private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
-
- private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY =
+
+ private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
private static final String HTTP_WWW_W3_ORG_2005_08_ADDRESSING = "http://www.w3.org/2005/08/addressing";
- private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
+ private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512 =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-
+
private static final String HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST =
"http://schemas.xmlsoap.org/ws/2005/02/trust";
@@ -82,29 +82,29 @@ public class STSClientAction {
private static final Logger LOG = LoggerFactory
.getLogger(STSClientAction.class);
-
+
protected String namespace = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512;
protected String wsdlLocation;
protected String wsdlEndpoint;
-
+
protected String wsdlService = SECURITY_TOKEN_SERVICE;
-
+
protected String tokenType = WSConstants.WSS_SAML2_TOKEN_TYPE;
-
+
protected Map<String, Object> properties;
-
+
protected boolean use200502Namespace;
-
+
protected int ttl = 1800;
-
+
protected Bus bus;
-
+
private boolean isPortSet;
-
+
private String keyType = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER;
-
+
private String customSTSParameter;
@@ -132,7 +132,7 @@ public class STSClientAction {
public void setWsdlEndpoint(String wsdlEndpoint) {
this.wsdlEndpoint = wsdlEndpoint;
}
-
+
public String getWsdlService() {
return wsdlService;
}
@@ -140,7 +140,7 @@ public class STSClientAction {
public void setWsdlService(String wsdlService) {
this.wsdlService = wsdlService;
}
-
+
public String getNamespace() {
return namespace;
}
@@ -148,7 +148,7 @@ public class STSClientAction {
public void setNamespace(String namespace) {
this.namespace = namespace;
}
-
+
public void setBus(Bus bus) {
this.bus = bus;
}
@@ -173,7 +173,7 @@ public class STSClientAction {
public void setTtl(int ttl) {
this.ttl = ttl;
}
-
+
public String getCustomSTSParameter() {
return customSTSParameter;
}
@@ -181,7 +181,7 @@ public class STSClientAction {
public void setCustomSTSParameter(String customSTSParameter) {
this.customSTSParameter = customSTSParameter;
}
-
+
/**
* @param context the webflow request context
* @param realm The client/application realm
@@ -190,7 +190,7 @@ public class STSClientAction {
*/
public Element submit(RequestContext context, String realm, String homeRealm)
throws Exception {
-
+
SecurityToken idpToken = getSecurityToken(context, homeRealm);
Bus cxfBus = getBus();
@@ -198,13 +198,13 @@ public class STSClientAction {
IdpSTSClient sts = new IdpSTSClient(cxfBus);
sts.setAddressingNamespace(HTTP_WWW_W3_ORG_2005_08_ADDRESSING);
-
+
Application serviceConfig = idpConfig.findApplication(realm);
if (serviceConfig == null) {
LOG.warn("No service config found for " + realm);
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
// Parse wreq parameter - we only support parsing TokenType and KeyType for now
String wreq = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REQUEST);
String stsTokenType = null;
@@ -216,12 +216,12 @@ public class STSClientAction {
if (wreqElement != null && "RequestSecurityToken".equals(wreqElement.getLocalName())
&& (STSUtils.WST_NS_05_12.equals(wreqElement.getNamespaceURI())
|| HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_02_TRUST.equals(wreqElement.getNamespaceURI()))) {
- Element tokenTypeElement =
+ Element tokenTypeElement =
DOMUtils.getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "TokenType");
if (tokenTypeElement != null) {
stsTokenType = tokenTypeElement.getTextContent();
}
- Element keyTypeElement =
+ Element keyTypeElement =
DOMUtils.getFirstChildWithName(wreqElement, wreqElement.getNamespaceURI(), "KeyType");
if (keyTypeElement != null) {
stsKeyType = keyTypeElement.getTextContent();
@@ -232,7 +232,7 @@ public class STSClientAction {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
+
if (stsTokenType != null) {
sts.setTokenType(stsTokenType);
} else if (serviceConfig.getTokenType() != null && serviceConfig.getTokenType().length() > 0) {
@@ -240,18 +240,18 @@ public class STSClientAction {
} else {
sts.setTokenType(getTokenType());
}
-
+
if (serviceConfig.getPolicyNamespace() != null && serviceConfig.getPolicyNamespace().length() > 0) {
sts.setWspNamespace(serviceConfig.getPolicyNamespace());
}
-
+
LOG.debug("TokenType {} set for realm {}", sts.getTokenType(), realm);
-
+
sts.setKeyType(stsKeyType);
if (HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY.equals(stsKeyType)) {
HttpServletRequest servletRequest = WebUtils.getHttpServletRequest(context);
if (servletRequest != null) {
- X509Certificate certs[] =
+ X509Certificate certs[] =
(X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate");
if (certs != null && certs.length > 0) {
sts.setUseCertificateForConfirmationKeyInfo(true);
@@ -275,18 +275,18 @@ public class STSClientAction {
addClaims(sts, serviceConfig.getRequestedClaims());
LOG.debug("Requested claims set for {}", realm);
}
-
+
sts.setEnableLifetime(true);
setLifetime(sts, serviceConfig, realm);
-
+
sts.setEnableAppliesTo(serviceConfig.isEnableAppliesTo());
-
+
sts.setOnBehalfOf(idpToken.getToken());
-
+
if (properties != null) {
sts.setProperties(properties);
}
-
+
if (getCustomSTSParameter() != null) {
String authRealmParameter = context.getRequestParameters().get(getCustomSTSParameter());
LOG.debug("Found {} custom STS parameter {}", getCustomSTSParameter(), authRealmParameter);
@@ -294,13 +294,13 @@ public class STSClientAction {
sts.setCustomContent(authRealmParameter);
}
}
-
+
Element rpToken = null;
try {
rpToken = sts.requestSecurityTokenResponse(realm);
} catch (SoapFault ex) {
LOG.error("Error in retrieving a token", ex.getMessage());
- if (ex.getFaultCode() != null
+ if (ex.getFaultCode() != null
&& "RequestFailed".equals(ex.getFaultCode().getLocalPart())) {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
@@ -309,23 +309,23 @@ public class STSClientAction {
if (LOG.isInfoEnabled()) {
String id = getIdFromToken(rpToken);
-
+
LOG.info("[RP_TOKEN={}] successfully created for realm [{}] on behalf of [IDP_TOKEN={}]",
id, realm, idpToken.getId());
}
return rpToken;
}
-
+
private String getIdFromToken(Element token) throws IOException, XMLStreamException {
if (token != null) {
NodeList nd = token.getElementsByTagNameNS(WSConstants.SAML2_NS, "Assertion");
-
+
String identifier = "ID";
if (nd.getLength() == 0) {
nd = token.getElementsByTagNameNS(WSConstants.SAML_NS, "Assertion");
identifier = "AssertionID";
}
-
+
if (nd.getLength() > 0) {
Element e = (Element) nd.item(0);
if (e.hasAttributeNS(null, identifier)) {
@@ -333,7 +333,7 @@ public class STSClientAction {
}
}
}
-
+
return "";
}
@@ -349,7 +349,7 @@ public class STSClientAction {
}
return idpToken;
}
-
+
private void processWsdlLocation(RequestContext context) {
if (!isPortSet) {
@@ -357,7 +357,7 @@ public class STSClientAction {
URL url = new URL(this.wsdlLocation);
URL updatedUrl = new URL(url.getProtocol(), url.getHost(),
WebUtils.getHttpServletRequest(context).getLocalPort(), url.getFile());
-
+
setSTSWsdlUrl(updatedUrl.toString());
LOG.info("STS WSDL URL updated to {}", updatedUrl.toString());
} catch (MalformedURLException e) {
@@ -368,7 +368,7 @@ public class STSClientAction {
private void addClaims(STSClient sts, List<RequestClaim> requestClaimList)
throws ParserConfigurationException, XMLStreamException {
-
+
Element claims = createClaimsElement(requestClaimList);
if (claims != null) {
sts.setClaims(claims);
@@ -395,7 +395,7 @@ public class STSClientAction {
writer.writeStartElement("ic", "ClaimType",
HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
writer.writeAttribute("Uri", item.getClaimType().toString());
- writer.writeAttribute("Optional", Boolean.toString(item.isOptional()));
+ writer.writeAttribute("Optional", Boolean.toString(item.isOptional()));
writer.writeEndElement();
}
}
@@ -404,7 +404,7 @@ public class STSClientAction {
return writer.getDocument().getDocumentElement();
}
-
+
private synchronized void setSTSWsdlUrl(String wsdlUrl) {
this.wsdlLocation = wsdlUrl;
this.isPortSet = true;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
index 4665cb5..e36ecf4 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TokenSerializer.java
@@ -53,10 +53,10 @@ public class TokenSerializer {
LOG.warn("nodeToString Transformer Exception");
}
String serializedToken = sw.toString();
-
+
return org.apache.commons.lang3.StringEscapeUtils.escapeXml11(serializedToken);
}
-
+
return null;
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
index 9ea2de2..e9c861f 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/TrustedIdpProtocolAction.java
@@ -40,28 +40,28 @@ import org.springframework.webflow.execution.RequestContext;
public class TrustedIdpProtocolAction {
private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpProtocolAction.class);
-
+
private static final String IDP_CONFIG = "idpConfig";
-
+
@Autowired
// Qualifier workaround. See http://www.jayway.com/2013/11/03/spring-and-autowiring-of-generic-types/
@Qualifier("trustedIdpProtocolControllerImpl")
private ProtocolController<TrustedIdpProtocolHandler> trustedIdpProtocolHandlers;
-
+
public String mapSignInRequest(RequestContext requestContext, String trustedIdpRealm) {
LOG.info("Prepare redirect to Trusted IDP '{}'", trustedIdpRealm);
-
+
Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
-
+
TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
if (trustedIdp == null) {
LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
}
-
+
String protocol = trustedIdp.getProtocol();
LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);
-
+
TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
if (protocolHandler == null) {
LOG.error("No ProtocolHandler found for {}", protocol);
@@ -71,21 +71,21 @@ public class TrustedIdpProtocolAction {
LOG.info("Redirect url {}", redirectUrl.toString());
return redirectUrl.toString();
}
-
+
public SecurityToken mapSignInResponse(RequestContext requestContext, String trustedIdpRealm) {
LOG.info("Prepare validate SignInResponse of Trusted IDP '{}'", trustedIdpRealm);
-
+
Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);
-
+
TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
if (trustedIdp == null) {
LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
}
-
+
String protocol = trustedIdp.getProtocol();
LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);
-
+
TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
if (protocolHandler == null) {
LOG.error("No ProtocolHandler found for {}", protocol);
[02/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
index cd68992..f358924 100644
--- a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
+++ b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/Spring2Test.java
@@ -50,10 +50,10 @@ public class Spring2Test extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -72,13 +72,13 @@ public class Spring2Test extends AbstractTests {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -92,8 +92,8 @@ public class Spring2Test extends AbstractTests {
e.printStackTrace();
}
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -128,11 +128,11 @@ public class Spring2Test extends AbstractTests {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
- File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
+ File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-systests-webapps-spring2");
server.addWebapp("/fedizhelloworld_spring2", rpWebapp.getAbsolutePath());
}
@@ -151,54 +151,54 @@ public class Spring2Test extends AbstractTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizhelloworld_spring2";
}
-
+
@Ignore("This tests is currently failing on Spring")
@Override
public void testConcurrentRequests() throws Exception {
// super.testConcurrentRequests();
}
-
+
@Test
@Ignore("Logout not supported with Spring2")
@Override
public void testIdPLogout() throws Exception {
-
+
}
-
+
@Test
@Ignore("Logout not supported with Spring2")
@Override
public void testIdPLogoutCleanup() throws Exception {
-
+
}
-
+
@Test
@Ignore("Logout not supported with Spring2")
@Override
public void testRPLogout() throws Exception {
-
+
}
-
+
@Test
@Ignore("Logout not supported with Spring2")
@Override
public void testRPLogoutViaAction() throws Exception {
-
+
}
-
+
@Override
@Test
public void testAliceModifiedSignature() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
// Get the initial token
CookieManager cookieManager = new CookieManager();
final WebClient webClient = new WebClient();
@@ -224,9 +224,9 @@ public class Spring2Test extends AbstractTests {
result.setAttributeNS(null, "value", value);
}
}
-
+
// Invoke back on the RP
-
+
final HtmlForm form = idpPage.getFormByName("signinresponseform");
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
@@ -242,20 +242,20 @@ public class Spring2Test extends AbstractTests {
webClient.close();
}
-
+
@Override
@Test
@Ignore
public void testEntityExpansionAttack() throws Exception {
}
-
+
@Override
@org.junit.Test
public void testCSRFAttack() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/j_spring_fediz_security_check";
csrfAttackTest(url);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java
index 93b4201..db09cde 100644
--- a/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java
+++ b/systests/spring/src/test/java/org/apache/cxf/fediz/integrationtests/SpringTest.java
@@ -37,10 +37,10 @@ public class SpringTest extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -59,13 +59,13 @@ public class SpringTest extends AbstractTests {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -79,8 +79,8 @@ public class SpringTest extends AbstractTests {
e.printStackTrace();
}
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -115,11 +115,11 @@ public class SpringTest extends AbstractTests {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
- File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
+ File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-systests-webapps-spring");
server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
}
@@ -138,22 +138,22 @@ public class SpringTest extends AbstractTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@Ignore("This tests is currently failing on Spring")
@Override
public void testConcurrentRequests() throws Exception {
// super.testConcurrentRequests();
}
-
+
@Override
@org.junit.Test
public void testCSRFAttack() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/j_spring_fediz_security_check";
csrfAttackTest(url);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java
index e8edc88..0282356 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java
@@ -39,7 +39,7 @@ import org.apache.wss4j.dom.engine.WSSConfig;
import org.junit.Assert;
public abstract class AbstractClientCertTests {
-
+
static {
WSSConfig.init();
}
@@ -49,7 +49,7 @@ public abstract class AbstractClientCertTests {
}
public abstract String getServletContextName();
-
+
public abstract String getIdpHttpsPort();
public abstract String getRpHttpsPort();
@@ -57,7 +57,7 @@ public abstract class AbstractClientCertTests {
@org.junit.Test
public void testClientAuthentication() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
-
+
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
@@ -70,7 +70,7 @@ public abstract class AbstractClientCertTests {
final HtmlForm form = idpPage.getFormByName("signinresponseform");
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
+
// Test the Subject Confirmation method here
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
@@ -81,7 +81,7 @@ public abstract class AbstractClientCertTests {
break;
}
}
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"));
final HtmlPage rpPage = button.click();
@@ -98,7 +98,7 @@ public abstract class AbstractClientCertTests {
bodyTextContent.contains("role:Manager=false"));
Assert.assertTrue("User " + user + " must have role User",
bodyTextContent.contains("role:User=true"));
-
+
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
bodyTextContent.contains(claim + "=Alice"));
@@ -108,15 +108,15 @@ public abstract class AbstractClientCertTests {
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
-
+
// webClient.close();
}
-
+
@org.junit.Test
public void testDifferentClientCertificate() throws Exception {
// Get the initial wresult from the IdP
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
-
+
CookieManager cookieManager = new CookieManager();
final WebClient webClient = new WebClient();
webClient.setCookieManager(cookieManager);
@@ -146,17 +146,17 @@ public abstract class AbstractClientCertTests {
}
}
Assert.assertTrue(wctx != null && wtrealm != null);
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"));
// webClient.close();
-
+
// Now invoke on the RP using the saved parameters above, but a different client cert!
final WebClient webClient2 = new WebClient();
webClient2.setCookieManager(cookieManager);
webClient2.getOptions().setUseInsecureSSL(true);
webClient2.getOptions().setSSLClientCertificate(
this.getClass().getClassLoader().getResource("server.jks"), "tompass", "jks");
-
+
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index d33e212..07c5958 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -404,7 +404,7 @@ public abstract class AbstractTests {
// webClient.close();
}
-
+
@Test
public void testRPLogoutViaAction() throws Exception {
@@ -447,7 +447,7 @@ public abstract class AbstractTests {
// webClient.close();
}
-
+
@Test
public void testIdPLogout() throws Exception {
@@ -677,13 +677,13 @@ public abstract class AbstractTests {
}
// webClient2.close();
}
-
+
@Test
public void testEntityExpansionAttack() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
// Get the initial token
CookieManager cookieManager = new CookieManager();
final WebClient webClient = new WebClient();
@@ -703,7 +703,7 @@ public abstract class AbstractTests {
String entity = IOUtils.toString(this.getClass().getClassLoader().getResource("entity.xml").openStream());
String reference = "&m;";
-
+
for (DomElement result : results) {
if ("wresult".equals(result.getAttributeNS(null, "name"))) {
// Now modify the Signature
@@ -713,9 +713,9 @@ public abstract class AbstractTests {
result.setAttributeNS(null, "value", value);
}
}
-
+
// Invoke back on the RP
-
+
final HtmlForm form = idpPage.getFormByName("signinresponseform");
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
@@ -737,12 +737,12 @@ public abstract class AbstractTests {
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
csrfAttackTest(url);
}
-
+
protected void csrfAttackTest(String rpURL) throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
// 1. Log in as "alice"
WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
@@ -757,12 +757,12 @@ public abstract class AbstractTests {
final HtmlForm form = idpPage.getFormByName("signinresponseform");
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
+
final HtmlPage rpPage = button.click();
Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
|| "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));
-
-
+
+
// 2. Log in as "bob" using another WebClient
WebClient webClient2 = new WebClient();
webClient2.getOptions().setUseInsecureSSL(true);
@@ -776,11 +776,11 @@ public abstract class AbstractTests {
Assert.assertEquals("IDP SignIn Response Form", idpPage2.getTitleText());
// 3. Now instead of clicking on the form, send the form via alice's WebClient instead
-
+
// Send with context...
WebRequest request = new WebRequest(new URL(rpURL), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
-
+
DomNodeList<DomElement> results = idpPage2.getElementsByTagName("input");
for (DomElement result : results) {
@@ -791,16 +791,16 @@ public abstract class AbstractTests {
request.getRequestParameters().add(new NameValuePair(result.getAttributeNS(null, "name"), value));
}
}
-
+
try {
webClient.getPage(request);
Assert.fail("Failure expected on a CSRF attack");
} catch (FailingHttpStatusCodeException ex) {
// expected
}
-
+
// webClient.close();
-
+
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
index 921e97f..f5a530d 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
@@ -41,7 +41,7 @@ public final class HTTPTestUtils {
private HTTPTestUtils() {
// complete
}
-
+
public static String login(String url, String user, String password, String idpPort) throws IOException {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
@@ -64,7 +64,7 @@ public final class HTTPTestUtils {
// webClient.close();
return rpPage.getBody().getTextContent();
}
-
+
public static String loginForSAMLSSO(String url, String user, String password, String idpPort) throws IOException {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
@@ -78,8 +78,8 @@ public final class HTTPTestUtils {
// webClient.close();
return rpPage.getBody().getTextContent();
}
-
- public static String loginWithCookieManager(String url, String user, String password,
+
+ public static String loginWithCookieManager(String url, String user, String password,
String idpPort, CookieManager cookieManager) throws IOException {
final WebClient webClient = new WebClient();
webClient.setCookieManager(cookieManager);
@@ -103,7 +103,7 @@ public final class HTTPTestUtils {
// webClient.close();
return rpPage.getBody().getTextContent();
}
-
+
public static void logout(String url, CookieManager cookieManager) throws IOException {
final WebClient webClient = new WebClient();
webClient.setCookieManager(cookieManager);
@@ -125,10 +125,10 @@ public final class HTTPTestUtils {
//we should get a fault if the image isn't available.
webClient.getPage(imgSrc);
}
-
+
// webClient.close();
}
-
+
public static void logoutCleanup(String url, CookieManager cookieManager) throws IOException {
final WebClient webClient = new WebClient();
webClient.setCookieManager(cookieManager);
@@ -138,7 +138,7 @@ public final class HTTPTestUtils {
Assert.assertEquals("IDP SignOut Response Page", idpPage.getTitleText());
Assert.assertTrue(idpPage.asText().contains("CXF Fediz IDP successful logout"));
-
+
DomNodeList<DomElement> images = idpPage.getElementsByTagName("img");
Assert.assertEquals(1, images.getLength());
for (int i = 0; i < images.size(); i++) {
@@ -148,7 +148,7 @@ public final class HTTPTestUtils {
//we should get a fault if the image isn't available.
webClient.getPage(imgSrc);
}
-
+
// webClient.close();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java
index d9822cb..929e6f6 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java
@@ -53,10 +53,10 @@ public class AudienceRestrictionTest {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -66,8 +66,8 @@ public class AudienceRestrictionTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -76,8 +76,8 @@ public class AudienceRestrictionTest {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -112,13 +112,13 @@ public class AudienceRestrictionTest {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config_aud_restr.xml");
@@ -127,13 +127,13 @@ public class AudienceRestrictionTest {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config_aud_restr.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config_aud_restr.xml");
@@ -144,13 +144,13 @@ public class AudienceRestrictionTest {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -172,17 +172,17 @@ public class AudienceRestrictionTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@org.junit.Test
public void testSAMLTokenWithNonMatchingAudienceRestriction() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
@@ -193,7 +193,7 @@ public class AudienceRestrictionTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
final HtmlForm form = idpPage.getFormByName("signinresponseform");
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
@@ -206,5 +206,5 @@ public class AudienceRestrictionTest {
webClient.close();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
index 547d03a..4ecacf0 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
@@ -45,10 +45,10 @@ public class ClientCertificateTest extends AbstractClientCertTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -58,8 +58,8 @@ public class ClientCertificateTest extends AbstractClientCertTests {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -68,8 +68,8 @@ public class ClientCertificateTest extends AbstractClientCertTests {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -104,13 +104,13 @@ public class ClientCertificateTest extends AbstractClientCertTests {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config_client_cert.xml");
@@ -119,13 +119,13 @@ public class ClientCertificateTest extends AbstractClientCertTests {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config_client_cert.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config_client_cert.xml");
@@ -136,13 +136,13 @@ public class ClientCertificateTest extends AbstractClientCertTests {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -164,9 +164,9 @@ public class ClientCertificateTest extends AbstractClientCertTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
index e2f402c..a323696 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
@@ -29,11 +29,11 @@ import org.apache.cxf.fediz.core.spi.WReqCallback;
public class HOKCallbackHandler implements CallbackHandler {
- static final String HOK_WREQ =
+ static final String HOK_WREQ =
"<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ "<KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</KeyType>"
+ "</RequestSecurityToken>";
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WReqCallback) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
index cd86f28..c67ba64 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
@@ -55,10 +55,10 @@ public class HolderOfKeyTest {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -68,8 +68,8 @@ public class HolderOfKeyTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -78,8 +78,8 @@ public class HolderOfKeyTest {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -114,13 +114,13 @@ public class HolderOfKeyTest {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config_hok.xml");
@@ -129,13 +129,13 @@ public class HolderOfKeyTest {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config_hok.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config_hok.xml");
@@ -146,13 +146,13 @@ public class HolderOfKeyTest {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -166,7 +166,7 @@ public class HolderOfKeyTest {
e.printStackTrace();
}
}
-
+
public String getIdpHttpsPort() {
return idpHttpsPort;
}
@@ -174,17 +174,17 @@ public class HolderOfKeyTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@org.junit.Test
public void testHolderOfKey() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
@@ -200,7 +200,7 @@ public class HolderOfKeyTest {
final HtmlForm form = idpPage.getFormByName("signinresponseform");
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
+
// Test the Subject Confirmation method here
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
@@ -211,9 +211,9 @@ public class HolderOfKeyTest {
break;
}
}
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"));
-
+
final HtmlPage rpPage = button.click();
Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
@@ -227,7 +227,7 @@ public class HolderOfKeyTest {
bodyTextContent.contains("role:Manager=false"));
Assert.assertTrue("User " + user + " must have role User",
bodyTextContent.contains("role:User=true"));
-
+
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
bodyTextContent.contains(claim + "=Alice"));
@@ -237,8 +237,8 @@ public class HolderOfKeyTest {
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
-
+
webClient.close();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java
index eca3695..776b458 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java
@@ -29,11 +29,11 @@ import org.apache.cxf.fediz.core.spi.WReqCallback;
public class TestCallbackHandler implements CallbackHandler {
- static final String TEST_WREQ =
+ static final String TEST_WREQ =
"<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ "<TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType>"
+ "</RequestSecurityToken>";
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WReqCallback) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
index 2dcd8ec..b5e10c9 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
@@ -42,10 +42,10 @@ public class TomcatTest extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -55,8 +55,8 @@ public class TomcatTest extends AbstractTests {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -65,8 +65,8 @@ public class TomcatTest extends AbstractTests {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -101,13 +101,13 @@ public class TomcatTest extends AbstractTests {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config.xml");
@@ -116,13 +116,13 @@ public class TomcatTest extends AbstractTests {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config.xml");
@@ -133,13 +133,13 @@ public class TomcatTest extends AbstractTests {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -163,10 +163,10 @@ public class TomcatTest extends AbstractTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java
index 2afb162..95bd271 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java
@@ -55,10 +55,10 @@ public class WReqTest {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -68,8 +68,8 @@ public class WReqTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -78,8 +78,8 @@ public class WReqTest {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -114,13 +114,13 @@ public class WReqTest {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config_wreq.xml");
@@ -129,13 +129,13 @@ public class WReqTest {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config_wreq.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config_wreq.xml");
@@ -146,13 +146,13 @@ public class WReqTest {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -174,19 +174,19 @@ public class WReqTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@org.junit.Test
public void testSAML1TokenViaWReq() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
final String bodyTextContent = login(url, user, password, getIdpHttpsPort());
-
+
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
Assert.assertTrue("User " + user + " does not have role Admin",
@@ -207,7 +207,7 @@ public class WReqTest {
bodyTextContent.contains(claim + "=alice@realma.org"));
}
-
+
private static String login(String url, String user, String password, String idpPort) throws IOException {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
@@ -219,7 +219,7 @@ public class WReqTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
// Test the SAML Version here
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
@@ -230,7 +230,7 @@ public class WReqTest {
break;
}
}
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:1.0:cm:bearer"));
final HtmlForm form = idpPage.getFormByName("signinresponseform");
@@ -242,5 +242,5 @@ public class WReqTest {
webClient.close();
return rpPage.getBody().getTextContent();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java
index 673b868..efcecbf 100644
--- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java
+++ b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java
@@ -53,10 +53,10 @@ public class AudienceRestrictionTest {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -66,8 +66,8 @@ public class AudienceRestrictionTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -76,8 +76,8 @@ public class AudienceRestrictionTest {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -112,13 +112,13 @@ public class AudienceRestrictionTest {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config_aud_restr.xml");
@@ -127,13 +127,13 @@ public class AudienceRestrictionTest {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config_aud_restr.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config_aud_restr.xml");
@@ -144,13 +144,13 @@ public class AudienceRestrictionTest {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -172,17 +172,17 @@ public class AudienceRestrictionTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@org.junit.Test
public void testSAMLTokenWithNonMatchingAudienceRestriction() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
@@ -193,7 +193,7 @@ public class AudienceRestrictionTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
final HtmlForm form = idpPage.getFormByName("signinresponseform");
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
@@ -206,5 +206,5 @@ public class AudienceRestrictionTest {
webClient.close();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
index 9faf41d..a2c5a6b 100644
--- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
+++ b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
@@ -45,10 +45,10 @@ public class ClientCertificateTest extends AbstractClientCertTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -58,8 +58,8 @@ public class ClientCertificateTest extends AbstractClientCertTests {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -68,8 +68,8 @@ public class ClientCertificateTest extends AbstractClientCertTests {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -104,13 +104,13 @@ public class ClientCertificateTest extends AbstractClientCertTests {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config_client_cert.xml");
@@ -119,13 +119,13 @@ public class ClientCertificateTest extends AbstractClientCertTests {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config_client_cert.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config_client_cert.xml");
@@ -136,13 +136,13 @@ public class ClientCertificateTest extends AbstractClientCertTests {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -164,9 +164,9 @@ public class ClientCertificateTest extends AbstractClientCertTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
index e2f402c..a323696 100644
--- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
+++ b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
@@ -29,11 +29,11 @@ import org.apache.cxf.fediz.core.spi.WReqCallback;
public class HOKCallbackHandler implements CallbackHandler {
- static final String HOK_WREQ =
+ static final String HOK_WREQ =
"<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ "<KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</KeyType>"
+ "</RequestSecurityToken>";
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WReqCallback) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
index b82ed9d..2abb4b4 100644
--- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
+++ b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
@@ -55,10 +55,10 @@ public class HolderOfKeyTest {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -68,8 +68,8 @@ public class HolderOfKeyTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -78,8 +78,8 @@ public class HolderOfKeyTest {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -114,13 +114,13 @@ public class HolderOfKeyTest {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config_hok.xml");
@@ -129,13 +129,13 @@ public class HolderOfKeyTest {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config_hok.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config_hok.xml");
@@ -146,13 +146,13 @@ public class HolderOfKeyTest {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -174,17 +174,17 @@ public class HolderOfKeyTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@org.junit.Test
public void testHolderOfKey() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
@@ -200,7 +200,7 @@ public class HolderOfKeyTest {
final HtmlForm form = idpPage.getFormByName("signinresponseform");
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
+
// Test the Subject Confirmation method here
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
@@ -211,9 +211,9 @@ public class HolderOfKeyTest {
break;
}
}
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"));
-
+
final HtmlPage rpPage = button.click();
Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
@@ -227,7 +227,7 @@ public class HolderOfKeyTest {
bodyTextContent.contains("role:Manager=false"));
Assert.assertTrue("User " + user + " must have role User",
bodyTextContent.contains("role:User=true"));
-
+
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
bodyTextContent.contains(claim + "=Alice"));
@@ -237,8 +237,8 @@ public class HolderOfKeyTest {
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
-
+
webClient.close();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java
index eca3695..776b458 100644
--- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java
+++ b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TestCallbackHandler.java
@@ -29,11 +29,11 @@ import org.apache.cxf.fediz.core.spi.WReqCallback;
public class TestCallbackHandler implements CallbackHandler {
- static final String TEST_WREQ =
+ static final String TEST_WREQ =
"<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ "<TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType>"
+ "</RequestSecurityToken>";
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WReqCallback) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
index 9fce8e6..66acdc0 100644
--- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
+++ b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
@@ -42,10 +42,10 @@ public class TomcatTest extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -55,8 +55,8 @@ public class TomcatTest extends AbstractTests {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -65,8 +65,8 @@ public class TomcatTest extends AbstractTests {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -101,13 +101,13 @@ public class TomcatTest extends AbstractTests {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config.xml");
@@ -116,13 +116,13 @@ public class TomcatTest extends AbstractTests {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config.xml");
@@ -133,13 +133,13 @@ public class TomcatTest extends AbstractTests {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -163,10 +163,10 @@ public class TomcatTest extends AbstractTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java
index 3b90b82..7bea676 100644
--- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java
+++ b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/WReqTest.java
@@ -55,10 +55,10 @@ public class WReqTest {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -68,8 +68,8 @@ public class WReqTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -78,8 +78,8 @@ public class WReqTest {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -114,13 +114,13 @@ public class WReqTest {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config_wreq.xml");
@@ -129,13 +129,13 @@ public class WReqTest {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config_wreq.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config_wreq.xml");
@@ -146,13 +146,13 @@ public class WReqTest {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -166,7 +166,7 @@ public class WReqTest {
e.printStackTrace();
}
}
-
+
public String getIdpHttpsPort() {
return idpHttpsPort;
}
@@ -174,19 +174,19 @@ public class WReqTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@org.junit.Test
public void testSAML1TokenViaWReq() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
final String bodyTextContent = login(url, user, password, getIdpHttpsPort());
-
+
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
Assert.assertTrue("User " + user + " does not have role Admin",
@@ -207,7 +207,7 @@ public class WReqTest {
bodyTextContent.contains(claim + "=alice@realma.org"));
}
-
+
private static String login(String url, String user, String password, String idpPort) throws IOException {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
@@ -219,7 +219,7 @@ public class WReqTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
// Test the SAML Version here
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
@@ -230,7 +230,7 @@ public class WReqTest {
break;
}
}
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:1.0:cm:bearer"));
final HtmlForm form = idpPage.getFormByName("signinresponseform");
@@ -242,5 +242,5 @@ public class WReqTest {
webClient.close();
return rpPage.getBody().getTextContent();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/webapps/cxfWebapp/src/main/java/org/apache/cxf/fediz/example/Service.java
----------------------------------------------------------------------
diff --git a/systests/webapps/cxfWebapp/src/main/java/org/apache/cxf/fediz/example/Service.java b/systests/webapps/cxfWebapp/src/main/java/org/apache/cxf/fediz/example/Service.java
index 21c88d5..b50511d 100644
--- a/systests/webapps/cxfWebapp/src/main/java/org/apache/cxf/fediz/example/Service.java
+++ b/systests/webapps/cxfWebapp/src/main/java/org/apache/cxf/fediz/example/Service.java
@@ -48,21 +48,21 @@ public class Service {
public String doGetAdmin(@Context UriInfo uriInfo) throws Exception {
return doGet(uriInfo);
}
-
+
@Path("/manager/fedservlet")
@RolesAllowed("Manager")
@GET
public String doGetManager(@Context UriInfo uriInfo) throws Exception {
return doGet(uriInfo);
}
-
+
@Path("/user/fedservlet")
@RolesAllowed({ "User", "Admin", "Manager" })
@GET
public String doGetUser(@Context UriInfo uriInfo) throws Exception {
return doGet(uriInfo);
}
-
+
@Path("/fedservlet")
@RolesAllowed({ "User", "Admin", "Manager", "Authenticated", "Secretary" })
@GET
@@ -70,7 +70,7 @@ public class Service {
public String doGetSecure(@Context UriInfo uriInfo) throws Exception {
return doGet(uriInfo);
}
-
+
// Just used for testing purposes...
@Path("/test.html")
@RolesAllowed({ "User", "Admin", "Manager", "Authenticated" })
@@ -83,12 +83,12 @@ public class Service {
out.append("<body>\n");
out.append("<P><H3>Secure Test</H3><P></P>");
out.append("</body>\n");
-
+
return out.toString();
}
-
+
private String doGet(@Context UriInfo uriInfo) throws Exception {
-
+
StringBuilder out = new StringBuilder();
out.append("<html>\n");
out.append("<head><title>WS Federation Systests Examples</title></head>\n");
@@ -101,36 +101,36 @@ public class Service {
out.append(p.getName());
}
out.append("</p>\n");
-
+
List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
for (String item: roleListToCheck) {
- out.append("<p>role:" + item + "="
- + ((messageContext.getSecurityContext().isUserInRole(item)) ? "true" : "false")
+ out.append("<p>role:" + item + "="
+ + ((messageContext.getSecurityContext().isUserInRole(item)) ? "true" : "false")
+ "</p>\n");
}
if (p instanceof FedizPrincipal) {
FedizPrincipal fp = (FedizPrincipal)p;
-
+
ClaimCollection claims = fp.getClaims();
for (Claim c: claims) {
out.append("<p>" + c.getClaimType().toString() + "=" + c.getValue() + "</p>\n");
}
-
+
Element el = fp.getLoginToken();
if (el != null) {
out.append("loginToken=FOUND{FedizPrincipal}<p>\n");
}
-
+
el = SecurityTokenThreadLocal.getToken();
if (el != null) {
out.append("loginToken=FOUND{SecurityTokenThreadLocal}<p>\n");
}
-
+
}
-
+
out.append("</body>\n");
-
+
return out.toString();
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/webapps/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/systests/webapps/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/systests/webapps/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index 873e0da..3b6f56b 100644
--- a/systests/webapps/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/systests/webapps/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -48,7 +48,7 @@ import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -9019993850246851112L;
@@ -69,7 +69,7 @@ public class FederationServlet extends HttpServlet {
out.print(p.getName());
}
out.println("</p>");
-
+
List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
for (String item: roleListToCheck) {
out.println("<p>role:" + item + "=" + ((request.isUserInRole(item)) ? "true" : "false") + "</p>");
@@ -77,17 +77,17 @@ public class FederationServlet extends HttpServlet {
if (p instanceof FedizPrincipal) {
FedizPrincipal fp = (FedizPrincipal)p;
-
+
ClaimCollection claims = fp.getClaims();
for (Claim c: claims) {
out.println("<p>" + c.getClaimType().toString() + "=" + c.getValue() + "</p>");
}
-
+
Element el = fp.getLoginToken();
if (el != null) {
out.println("loginToken=FOUND{FedizPrincipal}<p>");
}
-
+
el = SecurityTokenThreadLocal.getToken();
if (el != null) {
out.println("loginToken=FOUND{SecurityTokenThreadLocal}<p>");
@@ -109,7 +109,7 @@ public class FederationServlet extends HttpServlet {
}
}
-
+
out.println("</body>");
}
[09/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
index 53feb73..3bd4c53 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/AuthnRequestParser.java
@@ -81,7 +81,7 @@ public class AuthnRequestParser {
public void parseSAMLRequest(RequestContext context, Idp idp, String samlRequest,
String signature, String relayState) throws ProcessingException {
LOG.debug("Received SAML Request: {}", samlRequest);
-
+
if (samlRequest == null) {
WebUtils.removeAttribute(context, IdpConstants.SAML_AUTHN_REQUEST);
throw new ProcessingException(TYPE.BAD_REQUEST);
@@ -93,35 +93,35 @@ public class AuthnRequestParser {
LOG.warn("Error parsing request: {}", ex.getMessage());
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
// Store various attributes from the AuthnRequest
SAMLAuthnRequest authnRequest = new SAMLAuthnRequest(parsedRequest);
WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, authnRequest);
-
- validateSignature(context, parsedRequest, idp, signature, relayState,
+
+ validateSignature(context, parsedRequest, idp, signature, relayState,
samlRequest, authnRequest.getIssuer());
validateRequest(parsedRequest);
-
+
LOG.debug("SAML Request with id '{}' successfully parsed", parsedRequest.getID());
}
}
-
+
public String retrieveRealm(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
-
+
if (authnRequest != null) {
String issuer = authnRequest.getIssuer();
LOG.debug("Parsed SAML AuthnRequest Issuer: {}", issuer);
return issuer;
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return null;
}
-
+
public String retrieveConsumerURL(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest != null && authnRequest.getConsumerServiceURL() != null) {
@@ -129,13 +129,13 @@ public class AuthnRequestParser {
LOG.debug("Parsed SAML AuthnRequest Consumer URL: {}", consumerURL);
return consumerURL;
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return null;
}
-
+
public String retrieveRequestId(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest != null && authnRequest.getRequestId() != null) {
@@ -143,13 +143,13 @@ public class AuthnRequestParser {
LOG.debug("Parsed SAML AuthnRequest Id: {}", id);
return id;
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return null;
}
-
+
public String retrieveRequestIssuer(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest != null && authnRequest.getIssuer() != null) {
@@ -157,39 +157,39 @@ public class AuthnRequestParser {
LOG.debug("Parsed SAML AuthnRequest Issuer: {}", issuer);
return issuer;
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return null;
}
-
+
public boolean isForceAuthentication(RequestContext context) {
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest != null) {
return authnRequest.isForceAuthn();
}
-
+
LOG.debug("No AuthnRequest available to be parsed");
return false;
}
-
+
protected AuthnRequest extractRequest(RequestContext context, String samlRequest) throws Exception {
byte[] deflatedToken = Base64Utility.decode(samlRequest);
String httpMethod = WebUtils.getHttpServletRequest(context).getMethod();
-
+
InputStream tokenStream = supportDeflateEncoding || "GET".equals(httpMethod)
? new DeflateEncoderDecoder().inflateToken(deflatedToken)
: new ByteArrayInputStream(deflatedToken);
Document responseDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
- AuthnRequest request =
+ AuthnRequest request =
(AuthnRequest)OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
if (LOG.isDebugEnabled()) {
LOG.debug(DOM2Writer.nodeToString(responseDoc));
}
return request;
}
-
+
public boolean isSupportDeflateEncoding() {
return supportDeflateEncoding;
}
@@ -197,59 +197,59 @@ public class AuthnRequestParser {
public void setSupportDeflateEncoding(boolean supportDeflateEncoding) {
this.supportDeflateEncoding = supportDeflateEncoding;
}
-
+
private void validateRequest(AuthnRequest parsedRequest) throws ProcessingException {
if (parsedRequest.getIssuer() == null) {
LOG.debug("No Issuer is present in the AuthnRequest");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
String format = parsedRequest.getIssuer().getFormat();
if (format != null
&& !"urn:oasis:names:tc:SAML:2.0:nameid-format:entity".equals(format)) {
LOG.debug("An invalid Format attribute was received: {}", format);
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
// No SubjectConfirmation Elements are allowed
- if (parsedRequest.getSubject() != null
+ if (parsedRequest.getSubject() != null
&& parsedRequest.getSubject().getSubjectConfirmations() != null
&& !parsedRequest.getSubject().getSubjectConfirmations().isEmpty()) {
LOG.debug("An invalid SubjectConfirmation Element was received");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
- private void validateSignature(RequestContext context, AuthnRequest authnRequest, Idp idp,
- String signature, String relayState, String samlRequest,
+
+ private void validateSignature(RequestContext context, AuthnRequest authnRequest, Idp idp,
+ String signature, String relayState, String samlRequest,
String realm) throws ProcessingException {
try {
if (authnRequest.isSigned()) {
// Check destination
checkDestination(context, authnRequest);
-
+
// Check signature
X509Certificate validatingCert = getValidatingCertificate(idp, realm);
- Crypto issuerCrypto =
+ Crypto issuerCrypto =
new CertificateStore(Collections.singletonList(validatingCert).toArray(new X509Certificate[0]));
validateAuthnRequestSignature(authnRequest.getSignature(), issuerCrypto);
} else if (signature != null) {
// Check destination
checkDestination(context, authnRequest);
-
+
// Check signature
X509Certificate validatingCert = getValidatingCertificate(idp, realm);
-
+
java.security.Signature sig = java.security.Signature.getInstance("SHA1withRSA");
sig.initVerify(validatingCert);
-
+
// Recreate request to sign
String requestToSign = SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(samlRequest, "UTF-8")
- + "&" + SSOConstants.RELAY_STATE + "=" + relayState + "&" + SSOConstants.SIG_ALG
+ + "&" + SSOConstants.RELAY_STATE + "=" + relayState + "&" + SSOConstants.SIG_ALG
+ "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
sig.update(requestToSign.getBytes(StandardCharsets.UTF_8));
-
+
if (!sig.verify(Base64.decode(signature))) {
LOG.debug("Signature validation failed");
throw new ProcessingException(TYPE.BAD_REQUEST);
@@ -265,30 +265,30 @@ public class AuthnRequestParser {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
- private X509Certificate getValidatingCertificate(Idp idp, String realm)
+
+ private X509Certificate getValidatingCertificate(Idp idp, String realm)
throws Exception {
Application serviceConfig = idp.findApplication(realm);
if (serviceConfig == null || serviceConfig.getValidatingCertificate() == null) {
LOG.debug("No validating certificate found for realm {}", realm);
throw new ProcessingException(TYPE.ISSUER_NOT_TRUSTED);
}
-
+
return CertsUtils.parseX509Certificate(serviceConfig.getValidatingCertificate());
}
-
+
private void checkDestination(RequestContext context, AuthnRequest authnRequest) throws ProcessingException {
// Check destination
String destination = authnRequest.getDestination();
LOG.debug("Validating destination: {}", destination);
-
+
String localAddr = WebUtils.getHttpServletRequest(context).getRequestURL().toString();
if (destination == null || !localAddr.startsWith(destination)) {
LOG.debug("The destination {} does not match the local address {}", destination, localAddr);
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
+
/**
* Validate the AuthnRequest signature
*/
@@ -317,7 +317,7 @@ public class AuthnRequestParser {
throw ex;
}
}
-
+
if (samlKeyInfo == null) {
LOG.debug("No KeyInfo supplied in the AuthnRequest signature");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
@@ -384,5 +384,5 @@ public class AuthnRequestParser {
public void setRequireSignature(boolean requireSignature) {
this.requireSignature = requireSignature;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java
index 9dfd626..0111c2c 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/LocalRedirectCreator.java
@@ -35,20 +35,20 @@ public class LocalRedirectCreator {
public String createRedirectURL(RequestContext context, Idp idp) throws UnsupportedEncodingException {
StringBuilder redirectURL = new StringBuilder();
redirectURL.append(idp.getIdpUrl().toString()).append("?");
-
+
String relayState = (String)WebUtils.getAttributeFromFlowScope(context, "RelayState");
redirectURL.append("RelayState=").append(relayState).append("&");
String samlRequest = (String)WebUtils.getAttributeFromFlowScope(context, "SAMLRequest");
redirectURL.append("SAMLRequest=").append(URLEncoder.encode(samlRequest, "UTF-8"));
-
+
String signature = (String)WebUtils.getAttributeFromFlowScope(context, "Signature");
if (signature != null) {
redirectURL.append("&");
redirectURL.append("Signature=").append(URLEncoder.encode(signature, "UTF-8"));
}
-
+
return redirectURL.toString();
}
-
-
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
index 742797d..dadbe13 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
@@ -67,25 +67,25 @@ public class SamlResponseCreator {
private boolean supportDeflateEncoding;
public String createSAMLResponse(RequestContext context, Idp idp, Element rpToken,
- String consumerURL, String requestId, String requestIssuer)
+ String consumerURL, String requestId, String requestIssuer)
throws ProcessingException {
- List<Element> samlTokens =
+ List<Element> samlTokens =
DOMUtils.findAllElementsByTagNameNS(rpToken, WSConstants.SAML2_NS, "Assertion");
if (samlTokens.isEmpty() || samlTokens.size() != 1) {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
try {
SamlAssertionWrapper wrapper = new SamlAssertionWrapper(samlTokens.get(0));
if (wrapper.getSaml2() == null) {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
String remoteAddr = WebUtils.getHttpServletRequest(context).getRemoteAddr();
- Assertion saml2Assertion =
- createSAML2Assertion(context, idp, wrapper, requestId, requestIssuer,
+ Assertion saml2Assertion =
+ createSAML2Assertion(context, idp, wrapper, requestId, requestIssuer,
remoteAddr, consumerURL);
-
+
Element response = createResponse(idp, requestId, saml2Assertion);
return encodeResponse(response);
} catch (Exception ex) {
@@ -93,17 +93,17 @@ public class SamlResponseCreator {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
+
private Assertion createSAML2Assertion(RequestContext context, Idp idp, SamlAssertionWrapper receivedToken,
- String requestID, String requestIssuer,
+ String requestID, String requestIssuer,
String remoteAddr, String racs) throws Exception {
// Create an AuthenticationAssertion
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setIssuer(idp.getRealm());
callbackHandler.setSubject(receivedToken.getSaml2().getSubject());
-
+
// Test Subject against received Subject (if applicable)
- SAMLAuthnRequest authnRequest =
+ SAMLAuthnRequest authnRequest =
(SAMLAuthnRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
if (authnRequest.getSubjectNameId() != null && receivedToken.getSaml2().getSubject().getNameID() != null) {
NameID issuedNameId = receivedToken.getSaml2().getSubject().getNameID();
@@ -113,7 +113,7 @@ public class SamlResponseCreator {
throw new ProcessingException(ProcessingException.TYPE.INVALID_REQUEST);
}
}
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(remoteAddr);
@@ -121,45 +121,45 @@ public class SamlResponseCreator {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(racs);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
// Audience Restriction
ConditionsBean conditions = new ConditionsBean();
conditions.setTokenPeriodMinutes(5);
-
+
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(requestIssuer));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(conditions);
-
+
// Attributes
callbackHandler.setAttributeStatements(receivedToken.getSaml2().getAttributeStatements());
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
Crypto issuerCrypto = CertsUtils.getCryptoFromCertificate(idp.getCertificate());
- assertion.signAssertion(issuerCrypto.getDefaultX509Identifier(), idp.getCertificatePassword(),
+ assertion.signAssertion(issuerCrypto.getDefaultX509Identifier(), idp.getCertificatePassword(),
issuerCrypto, false);
-
+
return assertion.getSaml2();
}
-
+
protected Element createResponse(Idp idp, String requestID, Assertion assertion) throws Exception {
Document doc = DOMUtils.newDocument();
-
- Status status =
+
+ Status status =
SAML2PResponseComponentBuilder.createStatus(
"urn:oasis:names:tc:SAML:2.0:status:Success", null
);
- Response response =
+ Response response =
SAML2PResponseComponentBuilder.createSAMLResponse(requestID, idp.getRealm(), status);
-
+
response.getAssertions().add(assertion);
-
+
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
-
+
return policyElement;
}
@@ -173,10 +173,10 @@ public class SamlResponseCreator {
return Base64Utility.encode(deflatedBytes);
}
-
+
return Base64Utility.encode(responseMessage.getBytes());
}
-
+
public boolean isSupportDeflateEncoding() {
return supportDeflateEncoding;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
index ce257e0..a35e3c2 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseErrorCreator.java
@@ -49,22 +49,22 @@ public class SamlResponseErrorCreator {
private boolean supportDeflateEncoding;
public String createSAMLResponse(RequestContext context, boolean requestor,
- Idp idp, String requestID) throws ProcessingException {
+ Idp idp, String requestID) throws ProcessingException {
Document doc = DOMUtils.newDocument();
-
+
String statusValue = "urn:oasis:names:tc:SAML:2.0:status:Responder";
if (requestor) {
statusValue = "urn:oasis:names:tc:SAML:2.0:status:Requester";
}
- Status status =
+ Status status =
SAML2PResponseComponentBuilder.createStatus(statusValue, null);
- Response response =
+ Response response =
SAML2PResponseComponentBuilder.createSAMLResponse(requestID, idp.getRealm(), status);
-
+
try {
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
-
+
Element responseElement = policyElement;
return encodeResponse(responseElement);
} catch (Exception e) {
@@ -83,10 +83,10 @@ public class SamlResponseErrorCreator {
return Base64Utility.encode(deflatedBytes);
}
-
+
return Base64Utility.encode(responseMessage.getBytes());
}
-
+
public boolean isSupportDeflateEncoding() {
return supportDeflateEncoding;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
index 148d24b..f9dee3a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
@@ -28,7 +28,7 @@ import org.springframework.stereotype.Component;
import org.springframework.webflow.execution.RequestContext;
/**
- * This class is responsible to parse the 'wfresh' parameter
+ * This class is responsible to parse the 'wfresh' parameter
*/
@Component
public class WfreshParser {
@@ -37,13 +37,13 @@ public class WfreshParser {
public boolean authenticationRequired(String wfresh, String whr, RequestContext context)
throws Exception {
-
- SecurityToken idpToken =
+
+ SecurityToken idpToken =
(SecurityToken) WebUtils.getAttributeFromExternalContext(context, whr);
if (idpToken == null) {
return true;
}
-
+
if (wfresh == null || wfresh.trim().isEmpty()) {
return false;
}
@@ -58,7 +58,7 @@ public class WfreshParser {
if (ttl == 0) {
return true;
}
-
+
long ttlMs = ttl * 60L * 1000L;
if (ttlMs > 0) {
Date createdDate = idpToken.getCreated();
@@ -80,5 +80,5 @@ public class WfreshParser {
}
return false;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
index 814e342..1373000 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
@@ -36,16 +36,16 @@ import javax.xml.bind.annotation.XmlType;
"policyNamespace", "passiveRequestorEndpoint", "passiveRequestorEndpointConstraint", "id",
"validatingCertificate", "enableAppliesTo"})
public class Application implements Serializable {
-
+
private static final long serialVersionUID = 5644327504861846964L;
-
-
+
+
protected int id;
-
-
+
+
//Could be imported from Metadata document or manually filled
-
+
//@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
protected String realm; //wtrealm, whr
@@ -53,52 +53,52 @@ public class Application implements Serializable {
// "http://docs.oasis-open.org/wsfed/federation/200706"
// Metadata could provide more than one but one must be chosen
protected String protocol;
-
+
// Public key only
// Could be read from Metadata, md:KeyDescriptor, use="encryption"
protected String encryptionCertificate;
-
+
// Certificate for Signature verification
protected String validatingCertificate;
-
+
// Could be read from Metadata, fed:ClaimTypesRequested
protected List<RequestClaim> requestedClaims = new ArrayList<>();
-
+
//Could be read from Metadata, ServiceDisplayName
//usage for list of application where user is logged in
protected String serviceDisplayName;
-
+
//Could be read from Metadata, ServiceDescription
//usage for list of application where user is logged in
protected String serviceDescription;
-
+
//Could be read from Metadata, RoleDescriptor
//fed:ApplicationServiceType, fed:SecurityTokenServiceType
protected String role;
-
+
// Not in Metadata, configured in IDP or passed in wreq parameter
protected String tokenType;
-
+
// Not in Metadata, configured in IDP or passed in wreq parameter
protected int lifeTime;
-
+
// WS-Policy Namespace for AppliesTo element
protected String policyNamespace;
-
+
// Request audience restriction in token for this application (default is true)
private boolean enableAppliesTo = true;
-
+
private URI href;
-
+
//Could be read from Metadata, PassiveRequestorEndpoint
//fed:ApplicationServiceType, fed:SecurityTokenServiceType
private String passiveRequestorEndpoint;
-
+
// A regular expression constraint on the passiveRequestorEndpoint
private String passiveRequestorEndpointConstraint;
private Pattern compiledPassiveRequestorEndpointConstraint;
-
-
+
+
@XmlAttribute
public int getId() {
return id;
@@ -107,7 +107,7 @@ public class Application implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
@XmlAttribute
public URI getHref() {
return href;
@@ -219,11 +219,11 @@ public class Application implements Serializable {
compiledPassiveRequestorEndpointConstraint = null;
}
}
-
+
public Pattern getCompiledPassiveRequestorEndpointConstraint() {
return compiledPassiveRequestorEndpointConstraint;
}
-
+
public String getValidatingCertificate() {
return validatingCertificate;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java
index 96afed9..a703b64 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Claim.java
@@ -26,15 +26,15 @@ import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "claim", namespace = "http://org.apache.cxf.fediz/")
public class Claim implements Serializable {
-
+
private static final long serialVersionUID = 2635896159019665467L;
-
+
protected URI claimType;
protected String displayName;
protected String description;
protected int id;
private URI href;
-
+
@XmlAttribute
public URI getHref() {
return href;
@@ -43,7 +43,7 @@ public class Claim implements Serializable {
public void setHref(URI href) {
this.href = href;
}
-
+
@XmlAttribute
public int getId() {
return id;
@@ -52,11 +52,11 @@ public class Claim implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public void setClaimType(URI claimType) {
this.claimType = claimType;
}
-
+
public URI getClaimType() {
return claimType;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
index c926386..67b54b4 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Entitlement.java
@@ -27,14 +27,14 @@ import javax.xml.bind.annotation.XmlType;
@XmlRootElement(name = "entitlement", namespace = "http://org.apache.cxf.fediz/")
@XmlType(propOrder = {"name", "description", "internal", "id" })
public class Entitlement implements Serializable {
-
+
private static final long serialVersionUID = 2635896159019665467L;
-
+
protected String name;
protected String description;
protected int id;
protected boolean internal;
-
+
@XmlAttribute
public int getId() {
return id;
@@ -43,7 +43,7 @@ public class Entitlement implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public String getName() {
return name;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java
index 2dcc296..de6265f 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/FederationType.java
@@ -1,40 +1,40 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.domain;
-
-import javax.xml.bind.annotation.XmlEnum;
-
-@XmlEnum
-public enum FederationType {
-
- FEDERATE_IDENTITY("FederateIdentity"),
- FEDERATE_CLAIMS("FederateClaims");
-
- private String name;
-
- FederationType(final String name) {
- this.name = name;
- }
-
- @Override
- public String toString() {
- return name;
- }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.domain;
+
+import javax.xml.bind.annotation.XmlEnum;
+
+@XmlEnum
+public enum FederationType {
+
+ FEDERATE_IDENTITY("FederateIdentity"),
+ FEDERATE_CLAIMS("FederateClaims");
+
+ private String name;
+
+ FederationType(final String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String toString() {
+ return name;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
index d382184..0674b5a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
@@ -40,9 +40,9 @@ public class Idp implements Serializable {
private static final long serialVersionUID = -5570301342547139039L;
-
+
protected int id;
-
+
// Unique
// fed:TargetScope
protected String realm; // wtrealm, whr
@@ -111,13 +111,13 @@ public class Idp implements Serializable {
// ServiceDescription
protected String serviceDescription;
-
+
// The user/browser must explicitly confirm to logout from all applications
private boolean rpSingleSignOutConfirmation;
-
+
// Is explicit confirmation required when the "cleanup" URL is called
private boolean rpSingleSignOutCleanupConfirmation;
-
+
@XmlAttribute
public int getId() {
return id;
@@ -126,7 +126,7 @@ public class Idp implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public String getRealm() {
return realm;
}
@@ -216,7 +216,7 @@ public class Idp implements Serializable {
}
return null;
}
-
+
@XmlElementWrapper(name = "applications")
@XmlElementRef(name = "application")
public List<Application> getApplications() {
@@ -235,7 +235,7 @@ public class Idp implements Serializable {
}
return null;
}
-
+
@XmlElementWrapper(name = "trustedIdps")
@XmlElementRef(name = "trustedIdp")
public List<TrustedIdp> getTrustedIdps() {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java
index 008e75a..fc2b232 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/RequestClaim.java
@@ -22,15 +22,15 @@ import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "requestClaim", namespace = "http://org.apache.cxf.fediz/")
public class RequestClaim extends Claim {
-
+
private static final long serialVersionUID = 8097560995225077866L;
-
+
protected boolean optional;
-
+
public RequestClaim() {
super();
}
-
+
public RequestClaim(Claim c) {
super();
this.setClaimType(c.getClaimType());
@@ -38,11 +38,11 @@ public class RequestClaim extends Claim {
this.setDisplayName(c.getDisplayName());
this.setId(c.getId());
}
-
+
public void setOptional(boolean optional) {
this.optional = optional;
}
-
+
public boolean isOptional() {
return optional;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
index f403546..3af82a0 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Role.java
@@ -29,15 +29,15 @@ import javax.xml.bind.annotation.XmlType;
@XmlRootElement(name = "role", namespace = "http://org.apache.cxf.fediz/")
@XmlType(propOrder = {"name", "description", "entitlements", "id" })
public class Role implements Serializable {
-
+
private static final long serialVersionUID = 2635896159019665467L;
-
+
protected String name;
protected String description;
protected int id;
-
+
protected List<Entitlement> entitlements = new ArrayList<>();
-
+
@XmlAttribute
public int getId() {
return id;
@@ -46,7 +46,7 @@ public class Role implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public String getName() {
return name;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java
index 50efb25..0bfd084 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustType.java
@@ -1,40 +1,40 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.domain;
-
-import javax.xml.bind.annotation.XmlEnum;
-
-@XmlEnum
-public enum TrustType {
-
- PEER_TRUST("PeerTrust"),
- INDIRECT_TRUST("IndirectTrust");
-
- private String name;
-
- TrustType(final String name) {
- this.name = name;
- }
-
- @Override
- public String toString() {
- return name;
- }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.domain;
+
+import javax.xml.bind.annotation.XmlEnum;
+
+@XmlEnum
+public enum TrustType {
+
+ PEER_TRUST("PeerTrust"),
+ INDIRECT_TRUST("IndirectTrust");
+
+ private String name;
+
+ TrustType(final String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String toString() {
+ return name;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
index b3262b5..013456c 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/TrustedIdp.java
@@ -34,50 +34,50 @@ public class TrustedIdp implements Serializable {
private static final long serialVersionUID = -6520081722646469178L;
-
+
protected int id;
//@Column(name = "REALM", nullable = true, length = FIELD_LENGTH)
protected String realm; //wtrealm, whr
-
+
//@Column(name = "Issuer", nullable = true, length = FIELD_LENGTH)
protected String issuer; //SAMLResponse issuer name
// Should tokens be cached from trusted IDPs
// to avoid redirection to the trusted IDP again for next SignIn request
protected boolean cacheTokens;
-
+
//Could be read from Metadata, PassiveRequestorEndpoint
protected String url;
-
+
//Could be read from Metadata, md:KeyDescriptor, use="signing"
//Store certificate in DB or filesystem, provide options?
protected String certificate;
-
+
//Direct trust (signing cert imported), Indirect trust (CA certs imported, subject configured)
protected TrustType trustType;
-
+
//Could be read from Metadata, RoleDescriptor protocolSupportEnumeration=
// "http://docs.oasis-open.org/wsfed/federation/200706"
// Metadata could provide more than one but one must be chosen
protected String protocol;
-
+
//FederateIdentity, FederateClaims
protected FederationType federationType;
-
+
//optional (to provide a list of IDPs)
protected String name;
-
+
//optional (to provide a list of IDPs)
protected String description;
-
+
//optional (to provide a list of IDPs)
protected String logo;
-
+
// Additional (possibly protocol specific parameters)
protected Map<String, String> parameters = new HashMap<>();
-
+
@XmlAttribute
public int getId() {
return id;
@@ -86,15 +86,15 @@ public class TrustedIdp implements Serializable {
public void setId(int id) {
this.id = id;
}
-
+
public String getIssuer() {
return issuer;
}
-
+
public void setIssuer(String issuer) {
this.issuer = issuer;
}
-
+
public String getRealm() {
return realm;
}
@@ -182,6 +182,6 @@ public class TrustedIdp implements Serializable {
public void setParameters(Map<String, String> parameters) {
this.parameters = parameters;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
index 8e39e85..5594b58 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosAuthenticationProcessingFilter.java
@@ -18,7 +18,7 @@
*/
/*
* Copyright 2002-2008 the original author or authors.
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -68,7 +68,7 @@ import org.springframework.web.filter.GenericFilterBean;
* @see KerberosEntryPoint
*/
public class KerberosAuthenticationProcessingFilter extends GenericFilterBean {
- private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource =
+ private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource =
new WebAuthenticationDetailsSource();
private AuthenticationManager authenticationManager;
private AuthenticationSuccessHandler successHandler;
@@ -81,7 +81,7 @@ public class KerberosAuthenticationProcessingFilter extends GenericFilterBean {
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
index 457a60e..2115cb1 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosEntryPoint.java
@@ -18,7 +18,7 @@
*/
/*
* Copyright 2009 the original author or authors.
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -53,9 +53,9 @@ import org.springframework.security.web.AuthenticationEntryPoint;
* @see KerberosAuthenticationProcessingFilter
*/
public class KerberosEntryPoint implements AuthenticationEntryPoint {
-
+
private static final Log LOG = LogFactory.getLog(KerberosEntryPoint.class);
-
+
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException ex) throws IOException, ServletException {
if (LOG.isDebugEnabled()) {
@@ -65,6 +65,6 @@ public class KerberosEntryPoint implements AuthenticationEntryPoint {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.flushBuffer();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
index 2aba9cf..b1a2cbf 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosServiceRequestToken.java
@@ -18,7 +18,7 @@
*/
/*
* Copyright 2009 the original author or authors.
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -56,15 +56,15 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = 395488921064775014L;
private final byte[] token;
private final Object principal;
-
+
/** Creates an authenticated token, normally used as an output of an authentication provider.
* @param principal the user principal (mostly of instance <code>UserDetails</code>
* @param authorities the authorities which are granted to the user
* @param token the Kerberos/SPNEGO token
* @see UserDetails
*/
- public KerberosServiceRequestToken(Object principal,
- Collection<? extends GrantedAuthority> authorities,
+ public KerberosServiceRequestToken(Object principal,
+ Collection<? extends GrantedAuthority> authorities,
byte[] token) {
super(authorities);
if (token != null) {
@@ -75,7 +75,7 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
this.principal = principal;
super.setAuthenticated(true);
}
-
+
/**
* Creates an unauthenticated instance which should then be authenticated by
* <code>KerberosServiceAuthenticationProvider/code>
@@ -92,7 +92,7 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
}
this.principal = null;
}
-
+
/**
* Calculates hashcode based on the Kerberos token
*/
@@ -103,7 +103,7 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
result = prime * result + Arrays.hashCode(token);
return result;
}
-
+
/**
* equals() is based only on the Kerberos token
*/
@@ -124,21 +124,21 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
}
return true;
}
-
+
/* (non-Javadoc)
* @see org.springframework.security.core.Authentication#getCredentials()
*/
public Object getCredentials() {
return null;
}
-
+
/* (non-Javadoc)
* @see org.springframework.security.core.Authentication#getPrincipal()
*/
public Object getPrincipal() {
return this.principal;
}
-
+
/** Returns the Kerberos token
*/
public byte[] getToken() {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java
index c9b0cd7..6b25ac4 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/KerberosTokenValidator.java
@@ -95,7 +95,7 @@ public class KerberosTokenValidator {
return serviceName;
}
- public KerberosServiceContext validate(KerberosServiceRequestToken token)
+ public KerberosServiceContext validate(KerberosServiceRequestToken token)
throws LoginException, PrivilegedActionException {
if (LOG.isDebugEnabled()) {
try {
@@ -133,8 +133,8 @@ public class KerberosTokenValidator {
}
// Validate the ticket
- KerberosServiceExceptionAction action =
- new KerberosServiceExceptionAction(token.getToken(), service,
+ KerberosServiceExceptionAction action =
+ new KerberosServiceExceptionAction(token.getToken(), service,
isUsernameServiceNameForm(), spnego);
KerberosServiceContext krbServiceCtx = Subject.doAs(subject, action);
@@ -148,15 +148,15 @@ public class KerberosTokenValidator {
/**
* SPN can be configured to be in either <b>"hostbased"</b> or <b>"username"</b> form.<br/>
* - <b>"hostbased"</b> - specifies that the service principal name should be interpreted
- * as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service
+ * as a "host-based" name as specified in GSS API Rfc, section "4.1: Host-Based Service
* Name Form" - The service name, as it is specified in LDAP/AD, as it is listed in the
* KDC.<br/>
* - <b>"username"</b> - specifies that the service principal name should be interpreted
- * as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form"
+ * as a "username" name as specified in GSS API Rfc, section "4.2: User Name Form"
* This is usually the client username in LDAP/AD used for authentication to the KDC.
- *
+ *
* <br/><br/>Default is <b>"hostbased"</b>.
- *
+ *
* @return the isUsernameServiceNameForm
*/
public boolean isUsernameServiceNameForm() {
@@ -166,9 +166,9 @@ public class KerberosTokenValidator {
/**
* If true - sets the SPN form to "username"
* <br/>If false<b>(default)</b> - the SPN form is "hostbased"
- *
+ *
* @see KerberosSecurity#retrieveServiceTicket(String, CallbackHandler, String, boolean)
- *
+ *
* @param isUsernameServiceNameForm the isUsernameServiceNameForm to set
*/
public void setUsernameServiceNameForm(boolean isUsernameServiceNameForm) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
index d75b812..012b6da 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
@@ -31,12 +31,12 @@ import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.xml.security.utils.Base64;
/**
- * Override the default CXF KerberosClient just to create a BinarySecurityToken from a
- * give Kerberos token. This is used to pass a received Kerberos token through to the
+ * Override the default CXF KerberosClient just to create a BinarySecurityToken from a
+ * give Kerberos token. This is used to pass a received Kerberos token through to the
* STS, without retrieving a new token.
*/
public class PassThroughKerberosClient extends KerberosClient {
-
+
private byte[] token;
public PassThroughKerberosClient() {
@@ -50,7 +50,7 @@ public class PassThroughKerberosClient extends KerberosClient {
bst.setToken(token);
bst.addWSUNamespace();
bst.setID(WSSConfig.getNewInstance().getIdAllocator().createSecureId("BST-", bst));
-
+
SecurityToken securityToken = new SecurityToken(bst.getID());
securityToken.setToken(bst.getElement());
securityToken.setWsuId(bst.getID());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
index 7c5baec..d3f59d8 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
@@ -43,9 +43,9 @@ import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
import static org.apache.cxf.fediz.core.FedizConstants.WS_FEDERATION_NS;
public class IdpMetadataWriter {
-
+
private static final Logger LOG = LoggerFactory.getLogger(IdpMetadataWriter.class);
-
+
//CHECKSTYLE:OFF
public Document getMetaData(Idp config) throws RuntimeException {
try {
@@ -83,7 +83,7 @@ public class IdpMetadataWriter {
LOG.debug("***************** unsigned ****************");
}
- Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
+ Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
writer.getDocument(), referenceID);
if (result != null) {
return result;
@@ -96,7 +96,7 @@ public class IdpMetadataWriter {
}
}
-
+
private void writeFederationMetadata(
XMLStreamWriter writer, Idp config, Crypto crypto
) throws XMLStreamException {
@@ -176,5 +176,5 @@ public class IdpMetadataWriter {
writer.writeEndElement(); // RoleDescriptor
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
index 3118d8f..815edf0 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
@@ -46,7 +46,7 @@ import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
import static org.apache.cxf.fediz.core.FedizConstants.WS_FEDERATION_NS;
public class ServiceMetadataWriter {
-
+
private static final Logger LOG = LoggerFactory.getLogger(ServiceMetadataWriter.class);
//CHECKSTYLE:OFF
@@ -54,7 +54,7 @@ public class ServiceMetadataWriter {
try {
Crypto crypto = CertsUtils.getCryptoFromFile(config.getCertificate());
-
+
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartDocument("UTF-8", "1.0");
@@ -62,10 +62,10 @@ public class ServiceMetadataWriter {
String referenceID = IDGenerator.generateID("_");
writer.writeStartElement("md", "EntityDescriptor", SAML2_METADATA_NS);
writer.writeAttribute("ID", referenceID);
-
+
String serviceURL = config.getIdpUrl().toString();
writer.writeAttribute("entityID", config.getRealm());
-
+
writer.writeNamespace("md", SAML2_METADATA_NS);
writer.writeNamespace("fed", WS_FEDERATION_NS);
writer.writeNamespace("wsa", WS_ADDRESSING_NS);
@@ -77,11 +77,11 @@ public class ServiceMetadataWriter {
} else if ("urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser".equals(serviceConfig.getProtocol())) {
writeSAMLMetadata(writer, serviceConfig, serviceURL, crypto);
}
-
+
writer.writeEndElement(); // EntityDescriptor
writer.writeEndDocument();
-
+
writer.close();
if (LOG.isDebugEnabled()) {
@@ -91,7 +91,7 @@ public class ServiceMetadataWriter {
LOG.debug("***************** unsigned ****************");
}
- Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
+ Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
writer.getDocument(), referenceID);
if (result != null) {
return result;
@@ -108,7 +108,7 @@ public class ServiceMetadataWriter {
}
private void writeFederationMetadata(
- XMLStreamWriter writer,
+ XMLStreamWriter writer,
TrustedIdp config,
String serviceURL
) throws XMLStreamException {
@@ -122,7 +122,7 @@ public class ServiceMetadataWriter {
writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
writer.writeCharacters(serviceURL);
-
+
writer.writeEndElement(); // Address
writer.writeEndElement(); // EndpointReference
writer.writeEndElement(); // ApplicationServiceEndpoint
@@ -146,68 +146,68 @@ public class ServiceMetadataWriter {
writer.writeEndElement(); // PassiveRequestorEndpoint
writer.writeEndElement(); // RoleDescriptor
}
-
+
private void writeSAMLMetadata(
- XMLStreamWriter writer,
+ XMLStreamWriter writer,
TrustedIdp config,
String serviceURL,
Crypto crypto
) throws Exception {
-
+
writer.writeStartElement("md", "SPSSODescriptor", SAML2_METADATA_NS);
- boolean signRequest =
+ boolean signRequest =
isPropertyConfigured(config, TrustedIdpSAMLProtocolHandler.SIGN_REQUEST, true);
writer.writeAttribute("AuthnRequestsSigned", Boolean.toString(signRequest));
writer.writeAttribute("WantAssertionsSigned", "true");
writer.writeAttribute("protocolSupportEnumeration", "urn:oasis:names:tc:SAML:2.0:protocol");
-
+
writer.writeStartElement("md", "AssertionConsumerService", SAML2_METADATA_NS);
writer.writeAttribute("Location", serviceURL);
writer.writeAttribute("index", "0");
writer.writeAttribute("isDefault", "true");
writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
writer.writeEndElement(); // AssertionConsumerService
-
+
if (signRequest) {
writer.writeStartElement("md", "KeyDescriptor", SAML2_METADATA_NS);
writer.writeAttribute("use", "signing");
-
+
writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
writer.writeStartElement("ds", "X509Data", "http://www.w3.org/2000/09/xmldsig#");
writer.writeStartElement("ds", "X509Certificate", "http://www.w3.org/2000/09/xmldsig#");
// Write the Base-64 encoded certificate
-
+
String keyAlias = crypto.getDefaultX509Identifier();
X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, keyAlias);
-
+
if (cert == null) {
throw new ProcessingException(
- "No signing certs were found to insert into the metadata using name: "
+ "No signing certs were found to insert into the metadata using name: "
+ keyAlias);
}
byte data[] = cert.getEncoded();
String encodedCertificate = Base64.encode(data);
writer.writeCharacters(encodedCertificate);
-
+
writer.writeEndElement(); // X509Certificate
writer.writeEndElement(); // X509Data
writer.writeEndElement(); // KeyInfo
writer.writeEndElement(); // KeyDescriptor
}
-
+
writer.writeEndElement(); // SPSSODescriptor
}
-
+
// Is a property configured. Defaults to "true" if not
private boolean isPropertyConfigured(TrustedIdp trustedIdp, String property, boolean defaultValue) {
Map<String, String> parameters = trustedIdp.getParameters();
-
+
if (parameters != null && parameters.containsKey(property)) {
return Boolean.parseBoolean(parameters.get(property));
}
-
+
return defaultValue;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
index 9b9c5cd..8ffa6a9 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/IDPConfig.java
@@ -32,11 +32,11 @@ public class IDPConfig extends Idp {
public void setServices(Map<String, Application> applications) {
this.applications = new ArrayList<>(applications.values());
}
-
+
public void setTrustedIdps(Map<String, TrustedIDPConfig> trustedIdps) {
this.trustedIdpList = new ArrayList<TrustedIdp>(trustedIdps.values());
}
-
+
@Deprecated
public void setTrustedIDPs(Map<String, TrustedIDPConfig> trustedIdps) {
setTrustedIdps(trustedIdps);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
index 6fd3d05..cf6a67f 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/RequestClaim.java
@@ -20,7 +20,7 @@ package org.apache.cxf.fediz.service.idp.model;
//@XmlRootElement(name = "Claim", namespace = "http://org.apache.cxf.fediz")
public class RequestClaim extends org.apache.cxf.fediz.service.idp.domain.RequestClaim {
-
+
private static final long serialVersionUID = 2635896159019665467L;
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
index fdae8f5..3bd27e1 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/ServiceConfig.java
@@ -29,7 +29,7 @@ import org.apache.cxf.fediz.service.idp.domain.Application;
//@Table(name = "SERVICE")
//@XmlRootElement(name = "Service", namespace = "http://org.apache.cxf.fediz")
public class ServiceConfig extends Application {
-
- private static final long serialVersionUID = 585676715065240699L;
+
+ private static final long serialVersionUID = 585676715065240699L;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java
index 44cb3a2..4797c74 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/model/TrustedIDPSelection.java
@@ -23,7 +23,7 @@ import java.io.Serializable;
public class TrustedIDPSelection implements Serializable {
private static final long serialVersionUID = 1L;
-
+
private String homeRealm;
public String getHomeRealm() {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
index 84a70ca..f5182c8 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpOAuth2ProtocolHandler.java
@@ -48,42 +48,42 @@ import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;
public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTrustedIdpProtocolHandler {
-
+
/**
* The client_id value to send to the IdP.
*/
public static final String CLIENT_ID = "client.id";
-
+
/**
* The secret associated with the client to authenticate to the IdP.
*/
public static final String CLIENT_SECRET = "client.secret";
-
+
/**
* The Token endpoint. The authorization endpoint is specified by TrustedIdp.url.
*/
public static final String TOKEN_ENDPOINT = "token.endpoint";
-
+
/**
* Additional (space-separated) parameters to be sent in the "scope" to the authorization endpoint.
* The default value depends on the subclass.
*/
public static final String SCOPE = "scope";
-
+
private static final Logger LOG = LoggerFactory.getLogger(AbstractTrustedIdpOAuth2ProtocolHandler.class);
@Override
public URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp) {
-
+
String clientId = getProperty(trustedIdp, CLIENT_ID);
if (clientId == null || clientId.isEmpty()) {
LOG.warn("A CLIENT_ID must be configured for OAuth 2.0");
throw new IllegalStateException("No CLIENT_ID specified");
}
-
+
String scope = getScope(trustedIdp);
LOG.debug("Using scope: {}", scope);
-
+
try {
StringBuilder sb = new StringBuilder();
sb.append(trustedIdp.getUrl());
@@ -99,11 +99,11 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
sb.append("&");
sb.append("scope").append('=');
sb.append(URLEncoder.encode(scope, "UTF-8"));
-
+
String state = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT);
sb.append("&").append("state").append('=');
sb.append(state);
-
+
return new URL(sb.toString());
} catch (MalformedURLException ex) {
LOG.error("Invalid Redirect URL for Trusted Idp", ex);
@@ -113,7 +113,7 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
throw new IllegalStateException("Invalid Redirect URL for Trusted Idp");
}
}
-
+
protected SamlAssertionWrapper createSamlAssertion(Idp idp, TrustedIdp trustedIdp, String subjectName,
Date notBefore,
Date expires) throws Exception {
@@ -125,12 +125,12 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
if (issuer != null) {
callbackHandler.setIssuer(issuer);
}
-
+
// Subject
SubjectBean subjectBean =
new SubjectBean(subjectName, SAML2Constants.NAMEID_FORMAT_UNSPECIFIED, SAML2Constants.CONF_BEARER);
callbackHandler.setSubjectBean(subjectBean);
-
+
// Conditions
ConditionsBean conditionsBean = new ConditionsBean();
conditionsBean.setNotAfter(new DateTime(expires));
@@ -141,45 +141,45 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
conditionsBean.setNotBefore(new DateTime());
}
callbackHandler.setConditionsBean(conditionsBean);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
-
+
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
Crypto crypto = CertsUtils.getCryptoFromCertificate(idp.getCertificate());
- assertion.signAssertion(crypto.getDefaultX509Identifier(), idp.getCertificatePassword(),
+ assertion.signAssertion(crypto.getDefaultX509Identifier(), idp.getCertificatePassword(),
crypto, false);
-
+
return assertion;
}
-
+
private static class SamlCallbackHandler implements CallbackHandler {
private ConditionsBean conditionsBean;
private SubjectBean subjectBean;
private String issuer;
-
+
/**
* Set the SubjectBean
*/
public void setSubjectBean(SubjectBean subjectBean) {
this.subjectBean = subjectBean;
}
-
+
/**
* Set the ConditionsBean
*/
public void setConditionsBean(ConditionsBean conditionsBean) {
this.conditionsBean = conditionsBean;
}
-
+
/**
* Set the issuer name
*/
public void setIssuer(String issuerName) {
this.issuer = issuerName;
}
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof SAMLCallback) {
@@ -190,7 +190,7 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
samlCallback.setSubject(subjectBean);
}
samlCallback.setSamlVersion(Version.SAML_20);
-
+
// Set the issuer
samlCallback.setIssuer(issuer);
@@ -199,9 +199,9 @@ public abstract class AbstractTrustedIdpOAuth2ProtocolHandler extends AbstractTr
}
}
}
-
+
}
-
+
abstract String getScope(TrustedIdp trustedIdp);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
index 2329eb2..c1e9c2c 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
@@ -27,7 +27,7 @@ import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
public abstract class AbstractTrustedIdpProtocolHandler implements TrustedIdpProtocolHandler {
-
+
@Override
public boolean canHandleRequest(HttpServletRequest request) {
// TODO Auto-generated method stub
@@ -36,23 +36,23 @@ public abstract class AbstractTrustedIdpProtocolHandler implements TrustedIdpPro
protected String getProperty(TrustedIdp trustedIdp, String property) {
Map<String, String> parameters = trustedIdp.getParameters();
-
+
if (parameters != null && parameters.containsKey(property)) {
return parameters.get(property);
}
-
+
return null;
}
-
+
// Is a property configured. Defaults to the boolean "defaultValue" if not
protected boolean isBooleanPropertyConfigured(TrustedIdp trustedIdp, String property, boolean defaultValue) {
Map<String, String> parameters = trustedIdp.getParameters();
-
+
if (parameters != null && parameters.containsKey(property)) {
return Boolean.parseBoolean(parameters.get(property));
}
-
+
return defaultValue;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
index c2be3eb..55e8b9a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationProtocolControllerImpl.java
@@ -33,10 +33,10 @@ import org.springframework.stereotype.Component;
public class ApplicationProtocolControllerImpl implements ProtocolController<ApplicationProtocolHandler> {
private static final Logger LOG = LoggerFactory.getLogger(ApplicationProtocolControllerImpl.class);
-
+
@Autowired
private List<ApplicationProtocolHandler> protocolHandlers;
-
+
@Override
public ApplicationProtocolHandler getProtocolHandler(String protocol) {
for (ApplicationProtocolHandler protocolHandler : protocolHandlers) {
@@ -47,7 +47,7 @@ public class ApplicationProtocolControllerImpl implements ProtocolController<App
LOG.warn("No protocol handler found for {}", protocol);
return null;
}
-
+
@Override
public List<String> getProtocols() {
List<String> protocols = new ArrayList<>();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java
index ebab362..5d7307a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationSAMLSSOProtocolHandler.java
@@ -28,7 +28,7 @@ import org.springframework.webflow.execution.RequestContext;
@Component
public class ApplicationSAMLSSOProtocolHandler implements ApplicationProtocolHandler {
-
+
public static final String PROTOCOL = "urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser";
//private static final Logger LOG = LoggerFactory.getLogger(ApplicationWSFedProtocolHandler.class);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
index 2024e3d..d583823 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/ApplicationWSFedProtocolHandler.java
@@ -28,7 +28,7 @@ import org.springframework.webflow.execution.RequestContext;
@Component
public class ApplicationWSFedProtocolHandler implements ApplicationProtocolHandler {
-
+
public static final String PROTOCOL = "http://docs.oasis-open.org/wsfed/federation/200706";
//private static final Logger LOG = LoggerFactory.getLogger(ApplicationWSFedProtocolHandler.class);
[13/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
index d09e7df..33b5f47 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
@@ -57,29 +57,29 @@ public class SAMLRequestTest {
static final String TEST_REQUEST_URI = "/fedizhelloworld";
static final String TEST_IDP_ISSUER = "http://url_to_the_issuer";
static final String TEST_CLIENT_ADDRESS = "https://127.0.0.1";
-
+
private static final String CONFIG_FILE = "fediz_test_config_saml.xml";
-
+
private static FedizConfigurator configurator;
private static DocumentBuilderFactory docBuilderFactory;
-
+
static {
docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
}
-
-
+
+
@BeforeClass
public static void init() {
getFederationConfigurator();
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -97,78 +97,78 @@ public class SAMLRequestTest {
return null;
}
}
-
+
@org.junit.Test
public void createSAMLAuthnRequest() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2);
EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
RedirectionResponse response = wfProc.createSignInRequest(req, config);
-
+
String redirectionURL = response.getRedirectionURL();
Assert.assertTrue(redirectionURL.startsWith(TEST_IDP_ISSUER));
Assert.assertTrue(redirectionURL.contains("SAMLRequest="));
Assert.assertTrue(redirectionURL.contains("RelayState="));
-
+
Map<String, String> headers = response.getHeaders();
Assert.assertNotNull(headers);
Assert.assertFalse(headers.isEmpty());
Assert.assertTrue("no-cache, no-store".equals(headers.get("Cache-Control")));
Assert.assertTrue("no-cache".equals(headers.get("Pragma")));
}
-
+
@org.junit.Test
public void testAuthnRelayState() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2);
EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
RedirectionResponse response = wfProc.createSignInRequest(req, config);
-
+
String redirectionURL = response.getRedirectionURL();
- String relayState =
+ String relayState =
redirectionURL.substring(redirectionURL.indexOf("RelayState=") + "RelayState=".length());
Assert.assertNotNull(relayState);
-
+
RequestState requestState = response.getRequestState();
-
+
Assert.assertEquals(TEST_IDP_ISSUER, requestState.getIdpServiceAddress());
Assert.assertEquals(TEST_REQUEST_URL, requestState.getIssuerId());
Assert.assertEquals(TEST_REQUEST_URL, requestState.getTargetAddress());
}
-
+
@org.junit.Test
public void testSAMLAuthnRequest() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2);
EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
RedirectionResponse response = wfProc.createSignInRequest(req, config);
-
+
String redirectionURL = response.getRedirectionURL();
- String samlRequest =
+ String samlRequest =
redirectionURL.substring(redirectionURL.indexOf("SAMLRequest=") + "SAMLRequest=".length(),
redirectionURL.indexOf("RelayState=") - 1);
-
+
byte[] deflatedToken = Base64.decode(URLDecoder.decode(samlRequest, "UTF-8"));
InputStream tokenStream = CompressionUtils.inflate(deflatedToken);
@@ -179,46 +179,46 @@ public class SAMLRequestTest {
Assert.assertEquals(TEST_REQUEST_URL, request.getIssuer().getValue());
Assert.assertEquals(TEST_REQUEST_URL, request.getAssertionConsumerServiceURL());
}
-
+
@org.junit.Test
public void testSignedSAMLAuthnRequest() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("SIGNED_ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2);
EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
RedirectionResponse response = wfProc.createSignInRequest(req, config);
-
+
String redirectionURL = response.getRedirectionURL();
- String signature =
+ String signature =
redirectionURL.substring(redirectionURL.indexOf("Signature=") + "Signature=".length());
Assert.assertTrue(signature != null && signature.length() > 0);
}
-
+
@org.junit.Test
public void createSAMLLogoutRequest() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2);
EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
RedirectionResponse response = wfProc.createSignOutRequest(req, null, config);
-
+
String redirectionURL = response.getRedirectionURL();
- String samlRequest =
+ String samlRequest =
redirectionURL.substring(redirectionURL.indexOf("SAMLRequest=") + "SAMLRequest=".length(),
redirectionURL.indexOf("RelayState=") - 1);
-
+
byte[] deflatedToken = Base64.decode(URLDecoder.decode(samlRequest, "UTF-8"));
InputStream tokenStream = CompressionUtils.inflate(deflatedToken);
@@ -228,23 +228,23 @@ public class SAMLRequestTest {
Assert.assertEquals(TEST_REQUEST_URL, request.getIssuer().getValue());
}
-
+
@org.junit.Test
public void testSignedSAMLLogoutRequest() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("SIGNED_ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2);
EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2);
EasyMock.replay(req);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
RedirectionResponse response = wfProc.createSignOutRequest(req, null, config);
-
+
String redirectionURL = response.getRedirectionURL();
- String signature =
+ String signature =
redirectionURL.substring(redirectionURL.indexOf("Signature=") + "Signature=".length());
Assert.assertTrue(signature != null && signature.length() > 0);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
index 3df4cc8..5e93cc7 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
@@ -84,20 +84,20 @@ public class SAMLResponseConformanceTest {
static final String TEST_REQUEST_URI = "/fedizhelloworld";
static final String TEST_IDP_ISSUER = "http://url_to_the_issuer";
static final String TEST_CLIENT_ADDRESS = "https://127.0.0.1";
-
+
private static final String CONFIG_FILE = "fediz_test_config_saml.xml";
-
+
private static Crypto crypto;
private static CallbackHandler cbPasswordHandler;
private static FedizConfigurator configurator;
private static DocumentBuilderFactory docBuilderFactory;
-
+
static {
docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
}
-
-
+
+
@BeforeClass
public static void init() {
try {
@@ -110,12 +110,12 @@ public class SAMLResponseConformanceTest {
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -133,14 +133,14 @@ public class SAMLResponseConformanceTest {
return null;
}
}
-
+
@org.junit.Test
public void testWrongIssuerFormat() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -150,7 +150,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -158,13 +158,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -172,31 +172,31 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
// The Issuer NameFormat must be "entity" if it is used at all
String issuerNameFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos";
Issuer issuer =
- SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString(),
+ SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString(),
issuerNameFormat);
-
+
Element response = createSamlResponse(assertion, "mystskey", true, requestId, issuer);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -207,14 +207,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testRightIssuerFormat() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -224,7 +224,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -232,13 +232,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -246,34 +246,34 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
// The Issuer NameFormat must be "entity" if it is used at all
String issuerNameFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
Issuer issuer =
- SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString(),
+ SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString(),
issuerNameFormat);
-
+
Element response = createSamlResponse(assertion, "mystskey", true, requestId, issuer);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -281,14 +281,14 @@ public class SAMLResponseConformanceTest {
.size());
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
}
-
+
@org.junit.Test
public void testNoAuthnStatement() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -298,20 +298,20 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -319,24 +319,24 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId, null);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -347,14 +347,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testAudienceRestriction() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -364,7 +364,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -372,10 +372,10 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -383,24 +383,24 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId, null);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -411,14 +411,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testNonMatchingAudienceRestriction() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -428,7 +428,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -436,13 +436,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL + "asf");
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -450,24 +450,24 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId, null);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -478,14 +478,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testNoBearerSubjectConfirmation() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -495,7 +495,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -503,13 +503,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -517,24 +517,24 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId, null);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -545,14 +545,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testNonMatchingRecipient() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -562,7 +562,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -570,13 +570,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -584,24 +584,24 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL + "asf");
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId, null);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -612,14 +612,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testNonMatchingInResponseTo() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -629,7 +629,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -637,13 +637,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -651,24 +651,24 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId, null);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -679,14 +679,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testNonMatchingAddress() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -696,7 +696,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -704,13 +704,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS + "xyz");
@@ -718,24 +718,24 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId, null);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -746,14 +746,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testNotBefore() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -763,7 +763,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -771,13 +771,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -786,24 +786,24 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId, null);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -814,14 +814,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testNotOnOfAfter() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -831,7 +831,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -839,37 +839,37 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
subjectConfirmationData.setInResponseTo(requestId);
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId, null);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -880,14 +880,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testFailingStatusWithValidAssertion() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -897,7 +897,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -905,13 +905,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -919,11 +919,11 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
WSPasswordCallback[] cb = {
new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE)
};
@@ -939,12 +939,12 @@ public class SAMLResponseConformanceTest {
"urn:oasis:names:tc:SAML:2.0:status:Failure", null
);
- Issuer responseIssuer =
+ Issuer responseIssuer =
SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString());
Response response =
- SAML2PResponseComponentBuilder.createSAMLResponse(requestId,
- responseIssuer,
+ SAML2PResponseComponentBuilder.createSAMLResponse(requestId,
+ responseIssuer,
status);
response.getAssertions().add(assertion.getSaml2());
@@ -953,18 +953,18 @@ public class SAMLResponseConformanceTest {
doc.appendChild(policyElement);
String responseStr = encodeResponse(policyElement);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -975,14 +975,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testIssuerEnforcementFailure() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -992,7 +992,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -1000,13 +1000,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER + "/other-issuer");
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -1014,28 +1014,28 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
Issuer issuer =
SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString());
-
+
Element response = createSamlResponse(assertion, "mystskey", true, requestId, issuer);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
// Failure expected on an unknown issuer value
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
@@ -1047,14 +1047,14 @@ public class SAMLResponseConformanceTest {
}
}
}
-
+
@org.junit.Test
public void testIssuerEnforcementDisable() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -1064,7 +1064,7 @@ public class SAMLResponseConformanceTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -1072,13 +1072,13 @@ public class SAMLResponseConformanceTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER + "/other-issuer");
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -1086,38 +1086,38 @@ public class SAMLResponseConformanceTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
Issuer issuer =
SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString());
-
+
Element response = createSamlResponse(assertion, "mystskey", true, requestId, issuer);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
// Disable the issuer enforcement check
FedizProcessor wfProc = new SAMLProcessorImpl();
((SAMLProtocol)config.getProtocol()).setDoNotEnforceKnownIssuer(true);
Assert.assertTrue(((SAMLProtocol)config.getProtocol()).isDoNotEnforceKnownIssuer());
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
-
+
}
-
- private Element createSamlResponse(SamlAssertionWrapper assertion, String alias,
+
+ private Element createSamlResponse(SamlAssertionWrapper assertion, String alias,
boolean sign, String requestID, Issuer issuer)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
WSPasswordCallback[] cb = {
@@ -1129,7 +1129,7 @@ public class SAMLResponseConformanceTest {
if (sign) {
assertion.signAssertion(alias, password, crypto, false);
}
-
+
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
@@ -1137,31 +1137,31 @@ public class SAMLResponseConformanceTest {
SAML2PResponseComponentBuilder.createStatus(
"urn:oasis:names:tc:SAML:2.0:status:Success", null
);
-
+
Issuer responseIssuer = issuer;
if (responseIssuer == null) {
responseIssuer = SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString());
}
Response response =
- SAML2PResponseComponentBuilder.createSAMLResponse(requestID,
- responseIssuer,
+ SAML2PResponseComponentBuilder.createSAMLResponse(requestID,
+ responseIssuer,
status);
response.getAssertions().add(assertion.getSaml2());
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
-
+
return policyElement;
}
-
+
/**
* Returns the first element that matches <code>name</code> and
* <code>namespace</code>. <p/> This is a replacement for a XPath lookup
* <code>//name</code> with the given namespace. It's somewhat faster than
* XPath, and we do not deal with prefixes, just with the real namespace URI
- *
+ *
* @param startNode Where to start the search
* @param name Local name of the element
* @param namespace Namespace URI of the element
[18/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
Whitespace cleanup
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/2ca31863
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/2ca31863
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/2ca31863
Branch: refs/heads/master
Commit: 2ca318630f99fd11eb95111341e7188900fc212f
Parents: 29bf8de
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 13 11:21:02 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 13 11:21:02 2017 +0000
----------------------------------------------------------------------
.../cxf/fediz/example/FederationService.java | 6 +-
.../cxf/fediz/example/FederationService.java | 2 +-
.../cxf/fediz/example/FederationServlet.java | 2 +-
.../cxf/fediz/example/FederationServlet.java | 8 +-
.../cxf/fediz/example/FederationServlet.java | 2 +-
.../cxf/fediz/example/FederationServlet.java | 8 +-
.../cxf/fediz/example/FederationServlet.java | 4 +-
.../fediz/example/ClaimsCallbackHandler.java | 12 +-
.../cxf/fediz/example/FederationServlet.java | 4 +-
.../java/org/apache/cxf/fediz/core/Claim.java | 2 +-
.../apache/cxf/fediz/core/ClaimCollection.java | 2 +-
.../org/apache/cxf/fediz/core/ClaimTypes.java | 48 +-
.../cxf/fediz/core/FederationConstants.java | 4 +-
.../apache/cxf/fediz/core/FedizConstants.java | 16 +-
.../apache/cxf/fediz/core/FedizPrincipal.java | 4 +-
.../org/apache/cxf/fediz/core/RequestState.java | 12 +-
.../apache/cxf/fediz/core/SAMLSSOConstants.java | 16 +-
.../fediz/core/SecurityTokenThreadLocal.java | 10 +-
.../apache/cxf/fediz/core/TokenValidator.java | 4 +-
.../cxf/fediz/core/TokenValidatorResponse.java | 2 +-
.../config/CertificateValidationMethod.java | 8 +-
.../org/apache/cxf/fediz/core/config/Claim.java | 10 +-
.../fediz/core/config/FederationProtocol.java | 20 +-
.../fediz/core/config/FedizConfigurator.java | 10 +-
.../cxf/fediz/core/config/FedizContext.java | 66 +--
.../cxf/fediz/core/config/KeyManager.java | 10 +-
.../cxf/fediz/core/config/PropertyType.java | 6 +-
.../apache/cxf/fediz/core/config/Protocol.java | 24 +-
.../cxf/fediz/core/config/SAMLProtocol.java | 22 +-
.../cxf/fediz/core/config/TrustManager.java | 16 +-
.../cxf/fediz/core/config/TrustedIssuer.java | 30 +-
.../IllegalConfigurationException.java | 2 +-
.../core/exception/ProcessingException.java | 28 +-
.../cxf/fediz/core/handler/LogoutHandler.java | 10 +-
.../cxf/fediz/core/handler/SigninHandler.java | 8 +-
.../cxf/fediz/core/metadata/MetadataWriter.java | 58 +-
.../core/processor/AbstractFedizProcessor.java | 8 +-
.../core/processor/FederationProcessorImpl.java | 30 +-
.../fediz/core/processor/FedizProcessor.java | 2 +-
.../core/processor/FedizProcessorFactory.java | 2 +-
.../cxf/fediz/core/processor/FedizRequest.java | 4 +-
.../cxf/fediz/core/processor/FedizResponse.java | 4 +-
.../core/processor/RedirectionResponse.java | 10 +-
.../fediz/core/processor/SAMLProcessorImpl.java | 142 ++---
.../core/saml/FedizSignatureTrustValidator.java | 46 +-
.../cxf/fediz/core/saml/SAMLTokenValidator.java | 58 +-
.../apache/cxf/fediz/core/saml/SAMLUtil.java | 6 +-
.../fediz/core/saml/SamlAssertionValidator.java | 14 +-
.../fediz/core/samlsso/CompressionUtils.java | 24 +-
.../samlsso/DefaultSAMLPRequestBuilder.java | 38 +-
.../fediz/core/samlsso/SAMLPRequestBuilder.java | 4 +-
.../samlsso/SAMLProtocolResponseValidator.java | 56 +-
.../core/samlsso/SAMLSSOResponseValidator.java | 78 +--
.../core/samlsso/SSOValidatorResponse.java | 10 +-
.../samlsso/SamlpRequestComponentBuilder.java | 60 +--
.../apache/cxf/fediz/core/util/CertsUtils.java | 48 +-
.../cxf/fediz/core/util/ClassLoaderUtils.java | 32 +-
.../apache/cxf/fediz/core/util/CookieUtils.java | 28 +-
.../apache/cxf/fediz/core/util/DOMUtils.java | 32 +-
.../cxf/fediz/core/util/SignatureUtils.java | 28 +-
.../apache/cxf/fediz/core/util/StringUtils.java | 2 +-
.../org/apache/cxf/fediz/common/STSUtil.java | 28 +-
.../cxf/fediz/common/SecurityTestUtil.java | 6 +-
.../fediz/core/AbstractSAMLCallbackHandler.java | 92 ++--
.../cxf/fediz/core/KeystoreCallbackHandler.java | 8 +-
.../cxf/fediz/core/SAML1CallbackHandler.java | 12 +-
.../cxf/fediz/core/SAML2CallbackHandler.java | 12 +-
.../fediz/core/config/CallbackHandlerTest.java | 140 ++---
.../core/config/FedizConfigurationTest.java | 98 ++--
.../config/FedizConfigurationWriterTest.java | 66 +--
.../fediz/core/config/TestCallbackHandler.java | 4 +-
.../federation/AudienceRestrictionTest.java | 92 ++--
.../fediz/core/federation/CustomValidator.java | 2 +-
.../core/federation/FederationLogoutTest.java | 144 ++---
.../core/federation/FederationMetaDataTest.java | 26 +-
.../core/federation/FederationRequestTest.java | 34 +-
.../core/federation/FederationResponseTest.java | 448 ++++++++--------
.../core/federation/RequestedClaimsTest.java | 64 +--
.../federation/SAMLTokenValidatorOldTest.java | 90 ++--
.../core/federation/TestSigninHandler.java | 10 +-
.../cxf/fediz/core/samlsso/CustomValidator.java | 2 +-
.../samlsso/SAML2PResponseComponentBuilder.java | 48 +-
.../fediz/core/samlsso/SAMLMetaDataTest.java | 32 +-
.../cxf/fediz/core/samlsso/SAMLRequestTest.java | 82 +--
.../samlsso/SAMLResponseConformanceTest.java | 344 ++++++------
.../fediz/core/samlsso/SAMLResponseTest.java | 208 ++++----
.../fediz/core/samlsso/SAMLSSOTestUtils.java | 12 +-
.../plugin/AbstractServiceProviderFilter.java | 90 ++--
.../cxf/fediz/cxf/plugin/CXFFedizPrincipal.java | 6 +-
.../cxf/plugin/FedizRedirectBindingFilter.java | 120 ++---
.../fediz/cxf/plugin/FedizSecurityContext.java | 6 +-
.../cxf/plugin/state/EHCacheSPStateManager.java | 38 +-
.../fediz/cxf/plugin/state/ResponseState.java | 16 +-
.../fediz/cxf/plugin/state/SPStateManager.java | 16 +-
.../cxf/web/ThreadLocalCallbackHandler.java | 4 +-
.../fediz/jetty8/FederationAuthenticator.java | 124 ++---
.../fediz/jetty8/FederationIdentityService.java | 12 +-
.../fediz/jetty8/FederationLoginService.java | 26 +-
.../fediz/jetty8/FederationUserIdentity.java | 14 +-
.../fediz/jetty8/FederationUserPrincipal.java | 4 +-
.../fediz/jetty9/FederationAuthenticator.java | 122 ++---
.../fediz/jetty9/FederationIdentityService.java | 12 +-
.../fediz/jetty9/FederationLoginService.java | 26 +-
.../fediz/jetty9/FederationUserIdentity.java | 14 +-
.../fediz/jetty9/FederationUserPrincipal.java | 4 +-
.../cxf/fediz/spring/FederationConfig.java | 4 +-
.../cxf/fediz/spring/FederationConfigImpl.java | 12 +-
.../apache/cxf/fediz/spring/FederationUser.java | 14 +-
.../AbstractFederationUserDetailsService.java | 2 +-
.../authentication/ExpiredTokenException.java | 4 +-
.../FederationAuthenticationProvider.java | 18 +-
.../FederationAuthenticationToken.java | 2 +-
.../FederationResponseAuthenticationToken.java | 2 +-
...AuthoritiesUserDetailsFederationService.java | 14 +-
...erationPreAuthenticatedProcessingFilter.java | 2 +-
...AuthoritiesUserDetailsFederationService.java | 4 +-
.../web/FederationAuthenticationEntryPoint.java | 22 +-
.../FederationAuthenticationFailureHandler.java | 24 +-
.../web/FederationAuthenticationFilter.java | 38 +-
.../spring/web/FederationLogoutFilter.java | 2 +-
.../web/FederationLogoutSuccessHandler.java | 4 +-
.../cxf/fediz/spring/FederationConfig.java | 4 +-
.../cxf/fediz/spring/FederationConfigImpl.java | 16 +-
.../apache/cxf/fediz/spring/FederationUser.java | 18 +-
.../AbstractFederationUserDetailsService.java | 6 +-
.../authentication/ExpiredTokenException.java | 4 +-
.../FederationAuthenticationProvider.java | 18 +-
.../FederationAuthenticationToken.java | 2 +-
.../FederationResponseAuthenticationToken.java | 2 +-
...AuthoritiesUserDetailsFederationService.java | 14 +-
...erationPreAuthenticatedProcessingFilter.java | 2 +-
...AuthoritiesUserDetailsFederationService.java | 8 +-
.../web/FederationAuthenticationEntryPoint.java | 26 +-
.../web/FederationAuthenticationFilter.java | 52 +-
.../fediz/tomcat7/FederationAuthenticator.java | 24 +-
.../fediz/tomcat7/FederationPrincipalImpl.java | 2 +-
.../fediz/tomcat8/FederationAuthenticator.java | 24 +-
.../org/apache/cxf/fediz/was/Constants.java | 8 +-
.../was/mapper/FileBasedRoleToGroupMapper.java | 2 +-
.../cxf/fediz/was/mapper/RoleToGroupMapper.java | 10 +-
.../filter/SecurityContextTTLChecker.java | 6 +-
.../cxf/fediz/was/tai/FedizInterceptor.java | 12 +-
.../cxf/fediz/was/tai/FedizInterceptorTest.java | 14 +-
.../cxf/fediz/service/idp/MetadataServlet.java | 14 +-
.../service/idp/STSAuthenticationProvider.java | 54 +-
.../idp/STSKrbAuthenticationProvider.java | 58 +-
.../cxf/fediz/service/idp/STSPortFilter.java | 14 +-
.../idp/STSPreAuthAuthenticationProvider.java | 28 +-
.../idp/STSUPAuthenticationProvider.java | 38 +-
.../cxf/fediz/service/idp/STSUserDetails.java | 18 +-
.../service/idp/beans/CommonsURLValidator.java | 6 +-
.../idp/beans/IdpTokenExpiredAction.java | 8 +-
.../idp/beans/PassiveRequestorValidator.java | 16 +-
.../service/idp/beans/STSClientAction.java | 96 ++--
.../service/idp/beans/TokenSerializer.java | 4 +-
.../idp/beans/TrustedIdpProtocolAction.java | 24 +-
.../idp/beans/samlsso/AuthnRequestParser.java | 96 ++--
.../idp/beans/samlsso/LocalRedirectCreator.java | 10 +-
.../idp/beans/samlsso/SamlResponseCreator.java | 56 +-
.../beans/samlsso/SamlResponseErrorCreator.java | 16 +-
.../service/idp/beans/wsfed/WfreshParser.java | 12 +-
.../fediz/service/idp/domain/Application.java | 48 +-
.../cxf/fediz/service/idp/domain/Claim.java | 12 +-
.../fediz/service/idp/domain/Entitlement.java | 8 +-
.../service/idp/domain/FederationType.java | 80 +--
.../cxf/fediz/service/idp/domain/Idp.java | 16 +-
.../fediz/service/idp/domain/RequestClaim.java | 12 +-
.../cxf/fediz/service/idp/domain/Role.java | 10 +-
.../cxf/fediz/service/idp/domain/TrustType.java | 80 +--
.../fediz/service/idp/domain/TrustedIdp.java | 32 +-
.../KerberosAuthenticationProcessingFilter.java | 6 +-
.../idp/kerberos/KerberosEntryPoint.java | 8 +-
.../kerberos/KerberosServiceRequestToken.java | 20 +-
.../idp/kerberos/KerberosTokenValidator.java | 18 +-
.../idp/kerberos/PassThroughKerberosClient.java | 8 +-
.../service/idp/metadata/IdpMetadataWriter.java | 10 +-
.../idp/metadata/ServiceMetadataWriter.java | 48 +-
.../cxf/fediz/service/idp/model/IDPConfig.java | 4 +-
.../fediz/service/idp/model/RequestClaim.java | 4 +-
.../fediz/service/idp/model/ServiceConfig.java | 4 +-
.../service/idp/model/TrustedIDPSelection.java | 2 +-
...AbstractTrustedIdpOAuth2ProtocolHandler.java | 52 +-
.../AbstractTrustedIdpProtocolHandler.java | 14 +-
.../ApplicationProtocolControllerImpl.java | 6 +-
.../ApplicationSAMLSSOProtocolHandler.java | 2 +-
.../ApplicationWSFedProtocolHandler.java | 2 +-
.../TrustedIdpFacebookProtocolHandler.java | 58 +-
.../TrustedIdpOIDCProtocolHandler.java | 102 ++--
.../TrustedIdpProtocolControllerImpl.java | 6 +-
.../TrustedIdpSAMLProtocolHandler.java | 80 +--
.../TrustedIdpWSFedProtocolHandler.java | 52 +-
.../service/idp/rest/ApplicationService.java | 8 +-
.../idp/rest/ApplicationServiceImpl.java | 34 +-
.../fediz/service/idp/rest/ClaimService.java | 6 +-
.../service/idp/rest/ClaimServiceImpl.java | 24 +-
.../service/idp/rest/EntitlementService.java | 6 +-
.../idp/rest/EntitlementServiceImpl.java | 16 +-
.../cxf/fediz/service/idp/rest/IdpService.java | 18 +-
.../fediz/service/idp/rest/IdpServiceImpl.java | 68 +--
.../idp/rest/QueryResourceInfoComparator.java | 228 ++++----
.../idp/rest/RestServiceExceptionMapper.java | 166 +++---
.../cxf/fediz/service/idp/rest/RoleService.java | 8 +-
.../fediz/service/idp/rest/RoleServiceImpl.java | 34 +-
.../fediz/service/idp/rest/RootServiceImpl.java | 2 +-
.../service/idp/rest/TrustedIdpService.java | 4 +-
.../service/idp/rest/TrustedIdpServiceImpl.java | 24 +-
.../idp/samlsso/SAML2CallbackHandler.java | 26 +-
.../samlsso/SAML2PResponseComponentBuilder.java | 42 +-
.../service/idp/samlsso/SAMLAuthnRequest.java | 18 +-
.../service/idp/service/ApplicationDAO.java | 2 +-
.../cxf/fediz/service/idp/service/ClaimDAO.java | 8 +-
.../service/idp/service/ConfigService.java | 2 +-
.../idp/service/ConfigServiceSpring.java | 2 +-
.../service/idp/service/EntitlementDAO.java | 8 +-
.../cxf/fediz/service/idp/service/IdpDAO.java | 10 +-
.../cxf/fediz/service/idp/service/RoleDAO.java | 2 +-
.../idp/service/jpa/ApplicationClaimEntity.java | 14 +-
.../idp/service/jpa/ApplicationDAOJPAImpl.java | 80 +--
.../idp/service/jpa/ApplicationEntity.java | 36 +-
.../ApplicationIdpProtocolSupportValidator.java | 4 +-
.../idp/service/jpa/ClaimDAOJPAImpl.java | 34 +-
.../service/idp/service/jpa/ClaimEntity.java | 12 +-
.../idp/service/jpa/ConfigServiceJPA.java | 18 +-
.../service/jpa/DBInitApplicationListener.java | 12 +-
.../fediz/service/idp/service/jpa/DBLoader.java | 2 +-
.../service/idp/service/jpa/DBLoaderImpl.java | 28 +-
.../service/idp/service/jpa/DBLoaderSpring.java | 30 +-
.../idp/service/jpa/EntitlementDAOJPAImpl.java | 34 +-
.../idp/service/jpa/EntitlementEntity.java | 12 +-
.../service/idp/service/jpa/IdpDAOJPAImpl.java | 116 ++--
.../service/idp/service/jpa/IdpEntity.java | 10 +-
.../service/idp/service/jpa/RoleDAOJPAImpl.java | 64 +--
.../service/idp/service/jpa/RoleEntity.java | 14 +-
.../idp/service/jpa/TrustedIdpDAOJPAImpl.java | 34 +-
.../idp/service/jpa/TrustedIdpEntity.java | 24 +-
.../jpa/TrustedIdpProtocolSupportValidator.java | 4 +-
.../security/GrantedAuthorityEntitlements.java | 20 +-
.../idp/spi/ApplicationProtocolHandler.java | 4 +-
.../idp/spi/TrustedIdpProtocolHandler.java | 4 +-
.../cxf/fediz/service/idp/util/WebUtils.java | 8 +-
.../idp/service/jpa/ApplicationDAOJPATest.java | 114 ++--
.../idp/service/jpa/ClaimDAOJPATest.java | 36 +-
.../idp/service/jpa/EntitlementDAOJPATest.java | 40 +-
.../service/idp/service/jpa/IdpDAOJPATest.java | 244 ++++-----
.../service/idp/service/jpa/TestDBLoader.java | 20 +-
.../idp/service/jpa/TrustedIdpDAOJPATest.java | 94 ++--
.../service/idp/util/MetadataWriterTest.java | 12 +-
.../idp/integrationtests/RestITTest.java | 32 +-
.../fediz/service/oidc/FedizSubjectCreator.java | 60 +--
.../service/oidc/OAuthDataProviderImpl.java | 24 +-
.../oidc/PrivateKeyPasswordProviderImpl.java | 2 +-
.../service/oidc/clients/ClientCodeGrants.java | 2 +-
.../oidc/clients/ClientRegistrationService.java | 68 +--
.../service/oidc/clients/ClientTokens.java | 2 +-
.../oidc/clients/InvalidRegistration.java | 2 +-
.../service/oidc/clients/RegisterClient.java | 2 +-
.../service/oidc/clients/RegisteredClients.java | 2 +-
.../fediz/service/oidc/console/UserConsole.java | 2 +-
.../oidc/console/UserConsoleService.java | 8 +-
.../handler/hrd/ApplicationContextProvider.java | 4 +-
.../handler/hrd/ClientIdHomeRealmDiscovery.java | 12 +-
.../hrd/LoginHintHomeRealmDiscovery.java | 4 +-
.../service/oidc/logout/LogoutService.java | 48 +-
.../oidc/logout/SignoutQueryHandler.java | 2 +-
.../oidc/logout/TokenCleanupHandler.java | 4 +-
.../service/sts/FedizSAMLDelegationHandler.java | 10 +-
.../service/sts/FedizX509DelegationHandler.java | 14 +-
.../fediz/service/sts/FileClaimsHandler.java | 12 +-
.../service/sts/realms/IdentityMapperImpl.java | 2 +-
.../realms/RealmExtensionIdentityMapper.java | 2 +-
.../sts/realms/RealmFileClaimsHandler.java | 16 +-
.../service/sts/realms/SamlRealmCodec.java | 4 +-
.../service/sts/realms/UriRealmParser.java | 2 +-
.../apache/cxf/fediz/sts/AbstractSTSTest.java | 12 +-
.../java/org/apache/cxf/fediz/sts/Utils.java | 4 +-
.../cxf/fediz/sts/realms/ITCrossRealmTest.java | 26 +-
.../RealmExtensionIdentityMapperTest.java | 10 +-
.../test/java/custom/CustomClaimsHandler.java | 18 +-
.../src/test/java/custom/CustomUTValidator.java | 10 +-
.../systests/custom/CustomParametersTest.java | 32 +-
.../federation/FederationTest.java | 38 +-
.../fediz/oidc/idp/example/BasicAuthFilter.java | 2 +-
.../oidc/idp/example/CommonCallbackHandler.java | 2 +-
.../idp/example/EHCacheOIDCTokenProvider.java | 6 +-
.../oidc/idp/example/IdTokenProviderImpl.java | 4 +-
.../fediz/samlsso/example/BasicAuthFilter.java | 16 +-
.../samlsso/example/SAML2CallbackHandler.java | 28 +-
.../example/SAML2PResponseComponentBuilder.java | 42 +-
.../cxf/fediz/samlsso/example/SamlSso.java | 66 +--
.../fediz/samlsso/service/DoubleItService.java | 2 +-
.../service/KeystorePasswordCallback.java | 10 +-
.../cxf/fediz/samlsso/service/Number.java | 6 +-
.../cxf/fediz/integrationtests/RealmMapper.java | 8 +-
.../cxf/fediz/integrationtests/SAMLSSOTest.java | 80 +--
.../cxf/fediz/integrationtests/WSFedTest.java | 110 ++--
.../apache/cxf/fediz/systests/idp/IdpTest.java | 62 +--
.../ClientCertificatePreAuthSpringTest.java | 18 +-
.../integrationtests/ClientCertificateTest.java | 16 +-
.../integrationtests/HOKCallbackHandler.java | 4 +-
.../JettyPreAuthSpringTest.java | 12 +-
.../cxf/fediz/integrationtests/JettyTest.java | 8 +-
.../cxf/fediz/integrationtests/JettyUtils.java | 28 +-
.../ClientCertificatePreAuthSpringTest.java | 30 +-
.../integrationtests/ClientCertificateTest.java | 28 +-
.../integrationtests/HOKCallbackHandler.java | 4 +-
.../JettyPreAuthSpringTest.java | 30 +-
.../cxf/fediz/integrationtests/JettyTest.java | 30 +-
.../cxf/fediz/integrationtests/JettyUtils.java | 16 +-
.../KerberosClientPasswordCallback.java | 4 +-
.../KerberosServicePasswordCallback.java | 6 +-
.../fediz/integrationtests/KerberosTest.java | 78 +--
.../cxf/fediz/integrationtests/LDAPTest.java | 50 +-
.../cxf/fediz/systests/oidc/OIDCTest.java | 230 ++++----
.../apache/cxf/fediz/systests/idp/IdpTest.java | 526 +++++++++----------
.../cxf/fediz/integrationtests/Spring2Test.java | 54 +-
.../cxf/fediz/integrationtests/SpringTest.java | 24 +-
.../AbstractClientCertTests.java | 24 +-
.../fediz/integrationtests/AbstractTests.java | 36 +-
.../fediz/integrationtests/HTTPTestUtils.java | 18 +-
.../AudienceRestrictionTest.java | 34 +-
.../integrationtests/ClientCertificateTest.java | 28 +-
.../integrationtests/HOKCallbackHandler.java | 4 +-
.../fediz/integrationtests/HolderOfKeyTest.java | 44 +-
.../integrationtests/TestCallbackHandler.java | 4 +-
.../cxf/fediz/integrationtests/TomcatTest.java | 28 +-
.../cxf/fediz/integrationtests/WReqTest.java | 40 +-
.../AudienceRestrictionTest.java | 34 +-
.../integrationtests/ClientCertificateTest.java | 28 +-
.../integrationtests/HOKCallbackHandler.java | 4 +-
.../fediz/integrationtests/HolderOfKeyTest.java | 42 +-
.../integrationtests/TestCallbackHandler.java | 4 +-
.../cxf/fediz/integrationtests/TomcatTest.java | 28 +-
.../cxf/fediz/integrationtests/WReqTest.java | 42 +-
.../org/apache/cxf/fediz/example/Service.java | 32 +-
.../cxf/fediz/example/FederationServlet.java | 12 +-
.../cxf/fediz/example/FederationServlet.java | 18 +-
.../cxf/fediz/example/FederationServlet.java | 14 +-
.../cxf/fediz/example/FederationServlet.java | 18 +-
338 files changed, 5223 insertions(+), 5223 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
----------------------------------------------------------------------
diff --git a/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java b/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
index 471b8bf..01bc608 100644
--- a/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
+++ b/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
@@ -50,9 +50,9 @@ import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
@Path("/")
public class FederationService {
- @Context
+ @Context
private UriInfo uriInfo;
- @Context
+ @Context
private SecurityContext securityContext;
@POST
public Response getTokenInfoFromPost() {
@@ -80,7 +80,7 @@ public class FederationService {
out.append("<br><b>Roles</b><p>");
List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
for (String item: roleListToCheck) {
- out.append("Has role '" + item + "': "
+ out.append("Has role '" + item + "': "
+ ((securityContext.isUserInRole(item)) ? "<b>yes</b>" : "no") + "<p>");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
----------------------------------------------------------------------
diff --git a/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java b/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
index fa31a87..5d2dfae 100644
--- a/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
+++ b/examples/jaxrsSimpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
@@ -73,7 +73,7 @@ public class FederationService {
out.append("<br><b>Roles</b><p>");
List<String> roleListToCheck = Arrays.asList("Admin", "Manager", "User", "Authenticated");
for (String item: roleListToCheck) {
- out.append("Has role '" + item + "': "
+ out.append("Has role '" + item + "': "
+ ((securityContext.isUserInRole(item)) ? "<b>yes</b>" : "no") + "<p>");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/examples/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/examples/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/examples/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index 3c456c9..b6f240f 100644
--- a/examples/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/examples/simpleWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -48,7 +48,7 @@ import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -9019993850246851112L;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/examples/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/examples/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/examples/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index 1f2a58a..2c6054d 100644
--- a/examples/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/examples/spring2Webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -51,7 +51,7 @@ import org.springframework.security.context.SecurityContextHolder;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -9019993850246851112L;
@@ -74,7 +74,7 @@ public class FederationServlet extends HttpServlet {
if (p != null) {
out.println("Principal: " + p.getName() + "<p>");
}
-
+
// Access Spring security context
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth instanceof FederationAuthenticationToken) {
@@ -84,7 +84,7 @@ public class FederationServlet extends HttpServlet {
out.println("<li>" + item.getAuthority() + "</li>");
}
out.println("</ul>");
-
+
if (fedAuthToken.getUserDetails() instanceof FederationUser) {
out.println("<br><b>Claims</b><p>");
ClaimCollection claims = ((FederationUser)fedAuthToken.getUserDetails()).getClaims();
@@ -94,7 +94,7 @@ public class FederationServlet extends HttpServlet {
} else {
out.println("FederationAuthenticationToken found but not FederationUser");
}
-
+
} else {
out.println("No FederationAuthenticationToken found in Spring Security Context.");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/examples/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/examples/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/examples/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index 9e4a042..90afce4 100644
--- a/examples/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/examples/springPreauthWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -51,7 +51,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -9019993850246851112L;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index 498cc6d..33443a1 100644
--- a/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/examples/springWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -51,7 +51,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -9019993850246851112L;
@@ -74,7 +74,7 @@ public class FederationServlet extends HttpServlet {
if (p != null) {
out.println("Principal: " + p.getName() + "<p>");
}
-
+
// Access Spring security context
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth instanceof FederationAuthenticationToken) {
@@ -84,7 +84,7 @@ public class FederationServlet extends HttpServlet {
out.println("<li>" + item.getAuthority() + "</li>");
}
out.println("</ul>");
-
+
if (fedAuthToken.getUserDetails() instanceof FederationUser) {
out.println("<br><b>Claims</b><p>");
ClaimCollection claims = ((FederationUser)fedAuthToken.getUserDetails()).getClaims();
@@ -94,7 +94,7 @@ public class FederationServlet extends HttpServlet {
} else {
out.println("FederationAuthenticationToken found but not FederationUser");
}
-
+
} else {
out.println("No FederationAuthenticationToken found in Spring Security Context.");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/examples/websphereWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/examples/websphereWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/examples/websphereWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index e7387b3..2d6a4f4 100644
--- a/examples/websphereWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/examples/websphereWebapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -48,7 +48,7 @@ import org.apache.cxf.fediz.core.processor.FedizResponse;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final String SUBJECT_TOKEN_KEY = "_security.token";
@@ -109,7 +109,7 @@ public class FederationServlet extends HttpServlet {
}
} catch (WSSecurityException e) {
out.println("<p>Exception=" + e.getMessage() + "</p>");
- }
+ }
}
private FedizResponse getCachedFederationResponse(Subject subject) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/ClaimsCallbackHandler.java
----------------------------------------------------------------------
diff --git a/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/ClaimsCallbackHandler.java b/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/ClaimsCallbackHandler.java
index d999968..acc5506 100644
--- a/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/ClaimsCallbackHandler.java
+++ b/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/ClaimsCallbackHandler.java
@@ -36,33 +36,33 @@ import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
* stores it on the ClaimsCallback object.
*/
public class ClaimsCallbackHandler implements CallbackHandler {
-
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof ClaimsCallback) {
ClaimsCallback callback = (ClaimsCallback) callbacks[i];
callback.setClaims(createClaims());
-
+
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
}
}
-
+
/**
* Create a Claims Element for a "role"
*/
private Element createClaims() {
Document doc = DOMUtils.createDocument();
- Element claimsElement =
+ Element claimsElement =
doc.createElementNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Claims");
claimsElement.setAttributeNS(null, "Dialect", "http://schemas.xmlsoap.org/ws/2005/05/identity");
- Element claimType =
+ Element claimType =
doc.createElementNS("http://schemas.xmlsoap.org/ws/2005/05/identity", "ClaimType");
claimType.setAttributeNS(null, "Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
claimsElement.appendChild(claimType);
return claimsElement;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
----------------------------------------------------------------------
diff --git a/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java b/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
index 1fcb751..96f8d6f 100644
--- a/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
+++ b/examples/wsclientWebapp/webapp/src/main/java/org/apache/cxf/fediz/example/FederationServlet.java
@@ -49,7 +49,7 @@ import org.apache.hello_world_soap_http.Greeter;
public class FederationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -9019993850246851112L;
@@ -156,7 +156,7 @@ public class FederationServlet extends HttpServlet {
Greeter service = (Greeter)ApplicationContextProvider.getContext().getBean("HelloServiceClient");
String reply = service.greetMe();
-
+
out.println("<br><b>Greeter Service Response: " + reply + "</b><p>");
out.println("</body>");
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/Claim.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/Claim.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/Claim.java
index 3c4814a..c8e47f5 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/Claim.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/Claim.java
@@ -29,7 +29,7 @@ import java.security.Principal;
public class Claim implements Serializable {
/**
- *
+ *
*/
private static final long serialVersionUID = 1L;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java
index 806bc99..58a5848 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimCollection.java
@@ -32,7 +32,7 @@ import java.util.List;
public class ClaimCollection extends ArrayList<Claim> {
/**
- *
+ *
*/
private static final long serialVersionUID = 1L;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimTypes.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimTypes.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimTypes.java
index d8f4464..6c5b736 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimTypes.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/ClaimTypes.java
@@ -30,23 +30,23 @@ public interface ClaimTypes {
* The base XML namespace URI that is used by the claim types
* http://docs.oasis-open.org/imi/identity/v1.0/os/identity-1.0-spec-os.pdf
*/
- URI URI_BASE =
+ URI URI_BASE =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims");
/**
* (givenName in [RFC 2256]) Preferred name or first name of a Subject.
- * According to RFC 2256: This attribute is used to hold the part of a person's name
+ * According to RFC 2256: This attribute is used to hold the part of a person's name
* which is not their surname nor middle name.
*/
- URI FIRSTNAME =
+ URI FIRSTNAME =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname");
/**
* (sn in [RFC 2256]) Surname or family name of a Subject.
* According to RFC 2256: This is the X.500 surname attribute which contains the family name of a person.
*/
- URI LASTNAME =
- URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname");
+ URI LASTNAME =
+ URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname");
/**
* (mail in inetOrgPerson) Preferred address for the "To:" field of email
@@ -54,45 +54,45 @@ public interface ClaimTypes {
* According to inetOrgPerson using [RFC 1274]: This attribute type specifies
* an electronic mailbox attribute following the syntax specified in RFC 822.
*/
- URI EMAILADDRESS =
- URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
+ URI EMAILADDRESS =
+ URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
/**
* (street in [RFC 2256]) Street address component of a Subject\u201fs address information.
* According to RFC 2256: This attribute contains the physical address of the object
* to which the entry corresponds, such as an address for package delivery.
*/
- URI STREETADDRESS =
- URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress");
+ URI STREETADDRESS =
+ URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress");
/**
* (/ in [RFC 2256]) Locality component of a Subject's address information.
* According to RFC 2256: This attribute contains the name of a locality, such as a city,
* county or other geographic region.
*/
- URI LOCALITY =
- URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality");
+ URI LOCALITY =
+ URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality");
/**
* (st in [RFC 2256]) Abbreviation for state or province name of a Subject's address information.
* According to RFC 2256: \u201cThis attribute contains the full name of a state or province.
* The values SHOULD be coordinated on a national level and if well-known shortcuts exist.
*/
- URI STATE_PROVINCE =
- URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince");
+ URI STATE_PROVINCE =
+ URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince");
/**
* (postalCode in X.500) Postal code or zip code component of a Subject's address information.
* According to X.500(2001): The postal code attribute type specifies the postal code of the named object.
*/
- URI POSTALCODE =
+ URI POSTALCODE =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode");
/**
* (c in [RFC 2256]) Country of a Subject.
* According to RFC 2256: This attribute contains a two-letter ISO 3166 country code.
*/
- URI COUNTRY =
+ URI COUNTRY =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country");
/**
@@ -100,7 +100,7 @@ public interface ClaimTypes {
* According to inetOrgPerson using [RFC 1274]: This attribute type specifies
* a home telephone number associated with a person.
*/
- URI HOMEPHONE =
+ URI HOMEPHONE =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone");
/**
@@ -108,39 +108,39 @@ public interface ClaimTypes {
* According to X.500(2001): This attribute type specifies an
* office/campus telephone number associated with a person.
*/
- URI OTHERPHONE =
- URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone");
+ URI OTHERPHONE =
+ URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone");
/**
* (mobile in inetOrgPerson) Mobile telephone number of a Subject.
* According to inetOrgPerson using [RFC 1274]: This attribute type specifies a
* mobile telephone number associated with a person.
*/
- URI MOBILEPHONE =
+ URI MOBILEPHONE =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone");
/**
* The date of birth of a Subject in a form allowed by the xs:date data type.
*/
- URI DATEOFBIRTH =
+ URI DATEOFBIRTH =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth");
/**
* Gender of a Subject that can have any of these exact URI values
* '0' (meaning unspecified), '1' (meaning Male) or '2' (meaning Female)
*/
- URI GENDER =
+ URI GENDER =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender");
/**
* A private personal identifier (PPID) that identifies the Subject to a Relying Party.
*/
- URI PRIVATE_PERSONAL_IDENTIFIER =
+ URI PRIVATE_PERSONAL_IDENTIFIER =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier");
/**
* The Web page of a Subject expressed as a URL.
*/
- URI WEB_PAGE =
- URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage");
+ URI WEB_PAGE =
+ URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
index b8f7d70..6839ff5 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationConstants.java
@@ -28,7 +28,7 @@ import java.util.Map;
* Constants specific to WS-Federation
*/
public final class FederationConstants extends FedizConstants {
-
+
public static final String WSFED_METHOD = "WSFED";
/**
@@ -208,7 +208,7 @@ public final class FederationConstants extends FedizConstants {
.create("http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/smartcard");
public static final String METADATA_PATH_URI = "FederationMetadata/2007-06/FederationMetadata.xml";
-
+
private FederationConstants() {
super();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
index f5205f4..47b0767 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizConstants.java
@@ -22,23 +22,23 @@ package org.apache.cxf.fediz.core;
import java.net.URI;
public class FedizConstants {
-
+
public static final URI DEFAULT_ROLE_URI = URI
.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
public static final String WS_TRUST_13_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
-
+
public static final String WS_TRUST_2005_02_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
-
+
public static final String SAML2_METADATA_NS = "urn:oasis:names:tc:SAML:2.0:metadata";
-
+
public static final String WS_FEDERATION_NS = "http://docs.oasis-open.org/wsfed/federation/200706";
-
+
public static final String WS_ADDRESSING_NS = "http://www.w3.org/2005/08/addressing";
-
+
public static final String SCHEMA_INSTANCE_NS = "http://www.w3.org/2001/XMLSchema-instance";
-
+
protected FedizConstants() {
-
+
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
index 52d7c17..f74991a 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
@@ -27,9 +27,9 @@ import org.w3c.dom.Element;
public interface FedizPrincipal extends Principal {
ClaimCollection getClaims();
-
+
Element getLoginToken();
-
+
List<String> getRoleClaims();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
index cfe761f..8192413 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/RequestState.java
@@ -29,7 +29,7 @@ import javax.xml.bind.annotation.XmlRootElement;
public class RequestState implements Serializable {
private static final long serialVersionUID = 869323136115571943L;
-
+
private String targetAddress;
private String idpServiceAddress;
private String requestId;
@@ -38,11 +38,11 @@ public class RequestState implements Serializable {
private long createdAt;
private String state;
private String webAppDomain;
-
+
public RequestState() {
-
+
}
-
+
// CHECKSTYLE:OFF
public RequestState(String targetAddress,
String idpServiceAddress,
@@ -62,7 +62,7 @@ public class RequestState implements Serializable {
setCreatedAt(createdAt);
}
-
+
public void setTargetAddress(String targetAddress) {
this.targetAddress = targetAddress;
}
@@ -114,7 +114,7 @@ public class RequestState implements Serializable {
public String getWebAppContext() {
return webAppContext;
}
-
+
public String getState() {
return state;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
index e82bd7d..6dce445 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/SAMLSSOConstants.java
@@ -23,19 +23,19 @@ package org.apache.cxf.fediz.core;
* Constants specific to SAML SSO
*/
public final class SAMLSSOConstants extends FedizConstants {
-
+
public static final String FEDIZ_SAML_METADATA_PATH_URI = "SAML/Metadata.xml";
-
+
public static final String SAML_REQUEST = "SAMLRequest";
-
- public static final String SAML_RESPONSE = "SAMLResponse";
-
+
+ public static final String SAML_RESPONSE = "SAMLResponse";
+
public static final String RELAY_STATE = "RelayState";
-
+
public static final String SIG_ALG = "SigAlg";
-
+
public static final String SIGNATURE = "Signature";
-
+
private SAMLSSOConstants() {
super();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/SecurityTokenThreadLocal.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/SecurityTokenThreadLocal.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/SecurityTokenThreadLocal.java
index 6b1021d..91c023f 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/SecurityTokenThreadLocal.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/SecurityTokenThreadLocal.java
@@ -27,14 +27,14 @@ import org.w3c.dom.Element;
*/
public final class SecurityTokenThreadLocal {
- private static final ThreadLocal<Element> TLS =
+ private static final ThreadLocal<Element> TLS =
new ThreadLocal<Element>();
private SecurityTokenThreadLocal() {
- }
-
+ }
+
public static void setToken(Element token) {
- if (token == null) {
+ if (token == null) {
TLS.remove();
} else {
TLS.set(token);
@@ -44,6 +44,6 @@ public final class SecurityTokenThreadLocal {
public static Element getToken() {
return TLS.get();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
index f05a45b..f62bb4c 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidator.java
@@ -41,10 +41,10 @@ public interface TokenValidator {
/**
* Validate a Token using the given Element and Configuration.
- * @throws ProcessingException
+ * @throws ProcessingException
*/
TokenValidatorResponse validateAndProcessToken(
- TokenValidatorRequest request,
+ TokenValidatorRequest request,
FedizContext config
) throws ProcessingException;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
index 11a2740..2d9788e 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/TokenValidatorResponse.java
@@ -35,7 +35,7 @@ public class TokenValidatorResponse {
- public TokenValidatorResponse(String uniqueTokenId, String username, String issuer,
+ public TokenValidatorResponse(String uniqueTokenId, String username, String issuer,
List<String> roles, List<Claim> claims, String audience) {
this.username = username;
this.issuer = issuer;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java
index cee16e1..6620a68 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java
@@ -25,7 +25,7 @@ public enum CertificateValidationMethod {
PEER_TRUST("PeerTrust"),
CHAIN_TRUST("ChainTrust");
-
+
private final String value;
CertificateValidationMethod(String v) {
@@ -38,7 +38,7 @@ public enum CertificateValidationMethod {
public String value() {
return value;
}
-
+
public static CertificateValidationMethod fromValue(String v) {
for (CertificateValidationMethod c: CertificateValidationMethod.values()) {
if (c.value.equals(v)) {
@@ -48,6 +48,6 @@ public enum CertificateValidationMethod {
throw new IllegalArgumentException(v);
}
-
-
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java
index 080d2ae..41c7acc 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Claim.java
@@ -62,21 +62,21 @@ public class Claim {
if (!(obj instanceof Claim)) {
return false;
}
-
+
Claim that = (Claim)obj;
if (claimType != null && !claimType.equals(that.getClaimType())) {
return false;
} else if (claimType == null && that.getClaimType() != null) {
return false;
}
-
+
return true;
}
public String toString() {
return claimType.toString();
}
-
-
-
+
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
index b25795a..a3a87dd 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
@@ -31,7 +31,7 @@ import org.slf4j.LoggerFactory;
public class FederationProtocol extends Protocol {
private static final Logger LOG = LoggerFactory.getLogger(FederationProtocol.class);
-
+
private Object request;
private Object authenticationType;
private Object homeRealm;
@@ -39,10 +39,10 @@ public class FederationProtocol extends Protocol {
private Object signInQuery;
private Object signOutQuery;
private Object reply;
-
+
public FederationProtocol(ProtocolType protocolType) {
super(protocolType);
-
+
// add SAMLTokenValidator as the last one
// Fediz chooses the first validator in the list if its
// canHandleToken or canHandleTokenType method return true
@@ -78,7 +78,7 @@ public class FederationProtocol extends Protocol {
+ "java.lang.String or javax.security.auth.callback.CallbackHandler.");
}
}
-
+
public Object getHomeRealm() {
if (this.homeRealm != null) {
return this.homeRealm;
@@ -99,7 +99,7 @@ public class FederationProtocol extends Protocol {
+ "java.lang.String or javax.security.auth.callback.CallbackHandler.");
}
}
-
+
public Object getFreshness() {
if (this.freshness != null) {
return this.freshness;
@@ -120,7 +120,7 @@ public class FederationProtocol extends Protocol {
+ "java.lang.String or javax.security.auth.callback.CallbackHandler.");
}
}
-
+
public Object getSignInQuery() {
if (this.signInQuery != null) {
return this.signInQuery;
@@ -141,7 +141,7 @@ public class FederationProtocol extends Protocol {
+ "java.lang.String or javax.security.auth.callback.CallbackHandler.");
}
}
-
+
public Object getSignOutQuery() {
if (this.signOutQuery != null) {
return this.signOutQuery;
@@ -162,7 +162,7 @@ public class FederationProtocol extends Protocol {
+ "java.lang.String or javax.security.auth.callback.CallbackHandler.");
}
}
-
+
public Object getRequest() {
if (this.request != null) {
return this.request;
@@ -171,7 +171,7 @@ public class FederationProtocol extends Protocol {
this.request = loadCallbackType(cbt, "Request");
return this.request;
}
-
+
public void setRequest(Object value) {
final boolean isString = value instanceof String;
final boolean isCallbackHandler = value instanceof CallbackHandler;
@@ -216,5 +216,5 @@ public class FederationProtocol extends Protocol {
public String toString() {
return getFederationProtocol().toString();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
index 3e86805..00f8129 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizConfigurator.java
@@ -39,7 +39,7 @@ public class FedizConfigurator {
private FedizConfig rootConfig;
private JAXBContext jaxbContext;
-
+
private List<FedizContext> fedizContextList;
public FedizConfig loadConfig(File f) throws JAXBException, IOException {
@@ -55,11 +55,11 @@ public class FedizConfigurator {
parseFedizContextList();
return rootConfig;
}
-
+
private void parseFedizContextList() {
fedizContextList = new ArrayList<>();
for (ContextConfig config : rootConfig.getContextConfig()) {
- fedizContextList.add(new FedizContext(config));
+ fedizContextList.add(new FedizContext(config));
}
}
@@ -83,7 +83,7 @@ public class FedizConfigurator {
public List<FedizContext> getFedizContextList() {
return fedizContextList;
}
-
+
public FedizContext getFedizContext(String contextName) {
if (contextName == null) {
throw new IllegalArgumentException("Context Name cannot be 'null'.");
@@ -100,7 +100,7 @@ public class FedizConfigurator {
return fedContext;
}
}
-
+
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index 3a329e1..c3111de 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -55,11 +55,11 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class FedizContext implements Closeable {
-
+
public static final String CACHE_KEY_PREFIX = "fediz.replay.cache";
private static final Logger LOG = LoggerFactory.getLogger(FedizContext.class);
-
+
private ContextConfig config;
private boolean detectReplayedTokens = true;
@@ -71,7 +71,7 @@ public class FedizContext implements Closeable {
private KeyManager decryptionKeyManager;
private ClassLoader classloader;
private Pattern logoutRedirectToConstraint;
-
+
public FedizContext(ContextConfig config) {
if (config == null) {
@@ -79,7 +79,7 @@ public class FedizContext implements Closeable {
}
this.config = config;
}
-
+
public void init() {
//get validators initialized
getProtocol();
@@ -94,24 +94,24 @@ public class FedizContext implements Closeable {
public List<TrustedIssuer> getTrustedIssuers() {
TrustedIssuers issuers = config.getTrustedIssuers();
- List<TrustedIssuerType> trustManagers = issuers.getIssuer();
+ List<TrustedIssuerType> trustManagers = issuers.getIssuer();
List<TrustedIssuer> trustedIssuers = new ArrayList<>();
for (TrustedIssuerType manager:trustManagers) {
trustedIssuers.add(new TrustedIssuer(manager));
}
- return trustedIssuers;
+ return trustedIssuers;
}
-
+
public List<TrustManager> getCertificateStores() {
if (!certificateStores.isEmpty()) {
return Collections.unmodifiableList(certificateStores);
}
-
+
CertificateStores certStores = config.getCertificateStores();
List<TrustManagersType> trustManagers = certStores.getTrustManager();
for (TrustManagersType manager : trustManagers) {
TrustManager tm = new TrustManager(manager);
-
+
Crypto crypto = null;
try {
if (manager.getKeyStore().getType().equalsIgnoreCase("PEM")) {
@@ -132,13 +132,13 @@ public class FedizContext implements Closeable {
throw new RuntimeException("Failed to read keystore");
}
}
- return Collections.unmodifiableList(certificateStores);
+ return Collections.unmodifiableList(certificateStores);
}
public BigInteger getMaximumClockSkew() {
return config.getMaximumClockSkew();
}
-
+
public void setMaximumClockSkew(BigInteger maximumClockSkew) {
config.setMaximumClockSkew(maximumClockSkew);
}
@@ -157,7 +157,7 @@ public class FedizContext implements Closeable {
} else if (type instanceof SamlProtocolType) {
protocol = new SAMLProtocol(type);
}
-
+
if (protocol != null) {
protocol.setClassloader(getClassloader());
}
@@ -171,16 +171,16 @@ public class FedizContext implements Closeable {
public String getLogoutRedirectTo() {
return config.getLogoutRedirectTo();
}
-
+
public Pattern getLogoutRedirectToConstraint() {
if (logoutRedirectToConstraint == null && config.getLogoutRedirectToConstraint() != null) {
logoutRedirectToConstraint = Pattern.compile(config.getLogoutRedirectToConstraint());
}
return logoutRedirectToConstraint;
}
-
+
public KeyManager getSigningKey() {
-
+
if (keyManager != null) {
return keyManager;
}
@@ -199,11 +199,11 @@ public class FedizContext implements Closeable {
LOG.error("Failed to load keystore '" + name + "'", e);
throw new IllegalConfigurationException("Failed to load keystore '" + name + "'");
}
-
- return keyManager;
-
+
+ return keyManager;
+
}
-
+
public KeyManager getDecryptionKey() {
if (decryptionKeyManager != null) {
return decryptionKeyManager;
@@ -222,9 +222,9 @@ public class FedizContext implements Closeable {
LOG.error("Failed to load keystore '" + name + "'", e);
throw new IllegalConfigurationException("Failed to load keystore '" + name + "'");
}
-
- return decryptionKeyManager;
-
+
+ return decryptionKeyManager;
+
}
public ReplayCache getTokenReplayCache() {
@@ -259,12 +259,12 @@ public class FedizContext implements Closeable {
public boolean isDetectExpiredTokens() {
return config.isTokenExpirationValidation();
}
-
+
public void setDetectExpiredTokens(boolean detectExpiredTokens) {
config.setTokenExpirationValidation(detectExpiredTokens);
}
-
+
public boolean isDetectReplayedTokens() {
return detectReplayedTokens;
}
@@ -287,7 +287,7 @@ public class FedizContext implements Closeable {
replayCache.close();
}
}
-
+
private Properties createCryptoProperties(TrustManagersType tm) {
String trustStoreFile = null;
KeyStoreType ks = tm.getKeyStore();
@@ -301,7 +301,7 @@ public class FedizContext implements Closeable {
trustStoreFile = ks.getResource();
}
}
-
+
if (trustStoreFile == null) {
throw new IllegalStateException("No certificate store configured");
}
@@ -309,7 +309,7 @@ public class FedizContext implements Closeable {
if (!f.exists() && getRelativePath() != null && !getRelativePath().isEmpty()) {
trustStoreFile = getRelativePath().concat(File.separator + trustStoreFile);
}
-
+
if (trustStoreFile == null || trustStoreFile.isEmpty()) {
throw new IllegalConfigurationException("truststoreFile not configured");
}
@@ -326,7 +326,7 @@ public class FedizContext implements Closeable {
trustStoreFile);
return p;
}
-
+
private Properties createCryptoProperties(KeyManagersType km) {
String keyStoreFile = null;
String keyType = "jks";
@@ -341,7 +341,7 @@ public class FedizContext implements Closeable {
keyStoreFile = ks.getResource();
}
}
-
+
if (keyStoreFile == null) {
throw new IllegalStateException("No certificate store configured");
}
@@ -349,7 +349,7 @@ public class FedizContext implements Closeable {
if (!f.exists() && getRelativePath() != null && !getRelativePath().isEmpty()) {
keyStoreFile = getRelativePath().concat(File.separator + keyStoreFile);
}
-
+
if (keyStoreFile == null || keyStoreFile.isEmpty()) {
throw new IllegalConfigurationException("truststoreFile not configured");
}
@@ -359,7 +359,7 @@ public class FedizContext implements Closeable {
if (ks.getType() != null) {
keyType = ks.getType();
}
-
+
Properties p = new Properties();
p.put("org.apache.ws.security.crypto.provider",
"org.apache.ws.security.components.crypto.Merlin");
@@ -370,7 +370,7 @@ public class FedizContext implements Closeable {
keyStoreFile);
return p;
}
-
+
public ClassLoader getClassloader() {
return classloader;
}
@@ -378,7 +378,7 @@ public class FedizContext implements Closeable {
public void setClassloader(ClassLoader classloader) {
this.classloader = classloader;
}
-
+
public boolean isAddAuthenticatedRole() {
return config.isAddAuthenticatedRole();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
index 0c7b518..3a89b9f 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
@@ -23,7 +23,7 @@ import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
import org.apache.wss4j.common.crypto.Crypto;
public class KeyManager {
-
+
private KeyManagersType keyManagerType;
private Crypto crypto;
private String name;
@@ -32,7 +32,7 @@ public class KeyManager {
super();
this.keyManagerType = keyManager;
}
-
+
public String getName() {
if (name != null) {
return name;
@@ -46,7 +46,7 @@ public class KeyManager {
}
return name;
}
-
+
public Crypto getCrypto() {
return crypto;
}
@@ -58,10 +58,10 @@ public class KeyManager {
public String getKeyAlias() {
return keyManagerType.getKeyAlias();
}
-
+
public String getKeyPassword() {
return keyManagerType.getKeyPassword();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/PropertyType.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/PropertyType.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/PropertyType.java
index 8551aa7..ec9608e 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/PropertyType.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/PropertyType.java
@@ -23,14 +23,14 @@ import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
public enum PropertyType {
CLASS("Class"),
-
+
STRING("String");
private final String value;
PropertyType(String v) {
value = v;
}
-
+
PropertyType(ArgumentType arg) {
value = arg.value();
}
@@ -48,5 +48,5 @@ public enum PropertyType {
throw new IllegalArgumentException(v);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
index 993b011..f21b8a1 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/Protocol.java
@@ -36,7 +36,7 @@ import org.slf4j.LoggerFactory;
public abstract class Protocol {
private static final Logger LOG = LoggerFactory.getLogger(Protocol.class);
-
+
private ProtocolType protocolType;
private ClassLoader classloader;
private Object issuer;
@@ -46,7 +46,7 @@ public abstract class Protocol {
public Protocol(ProtocolType protocolType) {
super();
this.protocolType = protocolType;
-
+
if (protocolType.getTokenValidators() != null && protocolType.getTokenValidators().getValidator() != null) {
for (String validatorClassname : protocolType.getTokenValidators().getValidator()) {
Object obj = null;
@@ -81,21 +81,21 @@ public abstract class Protocol {
if (!(obj instanceof Protocol)) {
return false;
}
-
+
Protocol that = (Protocol)obj;
if (protocolType != null && !protocolType.equals(that.getProtocolType())) {
return false;
} else if (protocolType == null && that.getProtocolType() != null) {
return false;
}
-
+
return true;
}
public String toString() {
return protocolType.toString();
}
-
+
public ClassLoader getClassloader() {
return classloader;
}
@@ -103,7 +103,7 @@ public abstract class Protocol {
public void setClassloader(ClassLoader classloader) {
this.classloader = classloader;
}
-
+
public String getRoleDelimiter() {
return getProtocolType().getRoleDelimiter();
}
@@ -119,11 +119,11 @@ public abstract class Protocol {
public void setRoleURI(String value) {
getProtocolType().setRoleURI(value);
}
-
+
public String getMetadataURI() {
return getProtocolType().getMetadataURI();
}
-
+
public void setMetadataURI(String value) {
getProtocolType().setMetadataURI(value);
}
@@ -148,7 +148,7 @@ public abstract class Protocol {
+ "java.lang.String or javax.security.auth.callback.CallbackHandler.");
}
}
-
+
public Object getRealm() {
if (this.realm != null) {
return this.realm;
@@ -169,11 +169,11 @@ public abstract class Protocol {
+ "java.lang.String or javax.security.auth.callback.CallbackHandler.");
}
}
-
+
public List<TokenValidator> getTokenValidators() {
return validators;
}
-
+
protected Object loadCallbackType(CallbackType cbt, String name) {
if (cbt == null || cbt.getValue() == null) {
return null;
@@ -221,7 +221,7 @@ public abstract class Protocol {
public void setClaimTypesRequested(ClaimTypesRequested value) {
getProtocolType().setClaimTypesRequested(value);
}
-
+
public String getApplicationServiceURL() {
return getProtocolType().getApplicationServiceURL();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
index a9736e9..d0edea2 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/SAMLProtocol.java
@@ -31,19 +31,19 @@ import org.slf4j.LoggerFactory;
public class SAMLProtocol extends Protocol {
private static final Logger LOG = LoggerFactory.getLogger(SAMLProtocol.class);
-
+
private SAMLPRequestBuilder samlpRequestBuilder;
-
+
public SAMLProtocol(ProtocolType protocolType) {
super(protocolType);
-
+
// add SAMLTokenValidator as the last one
// Fediz chooses the first validator in the list if its
// canHandleToken or canHandleTokenType method return true
SAMLTokenValidator validator = new SAMLTokenValidator();
getTokenValidators().add(getTokenValidators().size(), validator);
}
-
+
protected SamlProtocolType getSAMLProtocol() {
return (SamlProtocolType)super.getProtocolType();
}
@@ -59,12 +59,12 @@ public class SAMLProtocol extends Protocol {
public void setSignRequest(boolean signRequest) {
getSAMLProtocol().setSignRequest(signRequest);
}
-
+
public SAMLPRequestBuilder getSAMLPRequestBuilder() {
if (samlpRequestBuilder != null) {
return samlpRequestBuilder;
}
-
+
// See if we have a custom SAMLPRequestBuilder
String samlpRequestBuilderStr = getSAMLProtocol().getAuthnRequestBuilder();
if (samlpRequestBuilderStr != null && !"".equals(samlpRequestBuilderStr)) {
@@ -79,17 +79,17 @@ public class SAMLProtocol extends Protocol {
LOG.debug(ex.getMessage(), ex);
}
}
-
+
// Default implementation
samlpRequestBuilder = new DefaultSAMLPRequestBuilder();
-
+
return samlpRequestBuilder;
}
public void setSAMLPRequestBuilder(SAMLPRequestBuilder requestBuilder) {
this.samlpRequestBuilder = requestBuilder;
}
-
+
public boolean isDisableDeflateEncoding() {
return getSAMLProtocol().isDisableDeflateEncoding();
}
@@ -97,7 +97,7 @@ public class SAMLProtocol extends Protocol {
public void setDisableDeflateEncoding(boolean disableDeflateEncoding) {
getSAMLProtocol().setDisableDeflateEncoding(disableDeflateEncoding);
}
-
+
public boolean isDoNotEnforceKnownIssuer() {
return getSAMLProtocol().isDoNotEnforceKnownIssuer();
}
@@ -105,7 +105,7 @@ public class SAMLProtocol extends Protocol {
public void setDoNotEnforceKnownIssuer(boolean doNotEnforceKnownIssuer) {
getSAMLProtocol().setDoNotEnforceKnownIssuer(doNotEnforceKnownIssuer);
}
-
+
public String getIssuerLogoutURL() {
return getSAMLProtocol().getIssuerLogoutURL();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
index c82b719..888ed5b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
@@ -23,7 +23,7 @@ import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
import org.apache.wss4j.common.crypto.Crypto;
public class TrustManager {
-
+
private TrustManagersType trustManagerType;
private Crypto crypto;
private String name;
@@ -32,7 +32,7 @@ public class TrustManager {
super();
this.trustManagerType = trustManagerType;
}
-
+
public TrustManager(Crypto crypto) {
super();
this.crypto = crypto;
@@ -53,7 +53,7 @@ public class TrustManager {
name = trustManagerType.getKeyStore().getResource();
}
}
-
+
return name;
}
@@ -64,7 +64,7 @@ public class TrustManager {
public void setCrypto(Crypto crypto) {
this.crypto = crypto;
}
-
+
public int hashCode() {
if (trustManagerType == null) {
return super.hashCode();
@@ -72,19 +72,19 @@ public class TrustManager {
return trustManagerType.hashCode();
}
}
-
+
public boolean equals(Object obj) {
if (!(obj instanceof TrustManager)) {
return false;
}
-
+
TrustManager that = (TrustManager)obj;
if (trustManagerType != null && !trustManagerType.equals(that.getTrustManagersType())) {
return false;
} else if (trustManagerType == null && that.getTrustManagersType() != null) {
return false;
}
-
+
return true;
}
@@ -95,7 +95,7 @@ public class TrustManager {
return trustManagerType.toString();
}
}
-
+
public TrustManagersType getTrustManagersType() {
return trustManagerType;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
index 322a451..6eb3ece 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
@@ -28,36 +28,36 @@ public class TrustedIssuer {
private final TrustedIssuerType trustedIssuerType;
private Pattern subject;
-
+
public TrustedIssuer(TrustedIssuerType trustedIssuerType) {
super();
this.trustedIssuerType = trustedIssuerType;
}
-
+
public String getName() {
return trustedIssuerType.getName();
}
-
+
public void setName(String name) {
trustedIssuerType.setName(name);
}
-
+
public Pattern getCompiledSubject() {
if (subject != null) {
return subject;
}
-
+
if (trustedIssuerType.getSubject() != null) {
subject = Pattern.compile(trustedIssuerType.getSubject());
}
-
+
return subject;
}
-
+
public String getSubject() {
return trustedIssuerType.getSubject();
}
-
+
public void setSubject(String subject) {
trustedIssuerType.setSubject(subject);
this.subject = null;
@@ -75,7 +75,7 @@ public class TrustedIssuer {
);
}
}
-
+
public void setCertificateValidationMethod(
final CertificateValidationMethod validationMethod
) {
@@ -86,36 +86,36 @@ public class TrustedIssuer {
} else {
String error = "Not supported certificate validation type";
if (validationMethod != null) {
- error += ": " + validationMethod.value();
+ error += ": " + validationMethod.value();
}
throw new IllegalStateException(error);
}
}
-
+
public int hashCode() {
return trustedIssuerType.hashCode();
}
-
+
public boolean equals(Object obj) {
if (!(obj instanceof TrustedIssuer)) {
return false;
}
-
+
TrustedIssuer that = (TrustedIssuer)obj;
if (trustedIssuerType != null && !trustedIssuerType.equals(that.getTrustedIssuerType())) {
return false;
} else if (trustedIssuerType == null && that.getTrustedIssuerType() != null) {
return false;
}
-
+
return true;
}
public String toString() {
return trustedIssuerType.toString();
}
-
+
public TrustedIssuerType getTrustedIssuerType() {
return trustedIssuerType;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/IllegalConfigurationException.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/IllegalConfigurationException.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/IllegalConfigurationException.java
index 7ccc76e..91cf5c7 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/IllegalConfigurationException.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/IllegalConfigurationException.java
@@ -22,7 +22,7 @@ package org.apache.cxf.fediz.core.exception;
public class IllegalConfigurationException extends RuntimeException {
/**
- *
+ *
*/
private static final long serialVersionUID = 6273022567957710601L;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/ProcessingException.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/ProcessingException.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/ProcessingException.java
index eb58975..b838664 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/ProcessingException.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/exception/ProcessingException.java
@@ -22,10 +22,10 @@ package org.apache.cxf.fediz.core.exception;
public class ProcessingException extends Exception {
/**
- *
+ *
*/
private static final long serialVersionUID = 1L;
-
+
public enum TYPE {
TOKEN_EXPIRED,
TOKEN_REPLAY,
@@ -35,13 +35,13 @@ public class ProcessingException extends Exception {
TOKEN_INVALID,
TOKEN_NO_SIGNATURE
}
-
+
/**
* A map of Fault Code to Fault Strings
*/
- private static final java.util.Map<TYPE, String> TYPE_MAP =
+ private static final java.util.Map<TYPE, String> TYPE_MAP =
new java.util.HashMap<TYPE, String>();
-
+
static {
TYPE_MAP.put(TYPE.BAD_REQUEST, "The specified request is not understood");
TYPE_MAP.put(TYPE.INVALID_REQUEST, "The request was invalid or malformed");
@@ -51,23 +51,23 @@ public class ProcessingException extends Exception {
TYPE_MAP.put(TYPE.TOKEN_INVALID, "Security token has been revoked");
TYPE_MAP.put(TYPE.TOKEN_NO_SIGNATURE, "Security token has no signature");
}
-
+
private TYPE type;
-
-
+
+
public ProcessingException(String message) {
super(message);
}
-
+
public ProcessingException(String message, TYPE type) {
super(message);
this.type = type;
}
-
+
public ProcessingException(TYPE type) {
this.type = type;
}
-
+
public ProcessingException(String message, Throwable e) {
super(message, e);
}
@@ -76,15 +76,15 @@ public class ProcessingException extends Exception {
super(message, e);
this.type = type;
}
-
+
public void setType(TYPE type) {
this.type = type;
}
-
+
public TYPE getType() {
return type;
}
-
+
@Override
public String getMessage() {
if (type != null && TYPE_MAP.get(type) != null) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
index b547b00..59fc613 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java
@@ -66,7 +66,7 @@ public class LogoutHandler implements RequestHandler<Boolean> {
}
//Check for custom logout URL
String logoutUrl = fedizConfig.getLogoutURL();
- return logoutUrl != null && !logoutUrl.isEmpty()
+ return logoutUrl != null && !logoutUrl.isEmpty()
&& servletContextPath != null && request.getRequestURI().equals(servletContextPath + logoutUrl);
}
@@ -81,7 +81,7 @@ public class LogoutHandler implements RequestHandler<Boolean> {
return customLogout(request, response);
}
}
-
+
protected boolean customLogout(HttpServletRequest request, HttpServletResponse response) {
LOG.info("Custom Logout URL was invoked.");
return signout(request, response);
@@ -90,10 +90,10 @@ public class LogoutHandler implements RequestHandler<Boolean> {
protected boolean signoutCleanup(HttpServletRequest request, HttpServletResponse response) {
LOG.info("SignOutCleanup request found. Terminating user session.");
request.getSession().invalidate();
-
+
String wreply = request.getParameter(FederationConstants.PARAM_REPLY);
Pattern logoutRedirectToConstraint = fedizConfig.getLogoutRedirectToConstraint();
-
+
if (wreply != null && !wreply.isEmpty()) {
if (logoutRedirectToConstraint == null) {
LOG.debug("No regular expression constraint configured for logout. Ignoring wreply parameter");
@@ -113,7 +113,7 @@ public class LogoutHandler implements RequestHandler<Boolean> {
}
}
}
-
+
writeLogoutImage(response);
return true;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index f84e83b..31aefcd 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -97,7 +97,7 @@ public class SigninHandler<T> implements RequestHandler<T> {
throws ProcessingException {
LOG.debug("Process SignIn request");
LOG.debug("token=\n{}", responseToken);
-
+
FedizRequest federationRequest = new FedizRequest();
String wa = req.getParameter(FederationConstants.PARAM_ACTION);
@@ -118,7 +118,7 @@ public class SigninHandler<T> implements RequestHandler<T> {
List<String> audienceURIs = fedizContext.getAudienceUris();
boolean validAudience = audienceURIs.isEmpty() && audience == null;
if (!validAudience && audience != null) {
-
+
for (String a : audienceURIs) {
if (audience.startsWith(a)) {
validAudience = true;
@@ -126,12 +126,12 @@ public class SigninHandler<T> implements RequestHandler<T> {
break;
}
}
-
+
if (!validAudience) {
LOG.warn("Token AudienceRestriction [{}] doesn't match with specified list of URIs.", audience);
LOG.debug("Authenticated URIs are: {}", audienceURIs);
}
-
+
if (LOG.isDebugEnabled() && requestURL != null && requestURL.indexOf(audience) == -1) {
LOG.debug("Token AudienceRestriction doesn't match with request URL [{}] [{}]", audience, requestURL);
}
[04/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
index a3d9dff..a34b2fc 100644
--- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
@@ -48,15 +48,15 @@ import org.junit.Assert;
import org.junit.BeforeClass;
/**
- * This is a test for federation using a SAML SSO enabled web application (using CXF interceptors). The web
- * application is configured to use a different realm to that of the IdP. The IdP then redirects to a third party
+ * This is a test for federation using a SAML SSO enabled web application (using CXF interceptors). The web
+ * application is configured to use a different realm to that of the IdP. The IdP then redirects to a third party
* IdP for authentication. The third party IdPs that are tested are as follows:
* - WS-Federation (Fediz)
* - SAML SSO (Fediz)
* - OIDC (custom webapp)
*/
public class SAMLSSOTest {
-
+
private enum ServerType {
IDP, REALMB, OIDC, RP
}
@@ -66,12 +66,12 @@ public class SAMLSSOTest {
static String idpSamlSSOHttpsPort;
static String idpOIDCHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat idpRealmbServer;
private static Tomcat idpOIDCServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -81,8 +81,8 @@ public class SAMLSSOTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
idpRealmbHttpsPort = System.getProperty("idp.realmb.https.port");
@@ -99,8 +99,8 @@ public class SAMLSSOTest {
idpOIDCServer = startServer(ServerType.OIDC, idpOIDCHttpsPort);
rpServer = startServer(ServerType.RP, rpHttpsPort);
}
-
- private static Tomcat startServer(ServerType serverType, String port)
+
+ private static Tomcat startServer(ServerType serverType, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -139,13 +139,13 @@ public class SAMLSSOTest {
if (serverType == ServerType.IDP) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else if (serverType == ServerType.REALMB) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts-realmb");
server.addWebapp("/fediz-idp-sts-realmb", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-realmb");
server.addWebapp("/fediz-idp-realmb", idpWebapp.getAbsolutePath());
} else if (serverType == ServerType.OIDC) {
@@ -160,7 +160,7 @@ public class SAMLSSOTest {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
@@ -168,7 +168,7 @@ public class SAMLSSOTest {
shutdownServer(idpOIDCServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -186,7 +186,7 @@ public class SAMLSSOTest {
public String getIdpHttpsPort() {
return idpHttpsPort;
}
-
+
public String getIdpRealmbHttpsPort() {
return idpRealmbHttpsPort;
}
@@ -194,27 +194,27 @@ public class SAMLSSOTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@org.junit.Test
public void testWSFederation() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app1/services/25";
//System.out.println(url);
//Thread.sleep(60 * 2 * 1000);
-
+
String user = "ALICE"; // realm b credentials
String password = "ECILA";
-
- final String bodyTextContent =
+
+ final String bodyTextContent =
login(url, user, password, getIdpRealmbHttpsPort(), getIdpHttpsPort());
-
+
Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
-
+
}
-
+
@org.junit.Test
public void testSAMLSSOFedizIdP() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app2/services/25";
@@ -222,27 +222,27 @@ public class SAMLSSOTest {
// Thread.sleep(60 * 2 * 1000);
String user = "ALICE"; // realm b credentials
String password = "ECILA";
-
- final String bodyTextContent =
+
+ final String bodyTextContent =
login(url, user, password, getIdpRealmbHttpsPort(), getIdpHttpsPort(), true);
-
+
Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
}
-
+
@org.junit.Test
public void testOIDC() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app3/services/25";
String user = "ALICE"; // realm b credentials
String password = "ECILA";
-
- final String bodyTextContent =
+
+ final String bodyTextContent =
loginOIDC(url, user, password, idpOIDCHttpsPort, idpHttpsPort);
-
+
Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
}
-
- private static String login(String url, String user, String password,
+
+ private static String login(String url, String user, String password,
String idpPort, String rpIdpPort) throws IOException {
//
// Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
@@ -258,7 +258,7 @@ public class SAMLSSOTest {
webClient.getOptions().setJavaScriptEnabled(false);
HtmlPage idpPage = webClient.getPage(url);
-
+
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
// Now redirect back to the IdP for Realm A
@@ -267,7 +267,7 @@ public class SAMLSSOTest {
HtmlSubmitInput button = form.getInputByName("_eventId_submit");
HtmlPage idpPageRealmA = button.click();
-
+
Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText())
|| "IDP SignIn Response Form".equals(idpPage.getTitleText()));
form = idpPageRealmA.getFormByName("samlsigninresponseform");
@@ -276,12 +276,12 @@ public class SAMLSSOTest {
button = form.getInputByName("_eventId_submit");
XmlPage rpPage = button.click();
-
+
webClient.close();
return rpPage.asXml();
}
-
- private static String login(String url, String user, String password,
+
+ private static String login(String url, String user, String password,
String idpPort, String rpIdpPort, boolean postBinding) throws IOException {
//
// Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
@@ -297,7 +297,7 @@ public class SAMLSSOTest {
webClient.getOptions().setJavaScriptEnabled(false);
HtmlPage idpPage = webClient.getPage(url);
-
+
if (postBinding) {
Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText())
|| "IDP SignIn Response Form".equals(idpPage.getTitleText()));
@@ -309,7 +309,7 @@ public class SAMLSSOTest {
}
}
}
-
+
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
// Now redirect back to the RP
@@ -322,8 +322,8 @@ public class SAMLSSOTest {
webClient.close();
return rpPage.asXml();
}
-
- private static String loginOIDC(String url, String user, String password,
+
+ private static String loginOIDC(String url, String user, String password,
String idpPort, String rpIdpPort) throws IOException {
//
// Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java b/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
index 8821ecb..ad5a097 100644
--- a/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
+++ b/systests/federation/wsfed/src/test/java/org/apache/cxf/fediz/integrationtests/WSFedTest.java
@@ -54,7 +54,7 @@ import org.junit.BeforeClass;
/**
* This is a test for federation using a WS-Federation enabled web application. The web application is configured
- * to use a different realm to that of the IdP. The IdP then redirects to a third party IdP for authentication.
+ * to use a different realm to that of the IdP. The IdP then redirects to a third party IdP for authentication.
* The third party IdPs that are tested are as follows:
* - WS-Federation (Fediz)
* - SAML SSO (Fediz)
@@ -62,7 +62,7 @@ import org.junit.BeforeClass;
* - OIDC (custom webapp)
*/
public class WSFedTest {
-
+
private enum ServerType {
IDP, REALMB, SAMLSSO, OIDC, RP
}
@@ -72,13 +72,13 @@ public class WSFedTest {
static String idpSamlSSOHttpsPort;
static String idpOIDCHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat idpRealmbServer;
private static Tomcat idpSamlSSOServer;
private static Tomcat idpOIDCServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -88,8 +88,8 @@ public class WSFedTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
idpRealmbHttpsPort = System.getProperty("idp.realmb.https.port");
@@ -107,8 +107,8 @@ public class WSFedTest {
idpOIDCServer = startServer(ServerType.OIDC, idpOIDCHttpsPort);
rpServer = startServer(ServerType.RP, rpHttpsPort);
}
-
- private static Tomcat startServer(ServerType serverType, String port)
+
+ private static Tomcat startServer(ServerType serverType, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -149,13 +149,13 @@ public class WSFedTest {
if (serverType == ServerType.IDP) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else if (serverType == ServerType.REALMB) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts-realmb");
server.addWebapp("/fediz-idp-sts-realmb", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-realmb");
server.addWebapp("/fediz-idp-realmb", idpWebapp.getAbsolutePath());
} else if (serverType == ServerType.SAMLSSO) {
@@ -167,24 +167,24 @@ public class WSFedTest {
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/wsfed", rpWebapp.getAbsolutePath());
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config_wsfed.xml");
cxt.getPipeline().addValve(fa);
-
+
rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
cxt = server.addWebapp("/samlsso", rpWebapp.getAbsolutePath());
cxt.getPipeline().addValve(fa);
-
+
rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
cxt = server.addWebapp("/samlssocustom", rpWebapp.getAbsolutePath());
cxt.getPipeline().addValve(fa);
-
+
rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
cxt = server.addWebapp("/samlssocustompost", rpWebapp.getAbsolutePath());
cxt.getPipeline().addValve(fa);
-
+
rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
cxt = server.addWebapp("/oidc", rpWebapp.getAbsolutePath());
cxt.getPipeline().addValve(fa);
@@ -194,7 +194,7 @@ public class WSFedTest {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
@@ -203,7 +203,7 @@ public class WSFedTest {
shutdownServer(idpOIDCServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -221,7 +221,7 @@ public class WSFedTest {
public String getIdpHttpsPort() {
return idpHttpsPort;
}
-
+
public String getIdpRealmbHttpsPort() {
return idpRealmbHttpsPort;
}
@@ -229,11 +229,11 @@ public class WSFedTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@org.junit.Test
public void testWSFederation() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/wsfed/secure/fedservlet";
@@ -241,10 +241,10 @@ public class WSFedTest {
// Thread.sleep(60 * 2 * 1000);
String user = "ALICE"; // realm b credentials
String password = "ECILA";
-
- final String bodyTextContent =
+
+ final String bodyTextContent =
login(url, user, password, getIdpRealmbHttpsPort(), idpHttpsPort);
-
+
Assert.assertTrue("Principal not alice",
bodyTextContent.contains("userPrincipal=alice"));
Assert.assertTrue("User " + user + " does not have role Admin",
@@ -264,7 +264,7 @@ public class WSFedTest {
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
}
-
+
@org.junit.Test
public void testSAMLSSOFedizIdP() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/secure/fedservlet";
@@ -272,10 +272,10 @@ public class WSFedTest {
// Thread.sleep(60 * 2 * 1000);
String user = "ALICE"; // realm b credentials
String password = "ECILA";
-
- final String bodyTextContent =
+
+ final String bodyTextContent =
login(url, user, password, getIdpRealmbHttpsPort(), getIdpHttpsPort(), true);
-
+
Assert.assertTrue("Principal not alice",
bodyTextContent.contains("userPrincipal=alice"));
Assert.assertTrue("User " + user + " does not have role Admin",
@@ -295,7 +295,7 @@ public class WSFedTest {
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
}
-
+
@org.junit.Test
public void testSAMLSSOCustom() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/samlssocustom/secure/fedservlet";
@@ -303,10 +303,10 @@ public class WSFedTest {
// Thread.sleep(60 * 2 * 1000);
String user = "ALICE"; // realm b credentials
String password = "ECILA";
-
- final String bodyTextContent =
+
+ final String bodyTextContent =
login(url, user, password, idpSamlSSOHttpsPort, idpHttpsPort, false);
-
+
Assert.assertTrue("Principal not alice",
bodyTextContent.contains("userPrincipal=alice"));
Assert.assertTrue("User " + user + " does not have role Admin",
@@ -326,7 +326,7 @@ public class WSFedTest {
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
}
-
+
@org.junit.Test
public void testSAMLSSOCustomPostBinding() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/samlssocustompost/secure/fedservlet";
@@ -334,10 +334,10 @@ public class WSFedTest {
// Thread.sleep(60 * 2 * 1000);
String user = "ALICE"; // realm b credentials
String password = "ECILA";
-
- final String bodyTextContent =
+
+ final String bodyTextContent =
login(url, user, password, idpSamlSSOHttpsPort, idpHttpsPort, true);
-
+
Assert.assertTrue("Principal not alice",
bodyTextContent.contains("userPrincipal=alice"));
Assert.assertTrue("User " + user + " does not have role Admin",
@@ -357,16 +357,16 @@ public class WSFedTest {
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
}
-
+
@org.junit.Test
public void testOIDC() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/oidc/secure/fedservlet";
String user = "ALICE"; // realm b credentials
String password = "ECILA";
-
- final String bodyTextContent =
+
+ final String bodyTextContent =
loginOIDC(url, user, password, idpOIDCHttpsPort, idpHttpsPort);
-
+
Assert.assertTrue("Principal not alice",
bodyTextContent.contains("userPrincipal=alice"));
Assert.assertTrue("User " + user + " does not have role Admin",
@@ -386,8 +386,8 @@ public class WSFedTest {
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
}
-
- private static String login(String url, String user, String password,
+
+ private static String login(String url, String user, String password,
String idpPort, String rpIdpPort) throws IOException {
//
// Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
@@ -405,7 +405,7 @@ public class WSFedTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
// For some reason, redirecting back to the IdP for "realm a" is not working with htmlunit. So extract
// the parameters manually from the form, and access the IdP for "realm a" with them
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
@@ -430,21 +430,21 @@ public class WSFedTest {
final WebClient webClient2 = new WebClient();
webClient2.setCookieManager(cookieManager);
webClient2.getOptions().setUseInsecureSSL(true);
-
+
String url2 = "https://localhost:" + rpIdpPort + "/fediz-idp/federation?";
url2 += "wctx=" + wctx + "&";
url2 += "wa=" + wa + "&";
url2 += "wtrealm=" + URLEncoder.encode(wtrealm, "UTF8") + "&";
url2 += "wresult=" + URLEncoder.encode(wresult, "UTF8") + "&";
-
+
webClient2.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage2 = webClient2.getPage(url2);
webClient2.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage2.getTitleText());
-
+
// Now redirect back to the RP
final HtmlForm form2 = idpPage2.getFormByName("signinresponseform");
-
+
final HtmlSubmitInput button2 = form2.getInputByName("_eventId_submit");
final HtmlPage rpPage = button2.click();
@@ -453,8 +453,8 @@ public class WSFedTest {
webClient2.close();
return rpPage.getBody().getTextContent();
}
-
- private static String login(String url, String user, String password,
+
+ private static String login(String url, String user, String password,
String idpPort, String rpIdpPort, boolean postBinding) throws IOException {
//
// Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
@@ -470,7 +470,7 @@ public class WSFedTest {
webClient.getOptions().setJavaScriptEnabled(false);
HtmlPage idpPage = webClient.getPage(url);
-
+
if (postBinding) {
Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText())
|| "IDP SignIn Response Form".equals(idpPage.getTitleText()));
@@ -482,7 +482,7 @@ public class WSFedTest {
}
}
}
-
+
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
// Now redirect back to the RP
@@ -496,8 +496,8 @@ public class WSFedTest {
webClient.close();
return rpPage.getBody().getTextContent();
}
-
- private static String loginOIDC(String url, String user, String password,
+
+ private static String loginOIDC(String url, String user, String password,
String idpPort, String rpIdpPort) throws IOException {
//
// Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
@@ -512,11 +512,11 @@ public class WSFedTest {
new UsernamePasswordCredentials(user, password));
webClient.getOptions().setJavaScriptEnabled(false);
-
+
// The decision page is returned as XML for some reason. So parse it and send a form response back.
HtmlPage oidcIdpConfirmationPage = webClient.getPage(url);
final HtmlForm oidcForm = oidcIdpConfirmationPage.getForms().get(0);
-
+
WebRequest request = new WebRequest(new URL(oidcForm.getActionAttribute()), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -533,7 +533,7 @@ public class WSFedTest {
request.getRequestParameters().add(new NameValuePair("oauthDecision", "allow"));
HtmlPage idpPage = webClient.getPage(request);
-
+
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
// Now redirect back to the RP
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 5330c4f..3a90ab5 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -89,7 +89,7 @@ public class IdpTest {
WSSConfig.init();
}
- private static Tomcat startServer(boolean idp, String port)
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -132,7 +132,7 @@ public class IdpTest {
public static void cleanup() {
shutdownServer(idpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -197,7 +197,7 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdP() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
@@ -213,7 +213,7 @@ public class IdpTest {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode((user + ":" + password).getBytes()));
-
+
//
// First invocation
//
@@ -235,14 +235,14 @@ public class IdpTest {
}
Assert.assertNotNull(wresult);
-
+
//
// Second invocation - change the credentials to make sure the session is set up correctly
- //
+ //
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode(("mallory" + ":" + password).getBytes()));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
@@ -260,7 +260,7 @@ public class IdpTest {
}
Assert.assertNotNull(wresult);
-
+
webClient.close();
}
@@ -441,7 +441,7 @@ public class IdpTest {
webClient.close();
}
-
+
// Send an unknown wa value
@org.junit.Test
public void testBadWa() throws Exception {
@@ -471,7 +471,7 @@ public class IdpTest {
webClient.close();
}
-
+
// Send an unknown whr value
@org.junit.Test
public void testBadWHR() throws Exception {
@@ -501,7 +501,7 @@ public class IdpTest {
webClient.close();
}
-
+
// Send an unknown wtrealm value
@org.junit.Test
public void testBadWtRealm() throws Exception {
@@ -531,7 +531,7 @@ public class IdpTest {
webClient.close();
}
-
+
// Send an malformed wreply value
@org.junit.Test
public void testMalformedWReply() throws Exception {
@@ -561,7 +561,7 @@ public class IdpTest {
webClient.close();
}
-
+
// Send a bad wreply value
@org.junit.Test
public void testBadWReply() throws Exception {
@@ -569,7 +569,7 @@ public class IdpTest {
url += "wa=wsignin1.0";
url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
- String wreply = "https://www.apache.org:" + getRpHttpsPort() + "/"
+ String wreply = "https://www.apache.org:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
url += "&wreply=" + wreply;
@@ -592,7 +592,7 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testValidWReplyWrongApplication() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
@@ -621,7 +621,7 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testWReplyExactMatchingSuccess() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
@@ -645,14 +645,14 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testWReplyExactMatchingFailure() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
url += "wa=wsignin1.0";
url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld3";
- String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet/blah";
url += "&wreply=" + wreply;
@@ -675,7 +675,7 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testNoEndpointAddressOrConstraint() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
@@ -705,8 +705,8 @@ public class IdpTest {
webClient.close();
}
-
- // Send a bad wreply value. This will pass the reg ex validation but fail the commons-validator
+
+ // Send a bad wreply value. This will pass the reg ex validation but fail the commons-validator
// validation
@org.junit.Test
public void testWReplyWithDoubleSlashes() throws Exception {
@@ -714,7 +714,7 @@ public class IdpTest {
url += "wa=wsignin1.0";
url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
- String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure//fedservlet";
url += "&wreply=" + wreply;
@@ -737,8 +737,8 @@ public class IdpTest {
webClient.close();
}
-
-
+
+
@Test
public void testIdPLogout() throws Exception {
@@ -752,7 +752,7 @@ public class IdpTest {
String user = "alice";
String password = "ecila";
-
+
CookieManager cookieManager = new CookieManager();
WebClient webClient = new WebClient();
@@ -797,7 +797,7 @@ public class IdpTest {
webClient.close();
}
-
+
@Test
public void testIdPLogoutCleanup() throws Exception {
@@ -811,7 +811,7 @@ public class IdpTest {
String user = "alice";
String password = "ecila";
-
+
CookieManager cookieManager = new CookieManager();
WebClient webClient = new WebClient();
@@ -852,7 +852,7 @@ public class IdpTest {
webClient.close();
}
-
+
@Test
public void testIdPLogoutCleanupWithBadWReply() throws Exception {
@@ -866,7 +866,7 @@ public class IdpTest {
String user = "alice";
String password = "ecila";
-
+
CookieManager cookieManager = new CookieManager();
WebClient webClient = new WebClient();
@@ -883,7 +883,7 @@ public class IdpTest {
webClient.close();
// 2. now we logout from IdP using a bad wreply
- String badWReply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ String badWReply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure//fedservlet";
String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ FederationConstants.ACTION_SIGNOUT_CLEANUP;
@@ -914,5 +914,5 @@ public class IdpTest {
webClient.close();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
index 6d47264..d5e6aa0 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
@@ -34,9 +34,9 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Server rpServer;
-
+
@BeforeClass
public static void init() {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -53,24 +53,24 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
-
+
JettyUtils.initIdpServer();
JettyUtils.startIdpServer();
-
+
try {
Resource testServerConfig = Resource.newSystemResource("rp-client-cert-server.xml");
XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
- rpServer = (Server)configuration.configure();
+ rpServer = (Server)configuration.configure();
rpServer.start();
} catch (Exception e) {
e.printStackTrace();
}
}
-
+
@AfterClass
public static void cleanup() {
JettyUtils.stopIdpServer();
-
+
if (rpServer != null && rpServer.isStarted()) {
try {
rpServer.stop();
@@ -89,10 +89,10 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizspringhelloworld";
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
index 2955b52..0211c7c 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
@@ -34,9 +34,9 @@ public class ClientCertificateTest extends AbstractClientCertTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Server rpServer;
-
+
@BeforeClass
public static void init() {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -56,21 +56,21 @@ public class ClientCertificateTest extends AbstractClientCertTests {
JettyUtils.initIdpServer();
JettyUtils.startIdpServer();
-
+
try {
Resource testServerConfig = Resource.newSystemResource("rp-client-cert-server.xml");
XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
- rpServer = (Server)configuration.configure();
+ rpServer = (Server)configuration.configure();
rpServer.start();
} catch (Exception e) {
e.printStackTrace();
}
}
-
+
@AfterClass
public static void cleanup() {
JettyUtils.stopIdpServer();
-
+
if (rpServer != null && rpServer.isStarted()) {
try {
rpServer.stop();
@@ -89,10 +89,10 @@ public class ClientCertificateTest extends AbstractClientCertTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
index e2f402c..a323696 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
@@ -29,11 +29,11 @@ import org.apache.cxf.fediz.core.spi.WReqCallback;
public class HOKCallbackHandler implements CallbackHandler {
- static final String HOK_WREQ =
+ static final String HOK_WREQ =
"<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ "<KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</KeyType>"
+ "</RequestSecurityToken>";
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WReqCallback) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
index 0d79b36..961dceb 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
@@ -31,7 +31,7 @@ public class JettyPreAuthSpringTest extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
@BeforeClass
public static void init() {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -40,7 +40,7 @@ public class JettyPreAuthSpringTest extends AbstractTests {
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
@@ -52,7 +52,7 @@ public class JettyPreAuthSpringTest extends AbstractTests {
JettyUtils.initRpServer();
JettyUtils.startRpServer();
}
-
+
@AfterClass
public static void cleanup() {
JettyUtils.stopIdpServer();
@@ -68,16 +68,16 @@ public class JettyPreAuthSpringTest extends AbstractTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizspringhelloworld";
}
-
+
@Ignore("This tests is currently failing on Jetty")
@Override
public void testConcurrentRequests() throws Exception {
// super.testConcurrentRequests();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
index 1b3b291..5fe32ba 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
@@ -29,7 +29,7 @@ public class JettyTest extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
@BeforeClass
public static void init() {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -52,7 +52,7 @@ public class JettyTest extends AbstractTests {
JettyUtils.initRpServer();
JettyUtils.startRpServer();
}
-
+
@AfterClass
public static void cleanup() {
JettyUtils.stopIdpServer();
@@ -68,12 +68,12 @@ public class JettyTest extends AbstractTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@Ignore("This tests is currently failing on Jetty")
@Override
public void testConcurrentRequests() throws Exception {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
index 8696870..f4cb9fe 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
@@ -27,34 +27,34 @@ public final class JettyUtils {
private static Server idpServer;
private static Server rpServer;
-
+
private JettyUtils() {
}
-
+
public static void initIdpServer() {
if (idpServer == null) {
try {
Resource testServerConfig = Resource.newSystemResource("idp-server.xml");
XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
- idpServer = (Server)configuration.configure();
-
+ idpServer = (Server)configuration.configure();
+
} catch (Exception e) {
e.printStackTrace();
}
}
}
-
+
public static void startIdpServer() {
if (idpServer != null && !idpServer.isStarted()) {
try {
idpServer.start();
-
+
} catch (Exception e) {
e.printStackTrace();
}
}
}
-
+
public static void stopIdpServer() {
if (idpServer != null && idpServer.isStarted()) {
try {
@@ -64,24 +64,24 @@ public final class JettyUtils {
}
}
}
-
+
public static void initRpServer() {
initRpServer("rp-server.xml");
}
-
+
public static void initRpServer(String configurationFile) {
if (rpServer == null) {
try {
Resource testServerConfig = Resource.newSystemResource(configurationFile);
XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
- rpServer = (Server)configuration.configure();
-
+ rpServer = (Server)configuration.configure();
+
} catch (Exception e) {
e.printStackTrace();
}
}
}
-
+
public static void startRpServer() {
if (rpServer != null && !rpServer.isStarted()) {
try {
@@ -91,7 +91,7 @@ public final class JettyUtils {
}
}
}
-
+
public static void stopRpServer() {
if (rpServer != null && rpServer.isStarted()) {
try {
@@ -101,5 +101,5 @@ public final class JettyUtils {
}
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
index a1db4fe..8454775 100644
--- a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
@@ -39,10 +39,10 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Server rpServer;
private static Tomcat idpServer;
-
+
@BeforeClass
public static void init() {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -59,19 +59,19 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
-
+
initIdp();
-
+
try {
Resource testServerConfig = Resource.newSystemResource("rp-client-cert-server.xml");
XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
- rpServer = (Server)configuration.configure();
+ rpServer = (Server)configuration.configure();
rpServer.start();
} catch (Exception e) {
e.printStackTrace();
}
}
-
+
@AfterClass
public static void cleanup() {
try {
@@ -85,7 +85,7 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
} catch (Exception e) {
e.printStackTrace();
}
-
+
if (rpServer != null && rpServer.isStarted()) {
try {
rpServer.stop();
@@ -94,7 +94,7 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
}
}
}
-
+
private static void initIdp() {
try {
idpServer = new Tomcat();
@@ -102,11 +102,11 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
String currentDir = new File(".").getCanonicalPath();
String baseDir = currentDir + File.separator + "target";
idpServer.setBaseDir(baseDir);
-
+
idpServer.getHost().setAppBase("tomcat/idp/webapps");
idpServer.getHost().setAutoDeploy(true);
idpServer.getHost().setDeployOnStartup(true);
-
+
Connector httpsConnector = new Connector();
httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
httpsConnector.setSecure(true);
@@ -122,13 +122,13 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
httpsConnector.setAttribute("SSLEnabled", true);
idpServer.getService().addConnector(httpsConnector);
-
+
File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
-
+
idpServer.start();
} catch (Exception e) {
e.printStackTrace();
@@ -145,10 +145,10 @@ public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizspringhelloworld";
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
index b53c3ee..d4f66b1 100644
--- a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
@@ -39,10 +39,10 @@ public class ClientCertificateTest extends AbstractClientCertTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Server rpServer;
private static Tomcat idpServer;
-
+
@BeforeClass
public static void init() {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -61,17 +61,17 @@ public class ClientCertificateTest extends AbstractClientCertTests {
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
initIdp();
-
+
try {
Resource testServerConfig = Resource.newSystemResource("rp-client-cert-server.xml");
XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
- rpServer = (Server)configuration.configure();
+ rpServer = (Server)configuration.configure();
rpServer.start();
} catch (Exception e) {
e.printStackTrace();
}
}
-
+
@AfterClass
public static void cleanup() {
try {
@@ -85,7 +85,7 @@ public class ClientCertificateTest extends AbstractClientCertTests {
} catch (Exception e) {
e.printStackTrace();
}
-
+
if (rpServer != null && rpServer.isStarted()) {
try {
rpServer.stop();
@@ -94,7 +94,7 @@ public class ClientCertificateTest extends AbstractClientCertTests {
}
}
}
-
+
private static void initIdp() {
try {
idpServer = new Tomcat();
@@ -102,11 +102,11 @@ public class ClientCertificateTest extends AbstractClientCertTests {
String currentDir = new File(".").getCanonicalPath();
String baseDir = currentDir + File.separator + "target";
idpServer.setBaseDir(baseDir);
-
+
idpServer.getHost().setAppBase("tomcat/idp/webapps");
idpServer.getHost().setAutoDeploy(true);
idpServer.getHost().setDeployOnStartup(true);
-
+
Connector httpsConnector = new Connector();
httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
httpsConnector.setSecure(true);
@@ -122,13 +122,13 @@ public class ClientCertificateTest extends AbstractClientCertTests {
httpsConnector.setAttribute("SSLEnabled", true);
idpServer.getService().addConnector(httpsConnector);
-
+
File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
-
+
idpServer.start();
} catch (Exception e) {
e.printStackTrace();
@@ -145,10 +145,10 @@ public class ClientCertificateTest extends AbstractClientCertTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
index e2f402c..a323696 100644
--- a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
@@ -29,11 +29,11 @@ import org.apache.cxf.fediz.core.spi.WReqCallback;
public class HOKCallbackHandler implements CallbackHandler {
- static final String HOK_WREQ =
+ static final String HOK_WREQ =
"<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ "<KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</KeyType>"
+ "</RequestSecurityToken>";
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WReqCallback) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
index cca8d6a..ab19290 100644
--- a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyPreAuthSpringTest.java
@@ -36,9 +36,9 @@ public class JettyPreAuthSpringTest extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
-
+
@BeforeClass
public static void init() {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -47,7 +47,7 @@ public class JettyPreAuthSpringTest extends AbstractTests {
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
@@ -55,11 +55,11 @@ public class JettyPreAuthSpringTest extends AbstractTests {
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
initIdp();
-
+
JettyUtils.initRpServer();
JettyUtils.startRpServer();
}
-
+
@AfterClass
public static void cleanup() {
try {
@@ -73,10 +73,10 @@ public class JettyPreAuthSpringTest extends AbstractTests {
} catch (Exception e) {
e.printStackTrace();
}
-
+
JettyUtils.stopRpServer();
}
-
+
private static void initIdp() {
try {
idpServer = new Tomcat();
@@ -84,11 +84,11 @@ public class JettyPreAuthSpringTest extends AbstractTests {
String currentDir = new File(".").getCanonicalPath();
String baseDir = currentDir + File.separator + "target";
idpServer.setBaseDir(baseDir);
-
+
idpServer.getHost().setAppBase("tomcat/idp/webapps");
idpServer.getHost().setAutoDeploy(true);
idpServer.getHost().setDeployOnStartup(true);
-
+
Connector httpsConnector = new Connector();
httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
httpsConnector.setSecure(true);
@@ -104,13 +104,13 @@ public class JettyPreAuthSpringTest extends AbstractTests {
httpsConnector.setAttribute("SSLEnabled", true);
idpServer.getService().addConnector(httpsConnector);
-
+
File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
-
+
idpServer.start();
} catch (Exception e) {
e.printStackTrace();
@@ -127,16 +127,16 @@ public class JettyPreAuthSpringTest extends AbstractTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizspringhelloworld";
}
-
+
@Ignore("This tests is currently failing on Jetty")
@Override
public void testConcurrentRequests() throws Exception {
// super.testConcurrentRequests();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
index b961449..5c7adee 100644
--- a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
@@ -34,9 +34,9 @@ public class JettyTest extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
-
+
@BeforeClass
public static void init() {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -48,18 +48,18 @@ public class JettyTest extends AbstractTests {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
initIdp();
-
+
JettyUtils.initRpServer();
JettyUtils.startRpServer();
}
-
+
@AfterClass
public static void cleanup() {
try {
@@ -73,10 +73,10 @@ public class JettyTest extends AbstractTests {
} catch (Exception e) {
e.printStackTrace();
}
-
+
JettyUtils.stopRpServer();
}
-
+
private static void initIdp() {
try {
idpServer = new Tomcat();
@@ -84,11 +84,11 @@ public class JettyTest extends AbstractTests {
String currentDir = new File(".").getCanonicalPath();
String baseDir = currentDir + File.separator + "target";
idpServer.setBaseDir(baseDir);
-
+
idpServer.getHost().setAppBase("tomcat/idp/webapps");
idpServer.getHost().setAutoDeploy(true);
idpServer.getHost().setDeployOnStartup(true);
-
+
Connector httpsConnector = new Connector();
httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
httpsConnector.setSecure(true);
@@ -104,13 +104,13 @@ public class JettyTest extends AbstractTests {
httpsConnector.setAttribute("SSLEnabled", true);
idpServer.getService().addConnector(httpsConnector);
-
+
File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
-
+
idpServer.start();
} catch (Exception e) {
e.printStackTrace();
@@ -126,16 +126,16 @@ public class JettyTest extends AbstractTests {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
@Override
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@Ignore("This tests is currently failing on Jetty")
@Override
public void testConcurrentRequests() throws Exception {
// super.testConcurrentRequests();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
index a4465c1..43b1207 100644
--- a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
@@ -26,27 +26,27 @@ import org.eclipse.jetty.xml.XmlConfiguration;
public final class JettyUtils {
private static Server rpServer;
-
+
private JettyUtils() {
}
-
+
public static void initRpServer() {
initRpServer("rp-server.xml");
}
-
+
public static void initRpServer(String configurationFile) {
if (rpServer == null) {
try {
Resource testServerConfig = Resource.newSystemResource(configurationFile);
XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
- rpServer = (Server)configuration.configure();
-
+ rpServer = (Server)configuration.configure();
+
} catch (Exception e) {
e.printStackTrace();
}
}
}
-
+
public static void startRpServer() {
if (rpServer != null && !rpServer.isStarted()) {
try {
@@ -56,7 +56,7 @@ public final class JettyUtils {
}
}
}
-
+
public static void stopRpServer() {
if (rpServer != null && rpServer.isStarted()) {
try {
@@ -66,5 +66,5 @@ public final class JettyUtils {
}
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosClientPasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosClientPasswordCallback.java b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosClientPasswordCallback.java
index 798e681..e1da412 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosClientPasswordCallback.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosClientPasswordCallback.java
@@ -31,7 +31,7 @@ import javax.security.auth.callback.UnsupportedCallbackException;
* A CallbackHandler implementation for the kerberos client.
*/
public class KerberosClientPasswordCallback implements CallbackHandler {
-
+
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
@@ -43,6 +43,6 @@ public class KerberosClientPasswordCallback implements CallbackHandler {
}
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosServicePasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosServicePasswordCallback.java b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosServicePasswordCallback.java
index ea74a8c..39be74b 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosServicePasswordCallback.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosServicePasswordCallback.java
@@ -33,14 +33,14 @@ import org.apache.wss4j.common.kerberos.KerberosContextAndServiceNameCallback;
* A CallbackHandler implementation for the kerberos service.
*/
public class KerberosServicePasswordCallback implements CallbackHandler {
-
+
public KerberosServicePasswordCallback() {
}
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof KerberosContextAndServiceNameCallback) {
- KerberosContextAndServiceNameCallback pc =
+ KerberosContextAndServiceNameCallback pc =
(KerberosContextAndServiceNameCallback)callbacks[i];
pc.setContextName("bob");
pc.setServiceName("bob@service.ws.apache.org");
@@ -53,6 +53,6 @@ public class KerberosServicePasswordCallback implements CallbackHandler {
}
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
index bfbcdfc..2d2bfb5 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
@@ -69,7 +69,7 @@ import org.junit.runner.RunWith;
* A test that sends a Kerberos ticket to the IdP for authentication. The IdP must be configured
* to validate the Kerberos ticket, and in turn get a delegation token to authenticate to the
* STS + retrieve claims etc.
- *
+ *
* This test uses an Apache DS instance as the KDC
*/
@@ -110,11 +110,11 @@ public class KerberosTest extends AbstractLdapTestUnit {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
private static boolean portUpdated;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -124,19 +124,19 @@ public class KerberosTest extends AbstractLdapTestUnit {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
WSSConfig.init();
-
+
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
+
@Before
public void updatePort() throws Exception {
if (!portUpdated) {
@@ -144,28 +144,28 @@ public class KerberosTest extends AbstractLdapTestUnit {
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
-
+
// Read in krb5.conf and substitute in the correct port
File f = new File(basedir + "/src/test/resources/krb5.conf");
-
+
FileInputStream inputStream = new FileInputStream(f);
String content = IOUtils.toString(inputStream, "UTF-8");
inputStream.close();
content = content.replaceAll("port", "" + super.getKdcServer().getTransports()[0].getPort());
-
+
File f2 = new File(basedir + "/target/test-classes/fediz.kerberos.krb5.conf");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
-
+
System.setProperty("java.security.krb5.conf", f2.getPath());
portUpdated = true;
}
-
+
System.setProperty("java.security.auth.login.config", "src/test/resources/kerberos.jaas");
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -200,13 +200,13 @@ public class KerberosTest extends AbstractLdapTestUnit {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config.xml");
@@ -217,13 +217,13 @@ public class KerberosTest extends AbstractLdapTestUnit {
return server;
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -245,20 +245,20 @@ public class KerberosTest extends AbstractLdapTestUnit {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
@org.junit.Test
public void testKerberos() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
// Get a Kerberos Ticket + Base64 encode it
String ticket = getEncodedKerberosTicket(false);
-
+
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
-
+
webClient.getOptions().setJavaScriptEnabled(false);
webClient.addRequestHeader("Authorization", "Negotiate " + ticket);
final HtmlPage idpPage = webClient.getPage(url);
@@ -281,7 +281,7 @@ public class KerberosTest extends AbstractLdapTestUnit {
bodyTextContent.contains("role:Manager=false"));
Assert.assertTrue("User " + user + " must have role User",
bodyTextContent.contains("role:User=true"));
-
+
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
bodyTextContent.contains(claim + "=Alice"));
@@ -291,10 +291,10 @@ public class KerberosTest extends AbstractLdapTestUnit {
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
-
+
webClient.close();
}
-
+
// To get this test to work, uncomment the "spnego" configuration in the STS's kerberos.xml
@org.junit.Test
@org.junit.Ignore
@@ -302,10 +302,10 @@ public class KerberosTest extends AbstractLdapTestUnit {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
// Get a Kerberos Ticket + Base64 encode it
String ticket = getEncodedKerberosTicket(true);
-
+
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
-
+
webClient.getOptions().setJavaScriptEnabled(false);
webClient.addRequestHeader("Authorization", "Negotiate " + ticket);
final HtmlPage idpPage = webClient.getPage(url);
@@ -328,7 +328,7 @@ public class KerberosTest extends AbstractLdapTestUnit {
bodyTextContent.contains("role:Manager=false"));
Assert.assertTrue("User " + user + " must have role User",
bodyTextContent.contains("role:User=true"));
-
+
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
bodyTextContent.contains(claim + "=Alice"));
@@ -338,39 +338,39 @@ public class KerberosTest extends AbstractLdapTestUnit {
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
-
+
webClient.close();
}
-
+
private String getEncodedKerberosTicket(boolean spnego) throws Exception {
-
+
Oid kerberos5Oid = null;
if (spnego) {
kerberos5Oid = new Oid("1.3.6.1.5.5.2");
} else {
kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
}
-
+
GSSManager manager = GSSManager.getInstance();
- GSSName serverName = manager.createName("bob@service.ws.apache.org",
+ GSSName serverName = manager.createName("bob@service.ws.apache.org",
GSSName.NT_HOSTBASED_SERVICE);
GSSContext context = manager
- .createContext(serverName.canonicalize(kerberos5Oid), kerberos5Oid,
+ .createContext(serverName.canonicalize(kerberos5Oid), kerberos5Oid,
null, GSSContext.DEFAULT_LIFETIME);
-
+
context.requestCredDeleg(true);
-
+
final byte[] token = new byte[0];
String contextName = "alice";
LoginContext lc = new LoginContext(contextName, new KerberosClientPasswordCallback());
lc.login();
-
+
byte[] ticket = (byte[])Subject.doAs(lc.getSubject(), new CreateServiceTicketAction(context, token));
return Base64.encode(ticket);
}
-
+
private final class CreateServiceTicketAction implements PrivilegedExceptionAction<byte[]> {
private final GSSContext context;
private final byte[] token;
@@ -384,5 +384,5 @@ public class KerberosTest extends AbstractLdapTestUnit {
return context.initSecContext(token, 0, token.length);
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java
----------------------------------------------------------------------
diff --git a/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java b/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java
index 658dcea..f090590 100644
--- a/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java
+++ b/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java
@@ -87,11 +87,11 @@ public class LDAPTest extends AbstractLdapTestUnit {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
private static boolean portUpdated;
-
+
@Before
public void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -101,61 +101,61 @@ public class LDAPTest extends AbstractLdapTestUnit {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
WSSConfig.init();
-
+
updatePort();
-
+
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
}
-
+
public void updatePort() throws Exception {
if (!portUpdated) {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
-
+
// Read in ldap.xml and substitute in the correct port
File f = new File(basedir + "/src/test/resources/sts/ldap.xml");
-
+
FileInputStream inputStream = new FileInputStream(f);
String content = IOUtils.toString(inputStream, "UTF-8");
inputStream.close();
content = content.replaceAll("portno", "" + super.getLdapServer().getPort());
-
+
File f2 = new File(basedir + "/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/endpoints/ldap.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
-
+
// Read in ldap.jaas and substitute in the correct port
f = new File(basedir + "/src/test/resources/ldap.jaas");
-
+
inputStream = new FileInputStream(f);
content = IOUtils.toString(inputStream, "UTF-8");
inputStream.close();
content = content.replaceAll("portno", "" + super.getLdapServer().getPort());
-
+
f2 = new File(basedir + "/target/test-classes/ldap.jaas");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
-
+
portUpdated = true;
}
-
+
System.setProperty("java.security.auth.login.config", "target/test-classes/ldap.jaas");
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -190,13 +190,13 @@ public class LDAPTest extends AbstractLdapTestUnit {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config.xml");
@@ -207,13 +207,13 @@ public class LDAPTest extends AbstractLdapTestUnit {
return server;
}
-
+
@After
public void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -235,7 +235,7 @@ public class LDAPTest extends AbstractLdapTestUnit {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
@@ -247,7 +247,7 @@ public class LDAPTest extends AbstractLdapTestUnit {
Thread.sleep(5 * 60 * 1000);
}
*/
-
+
@Test
public void testLDAP() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
@@ -278,6 +278,6 @@ public class LDAPTest extends AbstractLdapTestUnit {
bodyTextContent.contains(claim + "=alice@realma.org"));
}
-
-
+
+
}
[06/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java
index 475ccd7..4af7ad1 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/security/GrantedAuthorityEntitlements.java
@@ -47,31 +47,31 @@ import org.springframework.web.filter.GenericFilterBean;
public class GrantedAuthorityEntitlements extends GenericFilterBean {
private static final Logger LOG = LoggerFactory.getLogger(GrantedAuthorityEntitlements.class);
-
+
@Autowired
private RoleDAO roleDAO;
-
+
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
-
+
try {
Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication();
if (currentAuth == null) {
chain.doFilter(request, response);
return;
}
-
+
final Set<GrantedAuthority> authorities = new HashSet<>();
if (currentAuth.getAuthorities() != null) {
authorities.addAll(currentAuth.getAuthorities());
}
-
+
Iterator<? extends GrantedAuthority> authIt = currentAuth.getAuthorities().iterator();
while (authIt.hasNext()) {
GrantedAuthority ga = authIt.next();
String roleName = ga.getAuthority();
-
+
try {
Role role = roleDAO.getRole(roleName.substring(5), Arrays.asList("all"));
for (Entitlement e : role.getEntitlements()) {
@@ -82,18 +82,18 @@ public class GrantedAuthorityEntitlements extends GenericFilterBean {
}
}
LOG.debug("Granted Authorities: {}", authorities);
-
+
UsernamePasswordAuthenticationToken enrichedAuthentication = new UsernamePasswordAuthenticationToken(
currentAuth.getName(), currentAuth.getCredentials(), authorities);
enrichedAuthentication.setDetails(currentAuth.getDetails());
-
+
SecurityContextHolder.getContext().setAuthentication(enrichedAuthentication);
LOG.info("Enriched AuthenticationToken added");
-
+
} catch (Exception ex) {
LOG.error("Failed to enrich security context with entitlements", ex);
}
-
+
chain.doFilter(request, response);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java
index 1cd9dc1..dc16324 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/ApplicationProtocolHandler.java
@@ -23,11 +23,11 @@ import javax.servlet.http.HttpServletRequest;
import org.springframework.webflow.execution.RequestContext;
public interface ApplicationProtocolHandler extends ProtocolHandler {
-
+
boolean canHandleRequest(HttpServletRequest request);
void mapSignInRequest(RequestContext context);
-
+
void mapSignInResponse(RequestContext context);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
index a33591b..35e70d2 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/spi/TrustedIdpProtocolHandler.java
@@ -28,12 +28,12 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.springframework.webflow.execution.RequestContext;
public interface TrustedIdpProtocolHandler extends ProtocolHandler {
-
+
boolean canHandleRequest(HttpServletRequest request);
// Only supports HTTP GET SignIn Requests
URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp);
-
+
//Hook in <action-state id="validateToken"> of federation-signin-response.xml
SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
index 4484312..6f84af1 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/util/WebUtils.java
@@ -31,7 +31,7 @@ import org.springframework.webflow.execution.RequestContext;
* Utility class to bind with webflow artifacts
*/
public final class WebUtils {
-
+
private WebUtils() {
super();
}
@@ -79,7 +79,7 @@ public final class WebUtils {
/**
* put attribute in request or in session depending on storeInSession.
- *
+ *
* @param context
* @param attributeKey
*/
@@ -106,7 +106,7 @@ public final class WebUtils {
/**
* get attribute from request; if not found get it from session.
- *
+ *
* @param context
* @param attributeKey
* @return the attribute from the request or session
@@ -133,7 +133,7 @@ public final class WebUtils {
/**
* remove attribute from request and session.
- *
+ *
* @param context
* @param attributeKey
* @return the removed attribute
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPATest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPATest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPATest.java
index 4a2970c..ba41a15 100644
--- a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPATest.java
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPATest.java
@@ -46,27 +46,27 @@ public class ApplicationDAOJPATest {
@Autowired
private ApplicationDAO applicationDAO;
-
-
+
+
@BeforeClass
public static void init() {
System.setProperty("spring.profiles.active", "jpa");
}
-
-
+
+
@Test
public void testReadAllApplications() {
List<Application> applications = applicationDAO.getApplications(0, 999, null);
// Application could have been removed, Order not given as per JUnit design
Assert.isTrue(1 < applications.size(), "Size doesn't match [" + applications.size() + "]");
}
-
-
+
+
@Test
public void testReadExistingApplicationEmbeddedAll() {
Application application = applicationDAO.getApplication("urn:org:apache:cxf:fediz:fedizhelloworld",
Arrays.asList("all"));
-
+
Assert.isTrue(application.getLifeTime() == 3600,
"LifeTime doesn't match");
Assert.isTrue("http://docs.oasis-open.org/wsfed/federation/200706".equals(application.getProtocol()),
@@ -85,41 +85,41 @@ public class ApplicationDAOJPATest {
Assert.isTrue(4 == application.getRequestedClaims().size(),
"Number of claims doesn't match [" + application.getRequestedClaims().size() + "]");
}
-
+
@Test
public void testReadExistingApplicationEmbeddedClaims() {
Application application = applicationDAO.getApplication("urn:org:apache:cxf:fediz:fedizhelloworld",
Arrays.asList("claims"));
-
+
Assert.isTrue(4 == application.getRequestedClaims().size(),
"Number of claims doesn't match");
}
-
+
@Test
public void testReadExistingApplicationEmbeddedNull() {
Application application = applicationDAO.getApplication("urn:org:apache:cxf:fediz:fedizhelloworld",
null);
-
+
Assert.isTrue(0 == application.getRequestedClaims().size(),
"Number of claims doesn't match");
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryReadNonexistingApplication() {
applicationDAO.getApplication("urn:org:apache:cxf:fediz:fedizhelloworld:NOTEXIST", null);
}
-
-
+
+
@Test
public void testAddNewApplication() {
-
+
String realm = "urn:org:apache:cxf:fediz:application:testaddnew";
Application application = createApplication(realm);
applicationDAO.addApplication(application);
-
+
application = applicationDAO.getApplication(realm, null);
-
+
Assert.isTrue("".equals(application.getEncryptionCertificate()),
"EncryptionCertificate doesn't match");
Assert.isTrue(application.getLifeTime() == 3600,
@@ -143,15 +143,15 @@ public class ApplicationDAOJPATest {
Assert.isTrue(0 == application.getRequestedClaims().size(),
"Number of claims doesn't match");
}
-
+
@Test
public void testUpdateApplication() {
String realm = "urn:org:apache:cxf:fediz:application:testupdate";
-
+
//Prepare
Application application = createApplication(realm);
applicationDAO.addApplication(application);
-
+
//Testcase
application = new Application();
application.setRealm(realm);
@@ -163,7 +163,7 @@ public class ApplicationDAOJPATest {
application.setServiceDisplayName("UFedizhelloworld2");
application.setTokenType("Uhttp://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
application.setPolicyNamespace("Uhttp://www.w3.org/ns/ws-policy");
-
+
Assert.isTrue("U".equals(application.getEncryptionCertificate()),
"EncryptionCertificate doesn't match");
Assert.isTrue(application.getLifeTime() == 1800,
@@ -187,7 +187,7 @@ public class ApplicationDAOJPATest {
Assert.isTrue(0 == application.getRequestedClaims().size(),
"Number of claims doesn't match");
}
-
+
@Test(expected = DataIntegrityViolationException.class)
public void testTryAddExistingApplication() {
Application application = new Application();
@@ -199,29 +199,29 @@ public class ApplicationDAOJPATest {
application.setServiceDescription("Fedizhelloworld description");
application.setServiceDisplayName("Fedizhelloworld");
application.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
-
+
applicationDAO.addApplication(application);
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryRemoveUnknownApplication() {
applicationDAO.deleteApplication("urn:org:apache:cxf:fediz:fedizhelloworld:NOTEXIST");
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testRemoveExistingApplication() {
String realm = "urn:org:apache:cxf:fediz:app:testdelete";
Application application = createApplication(realm);
-
+
applicationDAO.addApplication(application);
-
+
applicationDAO.deleteApplication(realm);
-
+
applicationDAO.getApplication(realm, null);
}
-
+
@Test
public void testAddClaimToApplication() {
//Prepare step
@@ -234,47 +234,47 @@ public class ApplicationDAOJPATest {
application.setServiceDescription("Fedizhelloworld description");
application.setServiceDisplayName("Fedizhelloworld");
application.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
-
+
applicationDAO.addApplication(application);
-
+
//Testcase
RequestClaim requestClaim = new RequestClaim();
requestClaim.setOptional(false);
requestClaim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
-
+
applicationDAO.addClaimToApplication(application, requestClaim);
-
+
application = applicationDAO.getApplication("urn:org:apache:cxf:fediz:fedizhelloworld:testaddclaim",
Arrays.asList("all"));
-
+
Assert.isTrue(1 == application.getRequestedClaims().size(), "requestedClaims size doesn't match");
}
-
+
@Test(expected = DataIntegrityViolationException.class)
public void testTryAddExistingClaimToApplication() {
Application application = new Application();
application.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
-
+
RequestClaim requestClaim = new RequestClaim();
requestClaim.setOptional(false);
requestClaim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
-
+
applicationDAO.addClaimToApplication(application, requestClaim);
}
-
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryAddUnknownClaimToApplication() {
Application application = new Application();
application.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
-
+
RequestClaim requestClaim = new RequestClaim();
requestClaim.setOptional(false);
requestClaim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/UNKOWN"));
-
+
applicationDAO.addClaimToApplication(application, requestClaim);
}
-
-
+
+
@Test
public void testRemoveClaimFromApplication() {
//Prepare step
@@ -287,50 +287,50 @@ public class ApplicationDAOJPATest {
application.setServiceDescription("Fedizhelloworld description");
application.setServiceDisplayName("Fedizhelloworld");
application.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
-
+
applicationDAO.addApplication(application);
-
+
RequestClaim requestClaim = new RequestClaim();
requestClaim.setOptional(false);
requestClaim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
-
+
applicationDAO.addClaimToApplication(application, requestClaim);
-
+
application = applicationDAO.getApplication("urn:org:apache:cxf:fediz:fedizhelloworld:testremoveclaim",
Arrays.asList("all"));
Assert.isTrue(1 == application.getRequestedClaims().size(), "requestedClaims size doesn't match");
-
+
//Testcase
applicationDAO.removeClaimFromApplication(application, requestClaim);
application = applicationDAO.getApplication("urn:org:apache:cxf:fediz:fedizhelloworld:testremoveclaim",
Arrays.asList("all"));
Assert.isTrue(0 == application.getRequestedClaims().size(), "requestedClaims size doesn't match");
}
-
+
@Test(expected = JpaObjectRetrievalFailureException.class)
public void testTryRemoveNotAssignedClaimFromApplication() {
Application application = new Application();
application.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
-
+
RequestClaim requestClaim = new RequestClaim();
requestClaim.setOptional(false);
requestClaim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city"));
-
+
applicationDAO.removeClaimFromApplication(application, requestClaim);
}
-
+
@Test(expected = JpaObjectRetrievalFailureException.class)
public void testTryRemoveUnknownClaimFromApplication() {
Application application = new Application();
application.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
-
+
RequestClaim requestClaim = new RequestClaim();
requestClaim.setOptional(false);
requestClaim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/UNKNOWN"));
-
+
applicationDAO.removeClaimFromApplication(application, requestClaim);
}
-
+
private static Application createApplication(String realm) {
Application application = new Application();
application.setRealm(realm);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPATest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPATest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPATest.java
index 767a989..cabbf4b 100644
--- a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPATest.java
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPATest.java
@@ -42,20 +42,20 @@ public class ClaimDAOJPATest {
@Autowired
private ClaimDAO claimDAO;
-
-
+
+
@BeforeClass
public static void init() {
System.setProperty("spring.profiles.active", "jpa");
}
-
-
+
+
@Test
public void testReadAllClaims() {
List<Claim> claims = claimDAO.getClaims(0, 999);
Assert.isTrue(5 == claims.size(), "Size doesn't match");
}
-
+
@Test
public void testReadExistingClaim() {
Claim claim = claimDAO.getClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname");
@@ -67,14 +67,14 @@ public class ClaimDAOJPATest {
Assert.isTrue("Description for firstname".equals(claim.getDescription()),
"Claim Description name doesn't match");
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryReadNonexistingClaim() {
claimDAO.getClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennamenotexist");
}
-
-
+
+
@Test
public void testAddNewClaim() {
Claim claim5 = new Claim();
@@ -82,12 +82,12 @@ public class ClaimDAOJPATest {
claim5.setDisplayName("Town");
claim5.setDescription("Town Description");
claimDAO.addClaim(claim5);
-
+
List<Claim> claims = claimDAO.getClaims(0, 999);
Assert.isTrue(6 == claims.size(), "Size doesn't match. Claim not added");
}
-
-
+
+
@Test(expected = DataIntegrityViolationException.class)
public void testTryAddExistingClaim() {
Claim claim5 = new Claim();
@@ -96,20 +96,20 @@ public class ClaimDAOJPATest {
claim5.setDescription("Description for firstname");
claimDAO.addClaim(claim5);
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryRemoveUnknownClaim() {
claimDAO.deleteClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/town/WRONG");
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testRemoveExistingClaim() {
claimDAO.deleteClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email");
-
+
claimDAO.getClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email");
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java
index 1d63fde..9172ea6 100644
--- a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPATest.java
@@ -41,20 +41,20 @@ public class EntitlementDAOJPATest {
@Autowired
private EntitlementDAO entitlementDAO;
-
-
+
+
@BeforeClass
public static void init() {
System.setProperty("spring.profiles.active", "jpa");
}
-
-
+
+
@Test
public void testReadAllEntitlements() {
List<Entitlement> entitlements = entitlementDAO.getEntitlements(0, 999);
Assert.isTrue(30 == entitlements.size(), "Size doesn't match");
}
-
+
@Test
public void testReadExistingEntitlement() {
Entitlement entitlement = entitlementDAO.getEntitlement("CLAIM_LIST");
@@ -63,26 +63,26 @@ public class EntitlementDAOJPATest {
Assert.isTrue("Description for CLAIM_LIST".equals(entitlement.getDescription()),
"Entitlement Description doesn't match");
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryReadNonexistingEntitlement() {
entitlementDAO.getEntitlement("CLAIM_NOT_EXIST");
}
-
-
+
+
@Test
public void testAddNewEntitlement() {
Entitlement entitlement5 = new Entitlement();
entitlement5.setName("GUGUS_CREATE");
entitlement5.setDescription("Any entitlement");
entitlementDAO.addEntitlement(entitlement5);
-
+
List<Entitlement> entitlements = entitlementDAO.getEntitlements(0, 999);
Assert.isTrue(31 == entitlements.size(), "Size doesn't match. Entitlement not added");
}
-
-
+
+
@Test(expected = DataIntegrityViolationException.class)
public void testTryAddExistingEntitlement() {
Entitlement entitlement5 = new Entitlement();
@@ -90,26 +90,26 @@ public class EntitlementDAOJPATest {
entitlement5.setDescription("Description for CLAIM_DELETE");
entitlementDAO.addEntitlement(entitlement5);
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryRemoveUnknownEntitlement() {
entitlementDAO.deleteEntitlement("GUGUS_NOT_EXIST");
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testRemoveExistingEntitlement() {
-
+
Entitlement entitlement5 = new Entitlement();
entitlement5.setName("CLAIM_TO_DELETE");
entitlement5.setDescription("Description for CLAIM_TO_DELETE");
entitlementDAO.addEntitlement(entitlement5);
-
+
entitlementDAO.deleteEntitlement("CLAIM_TO_DELETE");
-
+
entitlementDAO.getEntitlement("CLAIM_TO_DELETE");
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java
index 6256371..7ebb375 100644
--- a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java
@@ -51,26 +51,26 @@ public class IdpDAOJPATest {
@Autowired
private IdpDAO idpDAO;
-
-
+
+
@BeforeClass
public static void init() {
System.setProperty("spring.profiles.active", "jpa");
}
-
-
+
+
@Test
public void testReadAllIdps() {
List<Idp> idps = idpDAO.getIdps(0, 999, null);
// Idp could have been removed, Order not given as per JUnit design
Assert.isTrue(0 < idps.size(), "Size doesn't match [" + idps.size() + "]");
}
-
-
+
+
@Test
public void testReadExistingIdpEmbeddedAll() throws MalformedURLException {
Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A", Arrays.asList("all"));
-
+
Assert.isTrue("stsKeystoreA.properties".equals(idp.getCertificate()),
"Certificate doesn't match");
Assert.isTrue("realma".equals(idp.getCertificatePassword()),
@@ -80,7 +80,7 @@ public class IdpDAOJPATest {
Assert.isTrue("IDP of Realm A".equals(idp.getServiceDescription()),
"ServiceDescription doesn't match");
Assert.isTrue("REALM A".equals(idp.getServiceDisplayName()),
- "ServiceDisplayName doesn't match");
+ "ServiceDisplayName doesn't match");
Assert.isTrue(new URL("https://localhost:9443/fediz-idp/federation").equals(idp.getIdpUrl()),
"IdpUrl doesn't match");
Assert.isTrue(new URL("https://localhost:9443/fediz-idp-sts/REALMA").equals(idp.getStsUrl()),
@@ -104,53 +104,53 @@ public class IdpDAOJPATest {
Assert.isTrue(4 == idp.getClaimTypesOffered().size(),
"Number of claims doesn't match");
}
-
+
@Test
public void testReadExistingIdpEmbeddedTrustedIdps() {
Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A",
Arrays.asList("trusted-idps"));
-
+
Assert.isTrue(1 == idp.getTrustedIdps().size(),
"Number of trusted IDPs doesn't match");
}
-
+
@Test
public void testReadExistingIdpEmbeddedClaims() {
Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A",
Arrays.asList("claims"));
-
+
Assert.isTrue(4 == idp.getClaimTypesOffered().size(),
"Number of claims doesn't match");
}
-
+
@Test
public void testReadExistingIdpEmbeddedApplications() {
Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A", Arrays.asList("applications"));
-
+
Assert.isTrue(2 == idp.getApplications().size(), "Number of applications doesn't match");
}
-
+
@Test
public void testReadExistingIdpEmbeddedNull() {
Idp idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:realm-A",
null);
-
+
Assert.isTrue(0 == idp.getClaimTypesOffered().size(),
"Number of claims doesn't match");
Assert.isTrue(0 == idp.getApplications().size(),
"Number of applications doesn't match");
Assert.isTrue(0 == idp.getTrustedIdps().size(),
"Number of trusted IDPs doesn't match");
-
+
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryReadNonexistingIdp() {
idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:NOTEXIST", null);
}
-
-
+
+
@Test
public void testAddNewIdp() throws MalformedURLException {
Idp idp = new Idp();
@@ -175,11 +175,11 @@ public class IdpDAOJPATest {
tokenTypes.add(WSConstants.SAML_NS);
idp.setTokenTypesOffered(tokenTypes);
idp.setUseCurrentIdp(true);
-
+
idpDAO.addIdp(idp);
-
+
idp = idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:testadd", null);
-
+
Assert.isTrue("stsKeystoreA.properties".equals(idp.getCertificate()),
"Certificate doesn't match");
Assert.isTrue("realma".equals(idp.getCertificatePassword()),
@@ -189,7 +189,7 @@ public class IdpDAOJPATest {
Assert.isTrue("IDP of New Realm".equals(idp.getServiceDescription()),
"ServiceDescription doesn't match");
Assert.isTrue("NEW REALM".equals(idp.getServiceDisplayName()),
- "ServiceDisplayName doesn't match");
+ "ServiceDisplayName doesn't match");
Assert.isTrue(new URL("https://localhost:9443/fediz-idp/federation").equals(idp.getIdpUrl()),
"IdpUrl doesn't match");
Assert.isTrue(new URL("https://localhost:9443/fediz-idp-sts/REALMN").equals(idp.getStsUrl()),
@@ -214,39 +214,39 @@ public class IdpDAOJPATest {
"Number of claims doesn't match");
}
-
-
+
+
@Test(expected = DataIntegrityViolationException.class)
public void testTryAddExistingIdp() throws MalformedURLException {
Idp idp = createIdp("urn:org:apache:cxf:fediz:idp:realm-A");
idpDAO.addIdp(idp);
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryRemoveUnknownIdp() {
idpDAO.deleteIdp("urn:org:apache:cxf:fediz:idp:NOTEXIST");
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testRemoveExistingIdp() throws MalformedURLException {
Idp idp = createIdp("urn:org:apache:cxf:fediz:idp:testdelete");
-
+
idpDAO.addIdp(idp);
-
+
idpDAO.deleteIdp("urn:org:apache:cxf:fediz:idp:testdelete");
-
+
idpDAO.getIdp("urn:org:apache:cxf:fediz:idp:testdelete", null);
}
-
+
@Test
public void testUpdateIdp() throws MalformedURLException {
String realm = "urn:org:apache:cxf:fediz:idp:testupdate";
//Prepare
Idp idp = createIdp(realm);
idpDAO.addIdp(idp);
-
+
//Testcase
idp = new Idp();
idp.setRealm(realm);
@@ -269,9 +269,9 @@ public class IdpDAOJPATest {
idp.setTokenTypesOffered(tokenTypes);
idp.setUseCurrentIdp(false);
idpDAO.updateIdp(realm, idp);
-
+
idp = idpDAO.getIdp(realm, null);
-
+
Assert.isTrue("UstsKeystoreA.properties".equals(idp.getCertificate()),
"Certificate doesn't match");
Assert.isTrue("Urealma".equals(idp.getCertificatePassword()),
@@ -281,7 +281,7 @@ public class IdpDAOJPATest {
Assert.isTrue("UIDP of New Realm".equals(idp.getServiceDescription()),
"ServiceDescription doesn't match");
Assert.isTrue("UNEW REALM".equals(idp.getServiceDisplayName()),
- "ServiceDisplayName doesn't match");
+ "ServiceDisplayName doesn't match");
Assert.isTrue(new URL("https://localhost:9443/fediz-idp/federationUU").equals(idp.getIdpUrl()),
"IdpUrl doesn't match");
Assert.isTrue(new URL("https://localhost:9443/fediz-idp-sts/REALMAUU").equals(idp.getStsUrl()),
@@ -304,17 +304,17 @@ public class IdpDAOJPATest {
"Number of trusted IDPs doesn't match");
Assert.isTrue(0 == idp.getClaimTypesOffered().size(),
"Number of claims doesn't match");
-
+
}
-
+
@Test(expected = EmptyResultDataAccessException.class)
public void testUpdateUnknownIdp() throws MalformedURLException {
String realm = "urn:org:apache:cxf:fediz:idp:testupdate2";
-
+
//Prepare
Idp idp = createIdp(realm);
idpDAO.addIdp(idp);
-
+
//Testcase
idp = new Idp();
idp.setRealm(realm);
@@ -338,277 +338,277 @@ public class IdpDAOJPATest {
idp.setUseCurrentIdp(false);
idpDAO.updateIdp("urn:UNKNOWN", idp);
}
-
+
@Test
public void testAddClaimToIdp() throws MalformedURLException {
String realm = "urn:org:apache:cxf:fediz:idp:testaddclaim";
-
+
//Prepare
Idp idp = createIdp(realm);
idpDAO.addIdp(idp);
-
+
//Testcase
Claim claim = new Claim();
claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
-
+
idpDAO.addClaimToIdp(idp, claim);
-
+
idp = idpDAO.getIdp(realm, Arrays.asList("all"));
-
+
Assert.isTrue(1 == idp.getClaimTypesOffered().size(), "claimTypesOffered size doesn't match");
}
-
+
@Test(expected = DataIntegrityViolationException.class)
public void testTryAddExistingClaimToIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
Claim claim = new Claim();
claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
-
+
idpDAO.addClaimToIdp(idp, claim);
}
-
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryAddUnknownClaimToIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
Claim claim = new Claim();
claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/UNKOWN"));
-
+
idpDAO.addClaimToIdp(idp, claim);
-
+
}
-
+
@Test
public void testRemoveClaimFromIdp() throws MalformedURLException {
String realm = "urn:org:apache:cxf:fediz:fedizhelloworld:testremoveclaim";
//Prepare step
Idp idp = createIdp(realm);
idpDAO.addIdp(idp);
-
+
Claim claim = new Claim();
claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
idpDAO.addClaimToIdp(idp, claim);
-
+
idp = idpDAO.getIdp(realm, Arrays.asList("all"));
Assert.isTrue(1 == idp.getClaimTypesOffered().size(),
"claimTypesOffered size doesn't match [" + idp.getClaimTypesOffered().size() + "]");
-
+
//Testcase
idpDAO.removeClaimFromIdp(idp, claim);
idp = idpDAO.getIdp(realm, Arrays.asList("all"));
Assert.isTrue(0 == idp.getClaimTypesOffered().size(),
"claimTypesOffered size doesn't match [" + idp.getClaimTypesOffered().size() + "]");
}
-
+
@Test(expected = JpaObjectRetrievalFailureException.class)
public void testTryRemoveNotAssignedClaimFromIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
Claim claim = new Claim();
claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city"));
-
+
idpDAO.removeClaimFromIdp(idp, claim);
}
-
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryRemoveUnknownClaimFromIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
Claim claim = new Claim();
claim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/UNKNOWN"));
-
+
idpDAO.removeClaimFromIdp(idp, claim);
}
-
+
@Test
public void testAddApplicationToIdp() throws MalformedURLException {
String realm = "urn:org:apache:cxf:fediz:app:testaddApplication";
-
+
//Prepare
Idp idp = createIdp(realm);
idpDAO.addIdp(idp);
-
+
//Testcase
//Application app = createApplication(realm);
Application app = new Application();
app.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
idpDAO.addApplicationToIdp(idp, app);
-
+
idp = idpDAO.getIdp(realm, Arrays.asList("all"));
-
+
Assert.isTrue(1 == idp.getApplications().size(), "applications size doesn't match");
}
-
-
+
+
@Test(expected = DataIntegrityViolationException.class)
public void testTryAddExistingApplicationToIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
Application app = new Application();
app.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
-
+
idpDAO.addApplicationToIdp(idp, app);
}
-
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryAddUnknownApplicationToIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
Application app = new Application();
app.setRealm("urn:org:apache:cxf:fediz:UNKNOWN");
-
+
idpDAO.addApplicationToIdp(idp, app);
-
+
}
-
+
@Test
public void testRemoveApplicationFromIdp() throws MalformedURLException {
String realm = "urn:org:apache:cxf:fediz:fedizhelloworld:testremoveapp";
//Prepare step
Idp idp = createIdp(realm);
idpDAO.addIdp(idp);
-
+
Application app = new Application();
app.setRealm("urn:org:apache:cxf:fediz:fedizhelloworld");
idpDAO.addApplicationToIdp(idp, app);
-
+
idp = idpDAO.getIdp(realm, Arrays.asList("all"));
Assert.isTrue(1 == idp.getApplications().size(),
"applications size doesn't match [" + idp.getApplications().size() + "]");
-
+
//Testcase
idpDAO.removeApplicationFromIdp(idp, app);
idp = idpDAO.getIdp(realm, Arrays.asList("all"));
Assert.isTrue(0 == idp.getApplications().size(),
"applications size doesn't match [" + idp.getApplications().size() + "]");
}
-
-
+
+
@Test(expected = JpaObjectRetrievalFailureException.class)
public void testTryRemoveNotAssignedApplicationFromIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
Application app = new Application();
app.setRealm("myrealm2");
-
+
idpDAO.removeApplicationFromIdp(idp, app);
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryRemoveUnknownApplicationFromIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
Application app = new Application();
app.setRealm("urn:org:apache:cxf:fediz:UNKNOWN");
-
+
idpDAO.removeApplicationFromIdp(idp, app);
}
-
-
-
-
-
-
+
+
+
+
+
+
@Test
public void testAddTrustedIdpToIdp() throws MalformedURLException {
String realm = "urn:org:apache:cxf:fediz:trusted-idp:testaddTrustedIdp";
-
+
//Prepare
Idp idp = createIdp(realm);
idpDAO.addIdp(idp);
-
+
//Testcase
//Application app = createApplication(realm);
TrustedIdp trustedIdp = new TrustedIdp();
trustedIdp.setRealm("urn:org:apache:cxf:fediz:idp:realm-B");
idpDAO.addTrustedIdpToIdp(idp, trustedIdp);
-
+
idp = idpDAO.getIdp(realm, Arrays.asList("all"));
-
+
Assert.isTrue(1 == idp.getTrustedIdps().size(), "applications size doesn't match");
}
-
+
/*
@Test(expected = DataIntegrityViolationException.class)
public void testTryAddExistingTrustedIdpToIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
TrustedIdp trustedIdp = new TrustedIdp();
trustedIdp.setRealm("urn:org:apache:cxf:fediz:idp:realm-B");
-
+
idpDAO.addTrustedIdpToIdp(idp, trustedIdp);
}
-
+
@Test(expected = NoResultException.class)
public void testTryAddUnknownTrustedIdpToIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
TrustedIdp trustedIdp = new TrustedIdp();
trustedIdp.setRealm("urn:org:apache:cxf:fediz:UNKNOWN");
-
+
idpDAO.addTrustedIdpToIdp(idp, trustedIdp);
}
-
+
@Test
public void testRemoveTrustedIdpFromIdp() {
String realm = "urn:org:apache:cxf:fediz:trustedidp:testremove";
//Prepare step
Idp idp = createIdp(realm);
idpDAO.addIdp(idp);
-
+
TrustedIdp trustedIdp = new TrustedIdp();
trustedIdp.setRealm("urn:org:apache:cxf:fediz:idp:realm-B");
idpDAO.addTrustedIdpToIdp(idp, trustedIdp);
-
+
idp = idpDAO.getIdp(realm, Arrays.asList("all"));
Assert.isTrue(1 == idp.getTrustedIdps().size(),
"trustedIdps size doesn't match [" + idp.getTrustedIdps().size() + "]");
-
+
//Testcase
idpDAO.removeTrustedIdpFromIdp(idp, trustedIdp);
idp = idpDAO.getIdp(realm, Arrays.asList("all"));
Assert.isTrue(0 == idp.getTrustedIdps().size(),
"trustedIdps size doesn't match [" + idp.getTrustedIdps().size() + "]");
}
-
-
+
+
@Test(expected = EntityNotFoundException.class)
public void testTryRemoveNotAssignedTrustedIdpFromIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
TrustedIdp trustedIdp = new TrustedIdp();
trustedIdp.setRealm("trustedidp2realm");
-
+
idpDAO.removeTrustedIdpFromIdp(idp, trustedIdp);
}
-
-
+
+
@Test(expected = NoResultException.class)
public void testTryRemoveUnknownTrustedIdpFromIdp() {
Idp idp = new Idp();
idp.setRealm("urn:org:apache:cxf:fediz:idp:realm-A");
-
+
TrustedIdp trustedIdp = new TrustedIdp();
trustedIdp.setRealm("urn:org:apache:cxf:fediz:UNKNOWN");
-
+
idpDAO.removeTrustedIdpFromIdp(idp, trustedIdp);
}
*/
-
-
+
+
private static Idp createIdp(String realm) throws MalformedURLException {
Idp idp = new Idp();
idp.setRealm(realm);
@@ -648,6 +648,6 @@ public class IdpDAOJPATest {
return application;
}
*/
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java
index 222277a..b44a4bf 100644
--- a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TestDBLoader.java
@@ -29,32 +29,32 @@ import org.springframework.transaction.annotation.Transactional;
@Transactional
public class TestDBLoader implements DBLoader {
-
+
public static final String NAME = "UNITTESTDBLOADER";
-
+
private static final Logger LOG = LoggerFactory.getLogger(TestDBLoader.class);
-
+
private EntityManager em;
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public String getName() {
return NAME;
}
-
+
public void load() {
-
+
try {
ClaimEntity claimEntity5 = new ClaimEntity();
claimEntity5.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city");
claimEntity5.setDisplayName("city");
claimEntity5.setDescription("Description for city");
em.persist(claimEntity5);
-
+
ApplicationEntity entity2 = new ApplicationEntity();
entity2.setEncryptionCertificate("my encryption cert2");
entity2.setLifeTime(1800);
@@ -71,7 +71,7 @@ public class TestDBLoader implements DBLoader {
em.persist(ace5);
entity2.getRequestedClaims().add(ace5);
em.persist(entity2);
-
+
TrustedIdpEntity entity4 = new TrustedIdpEntity();
entity4.setCacheTokens(true);
entity4.setCertificate("trusted cert");
@@ -83,9 +83,9 @@ public class TestDBLoader implements DBLoader {
entity4.setTrustType(TrustType.PEER_TRUST);
entity4.setUrl("https://localhost:${realmB.port}/fediz-idp-remote/federation");
em.persist(entity4);
-
+
em.flush();
-
+
} catch (Exception ex) {
LOG.warn("Failed to initialize DB with data", ex);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java
index 2ebe5ba..9e65ed0 100644
--- a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPATest.java
@@ -43,20 +43,20 @@ public class TrustedIdpDAOJPATest {
@Autowired
private TrustedIdpDAO trustedIdpDAO;
-
-
+
+
@BeforeClass
public static void init() {
System.setProperty("spring.profiles.active", "jpa");
}
-
-
+
+
@Test
public void testReadAllTrustedIdps() {
List<TrustedIdp> trustedIdps = trustedIdpDAO.getTrustedIDPs(0, 999);
Assert.isTrue(2 <= trustedIdps.size(), "Size doesn't match");
}
-
+
@Test
public void testReadExistingTrustedIdp() {
TrustedIdp trustedIdp = trustedIdpDAO.getTrustedIDP("urn:org:apache:cxf:fediz:idp:realm-B");
@@ -65,62 +65,62 @@ public class TrustedIdpDAOJPATest {
Assert.isTrue("Realm B description".equals(trustedIdp.getDescription()),
"Description name doesn't match");
Assert.isTrue(FederationType.FEDERATE_IDENTITY.equals(trustedIdp.getFederationType()),
- "FederationType doesn't match");
+ "FederationType doesn't match");
Assert.isTrue("Realm B".equals(trustedIdp.getName()),
- "Name doesn't match");
+ "Name doesn't match");
Assert.isTrue("http://docs.oasis-open.org/wsfed/federation/200706".equals(trustedIdp.getProtocol()),
- "Protocol doesn't match");
+ "Protocol doesn't match");
Assert.isTrue("urn:org:apache:cxf:fediz:idp:realm-B".equals(trustedIdp.getRealm()),
- "Realm doesn't match");
+ "Realm doesn't match");
Assert.isTrue(TrustType.PEER_TRUST.equals(trustedIdp.getTrustType()),
"TrustType doesn't match");
Assert.isTrue("https://localhost:12443/fediz-idp-remote/federation".equals(trustedIdp.getUrl()),
- "Url doesn't match");
- Assert.isTrue(trustedIdp.isCacheTokens(), "CacheTokens doesn't match");
+ "Url doesn't match");
+ Assert.isTrue(trustedIdp.isCacheTokens(), "CacheTokens doesn't match");
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryReadNonexistingTrustedIdp() {
trustedIdpDAO.getTrustedIDP("urn:org:apache:cxf:fediz:idp:NOTEXIST");
}
-
-
+
+
@Test
public void testAddNewTrustedIdp() {
String realm = "urn:org:apache:cxf:fediz:trusted-idp:testadd";
TrustedIdp trustedIdp = createTrustedIdp(realm);
trustedIdpDAO.addTrustedIDP(trustedIdp);
-
+
trustedIdp = trustedIdpDAO.getTrustedIDP(realm);
-
+
Assert.isTrue("realmb.cert".equals(trustedIdp.getCertificate()),
"Certificate name doesn't match");
Assert.isTrue("Realm B description".equals(trustedIdp.getDescription()),
"Description name doesn't match");
Assert.isTrue(FederationType.FEDERATE_IDENTITY.equals(trustedIdp.getFederationType()),
- "FederationType doesn't match");
+ "FederationType doesn't match");
Assert.isTrue("Realm B".equals(trustedIdp.getName()),
- "Name doesn't match");
+ "Name doesn't match");
Assert.isTrue("http://docs.oasis-open.org/wsfed/federation/200706".equals(trustedIdp.getProtocol()),
- "Protocol doesn't match");
+ "Protocol doesn't match");
Assert.isTrue(realm.equals(trustedIdp.getRealm()),
- "Realm doesn't match");
+ "Realm doesn't match");
Assert.isTrue(TrustType.PEER_TRUST.equals(trustedIdp.getTrustType()),
"TrustType doesn't match");
Assert.isTrue("https://localhost:12443/fediz-idp-remote/federation".equals(trustedIdp.getUrl()),
- "Url doesn't match");
- Assert.isTrue(!trustedIdp.isCacheTokens(), "CacheTokens doesn't match");
+ "Url doesn't match");
+ Assert.isTrue(!trustedIdp.isCacheTokens(), "CacheTokens doesn't match");
}
-
-
+
+
@Test
public void testUpdateTrustedIdp() {
String realm = "urn:org:apache:cxf:fediz:trusted-idp:testupdate";
//Prepare
TrustedIdp trustedIdp = createTrustedIdp(realm);
trustedIdpDAO.addTrustedIDP(trustedIdp);
-
+
//Testcase
trustedIdp = new TrustedIdp();
trustedIdp.setRealm(realm);
@@ -132,58 +132,58 @@ public class TrustedIdpDAOJPATest {
trustedIdp.setProtocol("http://docs.oasis-open.org/wsfed/federation/200706");
trustedIdp.setTrustType(TrustType.INDIRECT_TRUST);
trustedIdp.setUrl("Uhttps://localhost:12443/fediz-idp-remote/federation");
-
+
trustedIdpDAO.updateTrustedIDP(realm, trustedIdp);
-
+
trustedIdp = trustedIdpDAO.getTrustedIDP(realm);
-
+
Assert.isTrue("Utrusted cert".equals(trustedIdp.getCertificate()),
"Certificate name doesn't match");
Assert.isTrue("URealm B description".equals(trustedIdp.getDescription()),
"Description name doesn't match");
Assert.isTrue(FederationType.FEDERATE_CLAIMS.equals(trustedIdp.getFederationType()),
- "FederationType doesn't match");
+ "FederationType doesn't match");
Assert.isTrue("URealm B".equals(trustedIdp.getName()),
- "Name doesn't match");
+ "Name doesn't match");
Assert.isTrue("http://docs.oasis-open.org/wsfed/federation/200706".equals(trustedIdp.getProtocol()),
- "Protocol doesn't match");
+ "Protocol doesn't match");
Assert.isTrue(realm.equals(trustedIdp.getRealm()),
- "Realm doesn't match");
+ "Realm doesn't match");
Assert.isTrue(TrustType.INDIRECT_TRUST.equals(trustedIdp.getTrustType()),
"TrustType doesn't match");
Assert.isTrue("Uhttps://localhost:12443/fediz-idp-remote/federation".equals(trustedIdp.getUrl()),
- "Url doesn't match");
+ "Url doesn't match");
Assert.isTrue(trustedIdp.isCacheTokens(), "CacheTokens doesn't match");
-
+
}
-
-
+
+
@Test(expected = DataIntegrityViolationException.class)
public void testTryAddExistingTrustedIdp() {
TrustedIdp trustedIdp = createTrustedIdp("urn:org:apache:cxf:fediz:idp:realm-B");
trustedIdpDAO.addTrustedIDP(trustedIdp);
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testTryRemoveUnknownTrustedIdp() {
trustedIdpDAO.deleteTrustedIDP("urn:org:apache:cxf:fediz:trusted-idp:NOTEXIST");
}
-
-
+
+
@Test(expected = EmptyResultDataAccessException.class)
public void testRemoveExistingTrustedIdp() {
String realm = "urn:org:apache:cxf:fediz:trusted-idp:testdelete";
TrustedIdp trustedIdp = createTrustedIdp(realm);
-
+
trustedIdpDAO.addTrustedIDP(trustedIdp);
-
+
trustedIdpDAO.deleteTrustedIDP(realm);
-
+
trustedIdpDAO.getTrustedIDP(realm);
}
-
-
+
+
private static TrustedIdp createTrustedIdp(String realm) {
TrustedIdp trustedIdp = new TrustedIdp();
trustedIdp.setRealm(realm);
@@ -197,6 +197,6 @@ public class TrustedIdpDAOJPATest {
trustedIdp.setUrl("https://localhost:12443/fediz-idp-remote/federation");
return trustedIdp;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
index 85c369b..1b5929f 100644
--- a/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
+++ b/services/idp-core/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
@@ -33,25 +33,25 @@ import org.springframework.util.Assert;
public class MetadataWriterTest {
private static ApplicationContext applicationContext;
-
+
@BeforeClass
public static void init() {
applicationContext = new ClassPathXmlApplicationContext("/idp-config.xml");
}
-
+
@Test
public void testWriteIDPMetadata() {
ConfigService config = (ConfigService)applicationContext.getBean("config");
Assert.notNull(config, "ConfigService must not be null");
Idp idpConfig = config.getIDP("urn:org:apache:cxf:fediz:idp:realm-A");
Assert.notNull(idpConfig, "IDPConfig must not be null");
-
+
IdpMetadataWriter writer = new IdpMetadataWriter();
Document doc = writer.getMetaData(idpConfig);
Assert.notNull(doc, "doc must not be null");
-
+
System.out.println(DOM2Writer.nodeToString(doc));
-
+
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java
----------------------------------------------------------------------
diff --git a/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java b/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java
index 8c02d11..f8eee73 100644
--- a/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java
+++ b/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/integrationtests/RestITTest.java
@@ -43,7 +43,7 @@ import org.junit.BeforeClass;
import org.junit.Test;
public class RestITTest {
-
+
private static String idpHttpsPort;
private static String realm;
private static Bus bus;
@@ -63,26 +63,26 @@ public class RestITTest {
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
-
+
realm = System.getProperty("realm");
Assert.assertNotNull("Property 'realm' null", realm);
SpringBusFactory bf = new SpringBusFactory();
-
+
URL busFile = RestITTest.class.getResource("/rest-client.xml");
bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
-
+
}
-
+
@AfterClass
public static void cleanup() {
if (bus != null) {
bus.shutdown(true);
}
}
-
+
@Test
public void testGetAllIdps() throws UnsupportedEncodingException, MalformedURLException {
String address = "https://localhost:" + idpHttpsPort + "/" + getContextName() + "/services/rs";
@@ -91,7 +91,7 @@ public class RestITTest {
.request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
.get(Idps.class);
Assert.assertEquals(1L, idps.getIdps().size());
-
+
Idp idp = idps.getIdps().iterator().next();
if ("realm-a".equals(realm)) {
Assert.assertEquals("Certificate doesn't match",
@@ -160,7 +160,7 @@ public class RestITTest {
public void testReadExistingIdpEmbeddedTrustedIdps() throws UnsupportedEncodingException {
String address = "https://localhost:" + idpHttpsPort + "/" + getContextName() + "/services/rs";
Client client = ClientBuilder.newClient();
-
+
if ("realm-a".equals(realm)) {
Idp idp = client.target(address).path("idps/").path("urn:org:apache:cxf:fediz:idp:realm-A")
.request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
@@ -173,13 +173,13 @@ public class RestITTest {
Assert.assertEquals("", "urn:org:apache:cxf:fediz:idp:realm-B", idp.getRealm());
}
}
-
+
@Test
public void testAddClaimToApplication() throws UnsupportedEncodingException {
-
+
String address = "https://localhost:" + idpHttpsPort + "/" + getContextName() + "/services/rs";
Client client = ClientBuilder.newClient();
-
+
String realmToAdd = "urn:org:apache:cxf:fediz:fedizhelloworld:testaddclaim";
Application application = new Application();
application.setRealm(realmToAdd);
@@ -190,29 +190,29 @@ public class RestITTest {
application.setServiceDescription("Fedizhelloworld description");
application.setServiceDisplayName("Fedizhelloworld");
application.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
-
+
Response response = client.target(address).path("applications/")
.request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
.post(Entity.entity(application, MediaType.APPLICATION_XML));
Assert.assertEquals(Status.CREATED.getStatusCode(), response.getStatus());
-
+
//Testcase
RequestClaim requestClaim = new RequestClaim();
requestClaim.setOptional(false);
requestClaim.setClaimType(URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"));
-
+
response = client.target(address).path("applications").path(realmToAdd).path("claims")
.request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
.post(Entity.entity(requestClaim, MediaType.APPLICATION_XML));
Assert.assertEquals(Status.NO_CONTENT.getStatusCode(), response.getStatus());
-
+
application = client.target(address).path("applications").path(realmToAdd).queryParam("expand", "claims")
.request("application/xml").header("Authorization", getBasicAuthentication("admin", "password"))
.get(Application.class);
Assert.assertEquals("Claims size should be 1 instead of " + application.getRequestedClaims().size(),
1, application.getRequestedClaims().size());
}
-
+
private String getBasicAuthentication(String username, String password) throws UnsupportedEncodingException {
String token = username + ":" + password;
return "Basic " + Base64.encode(token.getBytes());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
index 8511aca..527eb74 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
@@ -53,28 +53,28 @@ public class FedizSubjectCreator implements SubjectCreator {
private String issuer;
private long defaultTimeToLive = 3600L;
private Map<String, String> supportedClaims = Collections.emptyMap();
-
+
@Override
- public UserSubject createUserSubject(MessageContext mc,
+ public UserSubject createUserSubject(MessageContext mc,
MultivaluedMap<String, String> params) throws OAuthServiceException {
Principal principal = mc.getSecurityContext().getUserPrincipal();
-
+
if (!(principal instanceof FedizPrincipal)) {
throw new OAuthServiceException("Unsupported Principal");
}
- FedizPrincipal fedizPrincipal = (FedizPrincipal)principal;
-
+ FedizPrincipal fedizPrincipal = (FedizPrincipal)principal;
+
// In the future FedizPrincipal will likely have JWT claims already prepared,
- // with IdToken being initialized here from those claims
+ // with IdToken being initialized here from those claims
OidcUserSubject oidcSub = new OidcUserSubject();
oidcSub.setLogin(fedizPrincipal.getName());
-
+
// Subject ID - a locally unique and never reassigned identifier allocated to the end user
- // REVISIT:
+ // REVISIT:
// Can it be allocated on per-session basis or is it something that is supposed to be created
// by the authentication system (IDP/STS) once and reported every time a given user signs in ?
oidcSub.setId(Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(16)));
-
+
IdToken idToken = convertToIdToken(fedizPrincipal.getLoginToken(),
oidcSub.getLogin(),
oidcSub.getId(),
@@ -84,26 +84,26 @@ public class FedizSubjectCreator implements SubjectCreator {
oidcSub.setIdToken(idToken);
// UserInfo can be populated and set on OidcUserSubject too.
// UserInfoService will create it otherwise.
-
+
return oidcSub;
}
-
- private IdToken convertToIdToken(Element samlToken,
+
+ private IdToken convertToIdToken(Element samlToken,
String subjectName,
String subjectId,
ClaimCollection claims,
List<String> roles,
String requestedClaims) {
// The current SAML Assertion represents an authentication record.
- // It has to be translated into IdToken (JWT) so that it can be returned
+ // It has to be translated into IdToken (JWT) so that it can be returned
// to client applications participating in various OIDC flows.
-
+
IdToken idToken = new IdToken();
-
+
//TODO: make the mapping between the subject name and IdToken claim configurable
idToken.setPreferredUserName(subjectName);
idToken.setSubject(subjectId);
-
+
Assertion saml2Assertion = getSaml2Assertion(samlToken);
if (saml2Assertion != null) {
// issueInstant
@@ -111,7 +111,7 @@ public class FedizSubjectCreator implements SubjectCreator {
if (issueInstant != null) {
idToken.setIssuedAt(issueInstant.getMillis() / 1000);
}
-
+
// expiryTime
if (saml2Assertion.getConditions() != null) {
DateTime expires = saml2Assertion.getConditions().getNotOnOrAfter();
@@ -119,15 +119,15 @@ public class FedizSubjectCreator implements SubjectCreator {
idToken.setExpiryTime(expires.getMillis() / 1000);
}
}
-
+
// authInstant
if (!saml2Assertion.getAuthnStatements().isEmpty()) {
- DateTime authInstant =
+ DateTime authInstant =
saml2Assertion.getAuthnStatements().get(0).getAuthnInstant();
idToken.setAuthenticationTime(authInstant.getMillis() / 1000L);
}
}
- // Check if default issuer, issuedAt and expiryTime values have to be set
+ // Check if default issuer, issuedAt and expiryTime values have to be set
if (issuer != null) {
idToken.setIssuer(issuer);
} else if (saml2Assertion != null) {
@@ -136,7 +136,7 @@ public class FedizSubjectCreator implements SubjectCreator {
idToken.setIssuer(assertionIssuer.getValue());
}
}
-
+
long currentTimeInSecs = System.currentTimeMillis() / 1000;
if (idToken.getIssuedAt() == null) {
idToken.setIssuedAt(currentTimeInSecs);
@@ -144,13 +144,13 @@ public class FedizSubjectCreator implements SubjectCreator {
if (idToken.getExpiryTime() == null) {
idToken.setExpiryTime(currentTimeInSecs + defaultTimeToLive);
}
-
+
// Additional claims requested
List<String> requestedClaimsList = Collections.emptyList();
if (requestedClaims != null && !supportedClaims.isEmpty()) {
requestedClaimsList = Arrays.asList(requestedClaims.trim().split(" "));
}
-
+
// Map claims
if (claims != null) {
String firstName = null;
@@ -179,14 +179,14 @@ public class FedizSubjectCreator implements SubjectCreator {
&& requestedClaimsList.contains(supportedClaims.get(c.getClaimType().toString()))) {
idToken.setClaim(supportedClaims.get(c.getClaimType().toString()), (String)c.getValue());
}
-
+
}
if (firstName != null && lastName != null) {
idToken.setName(firstName + " " + lastName);
}
}
-
- if (roles != null && !roles.isEmpty()
+
+ if (roles != null && !roles.isEmpty()
&& supportedClaims.containsKey(FedizConstants.DEFAULT_ROLE_URI.toString())
&& requestedClaimsList.contains(supportedClaims.get(FedizConstants.DEFAULT_ROLE_URI.toString()))) {
if (roles.size() == 1) {
@@ -195,7 +195,7 @@ public class FedizSubjectCreator implements SubjectCreator {
idToken.setClaim(supportedClaims.get(FedizConstants.DEFAULT_ROLE_URI.toString()), roles);
}
}
-
+
return idToken;
}
@@ -208,15 +208,15 @@ public class FedizSubjectCreator implements SubjectCreator {
} catch (WSSecurityException ex) {
throw new OAuthServiceException("Error converting SAML token", ex);
}
-
+
}
public void setIdTokenIssuer(String idTokenIssuer) {
this.issuer = idTokenIssuer;
}
-
-
+
+
public void setIdTokenTimeToLive(long idTokenTimeToLive) {
this.defaultTimeToLive = idTokenTimeToLive;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
index a14af3b..1882e0a 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
@@ -39,15 +39,15 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
-
+
private static final Logger LOG = LogUtils.getL7dLogger(OAuthDataProviderImpl.class);
-
+
private boolean checkOnlyRegisteredClients;
private boolean persistUnregisteredClients = true;
private String contextName;
private Configuration loginConfig;
-
+
@Override
public Client getClient(String clientId) {
//TODO: push most of this code into the abstract class
@@ -55,11 +55,11 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
if (client != null || checkOnlyRegisteredClients) {
return client;
}
-
+
String grantType = (String)getMessageContext().get(OAuthConstants.GRANT_TYPE);
if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) {
- // Pre-registering the OAuth2 Client representations for
- // "client_credentials" can be difficult.
+ // Pre-registering the OAuth2 Client representations for
+ // "client_credentials" can be difficult.
String clientSecret = (String)getMessageContext().get(OAuthConstants.CLIENT_SECRET);
if (clientSecret != null) {
// Direct authentication with the back-end storage
@@ -82,18 +82,18 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
// with the help of getMessageContext().get(OAuthConstants.GRANT_TYPE)
if (!client.getAllowedGrantTypes().contains(OAuthConstants.CLIENT_CREDENTIALS_GRANT)
&& !requestedScopes.contains(OidcUtils.OPENID_SCOPE)) {
- throw new OAuthServiceException("Required scopes are missing");
+ throw new OAuthServiceException("Required scopes are missing");
}
return super.convertScopeToPermissions(client, requestedScopes);
}
-
+
protected Client authenticateClient(String clientId, String clientSecret) {
if (contextName != null) {
try {
// Login using JAAS
- CallbackHandler callbackHandler =
+ CallbackHandler callbackHandler =
new NamePasswordCallbackHandler(clientId, clientSecret);
- LoginContext ctx = new LoginContext(contextName, null, callbackHandler, loginConfig);
+ LoginContext ctx = new LoginContext(contextName, null, callbackHandler, loginConfig);
ctx.login();
Client client = createClientCredClient(clientId, clientSecret);
ctx.logout();
@@ -109,7 +109,7 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
public void setCheckOnlyRegisteredClients(boolean checkOnlyRegisteredClients) {
this.checkOnlyRegisteredClients = checkOnlyRegisteredClients;
}
-
+
public void setContextName(String contextName) {
this.contextName = contextName;
}
@@ -121,7 +121,7 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
public void setPersistUnregisteredClients(boolean persistUnregisteredClients) {
this.persistUnregisteredClients = persistUnregisteredClients;
}
-
+
protected Client createClientCredClient(String clientId, String password) {
Client c = new Client(clientId, password, true);
c.setAllowedGrantTypes(Collections.singletonList(OAuthConstants.CLIENT_CREDENTIALS_GRANT));
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/PrivateKeyPasswordProviderImpl.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/PrivateKeyPasswordProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/PrivateKeyPasswordProviderImpl.java
index 0e0b9d3..98ff23e 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/PrivateKeyPasswordProviderImpl.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/PrivateKeyPasswordProviderImpl.java
@@ -25,7 +25,7 @@ import org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider;
public class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider {
private String password = "password";
-
+
@Override
public char[] getPassword(Properties props) {
return password.toCharArray();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientCodeGrants.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientCodeGrants.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientCodeGrants.java
index af2b45f..eece486 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientCodeGrants.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientCodeGrants.java
@@ -43,6 +43,6 @@ public class ClientCodeGrants {
public void setCodeGrants(List<ServerAuthorizationCodeGrant> codeGrants) {
this.codeGrants = codeGrants;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
index 3bdf1b9..3ace9ae 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
@@ -73,14 +73,14 @@ public class ClientRegistrationService {
private Map<String, String> homeRealms = new LinkedHashMap<String, String>();
private boolean protectIdTokenWithClientSecret;
private Map<String, String> clientScopes;
-
+
private SecurityContext sc;
@Context
public void setSecurityContext(SecurityContext securityContext) {
this.sc = securityContext;
}
-
+
@GET
@Produces(MediaType.TEXT_HTML)
@Path("/register")
@@ -106,14 +106,14 @@ public class ClientRegistrationService {
}
return null;
}
-
-
+
+
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.TEXT_HTML)
@Path("/{id}/remove")
public RegisteredClients removeClient(@PathParam("id") String id) {
- Collection<Client> clients = getClientRegistrations();
+ Collection<Client> clients = getClientRegistrations();
for (Iterator<Client> it = clients.iterator(); it.hasNext();) {
Client c = it.next();
if (c.getClientId().equals(id)) {
@@ -140,7 +140,7 @@ public class ClientRegistrationService {
clientProvider.setClient(c);
return c;
}
-
+
@GET
@Produces(MediaType.TEXT_HTML)
@Path("/{id}/tokens")
@@ -148,14 +148,14 @@ public class ClientRegistrationService {
Client c = getRegisteredClient(id);
return doGetClientIssuedTokens(c);
}
-
+
protected ClientTokens doGetClientIssuedTokens(Client c) {
Comparator<ServerAccessToken> tokenComp = new TokenComparator();
UserSubject subject = new OidcUserSubject(getUserName());
- List<ServerAccessToken> accessTokens =
+ List<ServerAccessToken> accessTokens =
new ArrayList<ServerAccessToken>(dataProvider.getAccessTokens(c, subject));
Collections.sort(accessTokens, tokenComp);
- List<RefreshToken> refreshTokens =
+ List<RefreshToken> refreshTokens =
new ArrayList<RefreshToken>(dataProvider.getRefreshTokens(c, subject));
Collections.sort(refreshTokens, tokenComp);
return new ClientTokens(c, accessTokens, refreshTokens);
@@ -168,7 +168,7 @@ public class ClientRegistrationService {
@PathParam("tokenId") String tokenId) {
return doRevokeClientToken(clientId, tokenId, OAuthConstants.ACCESS_TOKEN);
}
-
+
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.TEXT_HTML)
@@ -177,7 +177,7 @@ public class ClientRegistrationService {
@PathParam("tokenId") String tokenId) {
return doRevokeClientToken(clientId, tokenId, OAuthConstants.REFRESH_TOKEN);
}
-
+
protected ClientTokens doRevokeClientToken(String clientId,
String tokenId,
String tokenType) {
@@ -185,7 +185,7 @@ public class ClientRegistrationService {
dataProvider.revokeToken(c, tokenId, tokenType);
return doGetClientIssuedTokens(c);
}
-
+
@GET
@Produces(MediaType.TEXT_HTML)
@Path("/{id}/codes")
@@ -200,7 +200,7 @@ public class ClientRegistrationService {
}
return null;
}
-
+
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.TEXT_HTML)
@@ -213,13 +213,13 @@ public class ClientRegistrationService {
}
return null;
}
-
+
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.TEXT_HTML)
@Path("/")
public Response registerForm(@FormParam("client_name") String appName,
- @FormParam("client_type") String appType,
+ @FormParam("client_type") String appType,
@FormParam("client_audience") String audience,
@FormParam("client_redirectURI") String redirectURI,
@FormParam("client_logoutURI") String logoutURI,
@@ -244,17 +244,17 @@ public class ClientRegistrationService {
String clientSecret = isConfidential
? generateClientSecret()
: null;
-
+
Client newClient = new Client(clientId, clientSecret, isConfidential, appName);
-
+
// User who registered this client
String userName = sc.getUserPrincipal().getName();
UserSubject userSubject = new OidcUserSubject(userName);
newClient.setResourceOwnerSubject(userSubject);
-
+
// Client Registration Time
newClient.setRegisteredAt(System.currentTimeMillis() / 1000);
-
+
// Client Realm
if (homeRealm != null) {
newClient.setHomeRealm(homeRealm);
@@ -262,7 +262,7 @@ public class ClientRegistrationService {
newClient.getProperties().put("homeRealmAlias", homeRealms.get(homeRealm));
}
}
-
+
// Client Redirect URIs
if (!StringUtils.isEmpty(redirectURI)) {
String[] allUris = redirectURI.trim().split(" ");
@@ -285,7 +285,7 @@ public class ClientRegistrationService {
//TODO: replace this code with newClient.setLogoutUri() once it becomes available
newClient.getProperties().put("client_logout_uri", logoutURI);
}
-
+
// Client Audience URIs
if (!StringUtils.isEmpty(audience)) {
String[] auds = audience.trim().split(" ");
@@ -300,7 +300,7 @@ public class ClientRegistrationService {
}
newClient.setRegisteredAudiences(registeredAuds);
}
-
+
// Client Scopes
if (clientScopes != null && !clientScopes.isEmpty()) {
newClient.setRegisteredScopes(new ArrayList<String>(clientScopes.keySet()));
@@ -311,16 +311,16 @@ public class ClientRegistrationService {
return Response.ok(new InvalidRegistration(ex.getMessage())).build();
}
}
-
-
+
+
private void throwInvalidRegistrationException(String error) {
throw new InvalidRegistrationException(error);
}
private boolean isValidURI(String uri, boolean requireHttps) {
-
+
UrlValidator urlValidator = null;
-
+
if (requireHttps) {
String[] schemes = {"https"};
urlValidator = new UrlValidator(schemes, UrlValidator.ALLOW_LOCAL_URLS);
@@ -328,11 +328,11 @@ public class ClientRegistrationService {
urlValidator = new UrlValidator(UrlValidator.ALLOW_LOCAL_URLS
+ UrlValidator.ALLOW_ALL_SCHEMES);
}
-
+
if (!urlValidator.isValid(uri)) {
return false;
}
-
+
// Do additional checks on the URI
try {
URI parsedURI = new URI(uri);
@@ -343,7 +343,7 @@ public class ClientRegistrationService {
} catch (URISyntaxException ex) {
return false;
}
-
+
return true;
}
@@ -381,7 +381,7 @@ public class ClientRegistrationService {
newClient.setApplicationName(newName + nextNumber);
}
names.add(newClient.getApplicationName());
-
+
clientProvider.setClient(newClient);
Collection<Client> clientRegistrations = getClientRegistrations();
clientRegistrations.add(newClient);
@@ -445,7 +445,7 @@ public class ClientRegistrationService {
public void setClientProvider(ClientRegistrationProvider clientProvider) {
this.clientProvider = clientProvider;
}
-
+
private static class ClientComparator implements Comparator<Client> {
@Override
@@ -454,7 +454,7 @@ public class ClientRegistrationService {
// example, Sort Clients By Name/Date/etc
return c1.getApplicationName().compareTo(c2.getApplicationName());
}
-
+
}
private static class TokenComparator implements Comparator<ServerAccessToken> {
@@ -462,7 +462,7 @@ public class ClientRegistrationService {
public int compare(ServerAccessToken t1, ServerAccessToken t2) {
return Long.compare(t1.getIssuedAt(), t2.getIssuedAt());
}
-
+
}
private static class CodeGrantComparator implements Comparator<ServerAuthorizationCodeGrant> {
@@ -470,6 +470,6 @@ public class ClientRegistrationService {
public int compare(ServerAuthorizationCodeGrant g1, ServerAuthorizationCodeGrant g2) {
return Long.compare(g1.getIssuedAt(), g2.getIssuedAt());
}
-
+
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientTokens.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientTokens.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientTokens.java
index 32c2859..2932823 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientTokens.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientTokens.java
@@ -29,7 +29,7 @@ public class ClientTokens {
private Client client;
private List<ServerAccessToken> accessTokens = new LinkedList<ServerAccessToken>();
private List<RefreshToken> refreshTokens = new LinkedList<RefreshToken>();
- public ClientTokens(Client c,
+ public ClientTokens(Client c,
List<ServerAccessToken> accessTokens,
List<RefreshToken> refreshTokens) {
this.client = c;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/InvalidRegistration.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/InvalidRegistration.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/InvalidRegistration.java
index c0f54ee..beaa524 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/InvalidRegistration.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/InvalidRegistration.java
@@ -27,5 +27,5 @@ public class InvalidRegistration {
public String getMessage() {
return message;
}
-
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisterClient.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisterClient.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisterClient.java
index b1409f4..2faf0bf 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisterClient.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisterClient.java
@@ -28,6 +28,6 @@ public class RegisterClient {
public Map<String, String> getHomeRealms() {
return homeRealms;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisteredClients.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisteredClients.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisteredClients.java
index 7fb35f3..36b71c6 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisteredClients.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisteredClients.java
@@ -30,6 +30,6 @@ public class RegisteredClients {
public Collection<Client> getClients() {
return clients;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsole.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsole.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsole.java
index 7eaa71e..b8f173c 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsole.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsole.java
@@ -29,5 +29,5 @@ public class UserConsole {
public void setUserName(String userName) {
this.userName = userName;
}
-
+
}
[08/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java
index 83444e5..bde582b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java
@@ -60,19 +60,19 @@ import org.springframework.webflow.execution.RequestContext;
*/
@Component
public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2ProtocolHandler {
-
+
/**
* The facebook API endpoint for querying claims (such as email address). If not specified
* it defaults to "https://graph.facebook.com/v2.6".
*/
public static final String API_ENDPOINT = "api.endpoint";
-
+
/**
- * The Claim to use for the subject username to insert into the SAML Token. It defaults to
+ * The Claim to use for the subject username to insert into the SAML Token. It defaults to
* "email".
*/
public static final String SUBJECT_CLAIM = "subject.claim";
-
+
public static final String PROTOCOL = "facebook-connect";
private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpFacebookProtocolHandler.class);
@@ -88,24 +88,24 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P
String code = (String) WebUtils.getAttributeFromFlowScope(context,
OAuthConstants.CODE_RESPONSE_TYPE);
if (code != null && !code.isEmpty()) {
-
+
String tokenEndpoint = getProperty(trustedIdp, TOKEN_ENDPOINT);
if (tokenEndpoint == null || tokenEndpoint.isEmpty()) {
tokenEndpoint = "https://graph.facebook.com/v2.6/oauth/access_token";
}
-
+
String apiEndpoint = getProperty(trustedIdp, API_ENDPOINT);
if (apiEndpoint == null || apiEndpoint.isEmpty()) {
apiEndpoint = "https://graph.facebook.com/v2.6";
}
-
+
String clientId = getProperty(trustedIdp, CLIENT_ID);
String clientSecret = getProperty(trustedIdp, CLIENT_SECRET);
if (clientSecret == null || clientSecret.isEmpty()) {
LOG.warn("A CLIENT_SECRET must be configured to use the TrustedIdpFacebookProtocolHandler");
throw new IllegalStateException("No CLIENT_SECRET specified");
}
-
+
// Here we need to get the AccessToken using the authorization code
ClientAccessToken accessToken = getAccessTokenUsingCode(tokenEndpoint, code, clientId,
clientSecret, idp.getIdpUrl().toString());
@@ -113,8 +113,8 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P
LOG.warn("No Access Token received from the Facebook IdP");
return null;
}
-
- // Now we need to invoke on the API endpoint using the access token to get the
+
+ // Now we need to invoke on the API endpoint using the access token to get the
// user's claims
String subjectName = getSubjectName(apiEndpoint, accessToken.getTokenKey(), trustedIdp);
try {
@@ -123,25 +123,25 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P
LOG.warn("Home realm is null");
throw new IllegalStateException("Home realm is null");
}
-
+
// Convert into a SAML Token
Date expires = new Date();
expires.setTime(expires.getTime() + (accessToken.getExpiresIn() * 1000L));
SecurityToken idpToken = new SecurityToken(IDGenerator.generateID(null), null, expires);
- SamlAssertionWrapper assertion =
+ SamlAssertionWrapper assertion =
createSamlAssertion(idp, trustedIdp, subjectName, null, expires);
Document doc = DOMUtils.createDocument();
Element token = assertion.toDOM(doc);
-
- // Create new Security token with new id.
+
+ // Create new Security token with new id.
// Parameters for freshness computation are copied from original IDP_TOKEN
idpToken.setToken(token);
-
+
LOG.info("[IDP_TOKEN={}] for user '{}' issued by home realm [{}]",
- assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(),
+ assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(),
whr);
LOG.debug("Expired date={}", expires);
-
+
return idpToken;
} catch (IllegalStateException ex) {
throw ex;
@@ -152,23 +152,23 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P
}
return null;
}
-
+
private ClientAccessToken getAccessTokenUsingCode(String tokenEndpoint, String code, String clientId,
String clientSecret, String redirectURI) {
// Here we need to get the AccessToken using the authorization code
List<Object> providers = new ArrayList<>();
providers.add(new OAuthJSONProvider());
-
- WebClient client =
+
+ WebClient client =
WebClient.create(tokenEndpoint, providers, "cxf-tls.xml");
-
+
ClientConfiguration config = WebClient.getConfig(client);
if (LOG.isDebugEnabled()) {
config.getOutInterceptors().add(new LoggingOutInterceptor());
config.getInInterceptors().add(new LoggingInInterceptor());
}
-
+
client.type("application/x-www-form-urlencoded");
client.accept("application/json");
@@ -182,10 +182,10 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P
return response.readEntity(ClientAccessToken.class);
}
-
+
private String getSubjectName(String apiEndpoint, String accessToken, TrustedIdp trustedIdp) {
- WebClient client = WebClient.create(apiEndpoint,
- Collections.singletonList(new JsonMapObjectProvider()),
+ WebClient client = WebClient.create(apiEndpoint,
+ Collections.singletonList(new JsonMapObjectProvider()),
"cxf-tls.xml");
client.path("/me");
ClientConfiguration config = WebClient.getConfig(client);
@@ -197,27 +197,27 @@ public class TrustedIdpFacebookProtocolHandler extends AbstractTrustedIdpOAuth2P
client.accept("application/json");
client.query("access_token", accessToken);
-
+
String subjectName = getProperty(trustedIdp, SUBJECT_CLAIM);
if (subjectName == null || subjectName.isEmpty()) {
subjectName = "email";
}
client.query("fields", subjectName);
JsonMapObject mapObject = client.get(JsonMapObject.class);
-
+
String parsedSubjectName = (String)mapObject.getProperty(subjectName);
if (subjectName.contains("email")) {
parsedSubjectName = parsedSubjectName.replace("\\u0040", "@");
}
return parsedSubjectName;
}
-
+
protected String getScope(TrustedIdp trustedIdp) {
String scope = getProperty(trustedIdp, SCOPE);
if (scope != null) {
scope = scope.trim();
}
-
+
if (scope == null || scope.isEmpty()) {
scope = "email";
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
index 47a318d..96d56e6 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
@@ -72,29 +72,29 @@ import org.springframework.webflow.execution.RequestContext;
*/
@Component
public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2ProtocolHandler {
-
+
/**
* The signature algorithm to use in verifying the IdToken. The default is "RS256".
*/
public static final String SIGNATURE_ALGORITHM = "signature.algorithm";
-
+
/**
- * The Claim in which to extract the Subject username to insert into the generated SAML token.
+ * The Claim in which to extract the Subject username to insert into the generated SAML token.
* It defaults to "preferred_username", otherwise it falls back to the "sub" claim.
*/
public static final String SUBJECT_CLAIM = "subject.claim";
-
+
/**
* Additional (space-separated) parameters to be sent in the "scope" to the authorization endpoint.
- * Fediz will automatically use "openid" for this value.
+ * Fediz will automatically use "openid" for this value.
*/
public static final String SCOPE = "scope";
-
+
/**
* The URI from which to retrieve the JSON Web Keys to validate the signed IdToken.
*/
public static final String JWKS_URI = "jwks.uri";
-
+
public static final String PROTOCOL = "openid-connect-1.0";
private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpOIDCProtocolHandler.class);
@@ -110,34 +110,34 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto
String code = (String) WebUtils.getAttributeFromFlowScope(context,
OAuthConstants.CODE_RESPONSE_TYPE);
if (code != null && !code.isEmpty()) {
-
+
String tokenEndpoint = getProperty(trustedIdp, TOKEN_ENDPOINT);
if (tokenEndpoint == null || tokenEndpoint.isEmpty()) {
LOG.warn("A TOKEN_ENDPOINT must be configured to use the OIDCProtocolHandler");
throw new IllegalStateException("No TOKEN_ENDPOINT specified");
}
-
+
String clientId = getProperty(trustedIdp, CLIENT_ID);
String clientSecret = getProperty(trustedIdp, CLIENT_SECRET);
if (clientSecret == null || clientSecret.isEmpty()) {
LOG.warn("A CLIENT_SECRET must be configured to use the OIDCProtocolHandler");
throw new IllegalStateException("No CLIENT_SECRET specified");
}
-
+
// Here we need to get the IdToken using the authorization code
List<Object> providers = new ArrayList<>();
providers.add(new OAuthJSONProvider());
-
- WebClient client =
+
+ WebClient client =
WebClient.create(tokenEndpoint, providers, clientId, clientSecret, "cxf-tls.xml");
-
+
ClientConfiguration config = WebClient.getConfig(client);
if (LOG.isDebugEnabled()) {
config.getOutInterceptors().add(new LoggingOutInterceptor());
config.getInInterceptors().add(new LoggingInInterceptor());
}
-
+
client.type("application/x-www-form-urlencoded").accept("application/json");
Form form = new Form();
@@ -153,50 +153,50 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto
LOG.warn("No IdToken received from the OIDC IdP");
return null;
}
-
+
client.close();
-
+
try {
String whr = (String) WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
if (whr == null) {
LOG.warn("Home realm is null");
throw new IllegalStateException("Home realm is null");
}
-
+
// Parse the received Token
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
JwtToken jwt = jwtConsumer.getJwtToken();
-
+
if (jwt != null && jwt.getClaims() != null && LOG.isDebugEnabled()) {
LOG.debug("Received Claims:");
for (Map.Entry<String, Object> claim : jwt.getClaims().asMap().entrySet()) {
LOG.debug(claim.getKey() + ": " + claim.getValue());
}
}
-
+
if (jwt != null && jwt.getJwsHeaders() != null && LOG.isDebugEnabled()) {
LOG.debug("Received JWS Headers:");
for (Map.Entry<String, Object> header : jwt.getJwsHeaders().asMap().entrySet()) {
LOG.debug(header.getKey() + ": " + header.getValue());
}
}
-
+
if (!validateSignature(trustedIdp, jwtConsumer)) {
LOG.warn("Signature does not validate");
return null;
}
-
+
// Make sure the received token is valid according to the spec
validateToken(jwt, clientId);
-
+
Date created = new Date((long)jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT) * 1000L);
Date notBefore = null;
if (jwt.getClaim(JwtConstants.CLAIM_NOT_BEFORE) != null) {
notBefore = new Date((long)jwt.getClaim(JwtConstants.CLAIM_NOT_BEFORE) * 1000L);
- }
-
+ }
+
Date expires = new Date((long)jwt.getClaim(JwtConstants.CLAIM_EXPIRY) * 1000L);
-
+
// Subject
String subjectName = getProperty(trustedIdp, SUBJECT_CLAIM);
LOG.debug("Trying to extract subject name using the claim name {}", subjectName);
@@ -210,24 +210,24 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto
+ "Falling back to use {}", subjectName);
}
}
-
+
// Convert into a SAML Token
- SamlAssertionWrapper assertion =
+ SamlAssertionWrapper assertion =
createSamlAssertion(idp, trustedIdp, (String)jwt.getClaim(subjectName), notBefore, expires);
Document doc = DOMUtils.createDocument();
Element token = assertion.toDOM(doc);
-
- // Create new Security token with new id.
+
+ // Create new Security token with new id.
// Parameters for freshness computation are copied from original IDP_TOKEN
SecurityToken idpToken = new SecurityToken(assertion.getId(), created, expires);
idpToken.setToken(token);
-
+
LOG.info("[IDP_TOKEN={}] for user '{}' created from [RP_TOKEN={}] issued by home realm [{}/{}]",
- assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(),
+ assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(),
jwt.getClaim(JwtConstants.CLAIM_JWT_ID), whr, jwt.getClaim(JwtConstants.CLAIM_ISSUER));
LOG.debug("Created date={}", created);
LOG.debug("Expired date={}", expires);
-
+
return idpToken;
} catch (IllegalStateException ex) {
throw ex;
@@ -238,7 +238,7 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto
}
return null;
}
-
+
protected void validateToken(JwtToken jwt, String clientId) {
// We must have the following claims
if (jwt.getClaim(JwtConstants.CLAIM_ISSUER) == null
@@ -249,7 +249,7 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto
LOG.warn("The IdToken is missing a required claim");
throw new IllegalStateException("The IdToken is missing a required claim");
}
-
+
// The audience must match the client_id of this client
boolean match = false;
for (String audience : jwt.getClaims().getAudiences()) {
@@ -262,61 +262,61 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto
LOG.warn("The audience of the token does not match this client");
throw new IllegalStateException("The audience of the token does not match this client");
}
-
+
JwtUtils.validateTokenClaims(jwt.getClaims(), 300, 0, false);
}
-
- private boolean validateSignature(TrustedIdp trustedIdp, JwsJwtCompactConsumer jwtConsumer)
- throws CertificateException, WSSecurityException, Base64DecodingException,
+
+ private boolean validateSignature(TrustedIdp trustedIdp, JwsJwtCompactConsumer jwtConsumer)
+ throws CertificateException, WSSecurityException, Base64DecodingException,
ProcessingException, IOException {
-
+
// Validate the Signature
String sigAlgo = getProperty(trustedIdp, SIGNATURE_ALGORITHM);
if (sigAlgo == null || sigAlgo.isEmpty()) {
sigAlgo = "RS256";
}
-
+
JwtToken jwt = jwtConsumer.getJwtToken();
String jwksUri = getProperty(trustedIdp, JWKS_URI);
JsonWebKey verifyingKey = null;
-
- if (jwksUri != null && jwt.getJwsHeaders() != null
+
+ if (jwksUri != null && jwt.getJwsHeaders() != null
&& jwt.getJwsHeaders().containsHeader(JoseConstants.HEADER_KEY_ID)) {
String kid = (String)jwt.getJwsHeaders().getHeader(JoseConstants.HEADER_KEY_ID);
LOG.debug("Attemping to retrieve key id {} from uri {}", kid, jwksUri);
List<Object> jsonKeyProviders = new ArrayList<>();
jsonKeyProviders.add(new JsonWebKeysProvider());
-
- WebClient client =
+
+ WebClient client =
WebClient.create(jwksUri, jsonKeyProviders, "cxf-tls.xml");
client.accept("application/json");
-
+
ClientConfiguration config = WebClient.getConfig(client);
if (LOG.isDebugEnabled()) {
config.getOutInterceptors().add(new LoggingOutInterceptor());
config.getInInterceptors().add(new LoggingInInterceptor());
}
-
+
Response response = client.get();
JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
if (jsonWebKeys != null) {
verifyingKey = jsonWebKeys.getKey(kid);
}
}
-
+
if (verifyingKey != null) {
return jwtConsumer.verifySignatureWith(verifyingKey, SignatureAlgorithm.getAlgorithm(sigAlgo));
}
-
+
X509Certificate validatingCert = CertsUtils.parseX509Certificate(trustedIdp.getCertificate());
if (validatingCert != null) {
return jwtConsumer.verifySignatureWith(validatingCert, SignatureAlgorithm.getAlgorithm(sigAlgo));
}
-
+
LOG.warn("No key supplied to verify the signature of the IdToken");
return false;
}
-
+
protected String getScope(TrustedIdp trustedIdp) {
String scope = getProperty(trustedIdp, SCOPE);
if (scope != null) {
@@ -325,7 +325,7 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpOAuth2Proto
scope = "openid " + scope;
}
}
-
+
if (scope == null || scope.isEmpty()) {
scope = "openid";
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java
index 31bc572..1d7c050 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpProtocolControllerImpl.java
@@ -33,10 +33,10 @@ import org.springframework.stereotype.Component;
public class TrustedIdpProtocolControllerImpl implements ProtocolController<TrustedIdpProtocolHandler> {
private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpProtocolControllerImpl.class);
-
+
@Autowired
private List<TrustedIdpProtocolHandler> protocolHandlers;
-
+
@Override
public TrustedIdpProtocolHandler getProtocolHandler(String protocol) {
for (TrustedIdpProtocolHandler protocolHandler : protocolHandlers) {
@@ -47,7 +47,7 @@ public class TrustedIdpProtocolControllerImpl implements ProtocolController<Trus
LOG.warn("No protocol handler found for {}", protocol);
return null;
}
-
+
@Override
public List<String> getProtocols() {
List<String> protocols = new ArrayList<>();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 7b8c3eb..b256c3e 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -80,28 +80,28 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
* Whether to sign the request or not. The default is "true".
*/
public static final String SIGN_REQUEST = "sign.request";
-
+
/**
* Whether to require a KeyInfo or not when processing a (signed) Response. The default is "true".
*/
public static final String REQUIRE_KEYINFO = "require.keyinfo";
-
+
/**
* Whether the assertions contained in the Response must be signed or not (if the response itself
* is not signed). The default is "true".
*/
public static final String REQUIRE_SIGNED_ASSERTIONS = "require.signed.assertions";
-
+
/**
* Whether we have to "know" the issuer of the SAML Response or not. The default is "true".
*/
public static final String REQUIRE_KNOWN_ISSUER = "require.known.issuer";
-
+
/**
* Whether we BASE-64 decode the response or not. The default is "true".
*/
public static final String SUPPORT_BASE64_ENCODING = "support.base64.encoding";
-
+
/**
* Whether we support Deflate encoding or not. The default is "false".
*/
@@ -131,11 +131,11 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
authnRequestBuilder.createAuthnRequest(
null, idp.getRealm(), idp.getIdpUrl().toString()
);
-
+
boolean signRequest = isBooleanPropertyConfigured(trustedIdp, SIGN_REQUEST, true);
if (signRequest) {
authnRequest.setDestination(trustedIdp.getUrl());
@@ -148,13 +148,13 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
UriBuilder ub = UriBuilder.fromUri(trustedIdp.getUrl());
ub.queryParam(SSOConstants.SAML_REQUEST, urlEncodedRequest);
-
+
String wctx = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT);
ub.queryParam(SSOConstants.RELAY_STATE, wctx);
if (signRequest) {
signRequest(urlEncodedRequest, wctx, idp, ub);
}
-
+
// Store the Request ID
String authnRequestId = authnRequest.getID();
WebUtils.putAttributeInExternalContext(context, SAML_SSO_REQUEST_ID, authnRequestId);
@@ -180,23 +180,23 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp) {
try {
- String encodedSAMLResponse = (String) WebUtils.getAttributeFromFlowScope(context,
+ String encodedSAMLResponse = (String) WebUtils.getAttributeFromFlowScope(context,
SSOConstants.SAML_RESPONSE);
-
+
// Read the response + convert to an OpenSAML Response Object
- org.opensaml.saml.saml2.core.Response samlResponse =
+ org.opensaml.saml.saml2.core.Response samlResponse =
readSAMLResponse(encodedSAMLResponse, trustedIdp);
-
+
Crypto crypto = CertsUtils.getCryptoFromCertificate(trustedIdp.getCertificate());
validateSamlResponseProtocol(samlResponse, crypto, trustedIdp);
// Validate the Response
- SSOValidatorResponse validatorResponse =
+ SSOValidatorResponse validatorResponse =
validateSamlSSOResponse(samlResponse, idp, trustedIdp, context);
- // Create new Security token with new id.
+ // Create new Security token with new id.
// Parameters for freshness computation are copied from original IDP_TOKEN
String id = IDGenerator.generateID("_");
- SecurityToken idpToken =
+ SecurityToken idpToken =
new SecurityToken(id, validatorResponse.getCreated(), validatorResponse.getSessionNotOnOrAfter());
idpToken.setToken(validatorResponse.getAssertionElement());
@@ -217,10 +217,10 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
throw new IllegalStateException("Unexpected exception occured: " + ex.getMessage());
}
}
-
+
private String encodeAuthnRequest(Element authnRequest) throws IOException {
String requestMessage = DOM2Writer.nodeToString(authnRequest);
-
+
if (LOG.isDebugEnabled()) {
LOG.debug(requestMessage);
}
@@ -230,7 +230,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
return Base64Utility.encode(deflatedBytes);
}
-
+
/**
* Sign a request according to the redirect binding spec for Web SSO
*/
@@ -245,7 +245,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
LOG.error("No crypto instance of properties file configured for signature");
throw new IllegalStateException("Invalid IdP configuration");
}
-
+
String alias = crypto.getDefaultX509Identifier();
X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, alias);
if (cert == null) {
@@ -262,29 +262,29 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
jceSigAlgo = "SHA1withDSA";
}
LOG.debug("Using Signature algorithm " + sigAlgo);
-
+
ub.queryParam(SSOConstants.SIG_ALG, URLEncoder.encode(sigAlgo, "UTF-8"));
-
+
// Get the password
String password = config.getCertificatePassword();
-
+
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey(alias, password);
-
+
// Sign the request
Signature signature = Signature.getInstance(jceSigAlgo);
signature.initSign(privateKey);
-
- String requestToSign =
+
+ String requestToSign =
SSOConstants.SAML_REQUEST + "=" + authnRequest + "&"
+ SSOConstants.RELAY_STATE + "=" + relayState + "&"
+ SSOConstants.SIG_ALG + "=" + URLEncoder.encode(sigAlgo, "UTF-8");
signature.update(requestToSign.getBytes("UTF-8"));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
ub.queryParam(SSOConstants.SIGNATURE, URLEncoder.encode(encodedSignature, "UTF-8"));
}
@@ -294,14 +294,14 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
}
String samlResponseDecoded = samlResponse;
-
+
InputStream tokenStream = null;
if (isBooleanPropertyConfigured(trustedIdp, SUPPORT_BASE64_ENCODING, true)) {
try {
byte[] deflatedToken = Base64Utility.decode(samlResponseDecoded);
tokenStream = isBooleanPropertyConfigured(trustedIdp, SUPPORT_DEFLATE_ENCODING, false)
? new DeflateEncoderDecoder().inflateToken(deflatedToken)
- : new ByteArrayInputStream(deflatedToken);
+ : new ByteArrayInputStream(deflatedToken);
} catch (Base64Exception ex) {
throw ExceptionUtils.toBadRequestException(ex, null);
} catch (DataFormatException ex) {
@@ -321,9 +321,9 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
} catch (Exception ex) {
throw new WebApplicationException(400);
}
-
+
LOG.debug("Received response: " + DOM2Writer.nodeToString(responseDoc.getDocumentElement()));
-
+
XMLObject responseObject = null;
try {
responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
@@ -336,7 +336,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
return (org.opensaml.saml.saml2.core.Response)responseObject;
}
-
+
/**
* Validate the received SAML Response as per the protocol
*/
@@ -353,13 +353,13 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
throw ExceptionUtils.toBadRequestException(null, null);
}
}
-
+
/**
* Validate the received SAML Response as per the Web SSO profile
*/
private SSOValidatorResponse validateSamlSSOResponse(
org.opensaml.saml.saml2.core.Response samlResponse,
- Idp idp,
+ Idp idp,
TrustedIdp trustedIdp,
RequestContext requestContext
) {
@@ -378,9 +378,9 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
}
LOG.debug("Using {} for issuer validation", issuer);
ssoResponseValidator.setIssuerIDP(issuer);
-
+
// Get the stored request ID
- String requestId =
+ String requestId =
(String)WebUtils.getAttributeFromExternalContext(requestContext, SAML_SSO_REQUEST_ID);
ssoResponseValidator.setRequestId(requestId);
ssoResponseValidator.setSpIdentifier(idp.getRealm());
@@ -388,7 +388,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
isBooleanPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS, true));
ssoResponseValidator.setEnforceKnownIssuer(
isBooleanPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true));
-
+
HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
boolean post = "POST".equals(httpServletRequest.getMethod());
if (post) {
@@ -401,11 +401,11 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
throw ExceptionUtils.toBadRequestException(ex, null);
}
}
-
+
public void setReplayCache(TokenReplayCache<String> replayCache) {
this.replayCache = replayCache;
}
-
+
public TokenReplayCache<String> getReplayCache() {
if (replayCache == null) {
replayCache = new EHCacheTokenReplayCache();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
index ea8feb4..a3f5615 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
@@ -59,12 +59,12 @@ import org.springframework.webflow.execution.RequestContext;
@Component
public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHandler {
-
+
/**
* Whether to add the home realm parameter to the URL for redirection or not. The default is "true".
*/
public static final String HOME_REALM_PROPAGATION = "home.realm.propagation";
-
+
public static final String PROTOCOL = "http://docs.oasis-open.org/wsfed/federation/200706";
private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpWSFedProtocolHandler.class);
@@ -73,10 +73,10 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
public String getProtocol() {
return PROTOCOL;
}
-
+
@Override
public URL mapSignInRequest(RequestContext context, Idp idp, TrustedIdp trustedIdp) {
-
+
try {
StringBuilder sb = new StringBuilder();
sb.append(trustedIdp.getUrl());
@@ -86,12 +86,12 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
sb.append(URLEncoder.encode(idp.getRealm(), "UTF-8"));
sb.append("&").append(FederationConstants.PARAM_REPLY).append('=');
sb.append(URLEncoder.encode(idp.getIdpUrl().toString(), "UTF-8"));
-
+
if (isBooleanPropertyConfigured(trustedIdp, HOME_REALM_PROPAGATION, true)) {
sb.append("&").append(FederationConstants.PARAM_HOME_REALM).append('=');
sb.append(trustedIdp.getRealm());
}
-
+
String wfresh = context.getFlowScope().getString(FederationConstants.PARAM_FRESHNESS);
if (wfresh != null) {
sb.append("&").append(FederationConstants.PARAM_FRESHNESS).append('=');
@@ -100,7 +100,7 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
String wctx = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT);
sb.append("&").append(FederationConstants.PARAM_CONTEXT).append('=');
sb.append(wctx);
-
+
return new URL(sb.toString());
} catch (MalformedURLException ex) {
LOG.error("Invalid Redirect URL for Trusted Idp", ex);
@@ -110,45 +110,45 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
throw new IllegalStateException("Invalid Redirect URL for Trusted Idp");
}
}
-
+
@Override
public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp) {
try {
String whr = (String) WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
-
+
if (whr == null) {
LOG.warn("Home realm is null");
throw new IllegalStateException("Home realm is null");
}
-
+
String wresult = (String) WebUtils.getAttributeFromFlowScope(context,
FederationConstants.PARAM_RESULT);
-
+
if (wresult == null) {
LOG.warn("Parameter wresult not found");
throw new IllegalStateException("No security token issued");
}
-
+
FedizContext fedContext = getFedizContext(idp, trustedIdp);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(wresult);
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfResp = wfProc.processRequest(wfReq, fedContext);
-
+
fedContext.close();
-
+
Element e = wfResp.getToken();
-
- // Create new Security token with new id.
+
+ // Create new Security token with new id.
// Parameters for freshness computation are copied from original IDP_TOKEN
String id = IDGenerator.generateID("_");
SecurityToken idpToken = new SecurityToken(id,
wfResp.getTokenCreated(), wfResp.getTokenExpires());
-
+
idpToken.setToken(e);
LOG.info("[IDP_TOKEN={}] for user '{}' created from [RP_TOKEN={}] issued by home realm [{}/{}]",
id, wfResp.getUsername(), wfResp.getUniqueTokenId(), whr, wfResp.getIssuer());
@@ -166,8 +166,8 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
throw new IllegalStateException("Unexpected exception occured: " + ex.getMessage());
}
}
-
-
+
+
private FedizContext getFedizContext(Idp idpConfig,
TrustedIdp trustedIdpConfig) throws ProcessingException {
@@ -190,7 +190,7 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
certStores.getTrustManager().add(tm0);
config.setCertificateStores(certStores);
}
-
+
// Configure trusted IDP
TrustedIssuers trustedIssuers = new TrustedIssuers();
TrustedIssuerType ti0 = new TrustedIssuerType();
@@ -210,7 +210,7 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
FedizContext fedContext = new FedizContext(config);
if (!isCertificateLocation) {
CertificateStore cs = null;
-
+
X509Certificate cert;
try {
cert = CertsUtils.parseX509Certificate(trustedIdpConfig.getCertificate());
@@ -219,13 +219,13 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
throw new ProcessingException("Failed to parse trusted certificate");
}
cs = new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0]));
-
+
TrustManager tm = new TrustManager(cs);
fedContext.getCertificateStores().add(tm);
}
-
+
fedContext.init();
return fedContext;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
index 2034dca..cb1365f 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationService.java
@@ -63,22 +63,22 @@ public interface ApplicationService {
@POST
@PreAuthorize("hasRole('APPLICATION_CREATE')")
Response addApplication(@Context UriInfo ui, Application service);
-
+
@PUT
@Path("{realm}")
@PreAuthorize("hasRole('APPLICATION_UPDATE')")
Response updateApplication(@Context UriInfo ui, @PathParam("realm") String realm, Application application);
-
+
@DELETE
@Path("{realm}")
@PreAuthorize("hasRole('APPLICATION_DELETE')")
Response deleteApplication(@PathParam("realm") String realm);
-
+
@POST
@Path("{realm}/claims")
@PreAuthorize("hasRole('APPLICATION_UPDATE')")
Response addClaimToApplication(@Context UriInfo ui, @PathParam("realm") String realm, RequestClaim claim);
-
+
@DELETE
@Path("{realm}/claims/{claimType}")
@PreAuthorize("hasRole('APPLICATION_UPDATE')")
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java
index 1b2f6ff..8861744 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java
@@ -48,24 +48,24 @@ public class ApplicationServiceImpl implements ApplicationService {
@Autowired
private ApplicationDAO applicationDAO;
-
+
@Autowired
private ClaimDAO claimDAO;
-
+
@Override
public Applications getApplications(int start, int size, List<String> expand, UriInfo uriInfo) {
List<Application> applications = applicationDAO.getApplications(start, size, expand);
-
+
for (Application a : applications) {
URI self = uriInfo.getAbsolutePathBuilder().path(a.getRealm()).build();
a.setHref(self);
}
-
+
Applications list = new Applications();
list.setApplications(applications);
return list;
}
-
+
@Override
public Application getApplication(String realm, List<String> expand) {
Application application = applicationDAO.getApplication(realm, expand);
@@ -75,7 +75,7 @@ public class ApplicationServiceImpl implements ApplicationService {
return application;
}
}
-
+
@Override
public Response addApplication(UriInfo ui, Application application) {
LOG.info("add Service config");
@@ -84,13 +84,13 @@ public class ApplicationServiceImpl implements ApplicationService {
throw new WebApplicationException(Status.BAD_REQUEST);
}
Application createdApplication = applicationDAO.addApplication(application);
-
+
UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
uriBuilder.path("{index}");
URI location = uriBuilder.build(createdApplication.getRealm());
return Response.created(location).entity(application).build();
}
-
+
@Override
public Response updateApplication(UriInfo ui, String realm, Application application) {
if (!realm.equals(application.getRealm().toString())) {
@@ -101,17 +101,17 @@ public class ApplicationServiceImpl implements ApplicationService {
throw new WebApplicationException(Status.BAD_REQUEST);
}
applicationDAO.updateApplication(realm, application);
-
+
return Response.noContent().build();
}
-
+
@Override
public Response deleteApplication(String realm) {
applicationDAO.deleteApplication(realm);
-
+
return Response.noContent().build();
}
-
+
@Override
public Response addClaimToApplication(UriInfo ui, String realm, RequestClaim claim) {
Application application = applicationDAO.getApplication(realm, null);
@@ -124,15 +124,15 @@ public class ApplicationServiceImpl implements ApplicationService {
RequestClaim rc = new RequestClaim(foundClaim);
application.getRequestedClaims().add(rc);
applicationDAO.addClaimToApplication(application, claim);
-
+
return Response.noContent().build();
}
-
+
@Override
public Response removeClaimFromApplication(UriInfo ui, String realm, String claimType) {
Application application = applicationDAO.getApplication(realm, null);
-
- RequestClaim foundItem = null;
+
+ RequestClaim foundItem = null;
for (RequestClaim item : application.getRequestedClaims()) {
if (item.getClaimType().toString().equals(claimType)) {
foundItem = item;
@@ -145,7 +145,7 @@ public class ApplicationServiceImpl implements ApplicationService {
}
application.getRequestedClaims().remove(foundItem);
applicationDAO.removeClaimFromApplication(application, foundItem);
-
+
return Response.noContent().build();
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
index 47dac60..ce0d1a9 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimService.java
@@ -49,7 +49,7 @@ public interface ClaimService {
Response getClaims(@QueryParam("start") int start,
@QueryParam("size") @DefaultValue("2") int size,
@Context UriInfo uriInfo);
-
+
@GET
@Path("{claimType}")
@PreAuthorize("hasRole('CLAIM_READ')")
@@ -58,12 +58,12 @@ public interface ClaimService {
@POST
@PreAuthorize("hasRole('CLAIM_CREATE')")
Response addClaim(@Context UriInfo ui, Claim claim);
-
+
@PUT
@Path("{claimType}")
@PreAuthorize("hasRole('CLAIM_UPDATE')")
Response updateClaim(@Context UriInfo ui, @PathParam("claimType") String claimType, Claim claim);
-
+
@DELETE
@Path("{claimType}")
@PreAuthorize("hasRole('CLAIM_DELETE')")
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java
index 141bfab..965485b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java
@@ -47,32 +47,32 @@ public class ClaimServiceImpl implements ClaimService {
@Override
public Response getClaims(int start, int size, UriInfo uriInfo) {
List<Claim> claims = claimDAO.getClaims(start, size);
-
+
for (Claim c : claims) {
URI self = uriInfo.getAbsolutePathBuilder().path(c.getClaimType().toString()).build();
c.setHref(self);
}
-
+
Claims list = new Claims();
list.setClaims(claims);
-
-
+
+
//return Response.ok(list).type(MediaType.APPLICATION_JSON_TYPE).build();
return Response.ok(list).build();
}
-
+
@Override
public Response addClaim(UriInfo ui, Claim claim) {
LOG.info("add Claim config");
-
+
Claim createdClaim = claimDAO.addClaim(claim);
-
+
UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
uriBuilder.path("{index}");
URI location = uriBuilder.build(createdClaim.getClaimType().toString());
return Response.created(location).entity(claim).build();
}
-
+
@Override
public Claim getClaim(String claimType) {
Claim claim = claimDAO.getClaim(claimType);
@@ -89,18 +89,18 @@ public class ClaimServiceImpl implements ClaimService {
throw new BadRequestException();
}
claimDAO.updateClaim(claimType, claim);
-
+
return Response.noContent().build();
}
@Override
public Response deleteClaim(String claimType) {
claimDAO.deleteClaim(claimType);
-
+
return Response.noContent().build();
}
-
-
+
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java
index 4bc392c..951f332 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementService.java
@@ -58,16 +58,16 @@ public interface EntitlementService {
@POST
@PreAuthorize("hasRole('ENTITLEMENT_CREATE')")
Response addEntitlement(@Context UriInfo ui, Entitlement entitlement);
-
+
@PUT
@Path("{name}")
@PreAuthorize("hasRole('ENTITLEMENT_UPDATE')")
Response updateEntitlement(@Context UriInfo ui, @PathParam("name") String name, Entitlement entitlement);
-
+
@DELETE
@Path("{name}")
@PreAuthorize("hasRole('ENTITLEMENT_DELETE')")
Response deleteEntitlement(@PathParam("name") String name);
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java
index 9c89c04..b71672b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/EntitlementServiceImpl.java
@@ -47,25 +47,25 @@ public class EntitlementServiceImpl implements EntitlementService {
@Override
public Entitlements getEntitlements(int start, int size, UriInfo uriInfo) {
List<Entitlement> entitlements = entitlementDAO.getEntitlements(start, size);
-
+
Entitlements list = new Entitlements();
list.setEntitlements(entitlements);
-
+
return list;
}
-
+
@Override
public Response addEntitlement(UriInfo ui, Entitlement entitlement) {
Entitlement createdEntitlement = entitlementDAO.addEntitlement(entitlement);
-
+
UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
uriBuilder.path("{index}");
URI location = uriBuilder.build(createdEntitlement.getName());
-
+
LOG.debug("Entitlement '" + createdEntitlement.getName() + "' added");
return Response.created(location).entity(entitlement).build();
}
-
+
@Override
public Entitlement getEntitlement(String name) {
Entitlement entitlement = entitlementDAO.getEntitlement(name);
@@ -82,7 +82,7 @@ public class EntitlementServiceImpl implements EntitlementService {
throw new BadRequestException();
}
entitlementDAO.updateEntitlement(name, entitlement);
-
+
LOG.debug("Entitlement '" + entitlement.getName() + "' updated");
return Response.noContent().build();
}
@@ -90,7 +90,7 @@ public class EntitlementServiceImpl implements EntitlementService {
@Override
public Response deleteEntitlement(String name) {
entitlementDAO.deleteEntitlement(name);
-
+
LOG.debug("Entitlement '" + name + "' deleted");
return Response.noContent().build();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java
index b4692e8..c51fb5c 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpService.java
@@ -64,51 +64,51 @@ public interface IdpService {
@POST
@PreAuthorize("hasRole('IDP_CREATE')")
Response addIdp(@Context UriInfo ui, Idp idp);
-
+
@PUT
@Path("{realm}")
@PreAuthorize("hasRole('IDP_UPDATE')")
Response updateIdp(@Context UriInfo ui, @PathParam("realm") String realm, Idp idp);
-
+
@DELETE
@Path("{realm}")
@PreAuthorize("hasRole('IDP_DELETE')")
Response deleteIdp(@PathParam("realm") String realm);
-
+
@POST
@Path("{realm}/applications")
@PreAuthorize("hasRole('IDP_UPDATE')")
Response addApplicationToIdp(@Context UriInfo ui, @PathParam("realm") String realm,
Application application);
-
+
@DELETE
@Path("{realm}/applications/{realmApplication}")
@PreAuthorize("hasRole('IDP_UPDATE')")
Response removeApplicationFromIdp(@Context UriInfo ui, @PathParam("realm") String realm,
@PathParam("realmApplication") String applicationRealm);
-
+
@POST
@Path("{realm}/trusted-idps")
@PreAuthorize("hasRole('IDP_UPDATE')")
Response addTrustedIdpToIdp(@Context UriInfo ui, @PathParam("realm") String realm,
TrustedIdp trustedIdp);
-
+
@DELETE
@Path("{realm}/trusted-idps/{realmTrustedIdp}")
@PreAuthorize("hasRole('IDP_UPDATE')")
Response removeTrustedIdpFromIdp(@Context UriInfo ui, @PathParam("realm") String realm,
@PathParam("realmTrustedIdp") String trustedIdpRealm);
-
+
@POST
@Path("{realm}/claims")
@PreAuthorize("hasRole('IDP_UPDATE')")
Response addClaimToIdp(@Context UriInfo ui, @PathParam("realm") String realm,
Claim claim);
-
+
@DELETE
@Path("{realm}/claims/{claimType}")
@PreAuthorize("hasRole('IDP_UPDATE')")
Response removeClaimFromIdp(@Context UriInfo ui, @PathParam("realm") String realm,
- @PathParam("claimType") String claimType);
+ @PathParam("claimType") String claimType);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
index d4b5c40..61dac14 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
@@ -52,25 +52,25 @@ public class IdpServiceImpl implements IdpService {
@Autowired
private IdpDAO idpDAO;
-
+
@Autowired
private ApplicationDAO applicationDAO;
-
+
@Autowired
private TrustedIdpDAO trustedIdpDAO;
-
+
@Autowired
private ClaimDAO claimDAO;
-
+
@Override
public Idps getIdps(int start, int size, List<String> expand, UriInfo uriInfo) {
List<Idp> idps = idpDAO.getIdps(start, size, expand);
-
+
Idps list = new Idps();
list.setIdps(idps);
return list;
}
-
+
@Override
public Idp getIdp(String realm, List<String> expand) {
Idp idp = idpDAO.getIdp(realm, expand);
@@ -81,7 +81,7 @@ public class IdpServiceImpl implements IdpService {
return idp;
}
}
-
+
@Override
public Response addIdp(UriInfo ui, Idp idp) {
LOG.info("add IDP config");
@@ -94,13 +94,13 @@ public class IdpServiceImpl implements IdpService {
throw new WebApplicationException(Status.BAD_REQUEST);
}
Idp createdIdp = idpDAO.addIdp(idp);
-
+
UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
uriBuilder.path("{index}");
URI location = uriBuilder.build(createdIdp.getRealm());
return Response.created(location).entity(idp).build();
}
-
+
@Override
public Response updateIdp(UriInfo ui, String realm, Idp idp) {
if (!realm.equals(idp.getRealm().toString())) {
@@ -115,14 +115,14 @@ public class IdpServiceImpl implements IdpService {
throw new WebApplicationException(Status.BAD_REQUEST);
}
idpDAO.updateIdp(realm, idp);
-
+
return Response.noContent().build();
}
@Override
public Response deleteIdp(String realm) {
idpDAO.deleteIdp(realm);
-
+
return Response.noContent().build();
}
@@ -137,15 +137,15 @@ public class IdpServiceImpl implements IdpService {
}
Application application2 = applicationDAO.getApplication(application.getRealm(), null);
idpDAO.addApplicationToIdp(idp, application2);
-
+
return Response.noContent().build();
}
-
+
@Override
public Response removeApplicationFromIdp(UriInfo ui, String realm, String applicationRealm) {
Idp idp = idpDAO.getIdp(realm, Arrays.asList("all"));
-
- Application foundItem = null;
+
+ Application foundItem = null;
for (Application item : idp.getApplications()) {
if (item.getRealm().equals(applicationRealm)) {
foundItem = item;
@@ -157,13 +157,13 @@ public class IdpServiceImpl implements IdpService {
throw new WebApplicationException(Status.NOT_FOUND);
}
idpDAO.removeApplicationFromIdp(idp, foundItem);
-
+
return Response.noContent().build();
}
-
-
-
-
+
+
+
+
@Override
public Response addTrustedIdpToIdp(UriInfo ui, String realm, TrustedIdp trustedIdp) {
Idp idp = idpDAO.getIdp(realm, Arrays.asList("all"));
@@ -174,17 +174,17 @@ public class IdpServiceImpl implements IdpService {
}
}
TrustedIdp trustedIpd2 = trustedIdpDAO.getTrustedIDP(trustedIdp.getRealm());
-
+
idpDAO.addTrustedIdpToIdp(idp, trustedIpd2);
-
+
return Response.noContent().build();
}
-
+
@Override
public Response removeTrustedIdpFromIdp(UriInfo ui, String realm, String trustedIdpRealm) {
Idp idp = idpDAO.getIdp(realm, Arrays.asList("all"));
-
- TrustedIdp foundItem = null;
+
+ TrustedIdp foundItem = null;
for (TrustedIdp item : idp.getTrustedIdps()) {
if (item.getRealm().equals(trustedIdpRealm)) {
foundItem = item;
@@ -196,15 +196,15 @@ public class IdpServiceImpl implements IdpService {
throw new WebApplicationException(Status.NOT_FOUND);
}
idpDAO.removeTrustedIdpFromIdp(idp, foundItem);
-
+
return Response.noContent().build();
- }
-
+ }
+
@Override
public Response addClaimToIdp(UriInfo ui, String realm, Claim claim) {
Idp idp = idpDAO.getIdp(realm, Arrays.asList("all"));
for (Claim idpClaim : idp.getClaimTypesOffered()) {
- if (idpClaim.getClaimType() != null
+ if (idpClaim.getClaimType() != null
&& idpClaim.getClaimType().toString().equals(claim.getClaimType().toString())) {
LOG.warn("Claim '" + claim.getClaimType() + "' already added");
throw new WebApplicationException(Status.CONFLICT);
@@ -212,15 +212,15 @@ public class IdpServiceImpl implements IdpService {
}
Claim claim2 = claimDAO.getClaim(claim.getClaimType().toString());
idpDAO.addClaimToIdp(idp, claim2);
-
+
return Response.noContent().build();
}
-
+
@Override
public Response removeClaimFromIdp(UriInfo ui, String realm, String claimType) {
Idp idp = idpDAO.getIdp(realm, Arrays.asList("all"));
-
- Claim foundItem = null;
+
+ Claim foundItem = null;
for (Claim item : idp.getClaimTypesOffered()) {
if (item.getClaimType().toString().equals(claimType)) {
foundItem = item;
@@ -232,7 +232,7 @@ public class IdpServiceImpl implements IdpService {
throw new WebApplicationException(Status.NOT_FOUND);
}
idpDAO.removeClaimFromIdp(idp, foundItem);
-
+
return Response.noContent().build();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java
index 1e87bfc..b9bd2cf 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/QueryResourceInfoComparator.java
@@ -1,114 +1,114 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.rest;
-
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.jaxrs.ext.ResourceComparator;
-import org.apache.cxf.jaxrs.model.ClassResourceInfo;
-import org.apache.cxf.jaxrs.model.OperationResourceInfo;
-import org.apache.cxf.jaxrs.model.OperationResourceInfoComparator;
-import org.apache.cxf.jaxrs.model.Parameter;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.message.Message;
-
-public class QueryResourceInfoComparator extends OperationResourceInfoComparator implements ResourceComparator {
-
- public QueryResourceInfoComparator() {
- super(null, null);
- }
-
- @Override
- public int compare(final ClassResourceInfo cri1, final ClassResourceInfo cri2, final Message message) {
- // Leave Class selection to CXF
- return 0;
- }
-
- @Override
- public int compare(final OperationResourceInfo oper1, final OperationResourceInfo oper2, final Message message) {
- // Check if CXF can make a decision
- int cxfResult = super.compare(oper1, oper2);
- if (cxfResult != 0) {
- return cxfResult;
- }
-
- int op1Counter = getMatchingRate(oper1, message);
- int op2Counter = getMatchingRate(oper2, message);
-
- return op1Counter == op2Counter
- ? 0
- : op1Counter < op2Counter
- ? 1
- : -1;
- }
-
- /**
- * This method calculates a number indicating a good or bad match between values provided within the request and
- * expected method parameters. A higher number means a better match.
- *
- * @param operation The operation to be rated, based on contained parameterInfo values.
- * @param message A message containing query and header values from user request
- * @return A positive or negative number, indicating a good match between query and method
- */
- protected int getMatchingRate(final OperationResourceInfo operation, final Message message) {
- List<Parameter> params = operation.getParameters();
- if (params == null || params.isEmpty()) {
- return 0;
- }
-
- // Get Request QueryParams
- String query = (String) message.get(Message.QUERY_STRING);
- String path = (String) message.get(Message.REQUEST_URI);
- Map<String, List<String>> qParams = JAXRSUtils.getStructuredParams(query, "&", true, false);
- Map<String, List<String>> mParams = JAXRSUtils.getMatrixParams(path, true);
- // Get Request Headers
- Map<?, ?> qHeader = (java.util.Map<?, ?>) message.get(Message.PROTOCOL_HEADERS);
-
- int rate = 0;
- for (Parameter p : params) {
- switch (p.getType()) {
- case QUERY:
- if (qParams.containsKey(p.getName())) {
- rate += 2;
- } else if (p.getDefaultValue() == null) {
- rate -= 1;
- }
- break;
- case MATRIX:
- if (mParams.containsKey(p.getName())) {
- rate += 2;
- } else if (p.getDefaultValue() == null) {
- rate -= 1;
- }
- break;
- case HEADER:
- if (qHeader.containsKey(p.getName())) {
- rate += 2;
- } else if (p.getDefaultValue() == null) {
- rate -= 1;
- }
- break;
- default:
- break;
- }
- }
- return rate;
- }
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.rest;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.jaxrs.ext.ResourceComparator;
+import org.apache.cxf.jaxrs.model.ClassResourceInfo;
+import org.apache.cxf.jaxrs.model.OperationResourceInfo;
+import org.apache.cxf.jaxrs.model.OperationResourceInfoComparator;
+import org.apache.cxf.jaxrs.model.Parameter;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+
+public class QueryResourceInfoComparator extends OperationResourceInfoComparator implements ResourceComparator {
+
+ public QueryResourceInfoComparator() {
+ super(null, null);
+ }
+
+ @Override
+ public int compare(final ClassResourceInfo cri1, final ClassResourceInfo cri2, final Message message) {
+ // Leave Class selection to CXF
+ return 0;
+ }
+
+ @Override
+ public int compare(final OperationResourceInfo oper1, final OperationResourceInfo oper2, final Message message) {
+ // Check if CXF can make a decision
+ int cxfResult = super.compare(oper1, oper2);
+ if (cxfResult != 0) {
+ return cxfResult;
+ }
+
+ int op1Counter = getMatchingRate(oper1, message);
+ int op2Counter = getMatchingRate(oper2, message);
+
+ return op1Counter == op2Counter
+ ? 0
+ : op1Counter < op2Counter
+ ? 1
+ : -1;
+ }
+
+ /**
+ * This method calculates a number indicating a good or bad match between values provided within the request and
+ * expected method parameters. A higher number means a better match.
+ *
+ * @param operation The operation to be rated, based on contained parameterInfo values.
+ * @param message A message containing query and header values from user request
+ * @return A positive or negative number, indicating a good match between query and method
+ */
+ protected int getMatchingRate(final OperationResourceInfo operation, final Message message) {
+ List<Parameter> params = operation.getParameters();
+ if (params == null || params.isEmpty()) {
+ return 0;
+ }
+
+ // Get Request QueryParams
+ String query = (String) message.get(Message.QUERY_STRING);
+ String path = (String) message.get(Message.REQUEST_URI);
+ Map<String, List<String>> qParams = JAXRSUtils.getStructuredParams(query, "&", true, false);
+ Map<String, List<String>> mParams = JAXRSUtils.getMatrixParams(path, true);
+ // Get Request Headers
+ Map<?, ?> qHeader = (java.util.Map<?, ?>) message.get(Message.PROTOCOL_HEADERS);
+
+ int rate = 0;
+ for (Parameter p : params) {
+ switch (p.getType()) {
+ case QUERY:
+ if (qParams.containsKey(p.getName())) {
+ rate += 2;
+ } else if (p.getDefaultValue() == null) {
+ rate -= 1;
+ }
+ break;
+ case MATRIX:
+ if (mParams.containsKey(p.getName())) {
+ rate += 2;
+ } else if (p.getDefaultValue() == null) {
+ rate -= 1;
+ }
+ break;
+ case HEADER:
+ if (qHeader.containsKey(p.getName())) {
+ rate += 2;
+ } else if (p.getDefaultValue() == null) {
+ rate -= 1;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ return rate;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java
index c7a1e1e..b305e0f 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java
@@ -1,83 +1,83 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.idp.rest;
-
-import javax.validation.ConstraintViolationException;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-import javax.ws.rs.core.Response.Status;
-import javax.ws.rs.ext.ExceptionMapper;
-import javax.ws.rs.ext.Provider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.dao.DataIntegrityViolationException;
-import org.springframework.dao.DataRetrievalFailureException;
-import org.springframework.dao.EmptyResultDataAccessException;
-import org.springframework.security.access.AccessDeniedException;
-
-@Provider
-public class RestServiceExceptionMapper implements ExceptionMapper<Exception> {
-
- public static final String APPLICATION_ERROR_CODE = "X-Application-Error-Code";
-
- public static final String APPLICATION_ERROR_INFO = "X-Application-Error-Info";
-
- private static final String BASIC_REALM_UNAUTHORIZED = "Basic realm=\"Apache Fediz authentication\"";
-
- private static final Logger LOG = LoggerFactory.getLogger(RestServiceExceptionMapper.class);
-
- @Override
- public Response toResponse(final Exception ex) {
- LOG.warn("Exception occured processing REST request: " + ex.getMessage(), ex);
-
- if (ex instanceof AccessDeniedException) {
- return Response.status(Response.Status.UNAUTHORIZED).
- header(HttpHeaders.WWW_AUTHENTICATE, BASIC_REALM_UNAUTHORIZED).
- build();
- }
- if (ex instanceof ConstraintViolationException) {
- ConstraintViolationException cve = (ConstraintViolationException)ex;
- LOG.debug("{}\n{}", ex.getMessage(), cve.getConstraintViolations().toString());
- return buildResponse(Response.Status.BAD_REQUEST, ex);
- }
- if (ex instanceof DataIntegrityViolationException) {
- return buildResponse(Response.Status.CONFLICT, ex);
- }
-
- if (ex instanceof EmptyResultDataAccessException) {
- return buildResponse(Response.Status.NOT_FOUND, ex);
- }
-
- if (ex instanceof DataRetrievalFailureException) {
- return buildResponse(Response.Status.NOT_FOUND, ex);
- }
-
- // Rest is interpreted as InternalServerError
- return buildResponse(Response.Status.INTERNAL_SERVER_ERROR, ex);
- }
-
- Response buildResponse(final Status status, final Exception ex) {
- ResponseBuilder responseBuilder = Response.status(status);
- return responseBuilder.header(APPLICATION_ERROR_CODE, ex.getClass().getName())
- .header(APPLICATION_ERROR_INFO, ex.getMessage())
- .status(status).build();
- }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.rest;
+
+import javax.validation.ConstraintViolationException;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+import javax.ws.rs.core.Response.Status;
+import javax.ws.rs.ext.ExceptionMapper;
+import javax.ws.rs.ext.Provider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.dao.DataIntegrityViolationException;
+import org.springframework.dao.DataRetrievalFailureException;
+import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.security.access.AccessDeniedException;
+
+@Provider
+public class RestServiceExceptionMapper implements ExceptionMapper<Exception> {
+
+ public static final String APPLICATION_ERROR_CODE = "X-Application-Error-Code";
+
+ public static final String APPLICATION_ERROR_INFO = "X-Application-Error-Info";
+
+ private static final String BASIC_REALM_UNAUTHORIZED = "Basic realm=\"Apache Fediz authentication\"";
+
+ private static final Logger LOG = LoggerFactory.getLogger(RestServiceExceptionMapper.class);
+
+ @Override
+ public Response toResponse(final Exception ex) {
+ LOG.warn("Exception occured processing REST request: " + ex.getMessage(), ex);
+
+ if (ex instanceof AccessDeniedException) {
+ return Response.status(Response.Status.UNAUTHORIZED).
+ header(HttpHeaders.WWW_AUTHENTICATE, BASIC_REALM_UNAUTHORIZED).
+ build();
+ }
+ if (ex instanceof ConstraintViolationException) {
+ ConstraintViolationException cve = (ConstraintViolationException)ex;
+ LOG.debug("{}\n{}", ex.getMessage(), cve.getConstraintViolations().toString());
+ return buildResponse(Response.Status.BAD_REQUEST, ex);
+ }
+ if (ex instanceof DataIntegrityViolationException) {
+ return buildResponse(Response.Status.CONFLICT, ex);
+ }
+
+ if (ex instanceof EmptyResultDataAccessException) {
+ return buildResponse(Response.Status.NOT_FOUND, ex);
+ }
+
+ if (ex instanceof DataRetrievalFailureException) {
+ return buildResponse(Response.Status.NOT_FOUND, ex);
+ }
+
+ // Rest is interpreted as InternalServerError
+ return buildResponse(Response.Status.INTERNAL_SERVER_ERROR, ex);
+ }
+
+ Response buildResponse(final Status status, final Exception ex) {
+ ResponseBuilder responseBuilder = Response.status(status);
+ return responseBuilder.header(APPLICATION_ERROR_CODE, ex.getClass().getName())
+ .header(APPLICATION_ERROR_INFO, ex.getMessage())
+ .status(status).build();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java
index 27d498c..f5d1313 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleService.java
@@ -63,22 +63,22 @@ public interface RoleService {
@POST
@PreAuthorize("hasRole('ROLE_CREATE')")
Response addRole(@Context UriInfo ui, Role role);
-
+
@PUT
@Path("{name}")
@PreAuthorize("hasRole('ROLE_UPDATE')")
Response updateRole(@Context UriInfo ui, @PathParam("name") String name, Role role);
-
+
@DELETE
@Path("{name}")
@PreAuthorize("hasRole('ROLE_DELETE')")
Response deleteRole(@PathParam("name") String name);
-
+
@POST
@Path("{name}/entitlements")
@PreAuthorize("hasRole('ROLE_UPDATE')")
Response addEntitlementToRole(@Context UriInfo ui, @PathParam("name") String name, Entitlement entitlement);
-
+
@DELETE
@Path("{name}/entitlements/{entitlementName}")
@PreAuthorize("hasRole('ROLE_UPDATE')")
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
index 24ff339..58df748 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RoleServiceImpl.java
@@ -47,19 +47,19 @@ public class RoleServiceImpl implements RoleService {
@Autowired
private RoleDAO roleDAO;
-
+
@Autowired
private EntitlementDAO entitlementDAO;
-
+
@Override
public Roles getRoles(int start, int size, List<String> expand, UriInfo uriInfo) {
List<Role> roles = roleDAO.getRoles(start, size, expand);
-
+
Roles list = new Roles();
list.setRoles(roles);
return list;
}
-
+
@Override
public Role getRole(String name, List<String> expand) {
Role role = roleDAO.getRole(name, expand);
@@ -69,7 +69,7 @@ public class RoleServiceImpl implements RoleService {
return role;
}
}
-
+
@Override
public Response addRole(UriInfo ui, Role role) {
if (role.getEntitlements() != null && role.getEntitlements().size() > 0) {
@@ -77,15 +77,15 @@ public class RoleServiceImpl implements RoleService {
throw new WebApplicationException(Status.BAD_REQUEST);
}
Role createdRole = roleDAO.addRole(role);
-
+
UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
uriBuilder.path("{index}");
URI location = uriBuilder.build(createdRole.getName());
-
+
LOG.debug("Role '" + role.getName() + "' added");
return Response.created(location).entity(role).build();
}
-
+
@Override
public Response updateRole(UriInfo ui, String name, Role role) {
if (!name.equals(role.getName().toString())) {
@@ -96,37 +96,37 @@ public class RoleServiceImpl implements RoleService {
throw new WebApplicationException(Status.BAD_REQUEST);
}
roleDAO.updateRole(name, role);
-
+
LOG.debug("Role '" + role.getName() + "' updated");
return Response.noContent().build();
}
-
+
@Override
public Response deleteRole(String name) {
roleDAO.deleteRole(name);
-
+
LOG.debug("Role '" + name + "' deleted");
return Response.noContent().build();
}
-
+
@Override
public Response addEntitlementToRole(UriInfo ui, String name, Entitlement entitlement) {
Role role = roleDAO.getRole(name, null);
-
+
Entitlement foundEntitlement = entitlementDAO.getEntitlement(entitlement.getName());
roleDAO.addEntitlementToRole(role, foundEntitlement);
-
+
LOG.debug("Entitlement '" + entitlement.getName() + "' added to Role '" + name + "'");
return Response.noContent().build();
}
-
+
@Override
public Response removeEntitlementFromRole(UriInfo ui, String name, String entitlementName) {
Role role = roleDAO.getRole(name, null);
Entitlement entitlement = entitlementDAO.getEntitlement(entitlementName);
-
+
roleDAO.removeEntitlementFromRole(role, entitlement);
-
+
LOG.debug("Entitlement '" + entitlementName + "' removed from Role '" + name + "'");
return Response.noContent().build();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
index 03eb6da..bed3e9a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/RootServiceImpl.java
@@ -30,7 +30,7 @@ public class RootServiceImpl implements RootService {
public RootServiceImpl() {
}
-
+
public Response head(UriInfo uriInfo) {
UriBuilder absolute = uriInfo.getBaseUriBuilder();
URI claimUrl = absolute.clone().path("claims").build();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
index b76d91d..01578a2 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpService.java
@@ -57,12 +57,12 @@ public interface TrustedIdpService {
@POST
@PreAuthorize("hasRole('TRUSTEDIDP_CREATE')")
Response addTrustedIDP(@Context UriInfo ui, TrustedIdp trustedIdp);
-
+
@PUT
@Path("{realm}")
@PreAuthorize("hasRole('TRUSTEDIDP_UPDATE')")
Response updateTrustedIDP(@Context UriInfo ui, @PathParam("realm") String realm, TrustedIdp trustedIdp);
-
+
@DELETE
@Path("{realm}")
@PreAuthorize("hasRole('TRUSTEDIDP_DELETE')")
[07/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
index e01c80b..62bcb4a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
@@ -42,38 +42,38 @@ public class TrustedIdpServiceImpl implements TrustedIdpService {
@Autowired
private TrustedIdpDAO trustedIdpDAO;
-
-
+
+
@Override
public Response updateTrustedIDP(UriInfo ui, String realm, TrustedIdp trustedIdp) {
if (!realm.equals(trustedIdp.getRealm().toString())) {
throw new BadRequestException();
}
trustedIdpDAO.updateTrustedIDP(realm, trustedIdp);
-
+
return Response.noContent().build();
}
-
+
@Override
public TrustedIdps getTrustedIDPs(int start, int size, UriInfo uriInfo) {
List<TrustedIdp> trustedIdps = trustedIdpDAO.getTrustedIDPs(start, size);
-
+
TrustedIdps list = new TrustedIdps();
list.setTrustedIDPs(trustedIdps);
return list;
}
-
+
@Override
public TrustedIdp getTrustedIDP(String realm) {
return this.trustedIdpDAO.getTrustedIDP(realm);
}
-
+
@Override
public Response addTrustedIDP(UriInfo ui, TrustedIdp trustedIDP) {
LOG.info("add Trusted IDP config");
-
+
TrustedIdp createdTrustedIdp = trustedIdpDAO.addTrustedIDP(trustedIDP);
-
+
UriBuilder uriBuilder = UriBuilder.fromUri(ui.getRequestUri());
uriBuilder.path("{index}");
URI location = uriBuilder.build(createdTrustedIdp.getRealm());
@@ -83,11 +83,11 @@ public class TrustedIdpServiceImpl implements TrustedIdpService {
@Override
public Response deleteTrustedIDP(String realm) {
trustedIdpDAO.deleteTrustedIDP(realm);
-
+
return Response.noContent().build();
}
-
-
+
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2CallbackHandler.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2CallbackHandler.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2CallbackHandler.java
index 9981253..a19d291 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2CallbackHandler.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2CallbackHandler.java
@@ -48,14 +48,14 @@ import org.opensaml.saml.saml2.core.Subject;
* Assertion.
*/
public class SAML2CallbackHandler implements CallbackHandler {
-
+
private Subject subject;
private String confirmationMethod = SAML2Constants.CONF_BEARER;
private String issuer;
private ConditionsBean conditions;
private SubjectConfirmationDataBean subjectConfirmationData;
private List<AttributeStatement> attributeStatements;
-
+
private void createAndSetStatement(SAMLCallback callback) {
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
authBean.setAuthenticationMethod("Password");
@@ -63,11 +63,11 @@ public class SAML2CallbackHandler implements CallbackHandler {
if (attributeStatements != null && !attributeStatements.isEmpty()) {
List<AttributeStatementBean> attrStatementBeans = new ArrayList<>();
-
+
for (AttributeStatement attrStatement : attributeStatements) {
AttributeStatementBean attrStatementBean = new AttributeStatementBean();
List<AttributeBean> attrBeans = new ArrayList<>();
-
+
for (Attribute attribute : attrStatement.getAttributes()) {
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName(attribute.getName());
@@ -85,7 +85,7 @@ public class SAML2CallbackHandler implements CallbackHandler {
callback.setAttributeStatementData(attrStatementBeans);
}
}
-
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
@@ -96,8 +96,8 @@ public class SAML2CallbackHandler implements CallbackHandler {
if (conditions != null) {
callback.setConditions(conditions);
}
-
- SubjectBean subjectBean =
+
+ SubjectBean subjectBean =
new SubjectBean(
subject.getNameID().getValue(), subject.getNameID().getNameQualifier(), confirmationMethod
);
@@ -111,19 +111,19 @@ public class SAML2CallbackHandler implements CallbackHandler {
}
}
}
-
+
public void setSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationData) {
this.subjectConfirmationData = subjectConfirmationData;
}
-
+
public void setConditions(ConditionsBean conditionsBean) {
this.conditions = conditionsBean;
}
-
+
public void setConfirmationMethod(String confMethod) {
confirmationMethod = confMethod;
}
-
+
public void setIssuer(String issuer) {
this.issuer = issuer;
}
@@ -143,6 +143,6 @@ public class SAML2CallbackHandler implements CallbackHandler {
public void setAttributeStatements(List<AttributeStatement> attributeStatements) {
this.attributeStatements = attributeStatements;
}
-
-
+
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java
index 7e64cfa..998df5b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAML2PResponseComponentBuilder.java
@@ -36,24 +36,24 @@ import org.opensaml.saml.saml2.core.StatusMessage;
* A (basic) set of utility methods to construct SAML 2.0 Protocol Response statements
*/
public final class SAML2PResponseComponentBuilder {
-
+
private static SAMLObjectBuilder<Response> responseBuilder;
-
+
private static SAMLObjectBuilder<Issuer> issuerBuilder;
-
+
private static SAMLObjectBuilder<Status> statusBuilder;
-
+
private static SAMLObjectBuilder<StatusCode> statusCodeBuilder;
-
+
private static SAMLObjectBuilder<StatusMessage> statusMessageBuilder;
-
- private static XMLObjectBuilderFactory builderFactory =
+
+ private static XMLObjectBuilderFactory builderFactory =
XMLObjectProviderRegistrySupport.getBuilderFactory();
-
+
private SAML2PResponseComponentBuilder() {
-
+
}
-
+
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
String inResponseTo,
@@ -65,17 +65,17 @@ public final class SAML2PResponseComponentBuilder {
builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
-
+
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
-
+
return response;
}
-
+
@SuppressWarnings("unchecked")
public static Issuer createIssuer(
String issuerValue
@@ -86,10 +86,10 @@ public final class SAML2PResponseComponentBuilder {
}
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerValue);
-
+
return issuer;
}
-
+
@SuppressWarnings("unchecked")
public static Status createStatus(
String statusCodeValue,
@@ -107,21 +107,21 @@ public final class SAML2PResponseComponentBuilder {
statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
}
-
+
Status status = statusBuilder.buildObject();
-
+
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
-
+
if (statusMessage != null) {
StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
statusMessageObject.setMessage(statusMessage);
status.setStatusMessage(statusMessageObject);
}
-
+
return status;
}
-
-
+
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAMLAuthnRequest.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAMLAuthnRequest.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAMLAuthnRequest.java
index c7ded4b..d1606ac 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAMLAuthnRequest.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/samlsso/SAMLAuthnRequest.java
@@ -29,21 +29,21 @@ import org.opensaml.saml.saml2.core.AuthnRequest;
*/
public class SAMLAuthnRequest implements Serializable {
/**
- *
+ *
*/
private static final long serialVersionUID = 4353024755428346545L;
-
+
private String issuer;
private String consumerServiceURL;
private String requestId;
private boolean forceAuthn;
private String subjectNameId;
-
+
public SAMLAuthnRequest(AuthnRequest authnRequest) {
if (authnRequest.getIssuer() != null) {
issuer = authnRequest.getIssuer().getValue();
}
-
+
consumerServiceURL = authnRequest.getAssertionConsumerServiceURL();
requestId = authnRequest.getID();
forceAuthn = authnRequest.isForceAuthn().booleanValue();
@@ -51,23 +51,23 @@ public class SAMLAuthnRequest implements Serializable {
subjectNameId = authnRequest.getSubject().getNameID().getValue();
}
}
-
+
public String getIssuer() {
return issuer;
}
-
+
public String getConsumerServiceURL() {
return consumerServiceURL;
}
-
+
public String getRequestId() {
return requestId;
}
-
+
public boolean isForceAuthn() {
return forceAuthn;
}
-
+
public String getSubjectNameId() {
return subjectNameId;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ApplicationDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ApplicationDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ApplicationDAO.java
index a519908..81c1403 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ApplicationDAO.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ApplicationDAO.java
@@ -37,7 +37,7 @@ public interface ApplicationDAO {
void deleteApplication(String realm);
void addClaimToApplication(Application application, RequestClaim claim);
-
+
void removeClaimFromApplication(Application application, RequestClaim claim);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ClaimDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ClaimDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ClaimDAO.java
index 417a50a..9d8fc44 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ClaimDAO.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ClaimDAO.java
@@ -26,13 +26,13 @@ import org.apache.cxf.fediz.service.idp.domain.Claim;
public interface ClaimDAO {
List<Claim> getClaims(int start, int size);
-
+
Claim getClaim(String claimType);
-
+
Claim addClaim(Claim claim);
-
+
void updateClaim(String claimType, Claim claim);
-
+
void deleteClaim(String claimType);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
index e306ff4..1d52592 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigService.java
@@ -28,5 +28,5 @@ public interface ConfigService {
void setIDP(Idp config);
void removeIDP(String realm);
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
index 8545af3..1e1c5c3 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/ConfigServiceSpring.java
@@ -62,7 +62,7 @@ public class ConfigServiceSpring implements ConfigService {
serviceConfigs.put(s.getRealm(), s);
}
}
-
+
public List<Idp> getIdpConfigs() {
return new ArrayList<Idp>(idpConfigs.values());
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/EntitlementDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/EntitlementDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/EntitlementDAO.java
index d93cdc0..f874447 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/EntitlementDAO.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/EntitlementDAO.java
@@ -26,13 +26,13 @@ import org.apache.cxf.fediz.service.idp.domain.Entitlement;
public interface EntitlementDAO {
List<Entitlement> getEntitlements(int start, int size);
-
+
Entitlement getEntitlement(String name);
-
+
Entitlement addEntitlement(Entitlement entitlement);
-
+
void updateEntitlement(String name, Entitlement entitlement);
-
+
void deleteEntitlement(String name);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/IdpDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/IdpDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/IdpDAO.java
index 41c5cdf..f560268 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/IdpDAO.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/IdpDAO.java
@@ -39,15 +39,15 @@ public interface IdpDAO {
void deleteIdp(String realm);
void addApplicationToIdp(Idp idp, Application application);
-
+
void removeApplicationFromIdp(Idp idp, Application application);
-
+
void addTrustedIdpToIdp(Idp idp, TrustedIdp trustedIdp);
-
+
void removeTrustedIdpFromIdp(Idp idp, TrustedIdp trustedIdp);
-
+
void addClaimToIdp(Idp idp, Claim claim);
-
+
void removeClaimFromIdp(Idp idp, Claim claim);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
index 2d8e7f5..1f06eff 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/RoleDAO.java
@@ -37,7 +37,7 @@ public interface RoleDAO {
void deleteRole(String name);
void addEntitlementToRole(Role role, Entitlement entitlement);
-
+
void removeEntitlementFromRole(Role role, Entitlement entitlement);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationClaimEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationClaimEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationClaimEntity.java
index e2ca923..ddb0875 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationClaimEntity.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationClaimEntity.java
@@ -26,29 +26,29 @@ import javax.persistence.ManyToOne;
@Entity(name = "Application_Claim")
//@IdClass(ApplicationClaimId.class)
public class ApplicationClaimEntity {
-
+
@Id
private int id;
-
+
@ManyToOne
@JoinColumn(name = "applicationid")
private ApplicationEntity application;
-
+
@ManyToOne
@JoinColumn(name = "claimid")
private ClaimEntity claim;
-
+
private boolean optional;
-
+
public ApplicationClaimEntity() {
}
-
+
public ApplicationClaimEntity(ApplicationEntity application, ClaimEntity claim) {
super();
this.application = application;
this.claim = claim;
}
-
+
public int getId() {
return id;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
index 307e381..b8480a6 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
@@ -42,52 +42,52 @@ import org.springframework.transaction.annotation.Transactional;
@Repository
@Transactional
public class ApplicationDAOJPAImpl implements ApplicationDAO {
-
+
private static final Logger LOG = LoggerFactory.getLogger(ApplicationDAOJPAImpl.class);
private EntityManager em;
-
+
@Autowired
private ClaimDAO claimDAO;
-
-
+
+
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public List<Application> getApplications(int start, int size, List<String> expandList) {
List<Application> list = new ArrayList<>();
-
+
Query query = null;
query = em.createQuery("select a from Application a");
-
+
//@SuppressWarnings("rawtypes")
List<?> serviceEntities = query
.setFirstResult(start)
.setMaxResults(size)
.getResultList();
-
+
for (Object obj : serviceEntities) {
ApplicationEntity entity = (ApplicationEntity) obj;
list.add(entity2domain(entity, expandList));
}
return list;
}
-
+
@Override
public Application getApplication(String realm, List<String> expandList) {
return entity2domain(getApplicationEntity(realm, em), expandList);
}
-
+
@Override
public Application addApplication(Application application) {
ApplicationEntity entity = new ApplicationEntity();
-
+
domain2entity(application, entity);
em.persist(entity);
-
+
LOG.debug("Application '{}' added", application.getRealm());
return entity2domain(entity, Arrays.asList("all"));
}
@@ -97,32 +97,32 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
Query query = null;
query = em.createQuery("select a from Application a where a.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
ApplicationEntity applicationEntity = (ApplicationEntity)query.getSingleResult();
-
+
domain2entity(application, applicationEntity);
-
+
em.persist(applicationEntity);
-
+
LOG.debug("Application '{}' updated", realm);
}
-
+
@Override
public void deleteApplication(String realm) {
Query query = null;
query = em.createQuery("select a from Application a where a.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
Object applObj = query.getSingleResult();
em.remove(applObj);
-
+
LOG.debug("Application '{}' deleted", realm);
-
+
}
-
+
@Override
public void addClaimToApplication(Application application, RequestClaim claim) {
ApplicationEntity applicationEntity = null;
@@ -132,21 +132,21 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
Query query = null;
query = em.createQuery("select a from Application a where a.realm=:realm");
query.setParameter("realm", application.getRealm());
-
+
applicationEntity = (ApplicationEntity)query.getSingleResult();
}
-
+
Claim c = claimDAO.getClaim(claim.getClaimType().toString());
ClaimEntity claimEntity = em.find(ClaimEntity.class, c.getId());
-
+
ApplicationClaimEntity appClaimEntity = new ApplicationClaimEntity();
appClaimEntity.setClaim(claimEntity);
appClaimEntity.setApplication(applicationEntity);
appClaimEntity.setOptional(claim.isOptional());
-
+
applicationEntity.getRequestedClaims().add(appClaimEntity);
}
-
+
@Override
public void removeClaimFromApplication(Application application, RequestClaim claim) {
ApplicationEntity applicationEntity = null;
@@ -156,10 +156,10 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
Query query = null;
query = em.createQuery("select a from Application a where a.realm=:realm");
query.setParameter("realm", application.getRealm());
-
+
applicationEntity = (ApplicationEntity)query.getSingleResult();
}
-
+
ApplicationClaimEntity foundEntity = null;
for (ApplicationClaimEntity acm : applicationEntity.getRequestedClaims()) {
if (claim.getClaimType().toString().equals(acm.getClaim().getClaimType())) {
@@ -170,26 +170,26 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
if (foundEntity == null) {
throw new EntityNotFoundException("ApplicationClaimEntity not found");
}
-
+
applicationEntity.getRequestedClaims().remove(foundEntity);
}
-
-
+
+
static ApplicationEntity getApplicationEntity(String realm, EntityManager em) {
Query query = null;
query = em.createQuery("select a from Application a where a.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
return (ApplicationEntity)query.getSingleResult();
}
-
+
public static void domain2entity(Application application, ApplicationEntity entity) {
//The ID must not be updated if the entity has got an id already (update case)
if (application.getId() > 0) {
entity.setId(application.getId());
}
-
+
entity.setEncryptionCertificate(application.getEncryptionCertificate());
entity.setValidatingCertificate(application.getValidatingCertificate());
entity.setLifeTime(application.getLifeTime());
@@ -204,7 +204,7 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
entity.setPassiveRequestorEndpointConstraint(application.getPassiveRequestorEndpointConstraint());
entity.setEnableAppliesTo(application.isEnableAppliesTo());
}
-
+
public static Application entity2domain(ApplicationEntity entity, List<String> expandList) {
Application application = new Application();
application.setId(entity.getId());
@@ -221,7 +221,7 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
application.setPassiveRequestorEndpoint(entity.getPassiveRequestorEndpoint());
application.setPassiveRequestorEndpointConstraint(entity.getPassiveRequestorEndpointConstraint());
application.setEnableAppliesTo(entity.isEnableAppliesTo());
-
+
if (expandList != null && (expandList.contains("all") || expandList.contains("claims"))) {
for (ApplicationClaimEntity item : entity.getRequestedClaims()) {
RequestClaim claim = entity2domain(item);
@@ -230,22 +230,22 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
}
return application;
}
-
+
public static RequestClaim entity2domain(ApplicationClaimEntity entity) {
Claim claim = ClaimDAOJPAImpl.entity2domain(entity.getClaim());
RequestClaim reqClaim = new RequestClaim(claim);
reqClaim.setId(entity.getId());
reqClaim.setOptional(entity.isOptional());
-
+
return reqClaim;
}
-
+
public static void domain2entity(ApplicationEntity application,
RequestClaim reqClaim, ApplicationClaimEntity entity) {
//The ID must not be updated if the entity has got an id already (update case)
ClaimEntity claim = new ClaimEntity();
ClaimDAOJPAImpl.domain2entity(reqClaim, claim);
-
+
entity.setApplication(application);
entity.setClaim(claim);
entity.setOptional(reqClaim.isOptional());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
index 1397da2..9907add 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
@@ -33,10 +33,10 @@ import org.apache.openjpa.persistence.jdbc.Index;
@Entity(name = "Application")
public class ApplicationEntity {
-
+
@Id
private int id;
-
+
@Index
@NotNull
private String realm; //wtrealm, whr
@@ -47,47 +47,47 @@ public class ApplicationEntity {
@NotNull
@ApplicationProtocolSupported
private String protocol;
-
+
// Public key only
// Could be read from Metadata, md:KeyDescriptor, use="encryption"
private String encryptionCertificate;
-
+
// Certificate for Signature verification
private String validatingCertificate;
-
+
// Could be read from Metadata, fed:ClaimTypesRequested
@OneToMany(mappedBy = "application", cascade = CascadeType.ALL, orphanRemoval = true)
private List<ApplicationClaimEntity> requestedClaims = new ArrayList<>();
-
+
//Could be read from Metadata, ServiceDisplayName
//usage for list of application where user is logged in
@NotNull
private String serviceDisplayName;
-
+
//Could be read from Metadata, ServiceDescription
//usage for list of application where user is logged in
private String serviceDescription;
-
+
//Could be read from Metadata, RoleDescriptor
//fed:ApplicationServiceType, fed:SecurityTokenServiceType
private String role;
-
+
// Not in Metadata, configured in IDP or passed in wreq parameter
@NotNull
private String tokenType;
-
+
// Not in Metadata, configured in IDP or passed in wreq parameter
@Min(value = 1)
private int lifeTime;
-
+
// Request audience restriction in token for this application (default is true)
private boolean enableAppliesTo = true;
-
+
// WS-Policy Namespace in SignIn Response
private String policyNamespace;
-
+
private String passiveRequestorEndpoint;
-
+
// A regular expression constraint on the passiveRequestorEndpoint
private String passiveRequestorEndpointConstraint;
@@ -98,8 +98,8 @@ public class ApplicationEntity {
public void setId(int id) {
this.id = id;
- }
-
+ }
+
public String getRealm() {
return realm;
}
@@ -171,7 +171,7 @@ public class ApplicationEntity {
public void setLifeTime(int lifeTime) {
this.lifeTime = lifeTime;
}
-
+
public String getPolicyNamespace() {
return policyNamespace;
}
@@ -187,7 +187,7 @@ public class ApplicationEntity {
public void setPassiveRequestorEndpoint(String passiveRequestorEndpoint) {
this.passiveRequestorEndpoint = passiveRequestorEndpoint;
}
-
+
public String getPassiveRequestorEndpointConstraint() {
return passiveRequestorEndpointConstraint;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationIdpProtocolSupportValidator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationIdpProtocolSupportValidator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationIdpProtocolSupportValidator.java
index 5a999e9..84e8a20 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationIdpProtocolSupportValidator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationIdpProtocolSupportValidator.java
@@ -39,10 +39,10 @@ public class ApplicationIdpProtocolSupportValidator
@Autowired
@Qualifier("applicationProtocolControllerImpl")
private ProtocolController<ApplicationProtocolHandler> applicationProtocolHandlers;
-
+
@Override
public boolean isValid(String object, ConstraintValidatorContext constraintContext) {
-
+
List<String> protocols = applicationProtocolHandlers.getProtocols();
return protocols.contains(object);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPAImpl.java
index dea2b8d..8354d50 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPAImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimDAOJPAImpl.java
@@ -38,23 +38,23 @@ import org.springframework.transaction.annotation.Transactional;
@Repository
@Transactional
public class ClaimDAOJPAImpl implements ClaimDAO {
-
+
private static final Logger LOG = LoggerFactory.getLogger(ClaimDAOJPAImpl.class);
private EntityManager em;
-
+
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public List<Claim> getClaims(int start, int size) {
List<Claim> list = new ArrayList<>();
-
+
Query query = null;
query = em.createQuery("select c from Claim c");
-
+
//@SuppressWarnings("rawtypes")
List<?> claimEntities = query
.setFirstResult(start)
@@ -65,16 +65,16 @@ public class ClaimDAOJPAImpl implements ClaimDAO {
ClaimEntity entity = (ClaimEntity) obj;
list.add(entity2domain(entity));
}
-
+
return list;
}
-
+
@Override
public Claim addClaim(Claim claim) {
ClaimEntity entity = new ClaimEntity();
domain2entity(claim, entity);
em.persist(entity);
-
+
LOG.debug("Claim '{}' added", claim.getClaimType());
return entity2domain(entity);
}
@@ -89,12 +89,12 @@ public class ClaimDAOJPAImpl implements ClaimDAO {
Query query = null;
query = em.createQuery("select c from Claim c where c.claimtype=:claimtype");
query.setParameter("claimtype", claimType);
-
+
//@SuppressWarnings("rawtypes")
ClaimEntity claimEntity = (ClaimEntity)query.getSingleResult();
-
+
domain2entity(claim, claimEntity);
-
+
LOG.debug("Claim '{}' added", claim.getClaimType());
em.persist(claimEntity);
}
@@ -104,23 +104,23 @@ public class ClaimDAOJPAImpl implements ClaimDAO {
Query query = null;
query = em.createQuery("select c from Claim c where c.claimType=:claimtype");
query.setParameter("claimtype", claimType);
-
+
//@SuppressWarnings("rawtypes")
Object claimObj = query.getSingleResult();
em.remove(claimObj);
-
+
LOG.debug("Claim '{}' deleted", claimType);
}
-
+
static ClaimEntity getClaimEntity(String claimType, EntityManager em) {
Query query = null;
query = em.createQuery("select c from Claim c where c.claimType=:claimtype");
query.setParameter("claimtype", claimType);
-
+
//@SuppressWarnings("rawtypes")
return (ClaimEntity)query.getSingleResult();
}
-
+
public static void domain2entity(Claim claim, ClaimEntity entity) {
//The ID must not be updated if the entity has got an id already (update case)
if (claim.getId() > 0) {
@@ -130,7 +130,7 @@ public class ClaimDAOJPAImpl implements ClaimDAO {
entity.setDisplayName(claim.getDisplayName());
entity.setDescription(claim.getDescription());
}
-
+
public static Claim entity2domain(ClaimEntity entity) {
Claim claim = new Claim();
claim.setId(entity.getId());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimEntity.java
index 54ee1eb..e967844 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimEntity.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ClaimEntity.java
@@ -26,17 +26,17 @@ import org.apache.openjpa.persistence.jdbc.Index;
@Entity(name = "Claim")
public class ClaimEntity {
-
+
@Id
private int id;
-
+
@Index
@NotNull
private String claimType;
-
+
private String displayName;
private String description;
-
+
public int getId() {
return id;
}
@@ -44,11 +44,11 @@ public class ClaimEntity {
public void setId(int id) {
this.id = id;
}
-
+
public void setClaimType(String claimType) {
this.claimType = claimType;
}
-
+
public String getClaimType() {
return claimType;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
index 03f70b9..d356c45 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ConfigServiceJPA.java
@@ -40,7 +40,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
public class ConfigServiceJPA implements ConfigService {
private static final Logger LOG = LoggerFactory.getLogger(ConfigServiceJPA.class);
-
+
IdpService idpService;
@Override
@@ -48,22 +48,22 @@ public class ConfigServiceJPA implements ConfigService {
Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
try {
final Set<GrantedAuthority> authorities = new HashSet<>();
-
+
if (realm == null || realm.length() == 0) {
authorities.add(new SimpleGrantedAuthority("IDP_LIST"));
UsernamePasswordAuthenticationToken technicalUser =
new UsernamePasswordAuthenticationToken("IDP_TEST", "N.A", authorities);
-
+
SecurityContextHolder.getContext().setAuthentication(technicalUser);
-
+
return idpService.getIdps(0, 1, Arrays.asList("all"), null).getIdps().iterator().next();
} else {
authorities.add(new SimpleGrantedAuthority("IDP_READ"));
UsernamePasswordAuthenticationToken technicalUser =
new UsernamePasswordAuthenticationToken("IDP_TEST", "N.A", authorities);
-
+
SecurityContextHolder.getContext().setAuthentication(technicalUser);
-
+
return idpService.getIdp(realm, Arrays.asList("all"));
}
} finally {
@@ -75,13 +75,13 @@ public class ConfigServiceJPA implements ConfigService {
@Override
public void setIDP(Idp config) {
// TODO Auto-generated method stub
-
+
}
@Override
public void removeIDP(String realm) {
// TODO Auto-generated method stub
-
+
}
public IdpService getIdpService() {
@@ -91,6 +91,6 @@ public class ConfigServiceJPA implements ConfigService {
public void setIdpService(IdpService idpService) {
this.idpService = idpService;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBInitApplicationListener.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBInitApplicationListener.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBInitApplicationListener.java
index eebb99a..6353aac 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBInitApplicationListener.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBInitApplicationListener.java
@@ -37,31 +37,31 @@ import org.springframework.stereotype.Component;
public class DBInitApplicationListener implements ApplicationListener<ContextRefreshedEvent> {
private static final Logger LOG = LoggerFactory.getLogger(DBInitApplicationListener.class);
-
+
private EntityManager em;
-
+
@Autowired
private List<DBLoader> dbloader;
-
+
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public void onApplicationEvent(ContextRefreshedEvent arg0) {
if (!isDBEmpty()) {
LOG.info("Inital DB already loaded");
return;
}
-
+
LOG.debug("Loading inital DB data...");
for (DBLoader loader : this.dbloader) {
loader.load();
LOG.info("Inital DB data loaded for " + loader.getName());
}
}
-
+
protected boolean isDBEmpty() {
CriteriaBuilder cb = em.getCriteriaBuilder();
CriteriaQuery<Long> cq = cb.createQuery(Long.class);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoader.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoader.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoader.java
index c79a79b..0ef599b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoader.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoader.java
@@ -22,7 +22,7 @@ package org.apache.cxf.fediz.service.idp.service.jpa;
public interface DBLoader {
void load();
-
+
String getName();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderImpl.java
index 2c6ab15..78dfb41 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderImpl.java
@@ -37,23 +37,23 @@ import org.springframework.transaction.annotation.Transactional;
@Transactional
//CHECKSTYLE:OFF
public class DBLoaderImpl implements DBLoader {
-
+
public static final String NAME = "DEMODBLOADER";
-
+
private static final Logger LOG = LoggerFactory.getLogger(DBLoaderImpl.class);
-
+
private EntityManager em;
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public String getName() {
return NAME;
}
-
+
@Override
public void load() {
@@ -63,26 +63,26 @@ public class DBLoaderImpl implements DBLoader {
claimEntity1.setDisplayName("firstname");
claimEntity1.setDescription("Description for firstname");
em.persist(claimEntity1);
-
+
ClaimEntity claimEntity2 = new ClaimEntity();
claimEntity2.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname");
claimEntity2.setDisplayName("lastname");
claimEntity2.setDescription("Description for lastname");
em.persist(claimEntity2);
-
+
ClaimEntity claimEntity3 = new ClaimEntity();
claimEntity3.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
claimEntity3.setDisplayName("email");
claimEntity3.setDescription("Description for email");
em.persist(claimEntity3);
-
+
ClaimEntity claimEntity4 = new ClaimEntity();
claimEntity4.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
claimEntity4.setDisplayName("role");
claimEntity4.setDescription("Description for role");
em.persist(claimEntity4);
-
-
+
+
ApplicationEntity entity = new ApplicationEntity();
entity.setEncryptionCertificate("");
entity.setLifeTime(3600);
@@ -111,8 +111,8 @@ public class DBLoaderImpl implements DBLoader {
em.persist(ace4);
entity.getRequestedClaims().add(ace4);
em.persist(entity);
-
-
+
+
TrustedIdpEntity entity3 = new TrustedIdpEntity();
entity3.setCacheTokens(true);
entity3.setCertificate("trusted cert");
@@ -124,7 +124,7 @@ public class DBLoaderImpl implements DBLoader {
entity3.setTrustType(TrustType.PEER_TRUST);
entity3.setUrl("https://localhost:12443/fediz-idp-remote/federation");
em.persist(entity3);
-
+
IdpEntity idpEntity = new IdpEntity();
idpEntity.getApplications().add(entity);
idpEntity.getTrustedIdps().add(entity3);
@@ -154,7 +154,7 @@ public class DBLoaderImpl implements DBLoader {
idpEntity.setTokenTypesOffered(tokenTypes);
idpEntity.setUseCurrentIdp(true);
em.persist(idpEntity);
-
+
em.flush();
} catch (Exception ex) {
LOG.warn("Failed to initialize DB with data", ex);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java
index eb0fa40..1d58a77 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderSpring.java
@@ -30,11 +30,11 @@ import org.springframework.transaction.annotation.Transactional;
@Transactional
public class DBLoaderSpring implements DBLoader {
-
+
public static final String NAME = "SPRINGDBLOADER";
-
+
private static final Logger LOG = LoggerFactory.getLogger(DBLoaderSpring.class);
-
+
private EntityManager em;
private String resource;
@@ -42,12 +42,12 @@ public class DBLoaderSpring implements DBLoader {
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public String getName() {
return NAME;
}
-
+
public String getResource() {
return resource;
}
@@ -61,61 +61,61 @@ public class DBLoaderSpring implements DBLoader {
GenericXmlApplicationContext ctx = null;
try {
-
+
if (resource == null) {
LOG.warn("Resource null for DBLoaderSpring");
}
-
+
ctx = new GenericXmlApplicationContext();
ctx.load(resource);
ctx.refresh();
ctx.start();
-
+
Collection<EntitlementEntity> entitlements = ctx.
getBeansOfType(EntitlementEntity.class, true, true).values();
for (EntitlementEntity e : entitlements) {
em.persist(e);
}
LOG.info(entitlements.size() + " EntitlementEntity added");
-
+
Collection<RoleEntity> roles = ctx.
getBeansOfType(RoleEntity.class, true, true).values();
for (RoleEntity r : roles) {
em.persist(r);
}
LOG.info(roles.size() + " RoleEntity added");
-
+
Collection<ClaimEntity> claims = ctx.getBeansOfType(ClaimEntity.class, true, true).values();
for (ClaimEntity c : claims) {
em.persist(c);
}
LOG.info(claims.size() + " ClaimEntity added");
-
+
Collection<TrustedIdpEntity> trustedIdps = ctx.getBeansOfType(TrustedIdpEntity.class).values();
for (TrustedIdpEntity t : trustedIdps) {
em.persist(t);
}
LOG.info(trustedIdps.size() + " TrustedIdpEntity added");
-
+
Collection<ApplicationEntity> applications = ctx.getBeansOfType(ApplicationEntity.class).values();
for (ApplicationEntity a : applications) {
em.persist(a);
}
LOG.info(applications.size() + " ApplicationEntity added");
-
+
Collection<IdpEntity> idps = ctx.getBeansOfType(IdpEntity.class).values();
for (IdpEntity i : idps) {
em.persist(i);
}
LOG.info(idps.size() + " IdpEntity added");
-
+
Collection<ApplicationClaimEntity> applicationClaims =
ctx.getBeansOfType(ApplicationClaimEntity.class).values();
for (ApplicationClaimEntity ac : applicationClaims) {
em.persist(ac);
}
LOG.info(applicationClaims.size() + " ApplicationClaimEntity added");
-
+
em.flush();
} catch (Exception ex) {
LOG.warn("Failed to initialize DB with data", ex);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPAImpl.java
index 5603e39..56c70ce 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPAImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementDAOJPAImpl.java
@@ -37,23 +37,23 @@ import org.springframework.transaction.annotation.Transactional;
@Repository
@Transactional
public class EntitlementDAOJPAImpl implements EntitlementDAO {
-
+
private static final Logger LOG = LoggerFactory.getLogger(EntitlementDAOJPAImpl.class);
private EntityManager em;
-
+
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public List<Entitlement> getEntitlements(int start, int size) {
List<Entitlement> list = new ArrayList<>();
-
+
Query query = null;
query = em.createQuery("select e from Entitlement e");
-
+
//@SuppressWarnings("rawtypes")
List<?> entitlementEntities = query
.setFirstResult(start)
@@ -64,16 +64,16 @@ public class EntitlementDAOJPAImpl implements EntitlementDAO {
EntitlementEntity entity = (EntitlementEntity) obj;
list.add(entity2domain(entity));
}
-
+
return list;
}
-
+
@Override
public Entitlement addEntitlement(Entitlement entitlement) {
EntitlementEntity entity = new EntitlementEntity();
domain2entity(entitlement, entity);
em.persist(entity);
-
+
LOG.debug("Entitlement '{}' added", entitlement.getName());
return entity2domain(entity);
}
@@ -88,12 +88,12 @@ public class EntitlementDAOJPAImpl implements EntitlementDAO {
Query query = null;
query = em.createQuery("select e from Entitlement e where e.name=:name");
query.setParameter("name", name);
-
+
//@SuppressWarnings("rawtypes")
EntitlementEntity entitlementEntity = (EntitlementEntity)query.getSingleResult();
-
+
domain2entity(entitlement, entitlementEntity);
-
+
LOG.debug("Entitlement '{}' added", entitlement.getName());
em.persist(entitlementEntity);
}
@@ -103,23 +103,23 @@ public class EntitlementDAOJPAImpl implements EntitlementDAO {
Query query = null;
query = em.createQuery("select e from Entitlement e where e.name=:name");
query.setParameter("name", name);
-
+
//@SuppressWarnings("rawtypes")
Object entitlementObj = query.getSingleResult();
em.remove(entitlementObj);
-
+
LOG.debug("Entitlement '{}' deleted", name);
}
-
+
static EntitlementEntity getEntitlementEntity(String name, EntityManager em) {
Query query = null;
query = em.createQuery("select e from Entitlement e where e.name=:name");
query.setParameter("name", name);
-
+
//@SuppressWarnings("rawtypes")
return (EntitlementEntity)query.getSingleResult();
}
-
+
public static void domain2entity(Entitlement entitlement, EntitlementEntity entity) {
//The ID must not be updated if the entity has got an id already (update case)
if (entitlement.getId() > 0) {
@@ -129,7 +129,7 @@ public class EntitlementDAOJPAImpl implements EntitlementDAO {
entity.setName(entitlement.getName());
entity.setDescription(entitlement.getDescription());
}
-
+
public static Entitlement entity2domain(EntitlementEntity entity) {
Entitlement entitlement = new Entitlement();
entitlement.setId(entity.getId());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementEntity.java
index aec6b91..dbb169b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementEntity.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/EntitlementEntity.java
@@ -25,19 +25,19 @@ import org.apache.openjpa.persistence.jdbc.Index;
@Entity(name = "Entitlement")
public class EntitlementEntity {
-
+
@Id
private int id;
-
+
@Index
private String name;
-
+
private String description;
-
+
//Internal entities can't be updated, changed and deleted
//Default: false
private boolean internal;
-
+
public int getId() {
return id;
}
@@ -45,7 +45,7 @@ public class EntitlementEntity {
public void setId(int id) {
this.id = id;
}
-
+
public String getName() {
return name;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
index 5025a25..f085333 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
@@ -42,57 +42,57 @@ import org.springframework.transaction.annotation.Transactional;
@Repository
@Transactional
public class IdpDAOJPAImpl implements IdpDAO {
-
+
private static final Logger LOG = LoggerFactory.getLogger(IdpDAOJPAImpl.class);
private EntityManager em;
-
+
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public List<Idp> getIdps(int start, int size, List<String> expandList) {
List<Idp> list = new ArrayList<>();
-
+
Query query = null;
query = em.createQuery("select i from IDP i");
-
+
/*List serviceEntities = query.setFirstResult(start)
.setMaxResults(size)
.getResultList();*/
-
+
//@SuppressWarnings("rawtypes")
List<?> idpEntities = query
.setFirstResult(start)
.setMaxResults(size)
.getResultList();
-
+
for (Object obj : idpEntities) {
IdpEntity entity = (IdpEntity) obj;
list.add(entity2domain(entity, expandList));
}
return list;
}
-
+
@Override
public Idp getIdp(String realm, List<String> expandList) {
Query query = null;
query = em.createQuery("select i from IDP i where i.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
Object idpObj = query.getSingleResult();
return entity2domain((IdpEntity)idpObj, expandList);
}
-
+
@Override
public Idp addIdp(Idp idp) {
IdpEntity entity = new IdpEntity();
domain2entity(idp, entity);
em.persist(entity);
-
+
LOG.debug("IDP '{}' added", idp.getRealm());
return entity2domain(entity, Arrays.asList("all"));
}
@@ -102,14 +102,14 @@ public class IdpDAOJPAImpl implements IdpDAO {
Query query = null;
query = em.createQuery("select i from IDP i where i.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
IdpEntity idpEntity = (IdpEntity)query.getSingleResult();
-
+
domain2entity(idp, idpEntity);
-
+
em.persist(idpEntity);
-
+
LOG.debug("IDP '{}' updated", idp.getRealm());
}
@@ -118,14 +118,14 @@ public class IdpDAOJPAImpl implements IdpDAO {
Query query = null;
query = em.createQuery("select i from IDP i where i.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
Object idpObj = query.getSingleResult();
em.remove(idpObj);
-
+
LOG.debug("IDP '{}' deleted", realm);
}
-
+
@Override
public void addApplicationToIdp(Idp idp, Application application) {
IdpEntity idpEntity = null;
@@ -134,19 +134,19 @@ public class IdpDAOJPAImpl implements IdpDAO {
} else {
idpEntity = getIdpEntity(idp.getRealm(), em);
}
-
+
ApplicationEntity applicationEntity = null;
if (application.getId() != 0) {
applicationEntity = em.find(ApplicationEntity.class, application.getId());
} else {
applicationEntity = ApplicationDAOJPAImpl.getApplicationEntity(application.getRealm(), em);
}
-
+
idpEntity.getApplications().add(applicationEntity);
-
+
LOG.debug("Application '{}' added to IDP '{}'", application.getRealm(), idp.getRealm());
}
-
+
@Override
public void removeApplicationFromIdp(Idp idp, Application application) {
IdpEntity idpEntity = null;
@@ -155,25 +155,25 @@ public class IdpDAOJPAImpl implements IdpDAO {
} else {
idpEntity = getIdpEntity(idp.getRealm(), em);
}
-
+
ApplicationEntity applicationEntity = null;
if (application.getId() != 0) {
applicationEntity = em.find(ApplicationEntity.class, application.getId());
} else {
applicationEntity = ApplicationDAOJPAImpl.getApplicationEntity(application.getRealm(), em);
}
-
+
if (applicationEntity == null) {
throw new EntityNotFoundException("ApplicationEntity not found");
}
-
+
if (!idpEntity.getApplications().remove(applicationEntity)) {
throw new EntityNotFoundException("ApplicationEntity not assigned to IdpEntity");
}
-
+
LOG.debug("Application '{}' removed from IDP '{}'", application.getRealm(), idp.getRealm());
}
-
+
@Override
public void addTrustedIdpToIdp(Idp idp, TrustedIdp trustedIdp) {
IdpEntity idpEntity = null;
@@ -182,19 +182,19 @@ public class IdpDAOJPAImpl implements IdpDAO {
} else {
idpEntity = getIdpEntity(idp.getRealm(), em);
}
-
+
TrustedIdpEntity trustedIdpEntity = null;
if (trustedIdp.getId() != 0) {
trustedIdpEntity = em.find(TrustedIdpEntity.class, trustedIdp.getId());
} else {
trustedIdpEntity = TrustedIdpDAOJPAImpl.getTrustedIdpEntity(trustedIdp.getRealm(), em);
}
-
+
idpEntity.getTrustedIdps().add(trustedIdpEntity);
-
+
LOG.debug("Trusted IDP '{}' added to IDP '{}'", trustedIdp.getRealm(), idp.getRealm());
}
-
+
@Override
public void removeTrustedIdpFromIdp(Idp idp, TrustedIdp trustedIdp) {
IdpEntity idpEntity = null;
@@ -203,19 +203,19 @@ public class IdpDAOJPAImpl implements IdpDAO {
} else {
idpEntity = getIdpEntity(idp.getRealm(), em);
}
-
+
TrustedIdpEntity trustedIdpEntity = null;
if (trustedIdp.getId() != 0) {
trustedIdpEntity = em.find(TrustedIdpEntity.class, trustedIdp.getId());
} else {
trustedIdpEntity = TrustedIdpDAOJPAImpl.getTrustedIdpEntity(trustedIdp.getRealm(), em);
}
-
+
idpEntity.getTrustedIdps().remove(trustedIdpEntity);
-
+
LOG.debug("Trusted IDP '{}' removed from IDP '{}'", trustedIdp.getRealm(), idp.getRealm());
}
-
+
@Override
public void addClaimToIdp(Idp idp, Claim claim) {
IdpEntity idpEntity = null;
@@ -224,19 +224,19 @@ public class IdpDAOJPAImpl implements IdpDAO {
} else {
idpEntity = getIdpEntity(idp.getRealm(), em);
}
-
+
ClaimEntity claimEntity = null;
if (claim.getId() != 0) {
claimEntity = em.find(ClaimEntity.class, claim.getId());
} else {
claimEntity = ClaimDAOJPAImpl.getClaimEntity(claim.getClaimType().toString(), em);
}
-
+
idpEntity.getClaimTypesOffered().add(claimEntity);
-
+
LOG.debug("Claim '{}' added to IDP '{}'", claim.getClaimType(), idp.getRealm());
}
-
+
@Override
public void removeClaimFromIdp(Idp idp, Claim claim) {
IdpEntity idpEntity = null;
@@ -248,7 +248,7 @@ public class IdpDAOJPAImpl implements IdpDAO {
if (idpEntity == null) {
throw new EntityNotFoundException("IdpEntity not found");
}
-
+
ClaimEntity claimEntity = null;
if (claim.getId() != 0) {
claimEntity = em.find(ClaimEntity.class, claim.getId());
@@ -258,29 +258,29 @@ public class IdpDAOJPAImpl implements IdpDAO {
if (claimEntity == null) {
throw new EntityNotFoundException("ClaimEntity not found");
}
-
+
if (!idpEntity.getClaimTypesOffered().remove(claimEntity)) {
throw new EntityNotFoundException("ClaimEntity not assigned to IdpEntity");
}
-
+
LOG.debug("Claim '{}' removed from IDP '{}'", claim.getClaimType(), idp.getRealm());
}
-
+
static IdpEntity getIdpEntity(String realm, EntityManager em) {
Query query = null;
query = em.createQuery("select i from IDP i where i.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
return (IdpEntity)query.getSingleResult();
}
-
+
public static void domain2entity(Idp idp, IdpEntity entity) {
//The ID must not be updated if the entity has got an id already (update case)
if (idp.getId() > 0) {
entity.setId(idp.getId());
}
-
+
entity.setCertificate(idp.getCertificate());
entity.setCertificatePassword(idp.getCertificatePassword());
entity.setRealm(idp.getRealm());
@@ -294,24 +294,24 @@ public class IdpDAOJPAImpl implements IdpDAO {
entity.setUseCurrentIdp(idp.isUseCurrentIdp());
entity.setRpSingleSignOutConfirmation(idp.isRpSingleSignOutConfirmation());
entity.setRpSingleSignOutCleanupConfirmation(idp.isRpSingleSignOutCleanupConfirmation());
-
+
entity.getAuthenticationURIs().clear();
for (Map.Entry<String, String> item : idp.getAuthenticationURIs().entrySet()) {
entity.getAuthenticationURIs().put(item.getKey(), item.getValue());
}
-
+
entity.getTokenTypesOffered().clear();
for (String item : idp.getTokenTypesOffered()) {
entity.getTokenTypesOffered().add(item);
}
-
+
entity.getSupportedProtocols().clear();
for (String item : idp.getSupportedProtocols()) {
entity.getSupportedProtocols().add(item);
- }
+ }
}
-
+
public static Idp entity2domain(IdpEntity entity, List<String> expandList) {
Idp idp = new Idp();
idp.setId(entity.getId());
@@ -328,39 +328,39 @@ public class IdpDAOJPAImpl implements IdpDAO {
idp.setUseCurrentIdp(entity.isUseCurrentIdp());
idp.setRpSingleSignOutConfirmation(entity.isRpSingleSignOutConfirmation());
idp.setRpSingleSignOutCleanupConfirmation(entity.isRpSingleSignOutCleanupConfirmation());
-
+
if (expandList != null && (expandList.contains("all") || expandList.contains("applications"))) {
for (ApplicationEntity item : entity.getApplications()) {
Application application = ApplicationDAOJPAImpl.entity2domain(item, expandList);
idp.getApplications().add(application);
}
}
-
+
if (expandList != null && (expandList.contains("all") || expandList.contains("trusted-idps"))) {
for (TrustedIdpEntity item : entity.getTrustedIdps()) {
TrustedIdp trustedIdp = TrustedIdpDAOJPAImpl.entity2domain(item);
idp.getTrustedIdps().add(trustedIdp);
}
}
-
+
for (Map.Entry<String, String> item : entity.getAuthenticationURIs().entrySet()) {
idp.getAuthenticationURIs().put(item.getKey(), item.getValue());
}
-
+
for (String item : entity.getTokenTypesOffered()) {
idp.getTokenTypesOffered().add(item);
}
-
+
for (String item : entity.getSupportedProtocols()) {
idp.getSupportedProtocols().add(item);
}
-
+
if (expandList != null && (expandList.contains("all") || expandList.contains("claims"))) {
for (ClaimEntity item : entity.getClaimTypesOffered()) {
idp.getClaimTypesOffered().add(ClaimDAOJPAImpl.entity2domain(item));
}
}
-
+
return idp;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
index 986b28d..1430fbc 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
@@ -82,14 +82,14 @@ public class IdpEntity {
// published hostname, port must be configured
@NotNull
private URL idpUrl;
-
+
private boolean rpSingleSignOutConfirmation;
// RoleDescriptor protocolSupportEnumeration=
// "http://docs.oasis-open.org/wsfed/federation/200706"
// "http://docs.oasis-open.org/ws-sx/ws-trust/200512"
// Could be more in the future
-
+
@ElementCollection
@CollectionTable(name = "idp_protocols")
@Column(name = "protocol")
@@ -134,7 +134,7 @@ public class IdpEntity {
// ServiceDescription
private String serviceDescription;
-
+
private boolean rpSingleSignOutCleanupConfirmation;
@@ -145,7 +145,7 @@ public class IdpEntity {
public void setId(int id) {
this.id = id;
}
-
+
public String getRealm() {
return realm;
}
@@ -281,7 +281,7 @@ public class IdpEntity {
public void setServiceDescription(String serviceDescription) {
this.serviceDescription = serviceDescription;
}
-
+
public boolean isRpSingleSignOutConfirmation() {
return rpSingleSignOutConfirmation;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java
index 0493bf9..ac70772 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleDAOJPAImpl.java
@@ -39,53 +39,53 @@ import org.springframework.transaction.annotation.Transactional;
@Repository
@Transactional
public class RoleDAOJPAImpl implements RoleDAO {
-
+
private static final Logger LOG = LoggerFactory.getLogger(RoleDAOJPAImpl.class);
private EntityManager em;
-
+
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public List<Role> getRoles(int start, int size, List<String> expandList) {
List<Role> list = new ArrayList<>();
-
+
Query query = null;
query = em.createQuery("select r from Role r");
-
+
//@SuppressWarnings("rawtypes")
List<?> roleEntities = query
.setFirstResult(start)
.setMaxResults(size)
.getResultList();
-
+
for (Object obj : roleEntities) {
RoleEntity entity = (RoleEntity) obj;
list.add(entity2domain(entity, expandList));
}
return list;
}
-
+
@Override
public Role getRole(String name, List<String> expandList) {
Query query = null;
query = em.createQuery("select r from Role r where r.name=:name");
query.setParameter("name", name);
-
+
//@SuppressWarnings("rawtypes")
Object roleObj = query.getSingleResult();
return entity2domain((RoleEntity)roleObj, expandList);
}
-
+
@Override
public Role addRole(Role role) {
RoleEntity entity = new RoleEntity();
domain2entity(role, entity);
em.persist(entity);
-
+
LOG.debug("Role '{}' added", role.getName());
return entity2domain(entity, Arrays.asList("all"));
}
@@ -95,14 +95,14 @@ public class RoleDAOJPAImpl implements RoleDAO {
Query query = null;
query = em.createQuery("select r from Role r where r.name=:name");
query.setParameter("name", name);
-
+
//@SuppressWarnings("rawtypes")
RoleEntity roleEntity = (RoleEntity)query.getSingleResult();
-
+
domain2entity(role, roleEntity);
-
+
em.persist(roleEntity);
-
+
LOG.debug("Role '{}' updated", role.getName());
}
@@ -111,14 +111,14 @@ public class RoleDAOJPAImpl implements RoleDAO {
Query query = null;
query = em.createQuery("select r from Role r where r.name=:name");
query.setParameter("name", name);
-
+
//@SuppressWarnings("rawtypes")
Object roleObj = query.getSingleResult();
em.remove(roleObj);
-
+
LOG.debug("Role '{}' deleted", name);
}
-
+
@Override
public void addEntitlementToRole(Role role, Entitlement entitlement) {
RoleEntity roleEntity = null;
@@ -127,19 +127,19 @@ public class RoleDAOJPAImpl implements RoleDAO {
} else {
roleEntity = getRoleEntity(role.getName(), em);
}
-
+
EntitlementEntity entitlementEntity = null;
if (entitlement.getId() != 0) {
entitlementEntity = em.find(EntitlementEntity.class, entitlement.getId());
} else {
entitlementEntity = EntitlementDAOJPAImpl.getEntitlementEntity(entitlement.getName(), em);
}
-
+
roleEntity.getEntitlements().add(entitlementEntity);
-
+
LOG.debug("Entitlement '{}' added to Role '{}'", entitlement.getName(), role.getName());
}
-
+
@Override
public void removeEntitlementFromRole(Role role, Entitlement entitlement) {
RoleEntity roleEntity = null;
@@ -148,58 +148,58 @@ public class RoleDAOJPAImpl implements RoleDAO {
} else {
roleEntity = getRoleEntity(role.getName(), em);
}
-
+
EntitlementEntity entitlementEntity = null;
if (entitlement.getId() != 0) {
entitlementEntity = em.find(EntitlementEntity.class, entitlement.getId());
} else {
entitlementEntity = EntitlementDAOJPAImpl.getEntitlementEntity(entitlement.getName(), em);
}
-
+
if (entitlementEntity == null) {
throw new EntityNotFoundException("EntitlementEntity not found");
}
-
+
if (!roleEntity.getEntitlements().remove(entitlementEntity)) {
throw new EntityNotFoundException("EntitlementEntity not assigned to RoleEntity");
}
-
+
LOG.debug("Entitlement '{}' removed from Role '{}'", entitlement.getName(), role.getName());
}
-
+
static RoleEntity getRoleEntity(String realm, EntityManager em) {
Query query = null;
query = em.createQuery("select i from IDP i where i.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
return (RoleEntity)query.getSingleResult();
}
-
+
public static void domain2entity(Role role, RoleEntity entity) {
//The ID must not be updated if the entity has got an id already (update case)
if (role.getId() > 0) {
entity.setId(role.getId());
}
-
+
entity.setName(role.getName());
entity.setDescription(role.getDescription());
}
-
+
public static Role entity2domain(RoleEntity entity, List<String> expandList) {
Role role = new Role();
role.setId(entity.getId());
role.setName(entity.getName());
role.setDescription(entity.getDescription());
-
+
if (expandList != null && (expandList.contains("all") || expandList.contains("entitlements"))) {
for (EntitlementEntity item : entity.getEntitlements()) {
Entitlement entitlement = EntitlementDAOJPAImpl.entity2domain(item);
role.getEntitlements().add(entitlement);
}
}
-
+
return role;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java
index 3b515c3..eb7c141 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/RoleEntity.java
@@ -30,18 +30,18 @@ import org.apache.openjpa.persistence.jdbc.Index;
@Entity(name = "Role")
public class RoleEntity {
-
+
@Id
private int id;
-
+
@Index
private String name;
-
+
private String description;
-
+
@ManyToMany(cascade = CascadeType.ALL)
private List<EntitlementEntity> entitlements = new ArrayList<>();
-
+
public int getId() {
return id;
}
@@ -49,7 +49,7 @@ public class RoleEntity {
public void setId(int id) {
this.id = id;
}
-
+
public String getName() {
return name;
}
@@ -65,7 +65,7 @@ public class RoleEntity {
public void setDescription(String description) {
this.description = description;
}
-
+
public List<EntitlementEntity> getEntitlements() {
return entitlements;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
index 16d05f1..fbb654a 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpDAOJPAImpl.java
@@ -37,23 +37,23 @@ import org.springframework.transaction.annotation.Transactional;
@Transactional
@Repository
public class TrustedIdpDAOJPAImpl implements TrustedIdpDAO {
-
+
private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpDAOJPAImpl.class);
private EntityManager em;
-
+
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.em = entityManager;
}
-
+
@Override
public List<TrustedIdp> getTrustedIDPs(int start, int size) {
List<TrustedIdp> list = new ArrayList<>();
-
+
Query query = null;
query = em.createQuery("select t from TrustedIDP t");
-
+
List<?> idpEntities = query
.setFirstResult(start)
.setMaxResults(size)
@@ -63,7 +63,7 @@ public class TrustedIdpDAOJPAImpl implements TrustedIdpDAO {
TrustedIdpEntity entity = (TrustedIdpEntity) obj;
list.add(entity2domain(entity));
}
-
+
return list;
}
@@ -71,24 +71,24 @@ public class TrustedIdpDAOJPAImpl implements TrustedIdpDAO {
public TrustedIdp getTrustedIDP(String realm) {
return entity2domain(getTrustedIdpEntity(realm, em));
}
-
+
@Override
public TrustedIdp addTrustedIDP(TrustedIdp trustedIdp) {
TrustedIdpEntity entity = new TrustedIdpEntity();
domain2entity(trustedIdp, entity);
em.persist(entity);
-
+
LOG.debug("Trusted IDP '" + trustedIdp.getRealm() + "' added");
return entity2domain(entity);
}
-
+
@Override
public void updateTrustedIDP(String realm, TrustedIdp trustedIdp) {
TrustedIdpEntity trustedIdpEntity = getTrustedIdpEntity(realm, em);
-
+
domain2entity(trustedIdp, trustedIdpEntity);
em.persist(trustedIdpEntity);
-
+
LOG.debug("Trusted IDP '" + trustedIdp.getRealm() + "' updated");
}
@@ -97,23 +97,23 @@ public class TrustedIdpDAOJPAImpl implements TrustedIdpDAO {
Query query = null;
query = em.createQuery("select t from TrustedIDP t where t.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
Object trustedIdpObj = query.getSingleResult();
em.remove(trustedIdpObj);
-
+
LOG.debug("Trusted IDP '" + realm + "' deleted");
}
-
+
static TrustedIdpEntity getTrustedIdpEntity(String realm, EntityManager em) {
Query query = null;
query = em.createQuery("select t from TrustedIDP t where t.realm=:realm");
query.setParameter("realm", realm);
-
+
//@SuppressWarnings("rawtypes")
return (TrustedIdpEntity)query.getSingleResult();
}
-
+
public static void domain2entity(TrustedIdp trustedIDP, TrustedIdpEntity entity) {
//The ID must not be updated if the entity has got an id already (update case)
if (trustedIDP.getId() > 0) {
@@ -132,7 +132,7 @@ public class TrustedIdpDAOJPAImpl implements TrustedIdpDAO {
entity.setUrl(trustedIDP.getUrl());
entity.setParameters(trustedIDP.getParameters());
}
-
+
public static TrustedIdp entity2domain(TrustedIdpEntity entity) {
TrustedIdp trustedIDP = new TrustedIdp();
trustedIDP.setId(entity.getId());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
index a4c6592..9ee23a9 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpEntity.java
@@ -47,52 +47,52 @@ public class TrustedIdpEntity {
@Index
@NotNull
private String realm; //wtrealm, whr
-
+
private String issuer; //Validation of issuer name in SAMLResponse
// Should tokens be cached from trusted IDPs
// to avoid redirection to the trusted IDP again for next SignIn request
private boolean cacheTokens;
-
+
//Could be read from Metadata, PassiveRequestorEndpoint
@NotNull
private String url;
-
+
//Could be read from Metadata, md:KeyDescriptor, use="signing"
//Store certificate in DB or filesystem, provide options?
private String certificate;
-
+
//Direct trust (signing cert imported), Indirect trust (CA certs imported, subject configured)
@Enumerated(EnumType.STRING)
private TrustType trustType;
-
+
//Could be read from Metadata, RoleDescriptor protocolSupportEnumeration=
// "http://docs.oasis-open.org/wsfed/federation/200706"
// Metadata could provide more than one but one must be chosen
@TrustedIdpProtocolSupported
private String protocol;
-
+
//FederateIdentity, FederateClaims
@Enumerated(EnumType.STRING)
private FederationType federationType;
-
+
//optional (to provide a list of IDPs)
@NotNull
private String name;
-
+
//optional (to provide a list of IDPs)
private String description;
-
+
//optional (to provide a list of IDPs)
private String logo;
-
+
// Additional (possibly protocol specific parameters)
@ElementCollection
@MapKeyColumn(name = "name")
@Column(name = "value")
@CollectionTable(name = "trusted_idp_parameters", joinColumns = @JoinColumn(name = "trusted_idp_id"))
private Map<String, String> parameters = new HashMap<>();
-
+
public int getId() {
return id;
@@ -109,7 +109,7 @@ public class TrustedIdpEntity {
public void setIssuer(String issuer) {
this.issuer = issuer;
}
-
+
public String getRealm() {
return realm;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpProtocolSupportValidator.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpProtocolSupportValidator.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpProtocolSupportValidator.java
index 75ac2ec..54c00f2 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpProtocolSupportValidator.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/TrustedIdpProtocolSupportValidator.java
@@ -39,10 +39,10 @@ public class TrustedIdpProtocolSupportValidator implements ConstraintValidator<T
// Qualifier workaround. See http://www.jayway.com/2013/11/03/spring-and-autowiring-of-generic-types/
@Qualifier("trustedIdpProtocolControllerImpl")
private ProtocolController<TrustedIdpProtocolHandler> trustedIdpProtocolHandlers;
-
+
@Override
public boolean isValid(String object, ConstraintValidatorContext constraintContext) {
-
+
List<String> protocols = trustedIdpProtocolHandlers.getProtocols();
return protocols.contains(object);
}
[17/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index 076f861..0cb71f5 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -56,9 +56,9 @@ import static org.apache.cxf.fediz.core.FedizConstants.SCHEMA_INSTANCE_NS;
import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
public class MetadataWriter {
-
+
private static final Logger LOG = LoggerFactory.getLogger(MetadataWriter.class);
-
+
private static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newInstance();
//CHECKSTYLE:OFF
@@ -77,14 +77,14 @@ public class MetadataWriter {
String referenceID = IDGenerator.generateID("_");
writer.writeStartElement("md", "EntityDescriptor", SAML2_METADATA_NS);
writer.writeAttribute("ID", referenceID);
-
+
String serviceURL = protocol.getApplicationServiceURL();
if (serviceURL == null) {
serviceURL = extractFullContextPath(request);
}
-
+
writer.writeAttribute("entityID", serviceURL);
-
+
writer.writeNamespace("md", SAML2_METADATA_NS);
writer.writeNamespace("fed", WS_FEDERATION_NS);
writer.writeNamespace("wsa", WS_ADDRESSING_NS);
@@ -96,11 +96,11 @@ public class MetadataWriter {
} else if (protocol instanceof SAMLProtocol) {
writeSAMLMetadata(writer, request, config, serviceURL);
}
-
+
writer.writeEndElement(); // EntityDescriptor
writer.writeEndDocument();
-
+
streamWriter.flush();
bout.flush();
//
@@ -124,7 +124,7 @@ public class MetadataWriter {
if (hasSigningKey) {
Document doc = DOMUtils.readXml(is);
Document result = SignatureUtils.signMetaInfo(
- config.getSigningKey().getCrypto(), config.getSigningKey().getKeyAlias(), config.getSigningKey().getKeyPassword(),
+ config.getSigningKey().getCrypto(), config.getSigningKey().getKeyAlias(), config.getSigningKey().getKeyPassword(),
doc, referenceID);
if (result != null) {
return result;
@@ -144,7 +144,7 @@ public class MetadataWriter {
}
private void writeFederationMetadata(
- XMLStreamWriter writer,
+ XMLStreamWriter writer,
FedizContext config,
String serviceURL
) throws XMLStreamException {
@@ -158,7 +158,7 @@ public class MetadataWriter {
writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
writer.writeCharacters(serviceURL);
-
+
writer.writeEndElement(); // Address
writer.writeEndElement(); // EndpointReference
writer.writeEndElement(); // ApplicationServiceEndpoint
@@ -214,24 +214,24 @@ public class MetadataWriter {
writer.writeEndElement(); // PassiveRequestorEndpoint
writer.writeEndElement(); // RoleDescriptor
}
-
+
private void writeSAMLMetadata(
- XMLStreamWriter writer,
+ XMLStreamWriter writer,
HttpServletRequest request,
FedizContext config,
String serviceURL
) throws Exception {
-
+
SAMLProtocol protocol = (SAMLProtocol)config.getProtocol();
-
+
writer.writeStartElement("md", "SPSSODescriptor", SAML2_METADATA_NS);
writer.writeAttribute("AuthnRequestsSigned", Boolean.toString(protocol.isSignRequest()));
writer.writeAttribute("WantAssertionsSigned", "true");
writer.writeAttribute("protocolSupportEnumeration", "urn:oasis:names:tc:SAML:2.0:protocol");
-
+
if (config.getLogoutURL() != null) {
writer.writeStartElement("md", "SingleLogoutService", SAML2_METADATA_NS);
-
+
String logoutURL = config.getLogoutURL();
if (logoutURL.startsWith("/")) {
logoutURL = extractFullContextPath(request).concat(logoutURL.substring(1));
@@ -239,39 +239,39 @@ public class MetadataWriter {
logoutURL = extractFullContextPath(request).concat(logoutURL);
}
writer.writeAttribute("Location", logoutURL);
-
+
writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
writer.writeEndElement(); // SingleLogoutService
}
-
+
writer.writeStartElement("md", "AssertionConsumerService", SAML2_METADATA_NS);
writer.writeAttribute("Location", serviceURL);
writer.writeAttribute("index", "0");
writer.writeAttribute("isDefault", "true");
writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
writer.writeEndElement(); // AssertionConsumerService
-
+
if (protocol.getClaimTypesRequested() != null && !protocol.getClaimTypesRequested().isEmpty()) {
writer.writeStartElement("md", "AttributeConsumingService", SAML2_METADATA_NS);
writer.writeAttribute("index", "0");
-
+
writer.writeStartElement("md", "ServiceName", SAML2_METADATA_NS);
writer.writeAttribute("xml:lang", "en");
writer.writeCharacters(config.getName());
writer.writeEndElement(); // ServiceName
-
+
for (Claim claim : protocol.getClaimTypesRequested()) {
writer.writeStartElement("md", "RequestedAttribute", SAML2_METADATA_NS);
writer.writeAttribute("isRequired", Boolean.toString(claim.isOptional()));
writer.writeAttribute("Name", claim.getType());
- writer.writeAttribute("NameFormat",
+ writer.writeAttribute("NameFormat",
"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
writer.writeEndElement(); // RequestedAttribute
}
-
+
writer.writeEndElement(); // AttributeConsumingService
}
-
+
boolean hasSigningKey = false;
try {
if (config.getSigningKey().getCrypto() != null) {
@@ -283,7 +283,7 @@ public class MetadataWriter {
if (protocol.isSignRequest() && hasSigningKey) {
writer.writeStartElement("md", "KeyDescriptor", SAML2_METADATA_NS);
writer.writeAttribute("use", "signing");
-
+
writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
writer.writeStartElement("ds", "X509Data", "http://www.w3.org/2000/09/xmldsig#");
@@ -294,23 +294,23 @@ public class MetadataWriter {
if (keyAlias == null || "".equals(keyAlias)) {
keyAlias = config.getSigningKey().getCrypto().getDefaultX509Identifier();
}
- X509Certificate cert =
+ X509Certificate cert =
CertsUtils.getX509CertificateFromCrypto(config.getSigningKey().getCrypto(), keyAlias);
if (cert == null) {
throw new ProcessingException(
- "No signing certs were found to insert into the metadata using name: "
+ "No signing certs were found to insert into the metadata using name: "
+ keyAlias);
}
byte data[] = cert.getEncoded();
String encodedCertificate = Base64.encode(data);
writer.writeCharacters(encodedCertificate);
-
+
writer.writeEndElement(); // X509Certificate
writer.writeEndElement(); // X509Data
writer.writeEndElement(); // KeyInfo
writer.writeEndElement(); // KeyDescriptor
}
-
+
writer.writeEndElement(); // SPSSODescriptor
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
index fa7e49d..cad8c60 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
@@ -38,7 +38,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public abstract class AbstractFedizProcessor implements FedizProcessor {
-
+
private static final Logger LOG = LoggerFactory.getLogger(AbstractFedizProcessor.class);
protected String resolveIssuer(HttpServletRequest request, FedizContext config) throws IOException,
@@ -74,8 +74,8 @@ public abstract class AbstractFedizProcessor implements FedizProcessor {
}
return wtRealm;
}
-
- protected void testForReplayAttack(String tokenId, FedizContext config, Date expires)
+
+ protected void testForReplayAttack(String tokenId, FedizContext config, Date expires)
throws ProcessingException {
// Check whether token already used for signin
if (tokenId != null && config.isDetectReplayedTokens()) {
@@ -118,5 +118,5 @@ public abstract class AbstractFedizProcessor implements FedizProcessor {
}
return result;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 0066c11..cc03440 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -155,7 +155,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
el = DOMUtils.getNextElement(el);
}
-
+
if (LOG.isDebugEnabled()) {
if (rst != null) {
LOG.debug("RST: {}", DOM2Writer.nodeToString(rst));
@@ -165,7 +165,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
}
LOG.debug("Tokentype: {}", tt);
-
+
if (rst == null) {
LOG.warn("RequestedSecurityToken element not found in wresult");
throw new ProcessingException(TYPE.BAD_REQUEST);
@@ -209,8 +209,8 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
testForReplayAttack(validatorResponse.getUniqueTokenId(), config, expires);
testForMandatoryClaims(((FederationProtocol)config.getProtocol()).getRoleURI(),
- ((FederationProtocol)config.getProtocol()).getClaimTypesRequested(),
- validatorResponse.getClaims(),
+ ((FederationProtocol)config.getProtocol()).getClaimTypesRequested(),
+ validatorResponse.getClaims(),
validatorResponse.getRoles() != null && !validatorResponse.getRoles().isEmpty());
Date created = validatorResponse.getCreated();
@@ -510,7 +510,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
if (logoutRedirectToConstraint == null) {
LOG.debug("No regular expression constraint configured for logout. Ignoring wreply parameter");
} else {
- Matcher matcher =
+ Matcher matcher =
logoutRedirectToConstraint.matcher(request.getParameter(FederationConstants.PARAM_REPLY));
if (matcher.matches()) {
logoutRedirectTo = request.getParameter(FederationConstants.PARAM_REPLY);
@@ -520,11 +520,11 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
}
}
-
+
if (logoutRedirectTo == null || logoutRedirectTo.isEmpty()) {
logoutRedirectTo = config.getLogoutRedirectTo();
}
-
+
if (logoutRedirectTo != null && !logoutRedirectTo.isEmpty()) {
if (logoutRedirectTo.startsWith("/")) {
logoutRedirectTo = extractFullContextPath(request).concat(logoutRedirectTo.substring(1));
@@ -536,7 +536,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
sb.append('&').append(FederationConstants.PARAM_REPLY).append('=');
sb.append(URLEncoder.encode(logoutRedirectTo, "UTF-8"));
}
-
+
String signOutQuery = resolveSignOutQuery(request, config);
LOG.debug("SignIn Query: {}", signOutQuery);
@@ -544,7 +544,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
if (signOutQuery != null && signOutQuery.length() > 0) {
sb.append('&').append(signOutQuery);
}
-
+
redirectURL = redirectURL + "?" + sb.toString();
} catch (Exception ex) {
LOG.error("Failed to create SignInRequest", ex);
@@ -585,7 +585,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
return signInQuery;
}
-
+
private String resolveSignOutQuery(HttpServletRequest request, FedizContext config) throws IOException,
UnsupportedCallbackException, UnsupportedEncodingException {
Object signOutQueryObj = ((FederationProtocol)config.getProtocol()).getSignOutQuery();
@@ -662,7 +662,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
LOG.debug("Users home realm will be set to {}", homeRealm);
return homeRealm;
}
-
+
private String resolveHomeRealm(Object cbh, HttpServletRequest request) {
if (cbh instanceof CallbackHandler) {
CallbackHandler hrCBH = (CallbackHandler)cbh;
@@ -716,7 +716,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
return wReq;
}
-
+
private String resolveReply(HttpServletRequest request, FedizContext config) throws IOException,
UnsupportedCallbackException {
Object replyObj = ((FederationProtocol)config.getProtocol()).getReply();
@@ -735,9 +735,9 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
return reply;
}
-
+
private void testForMandatoryClaims(String roleURI,
- List<org.apache.cxf.fediz.core.config.Claim> requestedClaims,
+ List<org.apache.cxf.fediz.core.config.Claim> requestedClaims,
List<org.apache.cxf.fediz.core.Claim> receivedClaims,
boolean foundRoles
) throws ProcessingException {
@@ -752,7 +752,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
}
if (!found && foundRoles && roleURI != null && roleURI.equals(requestedClaim.getType())) {
- // Maybe the requested claim is a role, which has already been removed
+ // Maybe the requested claim is a role, which has already been removed
// from the claims collection
found = true;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
index 846ebf8..0e7ea7b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
@@ -32,7 +32,7 @@ public interface FedizProcessor {
FedizResponse processRequest(
FedizRequest request, FedizContext config
) throws ProcessingException;
-
+
RedirectionResponse createSignInRequest(
HttpServletRequest request, FedizContext config
) throws ProcessingException;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java
index ebc441e..eb8ecb3 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java
@@ -27,7 +27,7 @@ import org.apache.cxf.fediz.core.config.SAMLProtocol;
* A Factory to return FedizProcessor instances depending on the Protocol
*/
public final class FedizProcessorFactory {
-
+
private FedizProcessorFactory() {
// complete
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
index e71c0cb..4b07a57 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
@@ -30,7 +30,7 @@ import org.apache.cxf.fediz.core.RequestState;
public class FedizRequest implements Serializable {
private static final long serialVersionUID = 1L;
-
+
private String action;
private String responseToken;
private String freshness;
@@ -88,5 +88,5 @@ public class FedizRequest implements Serializable {
public void setRequestState(RequestState requestState) {
this.requestState = requestState;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
index 255765d..0c0ae33 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
@@ -31,7 +31,7 @@ import org.apache.cxf.fediz.core.Claim;
public class FedizResponse implements Serializable {
private static final long serialVersionUID = 1L;
-
+
private String audience;
private String username;
private List<String> roles;
@@ -51,7 +51,7 @@ public class FedizResponse implements Serializable {
private Date tokenExpires;
//CHECKSTYLE:OFF
- public FedizResponse(String username, String issuer, List<String> roles, List<Claim> claims, String audience,
+ public FedizResponse(String username, String issuer, List<String> roles, List<Claim> claims, String audience,
Date created, Date expires, Element token, String uniqueTokenId) {
this.username = username;
this.issuer = issuer;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
index 96589a0..91ded34 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
@@ -31,23 +31,23 @@ import org.apache.cxf.fediz.core.RequestState;
public class RedirectionResponse implements Serializable {
private static final long serialVersionUID = 3182350165552249151L;
-
+
private String redirectionURL;
private Map<String, String> headers = new HashMap<>();
private RequestState requestState;
-
+
public String getRedirectionURL() {
return redirectionURL;
}
-
+
public void setRedirectionURL(String redirectionURL) {
this.redirectionURL = redirectionURL;
}
-
+
public Map<String, String> getHeaders() {
return headers;
}
-
+
public void addHeader(String headerName, String headerValue) {
headers.put(headerName, headerValue);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 6fb50fa..6233c60 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -69,7 +69,7 @@ import org.slf4j.LoggerFactory;
public class SAMLProcessorImpl extends AbstractFedizProcessor {
private static final Logger LOG = LoggerFactory.getLogger(SAMLProcessorImpl.class);
-
+
static {
OpenSAMLUtil.initSamlEngine();
}
@@ -85,25 +85,25 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
public FedizResponse processRequest(FedizRequest request,
FedizContext config)
throws ProcessingException {
-
+
if (!(config.getProtocol() instanceof SAMLProtocol)) {
LOG.error("Unsupported protocol");
throw new IllegalStateException("Unsupported protocol");
}
-
+
if (request.getResponseToken() == null || request.getState() == null) {
LOG.error("Missing response token or RelayState parameters");
throw new ProcessingException(TYPE.INVALID_REQUEST);
}
-
+
return processSignInRequest(request, config);
}
-
+
public Document getMetaData(HttpServletRequest request, FedizContext config) throws ProcessingException {
return new MetadataWriter().getMetaData(request, config);
}
-
+
private RequestState processRelayState(
String relayState, RequestState requestState
) throws ProcessingException {
@@ -117,14 +117,14 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
}
return requestState;
}
-
+
protected FedizResponse processSignInRequest(
FedizRequest request, FedizContext config)
throws ProcessingException {
SAMLProtocol protocol = (SAMLProtocol)config.getProtocol();
- RequestState requestState =
+ RequestState requestState =
processRelayState(request.getState(), request.getRequestState());
-
+
InputStream tokenStream = null;
try {
byte[] deflatedToken = Base64.decode(request.getResponseToken());
@@ -138,7 +138,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
} catch (Base64DecodingException e) {
throw new ProcessingException(TYPE.INVALID_REQUEST);
}
-
+
Document doc = null;
Element el = null;
try {
@@ -149,9 +149,9 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
LOG.warn("Failed to parse token: " + e.getMessage());
throw new ProcessingException(TYPE.INVALID_REQUEST);
}
-
+
LOG.debug("Received response: " + DOM2Writer.nodeToString(el));
-
+
XMLObject responseObject = null;
try {
responseObject = OpenSAMLUtil.fromDom(el);
@@ -162,31 +162,31 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
if (!(responseObject instanceof org.opensaml.saml.saml2.core.Response)) {
throw new ProcessingException(TYPE.INVALID_REQUEST);
}
-
+
// Validate the Response
validateSamlResponseProtocol((org.opensaml.saml.saml2.core.Response)responseObject, config);
-
- SSOValidatorResponse ssoValidatorResponse =
- validateSamlSSOResponse((org.opensaml.saml.saml2.core.Response)responseObject,
+
+ SSOValidatorResponse ssoValidatorResponse =
+ validateSamlSSOResponse((org.opensaml.saml.saml2.core.Response)responseObject,
request.getRequest(), requestState, config);
-
+
// Validate the internal assertion(s)
TokenValidatorResponse validatorResponse = null;
- List<Element> assertions =
+ List<Element> assertions =
DOMUtils.getChildrenWithName(el, SAMLConstants.SAML20_NS, "Assertion");
-
+
if (assertions.isEmpty()) {
LOG.debug("No Assertion extracted from SAML Response");
throw new ProcessingException(TYPE.INVALID_REQUEST);
}
Element token = assertions.get(0);
-
+
List<TokenValidator> validators = protocol.getTokenValidators();
for (TokenValidator validator : validators) {
boolean canHandle = validator.canHandleToken(token);
if (canHandle) {
try {
- TokenValidatorRequest validatorRequest =
+ TokenValidatorRequest validatorRequest =
new TokenValidatorRequest(token, request.getCerts());
validatorResponse = validator.validateAndProcessToken(validatorRequest, config);
} catch (ProcessingException ex) {
@@ -201,19 +201,19 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
-
+
if (validatorResponse == null) {
LOG.warn("No token validation response was available");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
-
+
// Check whether token already used for signin
Date expires = validatorResponse.getExpires();
if (expires == null) {
expires = ssoValidatorResponse.getSessionNotOnOrAfter();
}
testForReplayAttack(validatorResponse.getUniqueTokenId(), config, expires);
-
+
FedizResponse fedResponse = new FedizResponse(
validatorResponse.getUsername(), validatorResponse.getIssuer(),
validatorResponse.getRoles(), validatorResponse.getClaims(),
@@ -225,10 +225,10 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
return fedResponse;
}
-
+
/**
* Validate the received SAML Response as per the protocol
- * @throws ProcessingException
+ * @throws ProcessingException
*/
protected void validateSamlResponseProtocol(
org.opensaml.saml.saml2.core.Response samlResponse,
@@ -242,10 +242,10 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
throw new ProcessingException(TYPE.INVALID_REQUEST);
}
}
-
+
/**
* Validate the received SAML Response as per the Web SSO profile
- * @throws ProcessingException
+ * @throws ProcessingException
*/
protected SSOValidatorResponse validateSamlSSOResponse(
org.opensaml.saml.saml2.core.Response samlResponse,
@@ -258,8 +258,8 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
String requestURL = request.getRequestURL().toString();
ssoResponseValidator.setAssertionConsumerURL(requestURL);
ssoResponseValidator.setClientAddress(request.getRemoteAddr());
-
- boolean doNotEnforceKnownIssuer =
+
+ boolean doNotEnforceKnownIssuer =
((SAMLProtocol)config.getProtocol()).isDoNotEnforceKnownIssuer();
ssoResponseValidator.setEnforceKnownIssuer(!doNotEnforceKnownIssuer);
@@ -286,32 +286,32 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
LOG.error("Unsupported protocol");
throw new IllegalStateException("Unsupported protocol");
}
-
+
String issuerURL = resolveIssuer(request, config);
LOG.info("Issuer url: " + issuerURL);
if (issuerURL != null && issuerURL.length() > 0) {
redirectURL = issuerURL;
}
-
- SAMLPRequestBuilder samlpRequestBuilder =
+
+ SAMLPRequestBuilder samlpRequestBuilder =
((SAMLProtocol)config.getProtocol()).getSAMLPRequestBuilder();
-
+
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
-
+
// Create the AuthnRequest
String requestURL = request.getRequestURL().toString();
String realm = resolveWTRealm(request, config);
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
samlpRequestBuilder.createAuthnRequest(realm, requestURL);
-
+
if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
authnRequest.setDestination(redirectURL);
}
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState();
requestState.setTargetAddress(requestURL);
@@ -321,34 +321,34 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
requestState.setWebAppContext(authnRequest.getIssuer().getValue());
requestState.setState(relayState);
requestState.setCreatedAt(System.currentTimeMillis());
-
- String urlEncodedRequest =
+
+ String urlEncodedRequest =
URLEncoder.encode(authnRequestEncoded, "UTF-8");
-
+
StringBuilder sb = new StringBuilder();
sb.append(SAMLSSOConstants.SAML_REQUEST).append('=').append(urlEncodedRequest);
sb.append("&" + SAMLSSOConstants.RELAY_STATE).append('=').append(relayState);
-
+
if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
String signature = signRequest(config, sb);
sb.append("&" + SAMLSSOConstants.SIGNATURE).append('=').append(signature);
}
-
+
RedirectionResponse response = new RedirectionResponse();
response.addHeader("Cache-Control", "no-cache, no-store");
response.addHeader("Pragma", "no-cache");
response.setRequestState(requestState);
-
+
redirectURL = redirectURL + "?" + sb.toString();
response.setRedirectionURL(redirectURL);
-
+
return response;
} catch (Exception ex) {
LOG.error("Failed to create SignInRequest", ex);
throw new ProcessingException("Failed to create SignInRequest");
}
}
-
+
/**
* Sign a request according to the redirect binding spec for Web SSO
*/
@@ -371,14 +371,14 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
LOG.debug("No signature password available");
throw new ProcessingException("Failed to Sign Request");
}
-
+
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey(signatureUser, signaturePassword);
if (privateKey == null) {
LOG.debug("No private key available");
throw new ProcessingException("Failed to Sign Request");
}
-
+
String sigAlgo = WSConstants.RSA_SHA1;
String jceSigAlgo = "SHA1withRSA";
LOG.debug("automatic sig algo detection: " + privateKey.getAlgorithm());
@@ -387,22 +387,22 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
jceSigAlgo = "SHA1withDSA";
}
LOG.debug("Using Signature algorithm " + sigAlgo);
-
+
// Sign the request
Signature signature = Signature.getInstance(jceSigAlgo);
signature.initSign(privateKey);
-
+
sb.append("&" + SAMLSSOConstants.SIG_ALG).append('=').append(URLEncoder.encode(sigAlgo, "UTF-8"));
String requestToSign = sb.toString();
signature.update(requestToSign.getBytes("UTF-8"));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
return URLEncoder.encode(encodedSignature, "UTF-8");
}
-
+
protected String encodeAuthnRequest(Element authnRequest) throws IOException {
String requestMessage = DOM2Writer.nodeToString(authnRequest);
@@ -412,11 +412,11 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
}
@Override
- public RedirectionResponse createSignOutRequest(HttpServletRequest request,
+ public RedirectionResponse createSignOutRequest(HttpServletRequest request,
SamlAssertionWrapper token,
FedizContext config)
throws ProcessingException {
-
+
String redirectURL = null;
try {
if (!(config.getProtocol() instanceof SAMLProtocol)) {
@@ -436,52 +436,52 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
LOG.debug("No issuerLogoutURL or issuer parameter specified for logout");
throw new ProcessingException("Failed to create SignOutRequest");
}
-
- SAMLPRequestBuilder samlpRequestBuilder =
+
+ SAMLPRequestBuilder samlpRequestBuilder =
((SAMLProtocol)config.getProtocol()).getSAMLPRequestBuilder();
-
+
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
-
+
// Create the LogoutRequest
String realm = resolveWTRealm(request, config);
String reason = "urn:oasis:names:tc:SAML:2.0:logout:user";
- LogoutRequest logoutRequest =
+ LogoutRequest logoutRequest =
samlpRequestBuilder.createLogoutRequest(realm, reason, token);
-
+
if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
logoutRequest.setDestination(redirectURL);
}
-
+
Element logoutRequestElement = OpenSAMLUtil.toDom(logoutRequest, doc);
String logoutRequestEncoded = encodeAuthnRequest(logoutRequestElement);
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
- String urlEncodedRequest =
+
+ String urlEncodedRequest =
URLEncoder.encode(logoutRequestEncoded, "UTF-8");
StringBuilder sb = new StringBuilder();
sb.append(SAMLSSOConstants.SAML_REQUEST).append('=').append(urlEncodedRequest);
sb.append("&" + SAMLSSOConstants.RELAY_STATE).append('=').append(relayState);
-
+
if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
String signature = signRequest(config, sb);
sb.append("&" + SAMLSSOConstants.SIGNATURE).append('=').append(signature);
}
-
+
RedirectionResponse response = new RedirectionResponse();
response.addHeader("Cache-Control", "no-cache, no-store");
response.addHeader("Pragma", "no-cache");
-
+
redirectURL = redirectURL + "?" + sb.toString();
response.setRedirectionURL(redirectURL);
-
+
return response;
} catch (Exception ex) {
LOG.error("Failed to create SignOutRequest", ex);
throw new ProcessingException("Failed to create SignOutRequest");
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
index a5757ef..c27f34b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
@@ -38,25 +38,25 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
- * This class verifies trust in a signature..
+ * This class verifies trust in a signature..
*/
public class FedizSignatureTrustValidator implements Validator {
-
+
private static final Logger LOG = LoggerFactory.getLogger(FedizSignatureTrustValidator.class);
-
+
public enum TrustType { CHAIN_TRUST, CHAIN_TRUST_CONSTRAINTS, PEER_TRUST }
-
+
/**
* Defines the kind of trust which is required
*/
private TrustType signatureTrustType = TrustType.CHAIN_TRUST;
-
+
/**
* a collection of compiled regular expression patterns for the subject DN
*/
private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
-
-
+
+
/**
* Set the kind of trust. The default is CHAIN_TRUST.
*/
@@ -74,12 +74,12 @@ public class FedizSignatureTrustValidator implements Validator {
subjectDNPatterns.addAll(constraints);
}
}
-
+
/**
* Validate the credential argument. It must contain either some Certificates or a PublicKey.
- *
+ *
* A Crypto and a CallbackHandler implementation is required to be set.
- *
+ *
* @param credential the Credential to be validated
* @param data the RequestData associated with the request
* @throws WSSecurityException on a failed validation
@@ -90,12 +90,12 @@ public class FedizSignatureTrustValidator implements Validator {
&& credential.getPublicKey() == null)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
-
+
verifyTrust(credential, data);
-
+
return credential;
}
-
+
/**
* Verify trust in the credential.
* @param credential the Credential to be validated
@@ -113,7 +113,7 @@ public class FedizSignatureTrustValidator implements Validator {
if (crypto == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
}
-
+
if (certs != null && certs.length > 0) {
validateCertificates(certs);
verifyTrustInCerts(certs, crypto, data, data.isRevocationEnabled());
@@ -143,7 +143,7 @@ public class FedizSignatureTrustValidator implements Validator {
* Validate the certificates by checking the validity of each cert
* @throws WSSecurityException
*/
- protected void validateCertificates(X509Certificate[] certificates)
+ protected void validateCertificates(X509Certificate[] certificates)
throws WSSecurityException {
try {
for (int i = 0; i < certificates.length; i++) {
@@ -159,10 +159,10 @@ public class FedizSignatureTrustValidator implements Validator {
);
}
}
-
+
/**
* Evaluate whether the given certificate chain should be trusted.
- *
+ *
* @param certificates the certificate chain that should be validated against the keystore
* @param crypto A Crypto instance
* @param data A RequestData instance
@@ -170,13 +170,13 @@ public class FedizSignatureTrustValidator implements Validator {
* @throws WSSecurityException if the certificate chain is not trusted
*/
protected void verifyTrustInCerts(
- X509Certificate[] certificates,
+ X509Certificate[] certificates,
Crypto crypto,
RequestData data,
boolean enableRevocation
) throws WSSecurityException {
//
- // Use the validation method from the crypto to check whether the subjects'
+ // Use the validation method from the crypto to check whether the subjects'
// certificate was really signed by the issuer stated in the certificate
//
crypto.verifyTrust(certificates, enableRevocation, null);
@@ -187,16 +187,16 @@ public class FedizSignatureTrustValidator implements Validator {
);
}
}
-
+
/**
* Validate a public key
* @throws WSSecurityException
*/
- protected void validatePublicKey(PublicKey publicKey, Crypto crypto)
+ protected void validatePublicKey(PublicKey publicKey, Crypto crypto)
throws WSSecurityException {
crypto.verifyTrust(publicKey);
}
-
+
/**
* @return true if the certificate's SubjectDN matches the constraints
* defined in the subject DNConstraints; false, otherwise. The
@@ -224,5 +224,5 @@ public class FedizSignatureTrustValidator implements Validator {
return true;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
index 7f4eb66..a629d8a 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
@@ -67,7 +67,7 @@ import org.slf4j.LoggerFactory;
public class SAMLTokenValidator implements TokenValidator {
private static final Logger LOG = LoggerFactory.getLogger(SAMLTokenValidator.class);
-
+
@Override
public boolean canHandleTokenType(String tokenType) {
@@ -80,12 +80,12 @@ public class SAMLTokenValidator implements TokenValidator {
String ns = token.getNamespaceURI();
return WSConstants.SAML2_NS.equals(ns) || WSConstants.SAML_NS.equals(ns);
}
-
+
public TokenValidatorResponse validateAndProcessToken(TokenValidatorRequest request,
FedizContext config) throws ProcessingException {
Element token = request.getToken();
- try {
+ try {
RequestData requestData = new RequestData();
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
@@ -102,16 +102,16 @@ public class SAMLTokenValidator implements TokenValidator {
WSDocInfo docInfo = new WSDocInfo(token.getOwnerDocument());
Signature sig = assertion.getSignature();
KeyInfo keyInfo = sig.getKeyInfo();
- SAMLKeyInfo samlKeyInfo =
+ SAMLKeyInfo samlKeyInfo =
org.apache.wss4j.common.saml.SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo),
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo),
requestData.getSigVerCrypto()
);
assertion.verifySignature(samlKeyInfo);
-
+
// Parse the subject if it exists
assertion.parseSubject(
- new WSSSAMLKeyInfoProcessor(requestData, docInfo), requestData.getSigVerCrypto(),
+ new WSSSAMLKeyInfoProcessor(requestData, docInfo), requestData.getSigVerCrypto(),
requestData.getCallbackHandler()
);
@@ -123,10 +123,10 @@ public class SAMLTokenValidator implements TokenValidator {
SamlAssertionValidator trustValidator = new SamlAssertionValidator();
trustValidator.setFutureTTL(config.getMaximumClockSkew().intValue());
-
+
boolean trusted = false;
String assertionIssuer = assertion.getIssuerString();
-
+
List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
for (TrustedIssuer ti : trustedIssuers) {
Pattern subjectConstraint = ti.getCompiledSubject();
@@ -134,14 +134,14 @@ public class SAMLTokenValidator implements TokenValidator {
if (subjectConstraint != null) {
subjectConstraints.add(subjectConstraint);
}
-
+
if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
trustValidator.setSubjectConstraints(subjectConstraints);
trustValidator.setSignatureTrustType(TrustType.CHAIN_TRUST_CONSTRAINTS);
} else if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.PEER_TRUST)) {
trustValidator.setSignatureTrustType(TrustType.PEER_TRUST);
} else {
- throw new IllegalStateException("Unsupported certificate validation method: "
+ throw new IllegalStateException("Unsupported certificate validation method: "
+ ti.getCertificateValidationMethod());
}
try {
@@ -159,7 +159,7 @@ public class SAMLTokenValidator implements TokenValidator {
if (trusted) {
break;
}
-
+
} catch (Exception ex) {
if (LOG.isInfoEnabled()) {
LOG.info("Issuer '" + assertionIssuer + "' doesn't match trusted issuer '" + ti.getName()
@@ -167,7 +167,7 @@ public class SAMLTokenValidator implements TokenValidator {
}
}
}
-
+
if (!trusted) {
// Condition already checked in SamlAssertionValidator
// Minor performance impact on untrusted and expired tokens
@@ -179,7 +179,7 @@ public class SAMLTokenValidator implements TokenValidator {
throw new ProcessingException(TYPE.ISSUER_NOT_TRUSTED);
}
}
-
+
// Now check for HolderOfKey requirements
if (!SAMLUtil.checkHolderOfKey(assertion, request.getCerts())) {
LOG.warn("Assertion fails holder-of-key requirements");
@@ -198,9 +198,9 @@ public class SAMLTokenValidator implements TokenValidator {
} else {
claims = Collections.emptyList();
}
-
+
List<String> roles = parseRoles(config, claims);
-
+
SAMLTokenPrincipal p = new SAMLTokenPrincipalImpl(assertion);
TokenValidatorResponse response = new TokenValidatorResponse(
@@ -208,7 +208,7 @@ public class SAMLTokenValidator implements TokenValidator {
new ClaimCollection(claims), audience);
response.setExpires(getExpires(assertion));
response.setCreated(getCreated(assertion));
-
+
return response;
} catch (WSSecurityException ex) {
@@ -216,7 +216,7 @@ public class SAMLTokenValidator implements TokenValidator {
throw new ProcessingException(TYPE.TOKEN_INVALID);
}
}
-
+
protected List<String> parseRoles(FedizContext config, List<Claim> claims) {
List<String> roles = null;
Protocol protocol = config.getProtocol();
@@ -245,7 +245,7 @@ public class SAMLTokenValidator implements TokenValidator {
}
}
}
-
+
return roles;
}
@@ -332,7 +332,7 @@ public class SAMLTokenValidator implements TokenValidator {
LOG.debug("parsing attribute: " + attribute.getName());
}
Claim c = new Claim();
- // Workaround for CXF-4484
+ // Workaround for CXF-4484
// Value of Attribute Name not fully qualified
// if NameFormat is http://schemas.xmlsoap.org/ws/2005/05/identity/claims
// but ClaimType value must be fully qualified as Namespace attribute goes away
@@ -344,7 +344,7 @@ public class SAMLTokenValidator implements TokenValidator {
c.setClaimType(URI.create(attribute.getName()));
}
c.setIssuer(assertion.getIssuer().getNameQualifier());
-
+
List<String> valueList = new ArrayList<>();
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
@@ -392,7 +392,7 @@ public class SAMLTokenValidator implements TokenValidator {
claimsMap.put(c.getClaimType().toString(), c);
}
}
-
+
protected List<String> parseRoles(String value, String delim) {
List<String> roles = new ArrayList<>();
StringTokenizer st = new StringTokenizer(value, delim);
@@ -429,7 +429,7 @@ public class SAMLTokenValidator implements TokenValidator {
}
-
+
private Date getExpires(SamlAssertionWrapper assertion) {
DateTime validTill = null;
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
@@ -437,13 +437,13 @@ public class SAMLTokenValidator implements TokenValidator {
} else {
validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
}
-
+
if (validTill == null) {
return null;
}
return validTill.toDate();
}
-
+
private Date getCreated(SamlAssertionWrapper assertion) {
DateTime validFrom = null;
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
@@ -451,13 +451,13 @@ public class SAMLTokenValidator implements TokenValidator {
} else {
validFrom = assertion.getSaml1().getConditions().getNotBefore();
}
-
+
if (validFrom == null) {
return null;
}
return validFrom.toDate();
}
-
+
/**
* Check the Conditions of the Assertion.
*/
@@ -473,7 +473,7 @@ public class SAMLTokenValidator implements TokenValidator {
validFrom = assertion.getSaml1().getConditions().getNotBefore();
validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
}
-
+
if (validFrom != null) {
DateTime currentTime = new DateTime();
currentTime = currentTime.plusSeconds(maxClockSkew);
@@ -489,6 +489,6 @@ public class SAMLTokenValidator implements TokenValidator {
}
return true;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
index c534bc8..d7609d9 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
@@ -32,14 +32,14 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
* Some SAML Utility methods
*/
public final class SAMLUtil {
-
+
private SAMLUtil() {
// complete
}
/**
* Check the holder-of-key requirements against the received assertion. The subject
- * credential of the SAML Assertion must match a client certificate credential when
+ * credential of the SAML Assertion must match a client certificate credential when
* 2-way TLS is used.
* @param assertionWrapper the SAML Assertion wrapper object
* @param tlsCerts The client certificates
@@ -80,7 +80,7 @@ public final class SAMLUtil {
//
// Try to match the TLS certs
//
- if (subjectCerts != null && subjectCerts.length > 0
+ if (subjectCerts != null && subjectCerts.length > 0
&& tlsCerts[0].equals(subjectCerts[0])) {
return true;
} else if (subjectPublicKey != null
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
index 1dd6b01..20ede29 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
@@ -36,14 +36,14 @@ import org.apache.wss4j.dom.validate.Credential;
* constraints.
*/
public class SamlAssertionValidator extends org.apache.wss4j.dom.validate.SamlAssertionValidator {
-
+
private TrustType signatureTrustType = TrustType.CHAIN_TRUST;
-
+
/**
* a collection of compiled regular expression patterns for the subject DN
*/
private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
-
+
/**
* Set a list of Strings corresponding to regular expression constraints on
* the subject DN of a certificate
@@ -54,7 +54,7 @@ public class SamlAssertionValidator extends org.apache.wss4j.dom.validate.SamlAs
subjectDNPatterns.addAll(constraints);
}
}
-
+
/**
* Set the kind of trust. The default is CHAIN_TRUST.
*/
@@ -79,13 +79,13 @@ public class SamlAssertionValidator extends org.apache.wss4j.dom.validate.SamlAs
SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo();
credential.setPublicKey(samlKeyInfo.getPublicKey());
credential.setCertificates(samlKeyInfo.getCerts());
-
+
FedizSignatureTrustValidator trustValidator = new FedizSignatureTrustValidator();
trustValidator.setSignatureTrustType(signatureTrustType);
trustValidator.setSubjectConstraints(subjectDNPatterns);
-
+
return trustValidator.validate(credential, data);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
index eb6a413..696d54c 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
@@ -27,17 +27,17 @@ import java.util.zip.Inflater;
public final class CompressionUtils {
private CompressionUtils() {
-
+
}
- public static InputStream inflate(byte[] deflatedToken)
+ public static InputStream inflate(byte[] deflatedToken)
throws DataFormatException {
return inflate(deflatedToken, true);
}
- public static InputStream inflate(byte[] deflatedToken, boolean nowrap)
+ public static InputStream inflate(byte[] deflatedToken, boolean nowrap)
throws DataFormatException {
Inflater inflater = new Inflater(nowrap);
inflater.setInput(deflatedToken);
-
+
byte[] input = new byte[deflatedToken.length * 2];
int inflatedLen = 0;
int inputLen = 0;
@@ -45,7 +45,7 @@ public final class CompressionUtils {
while (!inflater.finished()) {
inputLen = inflater.inflate(input);
if (!inflater.finished()) {
-
+
if (inputLen == 0) {
if (inflater.needsInput()) {
throw new DataFormatException("Inflater can not inflate all the token bytes");
@@ -53,7 +53,7 @@ public final class CompressionUtils {
break;
}
}
-
+
inflatedToken = new byte[input.length + inflatedLen];
System.arraycopy(input, 0, inflatedToken, inflatedLen, inputLen);
inflatedLen += inputLen;
@@ -66,21 +66,21 @@ public final class CompressionUtils {
}
return is;
}
-
+
public static byte[] deflate(byte[] tokenBytes) {
return deflate(tokenBytes, true);
}
-
+
public static byte[] deflate(byte[] tokenBytes, boolean nowrap) {
Deflater compresser = new Deflater(Deflater.DEFLATED, nowrap);
-
+
compresser.setInput(tokenBytes);
compresser.finish();
-
+
byte[] output = new byte[tokenBytes.length * 2];
-
+
int compressedDataLength = compresser.deflate(output);
-
+
byte[] result = new byte[compressedDataLength];
System.arraycopy(output, 0, result, 0, compressedDataLength);
return result;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
index 3e61592..f34a491 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
@@ -40,11 +40,11 @@ import org.opensaml.saml.saml2.core.RequestedAuthnContext;
* Protocol AuthnRequest and LogoutRequest
*/
public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
-
+
private boolean forceAuthn;
private boolean isPassive;
private String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
-
+
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
@@ -54,12 +54,12 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
) throws Exception {
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
-
+
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(
true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", issuerId
);
-
+
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
@@ -69,19 +69,19 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
-
+
//CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createAuthnRequest(
- assertionConsumerServiceAddress,
- forceAuthn,
+ assertionConsumerServiceAddress,
+ forceAuthn,
isPassive,
- protocolBinding,
+ protocolBinding,
SAMLVersion.VERSION_20,
- issuer,
- nameIDPolicy,
+ issuer,
+ nameIDPolicy,
authnCtx
);
-
+
}
public boolean isForceAuthn() {
@@ -116,24 +116,24 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
) throws Exception {
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
-
+
NameID nameID = null;
List<String> sessionIndices = new ArrayList<>();
-
+
if (authenticatedAssertion != null) {
if (authenticatedAssertion.getSaml2() != null) {
- org.opensaml.saml.saml2.core.Subject subject =
+ org.opensaml.saml.saml2.core.Subject subject =
authenticatedAssertion.getSaml2().getSubject();
if (subject != null && subject.getNameID() != null) {
nameID = subject.getNameID();
}
}
-
+
if (nameID != null) {
nameID.detach();
}
-
- List<AuthnStatement> authnStatements =
+
+ List<AuthnStatement> authnStatements =
authenticatedAssertion.getSaml2().getAuthnStatements();
if (authnStatements != null && !authnStatements.isEmpty()) {
for (AuthnStatement authnStatement : authnStatements) {
@@ -143,7 +143,7 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
}
}
}
-
+
//CHECKSTYLE:OFF
return SamlpRequestComponentBuilder.createLogoutRequest(
issuer,
@@ -152,5 +152,5 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
sessionIndices
);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
index 597cc0d..4cbc275 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
@@ -27,7 +27,7 @@ import org.opensaml.saml.saml2.core.LogoutRequest;
* This interface defines a methods to create a SAML 2.0 Protocol AuthnRequest and LogoutRequest.
*/
public interface SAMLPRequestBuilder {
-
+
/**
* Create a SAML 2.0 Protocol AuthnRequest
*/
@@ -35,7 +35,7 @@ public interface SAMLPRequestBuilder {
String issuerId,
String assertionConsumerServiceAddress
) throws Exception;
-
+
/**
* Create a SAML 2.0 Protocol LogoutRequest
*/
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
index d25ab1d..9f2c038 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
@@ -49,19 +49,19 @@ import org.slf4j.LoggerFactory;
/**
* Validate a SAML (1.1 or 2.0) Protocol Response. It validates the Response against the specs,
- * the signature of the Response (if it exists), and any internal Assertion stored in the Response
+ * the signature of the Response (if it exists), and any internal Assertion stored in the Response
* - including any signature. It validates the status code of the Response as well.
*/
public class SAMLProtocolResponseValidator {
-
- public static final String SAML2_STATUSCODE_SUCCESS =
+
+ public static final String SAML2_STATUSCODE_SUCCESS =
"urn:oasis:names:tc:SAML:2.0:status:Success";
public static final String SAML1_STATUSCODE_SUCCESS = "Success";
-
+
private static final Logger LOG = LoggerFactory.getLogger(SAMLProtocolResponseValidator.class);
-
+
// private Validator signatureValidator = new SignatureTrustValidator();
-
+
/**
* Validate a SAML 2 Protocol Response
* @param samlResponse
@@ -84,10 +84,10 @@ public class SAMLProtocolResponseValidator {
);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
validateResponseSignature(samlResponse, config);
}
-
+
/**
* Validate a SAML 1.1 Protocol Response
* @param samlResponse
@@ -115,7 +115,7 @@ public class SAMLProtocolResponseValidator {
validateResponseSignature(samlResponse, config);
}
-
+
/**
* Validate the Response signature (if it exists)
*/
@@ -126,12 +126,12 @@ public class SAMLProtocolResponseValidator {
if (!samlResponse.isSigned()) {
return;
}
-
+
validateResponseSignature(
samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(), config
);
}
-
+
/**
* Validate the Response signature (if it exists)
*/
@@ -142,32 +142,32 @@ public class SAMLProtocolResponseValidator {
if (!samlResponse.isSigned()) {
return;
}
-
+
validateResponseSignature(
samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(), config
);
}
-
+
/**
* Validate the response signature
*/
private void validateResponseSignature(
- Signature signature,
+ Signature signature,
Document doc,
FedizContext config
) throws WSSecurityException {
RequestData requestData = new RequestData();
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
-
+
SAMLKeyInfo samlKeyInfo = null;
-
+
KeyInfo keyInfo = signature.getKeyInfo();
if (keyInfo != null) {
try {
- samlKeyInfo =
+ samlKeyInfo =
SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)),
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)),
requestData.getSigVerCrypto()
);
} catch (WSSecurityException ex) {
@@ -179,7 +179,7 @@ public class SAMLProtocolResponseValidator {
LOG.debug("No KeyInfo supplied in the SAMLResponse signature");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// Validate Signature against profiles
validateSignatureAgainstProfiles(signature, samlKeyInfo);
@@ -189,9 +189,9 @@ public class SAMLProtocolResponseValidator {
trustCredential.setCertificates(samlKeyInfo.getCerts());
FedizSignatureTrustValidator trustValidator = new FedizSignatureTrustValidator();
-
+
boolean trusted = false;
-
+
List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
for (TrustedIssuer ti : trustedIssuers) {
Pattern subjectConstraint = ti.getCompiledSubject();
@@ -199,14 +199,14 @@ public class SAMLProtocolResponseValidator {
if (subjectConstraint != null) {
subjectConstraints.add(subjectConstraint);
}
-
+
if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
trustValidator.setSubjectConstraints(subjectConstraints);
trustValidator.setSignatureTrustType(TrustType.CHAIN_TRUST_CONSTRAINTS);
} else if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.PEER_TRUST)) {
trustValidator.setSignatureTrustType(TrustType.PEER_TRUST);
} else {
- throw new IllegalStateException("Unsupported certificate validation method: "
+ throw new IllegalStateException("Unsupported certificate validation method: "
+ ti.getCertificateValidationMethod());
}
try {
@@ -224,24 +224,24 @@ public class SAMLProtocolResponseValidator {
if (trusted) {
break;
}
-
+
} catch (Exception ex) {
LOG.info("Error in validating signature on SAML Response: " + ex.getMessage(), ex);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
-
+
if (!trusted) {
LOG.warn("SAML Response is not trusted");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
}
-
+
/**
* Validate a signature against the profiles
*/
private void validateSignatureAgainstProfiles(
- Signature signature,
+ Signature signature,
SAMLKeyInfo samlKeyInfo
) throws WSSecurityException {
// Validate Signature against profiles
@@ -269,5 +269,5 @@ public class SAMLProtocolResponseValidator {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
index 1365a32..1541b89 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
@@ -37,9 +37,9 @@ import org.slf4j.LoggerFactory;
* should be validated by the SAMLProtocolResponseValidator first.
*/
public class SAMLSSOResponseValidator {
-
+
private static final Logger LOG = LoggerFactory.getLogger(SAMLSSOResponseValidator.class);
-
+
private String issuerIDP;
private String assertionConsumerURL;
private String clientAddress;
@@ -49,7 +49,7 @@ public class SAMLSSOResponseValidator {
private boolean enforceAssertionsSigned = true;
private boolean enforceKnownIssuer = true;
private ReplayCache replayCache;
-
+
/**
* Enforce that Assertions contained in the Response must be signed (if the Response itself is not
* signed). The default is true.
@@ -57,14 +57,14 @@ public class SAMLSSOResponseValidator {
public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) {
this.enforceAssertionsSigned = enforceAssertionsSigned;
}
-
+
/**
* Enforce that the Issuer of the received Response/Assertion is known. The default is true.
*/
public void setEnforceKnownIssuer(boolean enforceKnownIssuer) {
this.enforceKnownIssuer = enforceKnownIssuer;
}
-
+
/**
* Validate a SAML 2 Protocol Response
* @param samlResponse
@@ -84,7 +84,7 @@ public class SAMLSSOResponseValidator {
LOG.debug("The Response must contain at least one Assertion");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// The Response must contain a Destination that matches the assertionConsumerURL if it is
// signed
String destination = samlResponse.getDestination();
@@ -93,12 +93,12 @@ public class SAMLSSOResponseValidator {
LOG.debug("The Response must contain a destination that matches the assertion consumer URL");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
if (enforceResponseSigned && !samlResponse.isSigned()) {
LOG.debug("The Response must be signed!");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// Validate Assertions
org.opensaml.saml.saml2.core.Assertion validAssertion = null;
Date sessionNotOnOrAfter = null;
@@ -109,12 +109,12 @@ public class SAMLSSOResponseValidator {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
validateIssuer(assertion.getIssuer());
-
+
if (!samlResponse.isSigned() && enforceAssertionsSigned && assertion.getSignature() == null) {
LOG.debug("The enclosed assertions in the SAML Response must be signed");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// Check for AuthnStatements and validate the Subject accordingly
if (assertion.getAuthnStatements() != null
&& !assertion.getAuthnStatements().isEmpty()) {
@@ -130,27 +130,27 @@ public class SAMLSSOResponseValidator {
}
}
}
-
+
}
-
+
if (validAssertion == null) {
LOG.debug("The Response did not contain any Authentication Statement that matched "
+ "the Subject Confirmation criteria");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
SSOValidatorResponse validatorResponse = new SSOValidatorResponse();
validatorResponse.setResponseId(samlResponse.getID());
validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter);
-
+
Element assertionElement = validAssertion.getDOM();
Element clonedAssertionElement = (Element)assertionElement.cloneNode(true);
validatorResponse.setAssertionElement(clonedAssertionElement);
validatorResponse.setAssertion(DOM2Writer.nodeToString(clonedAssertionElement));
-
+
return validatorResponse;
}
-
+
/**
* Validate the Issuer (if it exists)
*/
@@ -158,23 +158,23 @@ public class SAMLSSOResponseValidator {
if (issuer == null) {
return;
}
-
+
// Issuer value must match (be contained in) Issuer IDP
if (enforceKnownIssuer && !issuerIDP.startsWith(issuer.getValue())) {
- LOG.debug("Issuer value: " + issuer.getValue() + " does not match issuer IDP: "
+ LOG.debug("Issuer value: " + issuer.getValue() + " does not match issuer IDP: "
+ issuerIDP);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// Format must be nameid-format-entity
if (issuer.getFormat() != null
&& !SAML2Constants.NAMEID_FORMAT_ENTITY.equals(issuer.getFormat())) {
- LOG.debug("Issuer format is not null and does not equal: "
+ LOG.debug("Issuer format is not null and does not equal: "
+ SAML2Constants.NAMEID_FORMAT_ENTITY);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
-
+
/**
* Validate the Subject (of an Authentication Statement).
*/
@@ -184,20 +184,20 @@ public class SAMLSSOResponseValidator {
if (subject.getSubjectConfirmations() == null) {
return false;
}
-
+
boolean foundBearerSubjectConf = false;
// We need to find a Bearer Subject Confirmation method
- for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf
+ for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf
: subject.getSubjectConfirmations()) {
if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
foundBearerSubjectConf = true;
validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id, postBinding);
}
}
-
+
return foundBearerSubjectConf;
}
-
+
/**
* Validate a (Bearer) Subject Confirmation
*/
@@ -208,7 +208,7 @@ public class SAMLSSOResponseValidator {
LOG.debug("Subject Confirmation Data of a Bearer Subject Confirmation is null");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// Recipient must match assertion consumer URL
String recipient = subjectConfData.getRecipient();
if (recipient == null || !recipient.equals(assertionConsumerURL)) {
@@ -216,14 +216,14 @@ public class SAMLSSOResponseValidator {
+ assertionConsumerURL);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// We must have a NotOnOrAfter timestamp
if (subjectConfData.getNotOnOrAfter() == null
|| subjectConfData.getNotOnOrAfter().isBeforeNow()) {
LOG.debug("Subject Conf Data does not contain NotOnOrAfter or it has expired");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// Need to keep bearer assertion IDs based on NotOnOrAfter to detect replay attacks
if (postBinding && replayCache != null) {
if (replayCache.contains(id)) {
@@ -236,7 +236,7 @@ public class SAMLSSOResponseValidator {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
-
+
// Check address
if (subjectConfData.getAddress() != null
&& !subjectConfData.getAddress().equals(clientAddress)) {
@@ -244,22 +244,22 @@ public class SAMLSSOResponseValidator {
+ " client address " + clientAddress);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// It must not contain a NotBefore timestamp
if (subjectConfData.getNotBefore() != null) {
LOG.debug("The Subject Conf Data must not contain a NotBefore timestamp");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
// InResponseTo must match the AuthnRequest request Id
if (requestId != null && !requestId.equals(subjectConfData.getInResponseTo())) {
- LOG.debug("The InResponseTo String " + subjectConfData.getInResponseTo()
+ LOG.debug("The InResponseTo String " + subjectConfData.getInResponseTo()
+ " does match the original request id " + requestId);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
-
+
}
-
+
private void validateAudienceRestrictionCondition(
org.opensaml.saml.saml2.core.Conditions conditions
) throws WSSecurityException {
@@ -269,13 +269,13 @@ public class SAMLSSOResponseValidator {
}
List<AudienceRestriction> audienceRestrs = conditions.getAudienceRestrictions();
if (!matchSaml2AudienceRestriction(spIdentifier, audienceRestrs)) {
- LOG.debug("Assertion does not contain unique subject provider identifier "
+ LOG.debug("Assertion does not contain unique subject provider identifier "
+ spIdentifier + " in the audience restriction conditions");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
-
-
+
+
private boolean matchSaml2AudienceRestriction(
String appliesTo, List<AudienceRestriction> audienceRestrictions
) {
@@ -334,11 +334,11 @@ public class SAMLSSOResponseValidator {
public void setSpIdentifier(String spIdentifier) {
this.spIdentifier = spIdentifier;
}
-
+
public void setReplayCache(ReplayCache replayCache) {
this.replayCache = replayCache;
}
-
+
public boolean isEnforceResponseSigned() {
return enforceResponseSigned;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
index b8b3969..a16be80 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
@@ -38,14 +38,14 @@ public class SSOValidatorResponse {
public void setAssertion(String assertion) {
this.assertion = assertion;
}
-
+
public Date getSessionNotOnOrAfter() {
if (sessionNotOnOrAfter != null) {
return new Date(sessionNotOnOrAfter.getTime());
}
return null;
}
-
+
public void setSessionNotOnOrAfter(Date sessionNotOnOrAfter) {
if (sessionNotOnOrAfter != null) {
this.sessionNotOnOrAfter = new Date(sessionNotOnOrAfter.getTime());
@@ -53,15 +53,15 @@ public class SSOValidatorResponse {
this.sessionNotOnOrAfter = null;
}
}
-
+
public String getResponseId() {
return responseId;
}
-
+
public void setResponseId(String responseId) {
this.responseId = responseId;
}
-
+
public Element getAssertionElement() {
return assertionElement;
}
[05/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsoleService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsoleService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsoleService.java
index ef29295..3d3abb5 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsoleService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/console/UserConsoleService.java
@@ -34,18 +34,18 @@ public class UserConsoleService {
private SecurityContext sc;
private ClientRegistrationService clientRegService;
-
+
@Context
public void setSecurityContext(SecurityContext securityContext) {
this.sc = securityContext;
clientRegService.setSecurityContext(securityContext);
}
-
-
+
+
@GET
@Produces(MediaType.TEXT_HTML)
public UserConsole getConsole() {
- return new UserConsole(getUserName());
+ return new UserConsole(getUserName());
}
private String getUserName() {
return sc.getUserPrincipal().getName();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ApplicationContextProvider.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ApplicationContextProvider.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ApplicationContextProvider.java
index e18ebff..82d5503 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ApplicationContextProvider.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ApplicationContextProvider.java
@@ -23,11 +23,11 @@ import org.springframework.context.ApplicationContextAware;
public class ApplicationContextProvider implements ApplicationContextAware {
private static ApplicationContext context;
-
+
public static ApplicationContext getApplicationContext() {
return context;
}
-
+
@Override
public void setApplicationContext(ApplicationContext ctx) {
context = ctx;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java
index 34753a5..c902085 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/ClientIdHomeRealmDiscovery.java
@@ -34,27 +34,27 @@ import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
public class ClientIdHomeRealmDiscovery implements CallbackHandler {
-
+
private static final Logger LOG = LoggerFactory.getLogger(ClientIdHomeRealmDiscovery.class);
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof HomeRealmCallback) {
HomeRealmCallback callback = (HomeRealmCallback) callbacks[i];
-
+
HttpServletRequest request = callback.getRequest();
String clientId = request.getParameter("client_id");
-
+
if (clientId != null) {
ApplicationContext ctx = ApplicationContextProvider.getApplicationContext();
OAuthDataProvider dataManager = (OAuthDataProvider)ctx.getBean("oauthProvider");
-
+
Client client = dataManager.getClient(clientId);
callback.setHomeRealm(client.getHomeRealm());
LOG.debug("Retrieved home realm {}", callback.getHomeRealm());
-
+
}
-
+
} else {
LOG.warn("Callback is not an instance of HomeRealmCallback: {}", callbacks[i]);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/LoginHintHomeRealmDiscovery.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/LoginHintHomeRealmDiscovery.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/LoginHintHomeRealmDiscovery.java
index edb045e..52363f4 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/LoginHintHomeRealmDiscovery.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/handler/hrd/LoginHintHomeRealmDiscovery.java
@@ -30,8 +30,8 @@ import org.slf4j.LoggerFactory;
/**
* This callback handler uses the login_hint parameter defined in OpenID Connect to discover the users home realm.
- *
- * It is expected that the login_hint will contain the users email address and that the domain name from the mail
+ *
+ * It is expected that the login_hint will contain the users email address and that the domain name from the mail
* address will be equal to the home realm identifier.
*/
public class LoginHintHomeRealmDiscovery implements CallbackHandler {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
index 431c020..d424ded 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
@@ -41,65 +41,65 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@Path("/logout")
public class LogoutService {
private static final String CLIENT_LOGOUT_URI = "client_logout_uri";
- @Context
+ @Context
private MessageContext mc;
private String relativeIdpLogoutUri;
private OAuthDataProvider dataProvider;
private FedizSubjectCreator subjectCreator = new FedizSubjectCreator();
-
+
private List<LogoutHandler> logoutHandlers;
-
+
@POST
public Response initiateLogoutPost(MultivaluedMap<String, String> params) {
- return doInitiateLogout(params);
+ return doInitiateLogout(params);
}
@GET
public Response initiateLogoutGet() {
- return doInitiateLogout(mc.getUriInfo().getQueryParameters());
+ return doInitiateLogout(mc.getUriInfo().getQueryParameters());
}
-
+
protected Response doInitiateLogout(MultivaluedMap<String, String> params) {
Client client = getClient(params);
UserSubject subject = subjectCreator.createUserSubject(mc, params);
-
+
if (logoutHandlers != null) {
-
+
for (LogoutHandler handler : logoutHandlers) {
handler.handleLogout(client, subject);
}
}
// Clear OIDC session now if core IDP will itself redirect to the client logout URI
-
+
// Redirect to the core IDP
URI idpLogoutUri = getAbsoluteIdpLogoutUri(client);
- return Response.seeOther(idpLogoutUri).build();
+ return Response.seeOther(idpLogoutUri).build();
}
-
+
@GET
@Path("/finalize")
public Response finalizeLogoutGet() {
// This method won't be needed if IDP will itself redirect to the client logout URI
- return doFinalizeLogout(mc.getUriInfo().getQueryParameters());
+ return doFinalizeLogout(mc.getUriInfo().getQueryParameters());
}
@POST
@Path("/finalize")
public Response finalizeLogoutPost(MultivaluedMap<String, String> params) {
// This method won't be needed if IDP will itself redirect to the client logout URI
- return doFinalizeLogout(params);
+ return doFinalizeLogout(params);
}
protected Response doFinalizeLogout(MultivaluedMap<String, String> params) {
-
+
// This method won't be needed if IDP will itself redirect to the client logout URI
-
-
+
+
// Ensure this method is not called by skipping the initiate logout which is
// why it may be simpler let IDP redirect directly to the client logout uri ?
-
+
// Clear the OIDC session
-
+
Client client = getClient(params);
URI clientLogoutUri = getClientLogoutUri(client);
- return Response.seeOther(clientLogoutUri).build();
+ return Response.seeOther(clientLogoutUri).build();
}
private URI getClientLogoutUri(Client client) {
@@ -123,15 +123,15 @@ public class LogoutService {
private URI getAbsoluteIdpLogoutUri(Client client) {
UriBuilder ub = mc.getUriInfo().getAbsolutePathBuilder();
ub.path(relativeIdpLogoutUri);
- //TODO: include a logout uri as a uri parameter, either
+ //TODO: include a logout uri as a uri parameter, either
// 1. "/finalize" URI for the IDP to redirect to this service again
- // or
- // 2. may be let IDP redirect straight to getClientLogoutUri(client) ?
-
+ // or
+ // 2. may be let IDP redirect straight to getClientLogoutUri(client) ?
+
UriBuilder ub2 = mc.getUriInfo().getAbsolutePathBuilder();
ub2.path("finalize");
ub.queryParam("wreply", ub2.build());
-
+
return ub.build();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/SignoutQueryHandler.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/SignoutQueryHandler.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/SignoutQueryHandler.java
index 89c7ffd..97dd188 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/SignoutQueryHandler.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/SignoutQueryHandler.java
@@ -32,7 +32,7 @@ import org.apache.cxf.fediz.core.spi.SignOutQueryCallback;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
/**
- * Set the client_id on the signout request to the IdP. This is needed after we redirect to the "finalize" method of
+ * Set the client_id on the signout request to the IdP. This is needed after we redirect to the "finalize" method of
* the LogoutService.
*/
public class SignoutQueryHandler implements CallbackHandler {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/TokenCleanupHandler.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/TokenCleanupHandler.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/TokenCleanupHandler.java
index 3a3c356..ab38cea 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/TokenCleanupHandler.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/TokenCleanupHandler.java
@@ -29,7 +29,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
public class TokenCleanupHandler implements LogoutHandler {
private OAuthDataProvider dataProvider;
private boolean removeTokensForAllClients;
-
+
@Override
public void handleLogout(Client client, UserSubject subject) {
if (removeTokensForAllClients) {
@@ -41,7 +41,7 @@ public class TokenCleanupHandler implements LogoutHandler {
// Removing the access token should remove the refresh token which links to it
// If necessary, refresh tokens can also be explicitly revoked
}
-
+
}
public void setDataProvider(OAuthDataProvider dataProvider) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizSAMLDelegationHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizSAMLDelegationHandler.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizSAMLDelegationHandler.java
index 2579088..f5ad8ac 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizSAMLDelegationHandler.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizSAMLDelegationHandler.java
@@ -29,23 +29,23 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
/**
* The SAML TokenDelegationHandler implementation. It disallows ActAs or OnBehalfOf for
* all cases apart from the case of a Bearer SAML Token. It differs from the SAMLDelegationHandler
- * in the STS core, in that it doesn't require that the AppliesTo address match an
+ * in the STS core, in that it doesn't require that the AppliesTo address match an
* AudienceRestriction address in the token.
*/
-public class FedizSAMLDelegationHandler
+public class FedizSAMLDelegationHandler
extends org.apache.cxf.sts.token.delegation.SAMLDelegationHandler {
-
+
@Override
public boolean canHandleToken(ReceivedToken delegateTarget) {
return super.canHandleToken(delegateTarget);
}
@Override
- public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
+ public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
return super.isDelegationAllowed(tokenParameters);
}
@Override
protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) {
return Collections.emptyList();
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizX509DelegationHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizX509DelegationHandler.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizX509DelegationHandler.java
index 4c3107d..f85a337 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizX509DelegationHandler.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizX509DelegationHandler.java
@@ -33,9 +33,9 @@ import org.slf4j.LoggerFactory;
* A delegation handler to allow X.509 Certificates.
*/
public class FedizX509DelegationHandler implements TokenDelegationHandler {
-
+
private static final Logger LOG = LoggerFactory.getLogger(FedizX509DelegationHandler.class);
-
+
public boolean canHandleToken(ReceivedToken delegateTarget) {
Object token = delegateTarget.getToken();
if (token instanceof Element) {
@@ -48,24 +48,24 @@ public class FedizX509DelegationHandler implements TokenDelegationHandler {
}
return false;
}
-
+
public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
TokenDelegationResponse response = new TokenDelegationResponse();
ReceivedToken delegateTarget = tokenParameters.getToken();
response.setToken(delegateTarget);
-
+
if (!delegateTarget.isDOMElement()) {
return response;
}
-
+
if (delegateTarget.getState() == STATE.VALID && delegateTarget.getPrincipal() != null) {
response.setDelegationAllowed(true);
LOG.debug("Delegation is allowed for: " + delegateTarget.getPrincipal());
} else {
LOG.debug("Delegation is not allowed, as the token is invalid or the principal is null");
}
-
+
return response;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
index bfe0b97..dcdb072 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FileClaimsHandler.java
@@ -35,7 +35,7 @@ import org.apache.cxf.sts.claims.ProcessedClaimCollection;
*/
public class FileClaimsHandler implements ClaimsHandler {
- public static final URI ROLE =
+ public static final URI ROLE =
URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
private Map<String, Map<String, String>> userClaims;
@@ -48,16 +48,16 @@ public class FileClaimsHandler implements ClaimsHandler {
public Map<String, Map<String, String>> getUserClaims() {
return userClaims;
}
-
+
public void setSupportedClaims(List<URI> supportedClaims) {
this.supportedClaims = supportedClaims;
}
-
+
@Override
public List<URI> getSupportedClaimTypes() {
return Collections.unmodifiableList(this.supportedClaims);
}
-
+
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims,
@@ -78,7 +78,7 @@ public class FileClaimsHandler implements ClaimsHandler {
if (claims.size() > 0) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
- for (Claim requestClaim : claims) {
+ for (Claim requestClaim : claims) {
String claimValue = claimMap.get(requestClaim.getClaimType().toString());
if (claimValue != null) {
ProcessedClaim claim = new ProcessedClaim();
@@ -87,7 +87,7 @@ public class FileClaimsHandler implements ClaimsHandler {
claim.setOriginalIssuer("Original Issuer");
claim.addValue(claimValue);
claimCollection.add(claim);
- }
+ }
}
return claimCollection;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java
index 4640391..cd80630 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java
@@ -32,7 +32,7 @@ import org.apache.wss4j.common.principal.CustomTokenPrincipal;
public class IdentityMapperImpl implements IdentityMapper {
private static final Logger LOG = LogUtils.getL7dLogger(IdentityMapperImpl.class);
-
+
/**
* Map a principal in the source realm to the target realm
* @param sourceRealm the source realm of the Principal
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmExtensionIdentityMapper.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmExtensionIdentityMapper.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmExtensionIdentityMapper.java
index f30caca..3a03cab 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmExtensionIdentityMapper.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmExtensionIdentityMapper.java
@@ -39,7 +39,7 @@ public class RealmExtensionIdentityMapper implements IdentityMapper {
/**
* Map a principal in the source realm to the target realm
- *
+ *
* @param sourceRealm the source realm of the Principal
* @param sourcePrincipal the principal in the source realm
* @param targetRealm the target realm of the Principal
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
index f0930b5..accaa0d 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/RealmFileClaimsHandler.java
@@ -38,7 +38,7 @@ import org.apache.cxf.sts.claims.ProcessedClaimCollection;
public class RealmFileClaimsHandler implements ClaimsHandler {
private static final Logger LOG = LogUtils.getL7dLogger(RealmFileClaimsHandler.class);
-
+
private Map<String, Map<String, String>> userClaims;
private List<URI> supportedClaims;
private String realm;
@@ -50,11 +50,11 @@ public class RealmFileClaimsHandler implements ClaimsHandler {
public Map<String, Map<String, String>> getUserClaims() {
return userClaims;
}
-
+
public void setSupportedClaims(List<URI> supportedClaims) {
this.supportedClaims = supportedClaims;
}
-
+
public void setRealm(String realm) {
this.realm = realm;
}
@@ -62,17 +62,17 @@ public class RealmFileClaimsHandler implements ClaimsHandler {
public String getRealm() {
return realm;
}
-
+
@Override
public List<URI> getSupportedClaimTypes() {
return Collections.unmodifiableList(this.supportedClaims);
}
-
+
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims,
ClaimsParameters parameters) {
-
+
if (parameters.getRealm() == null || !parameters.getRealm().equalsIgnoreCase(getRealm())) {
LOG.fine("Realm '" + parameters.getRealm() + "' doesn't match with configured realm '" + getRealm() + "'");
return new ProcessedClaimCollection();
@@ -96,7 +96,7 @@ public class RealmFileClaimsHandler implements ClaimsHandler {
if (claims.size() > 0) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
- for (Claim requestClaim : claims) {
+ for (Claim requestClaim : claims) {
String claimValue = claimMap.get(requestClaim.getClaimType().toString());
if (claimValue != null) {
ProcessedClaim claim = new ProcessedClaim();
@@ -105,7 +105,7 @@ public class RealmFileClaimsHandler implements ClaimsHandler {
claim.setOriginalIssuer("Original Issuer");
claim.addValue(claimValue);
claimCollection.add(claim);
- }
+ }
}
return claimCollection;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java
index 46d9689..f045c01 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java
@@ -32,7 +32,7 @@ public class SamlRealmCodec implements SAMLRealmCodec {
private static final Logger LOG = LoggerFactory.getLogger(SamlRealmCodec.class);
private boolean uppercase = true;
-
+
@Override
public String getRealmFromToken(SamlAssertionWrapper assertion) {
SAMLKeyInfo ki = assertion.getSignatureKeyInfo();
@@ -45,7 +45,7 @@ public class SamlRealmCodec implements SAMLRealmCodec {
protected String parseCNValue(String name) {
int len = name.indexOf(",") > 0 ? name.indexOf(",") : name.length();
String realm = name.substring(name.indexOf("CN=") + 3, len);
-
+
if (uppercase) {
realm = realm.toUpperCase();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
index 2fca3a3..b9a8e77 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/UriRealmParser.java
@@ -55,7 +55,7 @@ public class UriRealmParser implements RealmParser {
LOG.warn("Unknown realm: " + realm);
throw new STSException("Unknown realm: " + realm);
}
-
+
LOG.debug("URI realm parsed: " + realm);
return realm;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
index 0c33431..0e6b104 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
@@ -115,11 +115,11 @@ public abstract class AbstractSTSTest {
return tokenType;
}
-
+
//CHECKSTYLE:OFF
protected SecurityToken requestSecurityTokenUsernamePassword(String username, String password,
- String tokenType, String keyType, String realm,
- Bus bus, TLSClientParameters tlsClientParameters,
+ String tokenType, String keyType, String realm,
+ Bus bus, TLSClientParameters tlsClientParameters,
String baseEndpointUrl)
throws Exception {
STSClient stsClient = new STSClient(bus);
@@ -149,10 +149,10 @@ public abstract class AbstractSTSTest {
protected SecurityToken requestSecurityTokenOnbehalfOf(String tokenType, String keyType, String realm,
String appliesTo, List<String> claims, Element supportingToken,
- Bus bus, TLSClientParameters tlsClientParameters,
+ Bus bus, TLSClientParameters tlsClientParameters,
String baseEndpointUrl)
throws Exception {
-
+
STSClient stsClient = new STSClient(bus);
String endpointUrl = baseEndpointUrl + realm + "/STSServiceTransport";
@@ -290,7 +290,7 @@ public abstract class AbstractSTSTest {
SamlAssertionWrapper assertion) {
String expectedSamlUser = testProps.getProperty("samluser");
String samlUser = assertion.getSaml2().getSubject().getNameID().getValue();
- Assert.assertEquals("Expected SAML subject '" + expectedSamlUser + "' [" + samlUser + "]",
+ Assert.assertEquals("Expected SAML subject '" + expectedSamlUser + "' [" + samlUser + "]",
expectedSamlUser.toUpperCase(), samlUser.toUpperCase());
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java
index 9bee17f..99fee00 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java
@@ -35,9 +35,9 @@ import org.apache.cxf.configuration.security.FiltersType;
public final class Utils {
- private Utils() {
+ private Utils() {
}
-
+
public static void initTLSClientParameters(TLSClientParameters tlsClientParameters, String keystoreFile,
String keystorePassword, String keyPassword,
String truststoreFile, String trustPassword)
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
index 6187a2c..076ddb6 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
@@ -93,11 +93,11 @@ public class ITCrossRealmTest extends AbstractSTSTest {
Assert.assertTrue(SAML2_TOKEN_TYPE.equals(idpToken.getTokenType()));
Assert.assertTrue(idpToken.getToken() != null);
-
+
SamlAssertionWrapper assertion = new SamlAssertionWrapper(idpToken.getToken());
validateIssuer(assertion, "STS Realm A");
-
+
List<String> claimsList = null;
String claims = testProps.getProperty(PROPERTY_CLAIMS);
if (claims != null && claims.length() > 0) {
@@ -107,10 +107,10 @@ public class ITCrossRealmTest extends AbstractSTSTest {
claimsList.add(st.nextToken());
}
}
-
+
// Need client auth for the second call
tlsClientParameters = initTLSClientParameters(testProps, true);
-
+
SecurityToken rpToken = requestSecurityTokenOnbehalfOf(
SAML2_TOKEN_TYPE,
BEARER_KEYTYPE,
@@ -124,7 +124,7 @@ public class ITCrossRealmTest extends AbstractSTSTest {
Assert.assertTrue(SAML2_TOKEN_TYPE.equals(rpToken.getTokenType()));
Assert.assertTrue(rpToken.getToken() != null);
-
+
assertion = new SamlAssertionWrapper(rpToken.getToken());
this.validateSubject(testProps, assertion);
validateIssuer(assertion, "STS Realm B");
@@ -138,7 +138,7 @@ public class ITCrossRealmTest extends AbstractSTSTest {
bus.shutdown(true);
}
-
+
/**
* Test issuing a token from REALM A and re-issue a token from REALM B
*/
@@ -179,11 +179,11 @@ public class ITCrossRealmTest extends AbstractSTSTest {
Assert.assertTrue(SAML2_TOKEN_TYPE.equals(idpToken.getTokenType()));
Assert.assertTrue(idpToken.getToken() != null);
-
+
SamlAssertionWrapper assertion = new SamlAssertionWrapper(idpToken.getToken());
validateIssuer(assertion, "STS Realm A");
-
+
List<String> claimsList = null;
String claims = testProps.getProperty(PROPERTY_CLAIMS);
if (claims != null && claims.length() > 0) {
@@ -193,10 +193,10 @@ public class ITCrossRealmTest extends AbstractSTSTest {
claimsList.add(st.nextToken());
}
}
-
+
// Need client auth for the second call
tlsClientParameters = initTLSClientParameters(testProps, true);
-
+
SecurityToken rpToken = requestSecurityTokenOnbehalfOf(
SAML2_TOKEN_TYPE,
BEARER_KEYTYPE,
@@ -210,11 +210,11 @@ public class ITCrossRealmTest extends AbstractSTSTest {
Assert.assertTrue(SAML2_TOKEN_TYPE.equals(rpToken.getTokenType()));
Assert.assertTrue(rpToken.getToken() != null);
-
+
assertion = new SamlAssertionWrapper(rpToken.getToken());
this.validateSubject(testProps, assertion);
validateIssuer(assertion, "STS Realm B");
-
+
List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
validateIssuedClaims(attributes, testProps);
@@ -227,5 +227,5 @@ public class ITCrossRealmTest extends AbstractSTSTest {
bus.shutdown(true);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/RealmExtensionIdentityMapperTest.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/RealmExtensionIdentityMapperTest.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/RealmExtensionIdentityMapperTest.java
index 1cbac3e..4eb98e1 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/RealmExtensionIdentityMapperTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/RealmExtensionIdentityMapperTest.java
@@ -39,7 +39,7 @@ public class RealmExtensionIdentityMapperTest {
RealmExtensionIdentityMapper im = new RealmExtensionIdentityMapper();
assertEquals(RealmExtensionIdentityMapper.DEFAULT_DELIMITER, im.getDelimiter());
}
-
+
@Test
public void testRealmMappingSimpleUser() {
RealmExtensionIdentityMapper im = new RealmExtensionIdentityMapper();
@@ -47,7 +47,7 @@ public class RealmExtensionIdentityMapperTest {
assertNotNull(result);
assertEquals("user@realm-b", result.getName());
}
-
+
@Test
public void testRealmMappingComplexUser() {
RealmExtensionIdentityMapper im = new RealmExtensionIdentityMapper();
@@ -63,14 +63,14 @@ public class RealmExtensionIdentityMapperTest {
assertNotNull(result);
assertEquals("user-name@realm-b", result.getName());
}
-
+
@Test
public void testRealmMappingNullUser() {
RealmExtensionIdentityMapper im = new RealmExtensionIdentityMapper();
Principal result = im.mapPrincipal("realm-a", null, "realm-b");
assertNull(result);
}
-
+
@Test
public void testRealmMappingEmptyUserName() {
RealmExtensionIdentityMapper im = new RealmExtensionIdentityMapper();
@@ -78,7 +78,7 @@ public class RealmExtensionIdentityMapperTest {
assertNotNull(result);
assertEquals("@realm-b", result.getName());
}
-
+
@Test
public void testRealmMappingCustomDelimiter() {
RealmExtensionIdentityMapper im = new RealmExtensionIdentityMapper();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/custom/src/test/java/custom/CustomClaimsHandler.java
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/java/custom/CustomClaimsHandler.java b/systests/custom/src/test/java/custom/CustomClaimsHandler.java
index fa4ddee..9ae77b8 100644
--- a/systests/custom/src/test/java/custom/CustomClaimsHandler.java
+++ b/systests/custom/src/test/java/custom/CustomClaimsHandler.java
@@ -41,7 +41,7 @@ import org.apache.wss4j.common.util.XMLUtils;
public class CustomClaimsHandler implements ClaimsHandler {
private static final Logger LOG = LogUtils.getL7dLogger(CustomClaimsHandler.class);
-
+
private Map<String, Map<String, String>> userClaims;
private List<URI> supportedClaims;
private String realm;
@@ -53,11 +53,11 @@ public class CustomClaimsHandler implements ClaimsHandler {
public Map<String, Map<String, String>> getUserClaims() {
return userClaims;
}
-
+
public void setSupportedClaims(List<URI> supportedClaims) {
this.supportedClaims = supportedClaims;
}
-
+
public void setRealm(String realm) {
this.realm = realm;
}
@@ -65,17 +65,17 @@ public class CustomClaimsHandler implements ClaimsHandler {
public String getRealm() {
return realm;
}
-
+
@Override
public List<URI> getSupportedClaimTypes() {
return Collections.unmodifiableList(this.supportedClaims);
}
-
+
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims,
ClaimsParameters parameters) {
-
+
// Insist that a "realm" Custom Content is available in the RST with a value equal to "custom-realm"
List<Element> customContent = parameters.getTokenRequirements().getCustomContent();
boolean foundRealm = false;
@@ -89,7 +89,7 @@ public class CustomClaimsHandler implements ClaimsHandler {
}
}
}
-
+
if (!foundRealm || parameters.getRealm() == null || !parameters.getRealm().equalsIgnoreCase(getRealm())) {
LOG.fine("Realm '" + parameters.getRealm() + "' doesn't match with configured realm '" + getRealm() + "'");
return new ProcessedClaimCollection();
@@ -113,7 +113,7 @@ public class CustomClaimsHandler implements ClaimsHandler {
if (claims.size() > 0) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
- for (Claim requestClaim : claims) {
+ for (Claim requestClaim : claims) {
String claimValue = claimMap.get(requestClaim.getClaimType().toString());
if (claimValue != null) {
ProcessedClaim claim = new ProcessedClaim();
@@ -122,7 +122,7 @@ public class CustomClaimsHandler implements ClaimsHandler {
claim.setOriginalIssuer("Original Issuer");
claim.addValue(claimValue);
claimCollection.add(claim);
- }
+ }
}
return claimCollection;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/custom/src/test/java/custom/CustomUTValidator.java
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/java/custom/CustomUTValidator.java b/systests/custom/src/test/java/custom/CustomUTValidator.java
index a623411..f86910f 100644
--- a/systests/custom/src/test/java/custom/CustomUTValidator.java
+++ b/systests/custom/src/test/java/custom/CustomUTValidator.java
@@ -35,7 +35,7 @@ import org.apache.wss4j.dom.validate.UsernameTokenValidator;
import org.apache.wss4j.dom.validate.Validator;
/**
- * A Validator that checks for a custom "realm" parameter in the RST request and only allows
+ * A Validator that checks for a custom "realm" parameter in the RST request and only allows
* authentication if the value is equal to "custom-realm".
*/
public class CustomUTValidator implements Validator {
@@ -44,19 +44,19 @@ public class CustomUTValidator implements Validator {
if (credential == null || credential.getUsernametoken() == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
-
+
// Need to use SAAJ to get the SOAP Body as we are just using the UsernameTokenInterceptor
SOAPMessage soapMessage = getSOAPMessage((SoapMessage)data.getMsgContext());
try {
Element soapBody = SAAJUtils.getBody(soapMessage);
-
+
if (soapBody != null) {
// Find custom Element in the SOAP Body
Element realm = XMLUtils.findElement(soapBody, "realm", "http://cxf.apache.org/custom");
if (realm != null) {
String realmStr = realm.getTextContent();
if ("custom-realm".equals(realmStr)) {
-
+
UsernameTokenValidator validator = new UsernameTokenValidator();
return validator.validate(credential, data);
}
@@ -65,7 +65,7 @@ public class CustomUTValidator implements Validator {
} catch (SOAPException ex) {
// ignore
}
-
+
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
index 4e22c65..af18315 100644
--- a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
+++ b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
@@ -82,7 +82,7 @@ public class CustomParametersTest {
WSSConfig.init();
}
- private static Tomcat startServer(boolean idp, String port)
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -113,17 +113,17 @@ public class CustomParametersTest {
httpsConnector.setAttribute("SSLEnabled", true);
server.getService().addConnector(httpsConnector);
-
+
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config.xml");
@@ -132,13 +132,13 @@ public class CustomParametersTest {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config.xml");
@@ -155,7 +155,7 @@ public class CustomParametersTest {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -203,8 +203,8 @@ public class CustomParametersTest {
new UsernamePasswordCredentials(user, password));
webClient.getOptions().setJavaScriptEnabled(false);
-
- String authUrl = url + "&auth_realm="
+
+ String authUrl = url + "&auth_realm="
+ URLEncoder.encode("<realm xmlns=\"http://cxf.apache.org/custom\">custom-realm</realm>", "UTF-8");
HtmlPage idpPage = webClient.getPage(authUrl);
webClient.getOptions().setJavaScriptEnabled(true);
@@ -222,9 +222,9 @@ public class CustomParametersTest {
}
Assert.assertNotNull(wresult);
-
+
webClient.close();
-
+
// Unsuccessful test
webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
@@ -233,7 +233,7 @@ public class CustomParametersTest {
new UsernamePasswordCredentials(user, password));
webClient.getOptions().setJavaScriptEnabled(false);
- authUrl = url + "&auth_realm="
+ authUrl = url + "&auth_realm="
+ URLEncoder.encode("<realm xmlns=\"http://cxf.apache.org/custom\">unknown-realm</realm>", "UTF-8");
try {
webClient.getPage(authUrl);
@@ -244,15 +244,15 @@ public class CustomParametersTest {
webClient.close();
}
-
+
@org.junit.Test
public void testCustomParameterViaRP() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
String user = "alice";
String password = "ecila";
-
+
final String bodyTextContent = HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
-
+
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
Assert.assertTrue("User " + user + " does not have role Admin",
@@ -273,5 +273,5 @@ public class CustomParametersTest {
bodyTextContent.contains(claim + "=alice@realma.org"));
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
index 937d5af..3ab3875 100644
--- a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
+++ b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
@@ -36,10 +36,10 @@ public class FederationTest extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
@BeforeClass
public static void init() {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -49,8 +49,8 @@ public class FederationTest extends AbstractTests {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
// idpHttpsPort = "12345";
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
@@ -60,18 +60,18 @@ public class FederationTest extends AbstractTests {
initIdp();
initRp();
}
-
+
private static void initIdp() {
try {
idpServer = new Tomcat();
idpServer.setPort(0);
String currentDir = new File(".").getCanonicalPath();
idpServer.setBaseDir(currentDir + File.separator + "target");
-
+
idpServer.getHost().setAppBase("tomcat/idp/webapps");
idpServer.getHost().setAutoDeploy(true);
idpServer.getHost().setDeployOnStartup(true);
-
+
Connector httpsConnector = new Connector();
httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
httpsConnector.setSecure(true);
@@ -87,27 +87,27 @@ public class FederationTest extends AbstractTests {
httpsConnector.setAttribute("SSLEnabled", true);
idpServer.getService().addConnector(httpsConnector);
-
+
idpServer.addWebapp("/fediz-idp-sts", "fediz-idp-sts");
idpServer.addWebapp("/fediz-idp", "fediz-idp");
-
+
idpServer.start();
} catch (Exception e) {
e.printStackTrace();
}
}
-
+
private static void initRp() {
try {
rpServer = new Tomcat();
rpServer.setPort(0);
String currentDir = new File(".").getCanonicalPath();
rpServer.setBaseDir(currentDir + File.separator + "target");
-
+
rpServer.getHost().setAppBase("tomcat/rp/webapps");
rpServer.getHost().setAutoDeploy(true);
rpServer.getHost().setDeployOnStartup(true);
-
+
Connector httpsConnector = new Connector();
httpsConnector.setPort(Integer.parseInt(rpHttpsPort));
httpsConnector.setSecure(true);
@@ -123,21 +123,21 @@ public class FederationTest extends AbstractTests {
httpsConnector.setAttribute("SSLEnabled", true);
rpServer.getService().addConnector(httpsConnector);
-
+
rpServer.addWebapp("/fedizhelloworld", "cxfWebapp");
-
+
rpServer.start();
} catch (Exception e) {
e.printStackTrace();
}
}
-
+
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
shutdownServer(rpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -151,15 +151,15 @@ public class FederationTest extends AbstractTests {
e.printStackTrace();
}
}
-
+
public String getIdpHttpsPort() {
return idpHttpsPort;
}
-
+
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/BasicAuthFilter.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/BasicAuthFilter.java b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/BasicAuthFilter.java
index 7a4e48e..f67ec0f 100644
--- a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/BasicAuthFilter.java
+++ b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/BasicAuthFilter.java
@@ -38,7 +38,7 @@ public class BasicAuthFilter extends WSS4JBasicAuthValidator implements Containe
public void filter(ContainerRequestContext requestContext) throws IOException {
Message message = JAXRSUtils.getCurrentMessage();
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
-
+
if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
requestContext.abortWith(
Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/CommonCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/CommonCallbackHandler.java b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/CommonCallbackHandler.java
index b1d9527..5bc8c69 100644
--- a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/CommonCallbackHandler.java
+++ b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/CommonCallbackHandler.java
@@ -43,7 +43,7 @@ public class CommonCallbackHandler implements CallbackHandler {
&& pc.getIdentifier().startsWith("consumer-id")) {
pc.setPassword("this-is-a-secret");
break;
- }
+ }
}
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/EHCacheOIDCTokenProvider.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/EHCacheOIDCTokenProvider.java b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/EHCacheOIDCTokenProvider.java
index 2dfb7de..bb05f21 100644
--- a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/EHCacheOIDCTokenProvider.java
+++ b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/EHCacheOIDCTokenProvider.java
@@ -31,13 +31,13 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
* Extend the DefaultEHCacheCodeDataProvider to allow OpenId
*/
public class EHCacheOIDCTokenProvider extends DefaultEHCacheCodeDataProvider {
-
+
@Override
public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
if (requestedScopes.isEmpty()) {
return Collections.emptyList();
}
-
+
List<OAuthPermission> permissions = new ArrayList<>();
for (String requestedScope : requestedScopes) {
if ("openid".equals(requestedScope)) {
@@ -47,7 +47,7 @@ public class EHCacheOIDCTokenProvider extends DefaultEHCacheCodeDataProvider {
throw new OAuthServiceException("invalid_scope");
}
}
-
+
return permissions;
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/IdTokenProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/IdTokenProviderImpl.java b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/IdTokenProviderImpl.java
index a6d1684..5785350 100644
--- a/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/IdTokenProviderImpl.java
+++ b/systests/federation/oidcIdpWebapp/src/main/java/org/apache/cxf/fediz/oidc/idp/example/IdTokenProviderImpl.java
@@ -36,7 +36,7 @@ public class IdTokenProviderImpl implements IdTokenProvider {
@Override
public IdToken getIdToken(String clientId, UserSubject authenticatedUser, List<String> scopes) {
IdToken token = new IdToken();
-
+
Calendar cal = Calendar.getInstance();
cal.add(Calendar.SECOND, 60);
token.setExpiryTime(cal.getTimeInMillis() / 1000L);
@@ -46,7 +46,7 @@ public class IdTokenProviderImpl implements IdTokenProvider {
token.setSubject(authenticatedUser.getLogin().toLowerCase());
token.setClaim("preferred_username", authenticatedUser.getLogin().toLowerCase());
token.setIssuer("OIDC IdP");
-
+
return token;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/BasicAuthFilter.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/BasicAuthFilter.java b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/BasicAuthFilter.java
index 9007ab6..32957b6 100644
--- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/BasicAuthFilter.java
+++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/BasicAuthFilter.java
@@ -44,17 +44,17 @@ import org.apache.wss4j.dom.validate.UsernameTokenValidator;
* A simple filter to validate a Basic Auth username/password via a CallbackHandler
*/
public class BasicAuthFilter implements ContainerRequestFilter {
-
+
static {
WSSConfig.init();
}
private CallbackHandler callbackHandler;
-
+
public void filter(ContainerRequestContext requestContext) throws IOException {
Message message = JAXRSUtils.getCurrentMessage();
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
-
+
if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
requestContext.abortWith(
Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build());
@@ -65,13 +65,13 @@ public class BasicAuthFilter implements ContainerRequestFilter {
UsernameToken token = convertPolicyToToken(policy);
Credential credential = new Credential();
credential.setUsernametoken(token);
-
+
RequestData data = new RequestData();
data.setMsgContext(message);
data.setCallbackHandler(callbackHandler);
UsernameTokenValidator validator = new UsernameTokenValidator();
credential = validator.validate(credential, data);
-
+
// Create a Principal/SecurityContext
Principal p = null;
if (credential != null && credential.getPrincipal() != null) {
@@ -87,17 +87,17 @@ public class BasicAuthFilter implements ContainerRequestFilter {
}
}
- protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy)
+ protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy)
throws Exception {
Document doc = DOMUtils.createDocument();
- UsernameToken token = new UsernameToken(false, doc,
+ UsernameToken token = new UsernameToken(false, doc,
WSConstants.PASSWORD_TEXT);
token.setName(policy.getUserName());
token.setPassword(policy.getPassword());
return token;
}
-
+
protected SecurityContext createSecurityContext(final Principal p) {
return new SecurityContext() {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java
index b4c3db4..b29379d 100644
--- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java
+++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java
@@ -40,11 +40,11 @@ import org.apache.wss4j.common.saml.builder.SAML2Constants;
/**
* A Callback Handler implementation for a SAML 2 assertion for use by the SAML SSO IdP. By
- * default it creates a SAML 2.0 Assertion with an AuthenticationStatement. If a list of roles
+ * default it creates a SAML 2.0 Assertion with an AuthenticationStatement. If a list of roles
* are also supplied, it will insert them as part of an AttributeStatement.
*/
public class SAML2CallbackHandler implements CallbackHandler {
-
+
private String subjectName;
private String subjectQualifier;
private String confirmationMethod = SAML2Constants.CONF_BEARER;
@@ -52,7 +52,7 @@ public class SAML2CallbackHandler implements CallbackHandler {
private String subjectNameIDFormat;
private ConditionsBean conditions;
private SubjectConfirmationDataBean subjectConfirmationData;
-
+
private void createAndSetStatement(SAMLCallback callback) {
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
authBean.setAuthenticationMethod("Password");
@@ -67,19 +67,19 @@ public class SAML2CallbackHandler implements CallbackHandler {
} else if ("bob".equals(subjectName)) {
roles.add("employee");
}
-
+
if (!roles.isEmpty()) {
AttributeStatementBean attrBean = new AttributeStatementBean();
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
attributeBean.setAttributeValues(roles);
-
+
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
}
}
-
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
@@ -90,8 +90,8 @@ public class SAML2CallbackHandler implements CallbackHandler {
if (conditions != null) {
callback.setConditions(conditions);
}
-
- SubjectBean subjectBean =
+
+ SubjectBean subjectBean =
new SubjectBean(
subjectName, subjectQualifier, confirmationMethod
);
@@ -107,23 +107,23 @@ public class SAML2CallbackHandler implements CallbackHandler {
}
}
}
-
+
public void setSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationData) {
this.subjectConfirmationData = subjectConfirmationData;
}
-
+
public void setConditions(ConditionsBean conditionsBean) {
this.conditions = conditionsBean;
}
-
+
public void setConfirmationMethod(String confMethod) {
confirmationMethod = confMethod;
}
-
+
public void setIssuer(String issuer) {
this.issuer = issuer;
}
-
+
public void setSubjectNameIDFormat(String subjectNameIDFormat) {
this.subjectNameIDFormat = subjectNameIDFormat;
}
@@ -143,5 +143,5 @@ public class SAML2CallbackHandler implements CallbackHandler {
public void setSubjectQualifier(String subjectQualifier) {
this.subjectQualifier = subjectQualifier;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java
index 9934dc1..ade07d4 100644
--- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java
+++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java
@@ -36,24 +36,24 @@ import org.opensaml.saml.saml2.core.StatusMessage;
* A (basic) set of utility methods to construct SAML 2.0 Protocol Response statements
*/
public final class SAML2PResponseComponentBuilder {
-
+
private static SAMLObjectBuilder<Response> responseBuilder;
-
+
private static SAMLObjectBuilder<Issuer> issuerBuilder;
-
+
private static SAMLObjectBuilder<Status> statusBuilder;
-
+
private static SAMLObjectBuilder<StatusCode> statusCodeBuilder;
-
+
private static SAMLObjectBuilder<StatusMessage> statusMessageBuilder;
-
- private static XMLObjectBuilderFactory builderFactory =
+
+ private static XMLObjectBuilderFactory builderFactory =
XMLObjectProviderRegistrySupport.getBuilderFactory();
-
+
private SAML2PResponseComponentBuilder() {
-
+
}
-
+
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
String inResponseTo,
@@ -65,17 +65,17 @@ public final class SAML2PResponseComponentBuilder {
builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
-
+
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
-
+
return response;
}
-
+
@SuppressWarnings("unchecked")
public static Issuer createIssuer(
String issuerValue
@@ -86,10 +86,10 @@ public final class SAML2PResponseComponentBuilder {
}
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerValue);
-
+
return issuer;
}
-
+
@SuppressWarnings("unchecked")
public static Status createStatus(
String statusCodeValue,
@@ -107,21 +107,21 @@ public final class SAML2PResponseComponentBuilder {
statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
}
-
+
Status status = statusBuilder.buildObject();
-
+
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
-
+
if (statusMessage != null) {
StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
statusMessageObject.setMessage(statusMessage);
status.setStatusMessage(statusMessageObject);
}
-
+
return status;
}
-
-
+
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
index 4adfcc8..3ec6688 100644
--- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
+++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
@@ -69,40 +69,40 @@ import org.opensaml.saml.saml2.core.Status;
*/
@Path("/samlsso")
public class SamlSso {
-
+
static {
OpenSAMLUtil.initSamlEngine();
}
-
+
private final DocumentBuilderFactory docBuilderFactory;
private MessageContext messageContext;
-
+
public SamlSso() {
docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
}
-
+
@POST
public javax.ws.rs.core.Response login(@FormParam("SAMLRequest") String samlRequest,
@FormParam("RelayState") String relayState) throws Exception {
-
+
return login(samlRequest, relayState, "POST");
}
-
+
@GET
public javax.ws.rs.core.Response login(@QueryParam("SAMLRequest") String samlRequest,
@QueryParam("RelayState") String relayState, @QueryParam("binding") String binding) throws Exception {
-
+
AuthnRequest request = extractRequest(samlRequest);
String racs = request.getAssertionConsumerServiceURL();
String requestIssuer = request.getIssuer().getValue();
-
+
// Create the response
Element response = createResponse(request.getID(), racs, requestIssuer);
boolean redirect = "REDIRECT".equals(binding);
String responseStr = encodeResponse(response, redirect);
-
+
if (redirect) {
return redirectResponse(relayState, racs, responseStr);
} else {
@@ -110,29 +110,29 @@ public class SamlSso {
}
}
- @Context
+ @Context
public void setMessageContext(MessageContext mc) {
this.messageContext = mc;
}
-
+
protected Element createResponse(String requestID, String racs, String requestIssuer) throws Exception {
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
-
- Status status =
+
+ Status status =
SAML2PResponseComponentBuilder.createStatus(
"urn:oasis:names:tc:SAML:2.0:status:Success", null
);
String issuer = messageContext.getUriInfo().getAbsolutePath().toString();
- Response response =
+ Response response =
SAML2PResponseComponentBuilder.createSAMLResponse(requestID, issuer, status);
-
+
// Create an AuthenticationAssertion
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setIssuer(issuer);
String user = messageContext.getSecurityContext().getUserPrincipal().getName();
callbackHandler.setSubjectName(user);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(messageContext.getHttpServletRequest().getRemoteAddr());
@@ -140,28 +140,28 @@ public class SamlSso {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(racs);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
// Audience Restriction
ConditionsBean conditions = new ConditionsBean();
conditions.setTokenPeriodMinutes(5);
-
+
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(requestIssuer));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(conditions);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
Crypto issuerCrypto = CryptoFactory.getInstance("stsKeystoreB.properties");
assertion.signAssertion("realmb", "realmb", issuerCrypto, false);
-
+
response.getAssertions().add(assertion.getSaml2());
-
+
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
-
+
return policyElement;
}
@@ -179,15 +179,15 @@ public class SamlSso {
return Base64Utility.encode(deflatedBytes);
}
-
- protected AuthnRequest extractRequest(String samlRequest) throws Base64Exception,
+
+ protected AuthnRequest extractRequest(String samlRequest) throws Base64Exception,
DataFormatException, XMLStreamException, UnsupportedEncodingException, WSSecurityException {
byte[] deflatedToken = Base64Utility.decode(samlRequest);
-
+
InputStream tokenStream = new DeflateEncoderDecoder().inflateToken(deflatedToken);
-
+
Document responseDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
- AuthnRequest request =
+ AuthnRequest request =
(AuthnRequest)OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
System.out.println(DOM2Writer.nodeToString(responseDoc));
return request;
@@ -197,22 +197,22 @@ public class SamlSso {
throws IOException {
InputStream inputStream = this.getClass().getResourceAsStream("/TemplateSAMLResponse.xml");
String responseTemplate = IOUtils.toString(inputStream, "UTF-8");
- inputStream.close();
-
+ inputStream.close();
+
// Perform Redirect to RACS
responseTemplate = responseTemplate.replace("%RESPONSE_URL%", racs);
responseTemplate = responseTemplate.replace("%SAMLResponse%", responseStr);
responseTemplate = responseTemplate.replace("%RelayState%", relayState);
-
+
return javax.ws.rs.core.Response.ok(responseTemplate).type(MediaType.TEXT_HTML).build();
}
-
+
protected javax.ws.rs.core.Response redirectResponse(String relayState, String racs, String responseStr) {
// Perform Redirect to RACS
UriBuilder ub = UriBuilder.fromUri(racs);
ub.queryParam("SAMLResponse", responseStr);
ub.queryParam("RelayState", relayState);
-
+
return javax.ws.rs.core.Response.seeOther(ub.build()).build();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/DoubleItService.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/DoubleItService.java b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/DoubleItService.java
index ece78ce..f69f595 100644
--- a/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/DoubleItService.java
+++ b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/DoubleItService.java
@@ -49,5 +49,5 @@ public class DoubleItService {
public Number doubleItPost(@PathParam("numberToDouble") int numberToDouble) {
return doubleIt(numberToDouble);
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/KeystorePasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/KeystorePasswordCallback.java b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/KeystorePasswordCallback.java
index ef42da5..defb9be 100644
--- a/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/KeystorePasswordCallback.java
+++ b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/KeystorePasswordCallback.java
@@ -33,16 +33,16 @@ import org.apache.wss4j.common.ext.WSPasswordCallback;
* A CallbackHandler implementation for keystores.
*/
public class KeystorePasswordCallback implements CallbackHandler {
-
- private Map<String, String> passwords =
+
+ private Map<String, String> passwords =
new HashMap<String, String>();
-
+
public KeystorePasswordCallback() {
passwords.put("realma", "realma");
}
/**
- * It attempts to get the password from the private
+ * It attempts to get the password from the private
* alias/passwords map.
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
@@ -61,6 +61,6 @@ public class KeystorePasswordCallback implements CallbackHandler {
}
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/Number.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/Number.java b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/Number.java
index bccb647..a0f617e 100644
--- a/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/Number.java
+++ b/systests/federation/samlWebapp/src/main/java/org/apache/cxf/fediz/samlsso/service/Number.java
@@ -24,9 +24,9 @@ import javax.xml.bind.annotation.XmlRootElement;
public class Number {
private int number;
private String description;
-
+
public Number() {
-
+
}
public int getNumber() {
@@ -44,5 +44,5 @@ public class Number {
public void setDescription(String description) {
this.description = description;
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/RealmMapper.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/RealmMapper.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/RealmMapper.java
index ba2bb51..a2a6e64 100644
--- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/RealmMapper.java
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/RealmMapper.java
@@ -27,18 +27,18 @@ import java.util.Map;
* Returns a static map of application realms to home realms
*/
public final class RealmMapper {
-
+
private RealmMapper() {
//
}
-
+
public static Map<String, String> realms() {
Map<String, String> realms = new HashMap<>();
realms.put("urn:org:apache:cxf:fediz:fedizhelloworld:realm-B", "urn:org:apache:cxf:fediz:idp:realm-B");
realms.put("urn:org:apache:cxf:fediz:fedizhelloworld:realm-C", "urn:org:apache:cxf:fediz:idp:realm-C");
realms.put("urn:org:apache:cxf:fediz:fedizhelloworld:realm-D", "urn:org:apache:cxf:fediz:idp:realm-D");
-
+
return realms;
}
-
+
}
\ No newline at end of file
[12/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
index 19573c6..18add14 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
@@ -95,20 +95,20 @@ public class SAMLResponseTest {
static final String TEST_REQUEST_URI = "/fedizhelloworld";
static final String TEST_IDP_ISSUER = "http://url_to_the_issuer";
static final String TEST_CLIENT_ADDRESS = "https://127.0.0.1";
-
+
private static final String CONFIG_FILE = "fediz_test_config_saml.xml";
-
+
private static Crypto crypto;
private static CallbackHandler cbPasswordHandler;
private static FedizConfigurator configurator;
private static DocumentBuilderFactory docBuilderFactory;
-
+
static {
docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
}
-
-
+
+
@BeforeClass
public static void init() {
try {
@@ -121,12 +121,12 @@ public class SAMLResponseTest {
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -144,7 +144,7 @@ public class SAMLResponseTest {
return null;
}
}
-
+
/**
* Successfully validate a SAMLResponse
*/
@@ -152,9 +152,9 @@ public class SAMLResponseTest {
public void validateSAMLResponse() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -164,24 +164,24 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
String responseStr = createSamlResponseStr(requestId);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -190,7 +190,7 @@ public class SAMLResponseTest {
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
assertClaims(wfRes.getClaims(), FedizConstants.DEFAULT_ROLE_URI.toString());
}
-
+
/**
* Validate SAMLResponse with a Response without an internal token parameter
*/
@@ -198,9 +198,9 @@ public class SAMLResponseTest {
public void validateResponseWithoutToken() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -210,20 +210,20 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
Document doc = STSUtil.toSOAPPart(SAMLSSOTestUtils.SAMPLE_EMPTY_SAML_RESPONSE);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(DOM2Writer.nodeToString(doc));
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -234,14 +234,14 @@ public class SAMLResponseTest {
}
}
}
-
+
@org.junit.Test
public void testMissingRelayState() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
requestId,
@@ -250,20 +250,20 @@ public class SAMLResponseTest {
null,
null,
System.currentTimeMillis());
-
+
// Create SAML Response
String responseStr = createSamlResponseStr(requestId);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -274,7 +274,7 @@ public class SAMLResponseTest {
}
}
}
-
+
/**
* Validate SAML 1 token (this is not allowed / supported)
*/
@@ -326,7 +326,7 @@ public class SAMLResponseTest {
}
}
}
-
+
/**
* Validate SAML 2 token which doesn't include the role SAML attribute
*/
@@ -334,9 +334,9 @@ public class SAMLResponseTest {
public void validateSAML2TokenWithoutRoles() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -346,7 +346,7 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -355,31 +355,31 @@ public class SAMLResponseTest {
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
callbackHandler.setRoles(null);
-
+
String responseStr = createSamlResponseStr(callbackHandler, requestId);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
Assert.assertEquals("No roles must be found", null, wfRes.getRoles());
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
}
-
-
+
+
/**
* Validate SAML 2 token where role information is provided
* within another SAML attribute
@@ -433,7 +433,7 @@ public class SAMLResponseTest {
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 2 token which includes role attribute
* but RoleURI is not configured
@@ -487,8 +487,8 @@ public class SAMLResponseTest {
Assert.assertEquals("Two roles must be found", null, wfRes.getRoles());
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
}
-
-
+
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* Roles are encoded as a multiple saml attributes with the same name
@@ -598,7 +598,7 @@ public class SAMLResponseTest {
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* The configured subject of the trusted issuer doesn't match with
@@ -634,7 +634,7 @@ public class SAMLResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -642,7 +642,7 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
@@ -668,7 +668,7 @@ public class SAMLResponseTest {
// expected
}
}
-
+
/**
* Validate SAML 2 token twice which causes an exception
* due to replay attack
@@ -718,7 +718,7 @@ public class SAMLResponseTest {
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
-
+
wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -729,7 +729,7 @@ public class SAMLResponseTest {
}
}
}
-
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* The configured subject of the trusted issuer doesn't match with
@@ -775,7 +775,7 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -828,14 +828,14 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
.size());
}
-
+
/**
* Validate SAML 2 token which is expired
*/
@@ -863,7 +863,7 @@ public class SAMLResponseTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
DateTime currentTime = new DateTime();
currentTime = currentTime.minusSeconds(60);
@@ -875,7 +875,7 @@ public class SAMLResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -883,13 +883,13 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
@@ -911,7 +911,7 @@ public class SAMLResponseTest {
}
}
}
-
+
/**
* Validate SAML 2 token which is not yet valid (in 30 seconds)
* but within the maximum clock skew range (60 seconds)
@@ -941,7 +941,7 @@ public class SAMLResponseTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
DateTime currentTime = new DateTime();
currentTime = currentTime.plusSeconds(300);
@@ -953,7 +953,7 @@ public class SAMLResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -961,13 +961,13 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId);
String responseStr = encodeResponse(response);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
@@ -981,7 +981,7 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -1038,7 +1038,7 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -1088,7 +1088,7 @@ public class SAMLResponseTest {
FedizProcessor wfProc = new SAMLProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer());
@@ -1096,14 +1096,14 @@ public class SAMLResponseTest {
.size());
Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience());
}
-
+
@org.junit.Test
public void testModifiedSignature() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -1113,7 +1113,7 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setAlsoAddAuthnStatement(true);
@@ -1121,13 +1121,13 @@ public class SAMLResponseTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -1135,11 +1135,11 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
WSPasswordCallback[] cb = {
new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE)
};
@@ -1156,21 +1156,21 @@ public class SAMLResponseTest {
"urn:oasis:names:tc:SAML:2.0:status:Success", null
);
Response response =
- SAML2PResponseComponentBuilder.createSAMLResponse(requestId,
- assertion.getIssuerString(),
+ SAML2PResponseComponentBuilder.createSAMLResponse(requestId,
+ assertion.getIssuerString(),
status);
response.getAssertions().add(assertion.getSaml2());
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
-
- NodeList assertionNodes =
+
+ NodeList assertionNodes =
policyElement.getElementsByTagNameNS(WSConstants.SAML2_NS, "Assertion");
Assert.assertTrue(assertionNodes != null && assertionNodes.getLength() == 1);
-
+
Element assertionElement = (Element)assertionNodes.item(0);
-
+
// Change IssueInstant attribute
String issueInstance = assertionElement.getAttributeNS(null, "IssueInstant");
DateTime issueDateTime = new DateTime(issueInstance, DateTimeZone.UTC);
@@ -1178,18 +1178,18 @@ public class SAMLResponseTest {
assertionElement.setAttributeNS(null, "IssueInstant", issueDateTime.toString());
String responseStr = encodeResponse(policyElement);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -1198,14 +1198,14 @@ public class SAMLResponseTest {
// expected
}
}
-
+
@org.junit.Test
public void testTrustFailure() throws Exception {
// Mock up a Request
FedizContext config = getFederationConfigurator().getFedizContext("CLIENT_TRUST");
-
+
String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-
+
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState(TEST_REQUEST_URL,
TEST_IDP_ISSUER,
@@ -1215,21 +1215,21 @@ public class SAMLResponseTest {
null,
relayState,
System.currentTimeMillis());
-
+
// Create SAML Response
String responseStr = createSamlResponseStr(requestId);
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS);
EasyMock.replay(req);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setResponseToken(responseStr);
wfReq.setState(relayState);
wfReq.setRequest(req);
wfReq.setRequestState(requestState);
-
+
FedizProcessor wfProc = new SAMLProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -1238,7 +1238,7 @@ public class SAMLResponseTest {
// expected
}
}
-
+
private String createSamlResponseStr(String requestId) throws Exception {
// Create SAML Assertion
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1247,10 +1247,10 @@ public class SAMLResponseTest {
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
callbackHandler.setIssuer(TEST_IDP_ISSUER);
callbackHandler.setSubjectName(TEST_USER);
-
+
return createSamlResponseStr(callbackHandler, requestId);
}
-
+
private String createSamlResponseStr(AbstractSAMLCallbackHandler saml2CallbackHandler,
String requestId) throws Exception {
ConditionsBean cp = new ConditionsBean();
@@ -1258,7 +1258,7 @@ public class SAMLResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
saml2CallbackHandler.setConditions(cp);
-
+
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS);
@@ -1266,15 +1266,15 @@ public class SAMLResponseTest {
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(TEST_REQUEST_URL);
saml2CallbackHandler.setSubjectConfirmationData(subjectConfirmationData);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(saml2CallbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Element response = createSamlResponse(assertion, "mystskey", true, requestId);
return encodeResponse(response);
}
-
- private Element createSamlResponse(SamlAssertionWrapper assertion, String alias,
+
+ private Element createSamlResponse(SamlAssertionWrapper assertion, String alias,
boolean sign, String requestID)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
WSPasswordCallback[] cb = {
@@ -1286,7 +1286,7 @@ public class SAMLResponseTest {
if (sign) {
assertion.signAssertion(alias, password, crypto, false);
}
-
+
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
@@ -1295,8 +1295,8 @@ public class SAMLResponseTest {
"urn:oasis:names:tc:SAML:2.0:status:Success", null
);
Response response =
- SAML2PResponseComponentBuilder.createSAMLResponse(requestID,
- assertion.getIssuerString(),
+ SAML2PResponseComponentBuilder.createSAMLResponse(requestID,
+ assertion.getIssuerString(),
status);
response.getAssertions().add(assertion.getSaml2());
@@ -1306,14 +1306,14 @@ public class SAMLResponseTest {
return policyElement;
}
-
-
+
+
/**
* Returns the first element that matches <code>name</code> and
* <code>namespace</code>. <p/> This is a replacement for a XPath lookup
* <code>//name</code> with the given namespace. It's somewhat faster than
* XPath, and we do not deal with prefixes, just with the real namespace URI
- *
+ *
* @param startNode Where to start the search
* @param name Local name of the element
* @param namespace Namespace URI of the element
@@ -1368,14 +1368,14 @@ public class SAMLResponseTest {
private void assertClaims(List<Claim> claims, String roleClaimType) {
for (Claim c : claims) {
- Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
+ Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
c.getClaimType().equals(roleClaimType)
|| c.getClaimType().equals(ClaimTypes.COUNTRY)
|| c.getClaimType().equals(AbstractSAMLCallbackHandler.CLAIM_TYPE_LANGUAGE)
);
}
}
-
+
private String encodeResponse(Element response) throws IOException {
String responseMessage = DOM2Writer.nodeToString(response);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
index 842dcd8..18850a0 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOTestUtils.java
@@ -21,9 +21,9 @@ package org.apache.cxf.fediz.core.samlsso;
public final class SAMLSSOTestUtils {
-
-
- public static final String SAMPLE_EMPTY_SAML_RESPONSE =
+
+
+ public static final String SAMPLE_EMPTY_SAML_RESPONSE =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<saml2p:Response ID=\"c4b78949-d52e-4ae0-ad44-04ef58fe1ca8\" "
+ "InResponseTo=\"612223b6-fb12-4c40-9a31-9bd94e09a579\" "
@@ -33,9 +33,9 @@ public final class SAMLSSOTestUtils {
+ "http://localhost:12345/idp/samlsso</saml2:Issuer><saml2p:Status>"
+ "<saml2p:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/>"
+ "</saml2p:Status></saml2p:Response>";
-
+
private SAMLSSOTestUtils() {
-
+
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
index 2acffb3..46e9d78 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
@@ -65,25 +65,25 @@ import org.slf4j.LoggerFactory;
@PreMatching
public abstract class AbstractServiceProviderFilter implements ContainerRequestFilter {
-
- public static final String SECURITY_CONTEXT_TOKEN =
+
+ public static final String SECURITY_CONTEXT_TOKEN =
"org.apache.fediz.SECURITY_TOKEN";
- public static final String SECURITY_CONTEXT_STATE =
+ public static final String SECURITY_CONTEXT_STATE =
"org.apache.fediz.SECURITY_CONTEXT_STATE";
-
- protected static final ResourceBundle BUNDLE =
+
+ protected static final ResourceBundle BUNDLE =
BundleUtils.getBundle(AbstractServiceProviderFilter.class);
private static final Logger LOG = LoggerFactory.getLogger(AbstractServiceProviderFilter.class);
-
+
private boolean addWebAppContext = true;
private boolean addEndpointAddressToContext;
-
+
private FedizConfigurator configurator;
private String configFile;
private SPStateManager stateManager;
private long stateTimeToLive = 120000;
private String webAppDomain;
-
+
public String getConfigFile() {
return configFile;
}
@@ -91,7 +91,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
public void setConfigFile(String configFile) {
this.configFile = configFile;
}
-
+
@PostConstruct
public synchronized void configure() throws JAXBException, IOException {
if (configurator == null) {
@@ -102,7 +102,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
try {
File f = new File(actualConfigFile);
if (!f.exists()) {
- URL url = ResourceUtils.getResourceURL(actualConfigFile,
+ URL url = ResourceUtils.getResourceURL(actualConfigFile,
BusFactory.getThreadDefaultBus());
if (url == null) {
url = new URL(actualConfigFile);
@@ -125,12 +125,12 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
throw new IOException(e);
}
}
-
+
if (stateManager == null) {
stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
- }
+ }
}
-
+
@PreDestroy
public synchronized void cleanup() throws IOException {
if (configurator != null) {
@@ -145,21 +145,21 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
}
}
}
-
+
stateManager.close();
}
-
+
protected boolean checkSecurityContext(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) {
HttpHeaders headers = new HttpHeadersImpl(m);
Map<String, Cookie> cookies = headers.getCookies();
-
+
Cookie securityContextCookie = cookies.get(SECURITY_CONTEXT_TOKEN);
-
+
ResponseState responseState = getValidResponseState(securityContextCookie, fedConfig, m);
if (responseState == null) {
- return false;
+ return false;
}
-
+
Cookie relayStateCookie = cookies.get(SECURITY_CONTEXT_STATE);
if (relayStateCookie == null) {
reportError("MISSING_RELAY_COOKIE");
@@ -171,41 +171,41 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
reportError("INVALID_RELAY_STATE");
return false;
}
-
+
// Check to see if a CSRF-style attack is being mounted
String state = getState(fedConfig, params);
if (state != null && !state.equals(responseState.getState())) {
LOG.error("wctx parameter does not match stored value");
throw ExceptionUtils.toForbiddenException(null, null);
}
-
+
// Create SecurityContext
try {
- Element token =
+ Element token =
StaxUtils.read(new StringReader(responseState.getAssertion())).getDocumentElement();
setSecurityContext(responseState, m, token);
} catch (Exception ex) {
reportError("INVALID_RESPONSE_STATE");
return false;
}
-
+
return true;
}
-
+
protected void setSecurityContext(
ResponseState responseState, Message m, Element token
) throws WSSecurityException {
- CXFFedizPrincipal principal =
- new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(),
+ CXFFedizPrincipal principal =
+ new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(),
responseState.getRoles(), token);
-
+
SecurityTokenThreadLocal.setToken(principal.getLoginToken());
- FedizSecurityContext context =
+ FedizSecurityContext context =
new FedizSecurityContext(principal, responseState.getRoles());
m.put(SecurityContext.class, context);
}
-
- protected ResponseState getValidResponseState(Cookie securityContextCookie,
+
+ protected ResponseState getValidResponseState(Cookie securityContextCookie,
FedizContext fedConfig,
Message m) {
if (securityContextCookie == null) {
@@ -218,22 +218,22 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
}
String contextKey = securityContextCookie.getValue();
ResponseState responseState = stateManager.getResponseState(contextKey);
-
+
if (responseState == null) {
reportError("MISSING_RESPONSE_STATE");
return null;
}
-
+
if (CookieUtils.isStateExpired(responseState.getCreatedAt(), fedConfig.isDetectExpiredTokens(),
responseState.getExpiresAt(), getStateTimeToLive())) {
reportError("EXPIRED_RESPONSE_STATE");
stateManager.removeResponseState(contextKey);
return null;
}
-
+
String webAppContext = getWebAppContext(m);
- if (webAppDomain != null
- && (responseState.getWebAppDomain() == null
+ if (webAppDomain != null
+ && (responseState.getWebAppDomain() == null
|| !webAppDomain.equals(responseState.getWebAppDomain()))
|| responseState.getWebAppContext() == null
|| !webAppContext.equals(responseState.getWebAppContext())) {
@@ -247,7 +247,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
}
return responseState;
}
-
+
protected String getState(FedizContext fedConfig, MultivaluedMap<String, String> params) {
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol) {
return params.getFirst(FederationConstants.PARAM_CONTEXT);
@@ -257,7 +257,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
return null;
}
-
+
protected FedizContext getFedizContext(Message message) {
String contextName = getWebAppContext(message);
String[] contextPath = contextName.split("/");
@@ -266,7 +266,7 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
}
return getContextConfiguration(contextName);
}
-
+
protected synchronized FedizContext getContextConfiguration(String contextName) {
if (configurator == null) {
throw new IllegalStateException("No Fediz configuration available");
@@ -282,21 +282,21 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
return config;
}
-
+
protected void reportError(String code) {
- org.apache.cxf.common.i18n.Message errorMsg =
+ org.apache.cxf.common.i18n.Message errorMsg =
new org.apache.cxf.common.i18n.Message(code, BUNDLE);
LOG.warn(errorMsg.toString());
}
-
+
protected void reportTrace(String code) {
if (LOG.isDebugEnabled()) {
- org.apache.cxf.common.i18n.Message errorMsg =
+ org.apache.cxf.common.i18n.Message errorMsg =
new org.apache.cxf.common.i18n.Message(code, BUNDLE);
LOG.debug(errorMsg.toString());
}
}
-
+
protected String getWebAppContext(Message m) {
if (addWebAppContext) {
if (addEndpointAddressToContext) {
@@ -309,11 +309,11 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
return "/";
}
}
-
+
public void setAddWebAppContext(boolean addWebAppContext) {
this.addWebAppContext = addWebAppContext;
}
-
+
public SPStateManager getStateManager() {
return stateManager;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
index 5a6914e..325de9c 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
@@ -27,12 +27,12 @@ import org.apache.cxf.fediz.core.ClaimCollection;
import org.apache.cxf.fediz.core.FedizPrincipal;
public class CXFFedizPrincipal implements FedizPrincipal {
-
+
private final String subject;
private final List<Claim> claims;
private Element token;
private List<String> roles = Collections.emptyList();
-
+
public CXFFedizPrincipal(String subject, List<Claim> claims, List<String> roles, Element token) {
this.subject = subject;
this.claims = claims;
@@ -56,7 +56,7 @@ public class CXFFedizPrincipal implements FedizPrincipal {
public Element getLoginToken() {
return token;
}
-
+
public List<String> getRoleClaims() {
return Collections.unmodifiableList(roles);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
index a62b97a..5566c52 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -73,18 +73,18 @@ import org.slf4j.LoggerFactory;
public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
implements ContainerResponseFilter {
-
+
private static final Logger LOG = LoggerFactory.getLogger(FedizRedirectBindingFilter.class);
-
- @Context
+
+ @Context
private MessageContext messageContext;
private boolean redirectOnInitialSignIn;
-
+
public void filter(ContainerRequestContext context) {
Message m = JAXRSUtils.getCurrentMessage();
FedizContext fedConfig = getFedizContext(m);
-
+
// See if it is a Metadata request
if (isMetadataRequest(context, fedConfig)) {
return;
@@ -92,7 +92,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
String httpMethod = context.getMethod();
MultivaluedMap<String, String> params = null;
-
+
try {
if (HttpMethod.GET.equals(httpMethod)) {
params = context.getUriInfo().getQueryParameters();
@@ -104,7 +104,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
-
+
// See if it is a Logout request first
if (isLogoutRequest(context, fedConfig, m, params) || isSignoutCleanupRequest(fedConfig, m, params)) {
return;
@@ -119,7 +119,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
throw ExceptionUtils.toBadRequestException(null, null);
}
}
-
+
private void processSignInRequest(ContainerRequestContext context, FedizContext fedConfig,
Message m, MultivaluedMap<String, String> params) {
String responseToken = getResponseToken(fedConfig, params);
@@ -137,7 +137,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
LOG.debug("token=\n" + responseToken);
}
- FedizResponse wfRes =
+ FedizResponse wfRes =
validateSignInRequest(fedConfig, params, responseToken, state);
// Validate AudienceRestriction
@@ -170,12 +170,12 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
String webAppContext = getWebAppContext(m);
- ResponseState responseState =
+ ResponseState responseState =
new ResponseState(token,
- state,
+ state,
webAppContext,
webAppDomain,
- currentTime,
+ currentTime,
expiresAt);
responseState.setClaims(wfRes.getClaims());
responseState.setRoles(roles);
@@ -192,7 +192,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
// Redirect with cookie set
if (isRedirectOnInitialSignIn()) {
- ResponseBuilder response =
+ ResponseBuilder response =
Response.seeOther(new UriInfoImpl(m).getAbsolutePath());
response.header(HttpHeaders.SET_COOKIE, contextCookie);
@@ -206,17 +206,17 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
}
}
}
-
+
}
private void processSignInRequired(ContainerRequestContext context, FedizContext fedConfig) {
// Unauthenticated -> redirect
- FedizProcessor processor =
+ FedizProcessor processor =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
HttpServletRequest request = messageContext.getHttpServletRequest();
try {
- RedirectionResponse redirectionResponse =
+ RedirectionResponse redirectionResponse =
processor.createSignInRequest(request, fedConfig);
String redirectURL = redirectionResponse.getRedirectionURL();
if (redirectURL != null) {
@@ -233,7 +233,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
if (requestState != null && requestState.getState() != null) {
getStateManager().setRequestState(requestState.getState(), requestState);
- String contextCookie =
+ String contextCookie =
CookieUtils.createCookie(SECURITY_CONTEXT_STATE,
requestState.getState(),
request.getRequestURI(),
@@ -251,7 +251,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
-
+
}
private boolean isMetadataRequest(ContainerRequestContext context, FedizContext fedConfig) {
@@ -262,26 +262,26 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
if (LOG.isInfoEnabled()) {
LOG.info("Metadata document requested");
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
try {
HttpServletRequest request = messageContext.getHttpServletRequest();
Document metadata = wfProc.getMetaData(request, fedConfig);
String metadataStr = DOM2Writer.nodeToString(metadata);
-
+
ResponseBuilder response = Response.ok(metadataStr, "text/xml");
context.abortWith(response.build());
return true;
} catch (Exception ex) {
LOG.error("Failed to get metadata document: " + ex.getMessage());
throw ExceptionUtils.toInternalServerErrorException(ex, null);
- }
+ }
}
-
+
return false;
}
-
+
private boolean isLogoutRequest(ContainerRequestContext context, FedizContext fedConfig,
Message message, MultivaluedMap<String, String> params) {
@@ -297,16 +297,16 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
signout = true;
}
}
-
+
if (signout) {
cleanupContext(message);
try {
- FedizProcessor processor =
+ FedizProcessor processor =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
HttpServletRequest request = messageContext.getHttpServletRequest();
- RedirectionResponse redirectionResponse =
+ RedirectionResponse redirectionResponse =
processor.createSignOutRequest(request, null, fedConfig); //TODO
String redirectURL = redirectionResponse.getRedirectionURL();
if (redirectURL != null) {
@@ -327,10 +327,10 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
}
-
+
return false;
}
-
+
private void cleanupContext(Message message) {
HttpHeaders headers = new HttpHeadersImpl(message);
Map<String, Cookie> cookies = headers.getCookies();
@@ -343,7 +343,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
getStateManager().removeRequestState(contextKey);
}
}
-
+
private String getMetadataURI(FedizContext fedConfig) {
if (fedConfig.getProtocol().getMetadataURI() != null) {
return fedConfig.getProtocol().getMetadataURI();
@@ -352,10 +352,10 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
} else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
}
-
+
return FederationConstants.METADATA_PATH_URI;
}
-
+
private boolean isSignInRequired(FedizContext fedConfig, MultivaluedMap<String, String> params) {
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
&& params.getFirst(FederationConstants.PARAM_ACTION) == null) {
@@ -364,11 +364,11 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
&& params.getFirst(SAMLSSOConstants.RELAY_STATE) == null) {
return true;
}
-
+
return false;
}
-
- private boolean isSignInRequest(FedizContext fedConfig, MultivaluedMap<String, String> params) {
+
+ private boolean isSignInRequest(FedizContext fedConfig, MultivaluedMap<String, String> params) {
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
&& FederationConstants.ACTION_SIGNIN.equals(
params.getFirst(FederationConstants.PARAM_ACTION))) {
@@ -377,12 +377,12 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
&& params.getFirst(SAMLSSOConstants.RELAY_STATE) != null) {
return true;
}
-
+
return false;
}
-
- private boolean isSignoutCleanupRequest(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) {
-
+
+ private boolean isSignoutCleanupRequest(FedizContext fedConfig, Message m, MultivaluedMap<String, String> params) {
+
boolean signoutCleanup = false;
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol
&& FederationConstants.ACTION_SIGNOUT_CLEANUP.equals(
@@ -392,14 +392,14 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
&& params.getFirst(SAMLSSOConstants.RELAY_STATE) != null) {
signoutCleanup = true;
}*/
-
+
if (signoutCleanup) {
if (LOG.isDebugEnabled()) {
LOG.debug("SignOutCleanup request found");
LOG.debug("SignOutCleanup action...");
}
cleanupContext(m);
-
+
HttpServletResponse response = messageContext.getHttpServletResponse();
try {
final ServletOutputStream responseOutputStream = response.getOutputStream();
@@ -419,20 +419,20 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
-
+
return true;
}
-
+
return false;
}
-
+
private String getResponseToken(FedizContext fedConfig, MultivaluedMap<String, String> params) {
if (params != null && fedConfig.getProtocol() instanceof FederationProtocol) {
return params.getFirst(FederationConstants.PARAM_RESULT);
} else if (params != null && fedConfig.getProtocol() instanceof SAMLProtocol) {
return params.getFirst(SAMLSSOConstants.SAML_RESPONSE);
}
-
+
return null;
}
@@ -445,34 +445,34 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(params.getFirst(FederationConstants.PARAM_ACTION));
wfReq.setResponseToken(responseToken);
-
+
if (state == null || state.getBytes().length <= 0) {
LOG.error("Invalid RelayState/WCTX");
throw ExceptionUtils.toBadRequestException(null, null);
}
-
+
wfReq.setState(state);
wfReq.setRequestState(getStateManager().removeRequestState(state));
-
+
if (wfReq.getRequestState() == null) {
LOG.error("Missing Request State");
throw ExceptionUtils.toBadRequestException(null, null);
}
-
- if (CookieUtils.isStateExpired(wfReq.getRequestState().getCreatedAt(), false, 0,
+
+ if (CookieUtils.isStateExpired(wfReq.getRequestState().getCreatedAt(), false, 0,
getStateTimeToLive())) {
LOG.error("EXPIRED_REQUEST_STATE");
throw ExceptionUtils.toBadRequestException(null, null);
}
-
+
HttpServletRequest request = messageContext.getHttpServletRequest();
wfReq.setRequest(request);
- X509Certificate certs[] =
+ X509Certificate certs[] =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
try {
return wfProc.processRequest(wfReq, fedConfig);
@@ -481,13 +481,13 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
throw ExceptionUtils.toNotAuthorizedException(ex, null);
}
}
-
+
private void validateAudienceRestrictions(
- FedizResponse wfRes,
+ FedizResponse wfRes,
List<String> audienceURIs,
HttpServletRequest request
) {
- // Validate the AudienceRestriction in Security Token (e.g. SAML)
+ // Validate the AudienceRestriction in Security Token (e.g. SAML)
// against the configured list of audienceURIs
if (wfRes.getAudience() != null) {
boolean validAudience = false;
@@ -497,13 +497,13 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
break;
}
}
-
+
if (!validAudience) {
LOG.warn("Token AudienceRestriction [" + wfRes.getAudience()
+ "] doesn't match with specified list of URIs.");
throw ExceptionUtils.toForbiddenException(null, null);
}
-
+
if (LOG.isDebugEnabled() && request.getRequestURL().indexOf(wfRes.getAudience()) == -1) {
LOG.debug("Token AudienceRestriction doesn't match with request URL ["
+ wfRes.getAudience() + "] ["
@@ -527,7 +527,7 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
if (tokenContext != null) {
responseContext.getHeaders().add(HttpHeaders.SET_COOKIE, tokenContext);
}
-
+
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
index 89adc17..0e694e7 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizSecurityContext.java
@@ -27,7 +27,7 @@ import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.security.SecurityContext;
public class FedizSecurityContext implements SecurityContext {
-
+
private Principal principal;
private Set<Principal> roles;
@@ -41,7 +41,7 @@ public class FedizSecurityContext implements SecurityContext {
}
}
}
-
+
@Override
public Principal getUserPrincipal() {
return principal;
@@ -54,7 +54,7 @@ public class FedizSecurityContext implements SecurityContext {
return true;
}
}
-
+
return false;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
index 5b886ba..0b7d099 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
@@ -32,7 +32,7 @@ import org.apache.wss4j.common.cache.EHCacheManagerHolder;
import org.apache.wss4j.common.util.Loader;
/**
- * An in-memory EHCache implementation of the SPStateManager interface.
+ * An in-memory EHCache implementation of the SPStateManager interface.
* The default TTL is 5 minutes.
*/
public class EHCacheSPStateManager implements SPStateManager {
@@ -40,34 +40,34 @@ public class EHCacheSPStateManager implements SPStateManager {
public static final long DEFAULT_TTL = 60L * 5L;
public static final String REQUEST_CACHE_KEY = "cxf.fediz.samlp.request.state.cache";
public static final String RESPONSE_CACHE_KEY = "cxf.fediz.samlp.response.state.cache";
-
+
private Ehcache requestCache;
private Ehcache responseCache;
private CacheManager cacheManager;
private long ttl = DEFAULT_TTL;
-
+
public EHCacheSPStateManager(String configFile) {
this(getConfigFileURL(configFile));
}
-
+
public EHCacheSPStateManager(URL configFileURL) {
this(EHCacheManagerHolder.getCacheManager("", configFileURL));
}
-
+
public EHCacheSPStateManager(CacheManager cacheManager) {
this.cacheManager = cacheManager;
-
+
CacheConfiguration requestCC = EHCacheManagerHolder.getCacheConfiguration(REQUEST_CACHE_KEY, cacheManager);
Ehcache newCache = new Cache(requestCC);
requestCache = cacheManager.addCacheIfAbsent(newCache);
-
+
CacheConfiguration responseCC = EHCacheManagerHolder.getCacheConfiguration(RESPONSE_CACHE_KEY, cacheManager);
-
+
newCache = new Cache(responseCC);
responseCache = cacheManager.addCacheIfAbsent(newCache);
}
-
+
private static URL getConfigFileURL(Object o) {
if (o instanceof String) {
try {
@@ -80,11 +80,11 @@ public class EHCacheSPStateManager implements SPStateManager {
// Do nothing
}
} else if (o instanceof URL) {
- return (URL)o;
+ return (URL)o;
}
return null;
}
-
+
/**
* Set a new (default) TTL value in seconds
* @param newTtl a new (default) TTL value in seconds
@@ -92,7 +92,7 @@ public class EHCacheSPStateManager implements SPStateManager {
public void setTTL(long newTtl) {
ttl = newTtl;
}
-
+
/**
* Get the (default) TTL value in seconds
* @return the (default) TTL value in seconds
@@ -100,18 +100,18 @@ public class EHCacheSPStateManager implements SPStateManager {
public long getTTL() {
return ttl;
}
-
+
public void setRequestState(String relayState, RequestState state) {
if (relayState == null || "".equals(relayState)) {
return;
}
-
+
int parsedTTL = (int)ttl;
if (ttl != (long)parsedTTL) {
// Fall back to 60 minutes if the default TTL is set incorrectly
parsedTTL = 3600;
}
-
+
Element element = new Element(relayState, state);
element.setTimeToLive(parsedTTL);
element.setTimeToIdle(parsedTTL);
@@ -126,7 +126,7 @@ public class EHCacheSPStateManager implements SPStateManager {
}
return null;
}
-
+
public ResponseState getResponseState(String securityContextKey) {
Element element = responseCache.get(securityContextKey);
if (element != null) {
@@ -152,7 +152,7 @@ public class EHCacheSPStateManager implements SPStateManager {
if (securityContextKey == null || "".equals(securityContextKey)) {
return;
}
-
+
int parsedTTL = (int)ttl;
if (ttl != (long)parsedTTL) {
// Fall back to 5 minutes if the default TTL is set incorrectly
@@ -161,10 +161,10 @@ public class EHCacheSPStateManager implements SPStateManager {
Element element = new Element(securityContextKey, state);
element.setTimeToLive(parsedTTL);
element.setTimeToIdle(parsedTTL);
-
+
responseCache.put(element);
}
-
+
public void close() throws IOException {
if (cacheManager != null) {
cacheManager.shutdown();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
index 17fa532..04db854 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/ResponseState.java
@@ -32,7 +32,7 @@ import org.apache.cxf.fediz.core.Claim;
public class ResponseState implements Serializable {
private static final long serialVersionUID = -3247188797004342462L;
-
+
private String assertion;
private String state;
private String webAppContext;
@@ -43,16 +43,16 @@ public class ResponseState implements Serializable {
private String issuer;
private List<Claim> claims;
private String subject;
-
+
public ResponseState() {
-
+
}
-
+
public ResponseState(String assertion,
String state,
String webAppContext,
String webAppDomain,
- long createdAt,
+ long createdAt,
long expiresAt) {
this.assertion = assertion;
this.state = state;
@@ -65,7 +65,7 @@ public class ResponseState implements Serializable {
public long getCreatedAt() {
return createdAt;
}
-
+
public long getExpiresAt() {
return expiresAt;
}
@@ -73,7 +73,7 @@ public class ResponseState implements Serializable {
public String getState() {
return state;
}
-
+
public String getWebAppContext() {
return webAppContext;
}
@@ -81,7 +81,7 @@ public class ResponseState implements Serializable {
public String getWebAppDomain() {
return webAppDomain;
}
-
+
public String getAssertion() {
return assertion;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
index 5ed5a47..693da53 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/SPStateManager.java
@@ -25,22 +25,22 @@ import org.apache.cxf.fediz.core.RequestState;
/**
* SSO Service Provider State Manager.
- *
+ *
* TODO: review the possibility of working with the Servlet HTTPSession
- * instead; in that case it can be tricky to configure various containers
- * (Tomcat, Jetty) to make sure the cookies are shared across multiple
+ * instead; in that case it can be tricky to configure various containers
+ * (Tomcat, Jetty) to make sure the cookies are shared across multiple
* war contexts which will be needed if RequestAssertionConsumerService
- * needs to be run in its own war file instead of having every application
- * war on the SP side have a dedicated RequestAssertionConsumerService endpoint
+ * needs to be run in its own war file instead of having every application
+ * war on the SP side have a dedicated RequestAssertionConsumerService endpoint
*/
public interface SPStateManager extends Closeable {
-
+
void setRequestState(String relayState, RequestState state);
RequestState removeRequestState(String relayState);
-
+
void setResponseState(String contextKey, ResponseState state);
ResponseState getResponseState(String contextKey);
ResponseState removeResponseState(String contextKey);
-
+
void close() throws IOException;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
index 4cff406..a905641 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
@@ -39,7 +39,7 @@ import org.slf4j.LoggerFactory;
/**
* This CallbackHandler implementation obtains the security token from
* the thread local storage to be used as the delegation token.
- */
+ */
public class ThreadLocalCallbackHandler implements CallbackHandler {
private static final Logger LOG = LoggerFactory.getLogger(ThreadLocalCallbackHandler.class);
@@ -58,7 +58,7 @@ public class ThreadLocalCallbackHandler implements CallbackHandler {
LOG.debug(DOM2Writer.nodeToString(token));
LOG.debug("****************** END TOKEN *******************");
}
- callback.setToken(token);
+ callback.setToken(token);
}
} else {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
index 803c26a..e3ff3c7 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationAuthenticator.java
@@ -73,22 +73,22 @@ import org.eclipse.jetty.util.log.Logger;
* by sending a WS-Federation SignIn request.
* </p>
* <p>
- * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
+ * The federation authenticator redirects unauthenticated requests to an Identity Provider which use any kind of
* mechanism to authenticate the user.
* FederationAuthentication uses {@link SessionAuthentication} to wrap Authentication results so that they are
* associated with the session.
* </p>
*/
public class FederationAuthenticator extends LoginAuthenticator {
-
+
public static final String J_URI = "org.eclipse.jetty.security.form_URI";
public static final String J_POST = "org.eclipse.jetty.security.form_POST";
public static final String J_CONTEXT = "org.eclipse.jetty.security.form_CONTEXT";
private static final Logger LOG = Log.getLogger(FederationAuthenticator.class);
-
+
private static final String SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
-
+
private String configFile;
private FedizConfigurator configurator;
private String encoding = "UTF-8";
@@ -98,7 +98,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
/**
- *
+ *
*/
@Override
public void setConfiguration(AuthConfiguration configuration) {
@@ -123,7 +123,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
//throw new ServerAuthException("Failed to load Fediz configuration",
// e);
}
-
+
}
/* ------------------------------------------------------------ */
@@ -138,7 +138,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
public void setConfigFile(String configFile) {
this.configFile = configFile;
}
-
+
public String getEncoding() {
return encoding;
}
@@ -146,22 +146,22 @@ public class FederationAuthenticator extends LoginAuthenticator {
public void setEncoding(String encoding) {
this.encoding = encoding;
}
-
+
/* ------------------------------------------------------------ */
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
throws ServerAuthException {
-
+
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
HttpSession session = request.getSession(true);
-
+
String contextName = request.getSession().getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
FedizContext fedConfig = getContextConfiguration(contextName);
-
+
// Check to see if it is a metadata request
MetadataDocumentHandler mdHandler = new MetadataDocumentHandler(fedConfig);
if (mdHandler.canHandleRequest(request)) {
@@ -175,17 +175,17 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (!mandatory) {
return new DeferredAuthentication(this);
}
-
+
try {
req.setCharacterEncoding(this.encoding);
} catch (UnsupportedEncodingException ex) {
LOG.warn("Unsupported encoding '" + this.encoding + "'", ex);
}
-
+
try {
String action = request.getParameter(FederationConstants.PARAM_ACTION);
Authentication authentication = null;
-
+
// Handle a request for authentication.
if (isSignInRequest(request, fedConfig)) {
authentication = handleSignInRequest(request, response, session, fedConfig);
@@ -196,7 +196,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
authentication = Authentication.UNAUTHENTICATED;
}
-
+
if (authentication != null) {
return authentication;
}
@@ -206,35 +206,35 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (authentication != null) {
return authentication;
}
-
+
// if we can't send challenge
if (DeferredAuthentication.isDeferred(response)) {
LOG.debug("auth deferred {}", session.getId());
return Authentication.UNAUTHENTICATED;
}
-
+
// remember the current URI
synchronized (session) {
// But only if it is not set already, or we save every uri that leads to a login form redirect
- if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)
+ if (session.getAttribute(J_URI) == null) { // || alwaysSaveUri)
StringBuffer buf = request.getRequestURL();
if (request.getQueryString() != null) {
buf.append("?").append(request.getQueryString());
}
session.setAttribute(J_URI, buf.toString());
-
- if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType())
+
+ if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType())
&& HttpMethods.POST.equals(request.getMethod())) {
- Request baseRequest = (req instanceof Request) ? (Request)req
+ Request baseRequest = (req instanceof Request) ? (Request)req
: AbstractHttpConnection.getCurrentConnection().getRequest();
- baseRequest.extractParameters();
+ baseRequest.extractParameters();
session.setAttribute(J_POST, new MultiMap<String>(baseRequest.getParameters()));
}
}
}
-
- FedizProcessor wfProc =
+
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signInRedirectToIssuer(request, response, wfProc, session);
@@ -247,8 +247,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
* catch (ServletException e) { throw new ServerAuthException(e); }
*/
}
-
- private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
+
+ private Authentication handleSignInRequest(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FedizContext fedConfig) throws IOException {
FedizResponse wfRes = null;
if (LOG.isDebugEnabled()) {
@@ -271,7 +271,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
wfReq.setState(request.getParameter("RelayState"));
wfReq.setRequest(request);
- X509Certificate[] certs =
+ X509Certificate[] certs =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
wfReq.setCerts(certs);
@@ -291,23 +291,23 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.UNAUTHENTICATED;
}
-
+
nuri = (String) session.getAttribute(J_URI);
if (nuri == null || nuri.length() == 0) {
nuri = request.getContextPath();
- if (nuri.length() == 0) {
+ if (nuri.length() == 0) {
nuri = URIUtil.SLASH;
}
}
Authentication cached = new SessionAuthentication(getAuthMethod(), user, wfRes);
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
}
-
+
FederationUserIdentity fui = (FederationUserIdentity)user;
session.setAttribute(SECURITY_TOKEN_ATTR, fui.getToken());
-
- response.setContentLength(0);
+
+ response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL(nuri));
return new FederationAuthentication(getAuthMethod(), user);
@@ -323,7 +323,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
return Authentication.UNAUTHENTICATED;
}
}
-
+
private Authentication handleSignOutCleanup(HttpServletResponse response, HttpSession session) throws IOException {
if (LOG.isDebugEnabled()) {
LOG.debug("SignOutCleanup request found");
@@ -346,10 +346,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
responseOutputStream.flush();
return Authentication.SEND_SUCCESS;
}
-
- private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
+
+ private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FedizContext fedConfig) throws IOException {
- Authentication authentication =
+ Authentication authentication =
(Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
if (authentication != null) {
// Has authentication been revoked?
@@ -361,21 +361,21 @@ public class FederationAuthenticator extends LoginAuthenticator {
String action = request.getParameter(FederationConstants.PARAM_ACTION);
boolean logout = FederationConstants.ACTION_SIGNOUT.equals(action);
String logoutUrl = fedConfig.getLogoutURL();
-
+
String uri = request.getRequestURI();
if (uri == null) {
uri = URIUtil.SLASH;
}
-
+
String contextName = request.getSession().getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
-
+
if (logout || logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
session.invalidate();
- FedizProcessor wfProc =
+ FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signOutRedirectToIssuer(request, response, wfProc);
@@ -395,8 +395,8 @@ public class FederationAuthenticator extends LoginAuthenticator {
// This is a retry of an original POST request
// so restore method and parameters
- session.removeAttribute(J_POST);
- Request baseRequest = (Request)request;
+ session.removeAttribute(J_POST);
+ Request baseRequest = (Request)request;
// (req instanceof Request)?(Request)
// req:HttpConnection.getCurrentConnection().getRequest();
baseRequest.setMethod(HttpMethods.POST);
@@ -405,13 +405,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
} else if (jUri != null) {
session.removeAttribute(J_URI);
}
-
+
return authentication;
}
}
return null;
}
-
+
private boolean isTokenExpired(FedizContext fedConfig, UserIdentity userIdentity) {
if (fedConfig.isDetectExpiredTokens()) {
try {
@@ -421,13 +421,13 @@ public class FederationAuthenticator extends LoginAuthenticator {
LOG.debug("Token doesn't expire");
return false;
}
-
+
Date currentTime = new Date();
if (!currentTime.after(tokenExpires)) {
return false;
} else {
LOG.warn("Token already expired. Clean up and redirect");
-
+
return true;
}
} catch (ClassCastException ex) {
@@ -435,7 +435,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
throw new IllegalStateException("UserIdentity must be instance of FederationUserIdentity");
}
}
-
+
return false;
}
@@ -451,7 +451,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
return false;
}
-
+
private String getResponseToken(ServletRequest request, FedizContext fedConfig) {
if (fedConfig.getProtocol() instanceof FederationProtocol) {
return request.getParameter(FederationConstants.PARAM_RESULT);
@@ -460,16 +460,16 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
return null;
}
-
+
/* ------------------------------------------------------------ */
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
User validatedUser) throws ServerAuthException {
return true;
- }
-
+ }
+
/**
* Called to redirect sign-in to the IDP/Issuer
- *
+ *
* @param request
* Request we are processing
* @param response
@@ -482,7 +482,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
* {@link HttpServletResponse#sendError(int, String)} throws an
* {@link IOException}
*/
- protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
+ protected void signInRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
FedizProcessor processor, HttpSession session)
throws IOException {
@@ -503,11 +503,11 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
synchronized (session) {
session.setAttribute(J_CONTEXT, redirectionResponse.getRequestState().getState());
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignInRequest.");
@@ -519,10 +519,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.sendError(
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignInRequest.");
}
-
+
}
- protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
+ protected void signOutRedirectToIssuer(HttpServletRequest request, HttpServletResponse response,
FedizProcessor processor)
throws IOException {
@@ -534,7 +534,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
FedizContext fedCtx = this.configurator.getFedizContext(contextName);
try {
- RedirectionResponse redirectionResponse =
+ RedirectionResponse redirectionResponse =
processor.createSignOutRequest(request, null, fedCtx); //TODO
String redirectURL = redirectionResponse.getRedirectionURL();
if (redirectURL != null) {
@@ -544,7 +544,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
response.addHeader(entry.getKey(), entry.getValue());
}
}
-
+
response.sendRedirect(redirectURL);
} else {
LOG.warn("Failed to create SignOutRequest.");
@@ -557,7 +557,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create SignOutRequest.");
}
}
-
+
private FedizContext getContextConfiguration(String contextName) {
if (configurator == null) {
throw new IllegalStateException("No Fediz configuration available");
@@ -566,7 +566,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
if (config == null) {
throw new IllegalStateException("No Fediz configuration for context :" + contextName);
}
-
+
String jettyHome = System.getProperty("jetty.home");
if (jettyHome != null && jettyHome.length() > 0) {
config.setRelativePath(jettyHome);
@@ -581,7 +581,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
*/
public static class FederationAuthentication extends UserAuthentication implements
Authentication.ResponseSent {
-
+
public FederationAuthentication(String method, UserIdentity userIdentity) {
super(method, userIdentity);
}
[14/18] cxf-fediz git commit: Whitespace cleanup
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
index 10c6e43..a4e159d 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
@@ -90,7 +90,7 @@ import static org.junit.Assert.fail;
* Some tests for the WS-Federation "FederationProcessor".
*/
public class FederationResponseTest {
- public static final String SAMPLE_MULTIPLE_RSTR_COLL_MSG =
+ public static final String SAMPLE_MULTIPLE_RSTR_COLL_MSG =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<RequestSecurityTokenResponseCollection "
+ "xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\"> "
@@ -103,18 +103,18 @@ public class FederationResponseTest {
+ "</RequestedSecurityToken>"
+ "</RequestSecurityTokenResponse>"
+ "</RequestSecurityTokenResponseCollection>";
-
+
static final String TEST_USER = "alice";
static final String TEST_RSTR_ISSUER = "FedizSTSIssuer";
static final String TEST_AUDIENCE = "https://localhost/fedizhelloworld";
-
+
private static final String CONFIG_FILE = "fediz_test_config.xml";
-
+
private static Crypto crypto;
private static CallbackHandler cbPasswordHandler;
private static FedizConfigurator configurator;
-
-
+
+
@BeforeClass
public static void init() {
try {
@@ -127,12 +127,12 @@ public class FederationResponseTest {
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -151,18 +151,18 @@ public class FederationResponseTest {
}
}
-
+
/**
* Validate RSTR without RequestedSecurityToken element
*/
@org.junit.Test
public void validateRSTRWithoutToken() throws Exception {
Document doc = STSUtil.toSOAPPart(STSUtil.SAMPLE_RSTR_COLL_MSG);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(DOM2Writer.nodeToString(doc));
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -176,18 +176,18 @@ public class FederationResponseTest {
}
}
}
-
+
/**
* Validate FederationRequest with unknown action
*/
@org.junit.Test
public void validateRequestUnknownAction() throws Exception {
Document doc = STSUtil.toSOAPPart(STSUtil.SAMPLE_RSTR_COLL_MSG);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction("gugus");
wfReq.setResponseToken(DOM2Writer.nodeToString(doc));
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -201,7 +201,7 @@ public class FederationResponseTest {
}
}
}
-
+
/**
*Validate FederationRequest with invalid RSTR/wresult
*/
@@ -210,7 +210,7 @@ public class FederationResponseTest {
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken("gugus");
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -224,14 +224,14 @@ public class FederationResponseTest {
}
}
}
-
+
@org.junit.Test
public void validateTokenAndCreateMetadata() throws Exception {
validateSAML2Token();
FederationMetaDataTest other = new FederationMetaDataTest();
other.validateMetaDataWithAlias();
}
-
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* Roles are encoded as a multi-value saml attribute
@@ -248,22 +248,22 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -271,9 +271,9 @@ public class FederationResponseTest {
.size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
-
+
}
-
+
@org.junit.Test
public void testChainTrust() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -286,32 +286,32 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
// Test successful trust validation (subject cert constraint)
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("CHAIN_TRUST");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
-
+
// Test unsuccessful trust validation (bad subject cert constraint)
configurator = null;
config = getFederationConfigurator().getFedizContext("CHAIN_TRUST2");
-
+
wfProc = new FederationProcessorImpl();
try {
wfRes = wfProc.processRequest(wfReq, config);
@@ -320,7 +320,7 @@ public class FederationResponseTest {
// expected
}
}
-
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* Roles are encoded as a multi-value saml attribute
@@ -338,22 +338,22 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_MSG);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -361,7 +361,7 @@ public class FederationResponseTest {
.size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
-
+
/**
* Validate SAML 2 token which doesn't include the role SAML attribute
*/
@@ -378,29 +378,29 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
Assert.assertEquals("No roles must be found", null, wfRes.getRoles());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
-
+
/**
* Validate SAML 2 token where role information is provided
* within another SAML attribute
@@ -418,29 +418,29 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles().size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 1 token where role information is provided
* within another SAML attribute
@@ -458,29 +458,29 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles().size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 2 token which includes role attribute
* but RoleURI is not configured
@@ -502,25 +502,25 @@ public class FederationResponseTest {
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
config.getProtocol().setRoleURI(null);
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Two roles must be found", null, wfRes.getRoles());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
-
+
/**
* Validate SAML 1.1 token which includes the role attribute with 2 values
* Roles are encoded as a multi-value saml attribute
@@ -542,17 +542,17 @@ public class FederationResponseTest {
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -561,7 +561,7 @@ public class FederationResponseTest {
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 1.1 token which includes the role attribute with 2 values
* Roles are encoded as a multi-value saml attribute
@@ -587,13 +587,13 @@ public class FederationResponseTest {
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -601,7 +601,7 @@ public class FederationResponseTest {
.size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
-
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* Roles are encoded as a multiple saml attributes with the same name
@@ -619,22 +619,22 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -660,16 +660,16 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
Protocol protocol = config.getProtocol();
@@ -677,7 +677,7 @@ public class FederationResponseTest {
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -685,12 +685,12 @@ public class FederationResponseTest {
.size());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* The configured subject of the trusted issuer doesn't match with
* the issuer of the SAML token
- *
+ *
* Ignored because PeerTrust ignores subject attribute
*/
@org.junit.Test
@@ -710,17 +710,17 @@ public class FederationResponseTest {
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
// Load and update the config to enforce an error
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
- config.getTrustedIssuers().get(0).setSubject("wrong-issuer-name");
-
+ config.getTrustedIssuers().get(0).setSubject("wrong-issuer-name");
+
FedizProcessor wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -749,20 +749,20 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", false);
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
// Load and update the config to enforce an error
configurator = null;
- FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+ FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
+
FedizProcessor wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -773,7 +773,7 @@ public class FederationResponseTest {
}
}
}
-
+
@org.junit.Test
public void testUnsignedAssertionAfterSignedAssertion() throws Exception {
// First assertion
@@ -787,11 +787,11 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion1 = new SamlAssertionWrapper(samlCallback);
-
+
// Second assertion
SAML2CallbackHandler callbackHandler2 = new SAML2CallbackHandler();
callbackHandler2.setStatement(SAML2CallbackHandler.Statement.ATTR);
@@ -803,27 +803,27 @@ public class FederationResponseTest {
audienceRestriction2.getAudienceURIs().add(TEST_AUDIENCE);
cp2.setAudienceRestrictions(Collections.singletonList(audienceRestriction2));
callbackHandler2.setConditions(cp2);
-
+
SAMLCallback samlCallback2 = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler2, samlCallback2);
SamlAssertionWrapper assertion2 = new SamlAssertionWrapper(samlCallback2);
-
- Element rstrElement =
+
+ Element rstrElement =
createResponseWithMultipleAssertions(assertion1, true, assertion2, false, "mystskey");
String rstr = DOM2Writer.nodeToString(rstrElement);
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
// Load and update the config to enforce an error
configurator = null;
- FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+ FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse fedizResponse = wfProc.processRequest(wfReq, config);
Assert.assertEquals(TEST_USER, fedizResponse.getUsername());
}
-
+
@org.junit.Test
public void testSignedAssertionAfterUnsignedAssertion() throws Exception {
// First assertion
@@ -837,11 +837,11 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion1 = new SamlAssertionWrapper(samlCallback);
-
+
// Second assertion
SAML2CallbackHandler callbackHandler2 = new SAML2CallbackHandler();
callbackHandler2.setStatement(SAML2CallbackHandler.Statement.ATTR);
@@ -853,22 +853,22 @@ public class FederationResponseTest {
audienceRestriction2.getAudienceURIs().add(TEST_AUDIENCE);
cp2.setAudienceRestrictions(Collections.singletonList(audienceRestriction2));
callbackHandler2.setConditions(cp2);
-
+
SAMLCallback samlCallback2 = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler2, samlCallback2);
SamlAssertionWrapper assertion2 = new SamlAssertionWrapper(samlCallback2);
-
- Element rstrElement =
+
+ Element rstrElement =
createResponseWithMultipleAssertions(assertion2, false, assertion1, true, "mystskey");
String rstr = DOM2Writer.nodeToString(rstrElement);
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
// Load and update the config to enforce an error
configurator = null;
- FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+ FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
+
FedizProcessor wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -879,7 +879,7 @@ public class FederationResponseTest {
}
}
}
-
+
@org.junit.Test
public void testWrappingAttack() throws Exception {
// First assertion
@@ -893,11 +893,11 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion1 = new SamlAssertionWrapper(samlCallback);
-
+
// Second assertion
SAML2CallbackHandler callbackHandler2 = new SAML2CallbackHandler();
callbackHandler2.setStatement(SAML2CallbackHandler.Statement.ATTR);
@@ -909,11 +909,11 @@ public class FederationResponseTest {
audienceRestriction2.getAudienceURIs().add(TEST_AUDIENCE);
cp2.setAudienceRestrictions(Collections.singletonList(audienceRestriction2));
callbackHandler2.setConditions(cp2);
-
+
SAMLCallback samlCallback2 = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler2, samlCallback2);
SamlAssertionWrapper assertion2 = new SamlAssertionWrapper(samlCallback2);
-
+
WSPasswordCallback[] cb = {
new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE)
};
@@ -926,29 +926,29 @@ public class FederationResponseTest {
Document doc = STSUtil.toSOAPPart(SAMPLE_MULTIPLE_RSTR_COLL_MSG);
Element token1 = assertion2.toDOM(doc);
Element token2 = assertion1.toDOM(doc);
-
+
// Now modify the first Signature to point to the other Element
Element sig1 = XMLUtils.findElement(token1, "Signature", WSConstants.SIG_NS);
Element sig2 = XMLUtils.findElement(token2, "Signature", WSConstants.SIG_NS);
sig1.getParentNode().replaceChild(sig2.cloneNode(true), sig1);
- List<Element> requestedTokenElements =
+ List<Element> requestedTokenElements =
XMLUtils.findElements(doc, "RequestedSecurityToken", FederationConstants.WS_TRUST_13_NS);
Assert.assertEquals(2, requestedTokenElements.size());
requestedTokenElements.get(0).appendChild(token1);
requestedTokenElements.get(1).appendChild(token2);
Element rstrElement = doc.getDocumentElement();
-
+
String rstr = DOM2Writer.nodeToString(rstrElement);
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
// Load and update the config to enforce an error
configurator = null;
- FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+ FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
+
FedizProcessor wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -957,8 +957,8 @@ public class FederationResponseTest {
// expected
}
}
-
- private Element createResponseWithMultipleAssertions(SamlAssertionWrapper assertion1,
+
+ private Element createResponseWithMultipleAssertions(SamlAssertionWrapper assertion1,
boolean signFirstAssertion,
SamlAssertionWrapper assertion2,
boolean signSecondAssertion,
@@ -975,20 +975,20 @@ public class FederationResponseTest {
if (signSecondAssertion) {
assertion2.signAssertion(alias, password, crypto, false);
}
-
+
Document doc = STSUtil.toSOAPPart(SAMPLE_MULTIPLE_RSTR_COLL_MSG);
Element token1 = assertion1.toDOM(doc);
Element token2 = assertion2.toDOM(doc);
- List<Element> requestedTokenElements =
+ List<Element> requestedTokenElements =
XMLUtils.findElements(doc, "RequestedSecurityToken", FederationConstants.WS_TRUST_13_NS);
Assert.assertEquals(2, requestedTokenElements.size());
requestedTokenElements.get(0).appendChild(token1);
requestedTokenElements.get(1).appendChild(token2);
-
+
return doc.getDocumentElement();
}
-
+
/**
* Validate SAML 2 token twice which causes an exception
* due to replay attack
@@ -1005,17 +1005,17 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -1024,7 +1024,7 @@ public class FederationResponseTest {
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
-
+
wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -1035,8 +1035,8 @@ public class FederationResponseTest {
}
}
}
-
-
+
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* The configured subject of the trusted issuer doesn't match with
@@ -1058,19 +1058,19 @@ public class FederationResponseTest {
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
// Load and update the config to enforce an error
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT2");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -1095,30 +1095,30 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
// Load and update the config to enforce an error
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT3");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
.size());
}
-
+
/**
* Validate SAML 2 token which is expired
*/
@@ -1140,17 +1140,17 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
@@ -1164,7 +1164,7 @@ public class FederationResponseTest {
}
}
}
-
+
/**
* Validate SAML 2 token which is not yet valid (in 30 seconds)
* but within the maximum clock skew range (60 seconds)
@@ -1187,24 +1187,24 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
config.setMaximumClockSkew(BigInteger.valueOf(60));
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -1228,17 +1228,17 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("CUSTTOK");
Protocol protocol = config.getProtocol();
@@ -1246,10 +1246,10 @@ public class FederationResponseTest {
Assert.assertEquals("Two validators must be found", 2, validators.size());
Assert.assertEquals("First validator must be custom validator",
CustomValidator.class.getName(), validators.get(0).getClass().getName());
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -1271,23 +1271,23 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("NOCLOCKSKEW");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -1295,7 +1295,7 @@ public class FederationResponseTest {
.size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
}
-
+
/**
* Validate an encrypted SAML 2 token which includes the role attribute with 2 values
* Roles are encoded as a multi-value saml attribute
@@ -1316,20 +1316,20 @@ public class FederationResponseTest {
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = encryptAndSignToken(assertion);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
- FedizContext config =
+ FedizContext config =
getFederationConfigurator().getFedizContext("ROOT_DECRYPTION");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -1338,7 +1338,7 @@ public class FederationResponseTest {
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate a HolderOfKey SAML 2 token
*/
@@ -1354,7 +1354,7 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
Crypto clientCrypto = CryptoFactory.getInstance("client-crypto.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("myclientkey");
@@ -1364,7 +1364,7 @@ public class FederationResponseTest {
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
WSPasswordCallback[] cb = {
new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE)
};
@@ -1383,17 +1383,17 @@ public class FederationResponseTest {
FederationConstants.WS_TRUST_2005_02_NS);
}
e.appendChild(token);
-
+
String rstr = DOM2Writer.nodeToString(doc);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
- FedizContext config =
+ FedizContext config =
getFederationConfigurator().getFedizContext("ROOT_DECRYPTION");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -1401,22 +1401,22 @@ public class FederationResponseTest {
} catch (ProcessingException ex) {
// expected
}
-
+
// Now set client certs
- wfReq.setCerts(certs);
+ wfReq.setCerts(certs);
wfProc.processRequest(wfReq, config);
}
-
+
@org.junit.Test
public void validateSAML2TokenWithConfigCreatedWithAPI() throws Exception {
-
+
ContextConfig config = new ContextConfig();
-
+
config.setName("whatever");
// Configure certificate store
CertificateStores certStores = new CertificateStores();
- TrustManagersType tm0 = new TrustManagersType();
+ TrustManagersType tm0 = new TrustManagersType();
KeyStoreType ks0 = new KeyStoreType();
ks0.setType("JKS");
ks0.setPassword("storepass");
@@ -1424,7 +1424,7 @@ public class FederationResponseTest {
tm0.setKeyStore(ks0);
certStores.getTrustManager().add(tm0);
config.setCertificateStores(certStores);
-
+
// Configure trusted IDP
TrustedIssuers trustedIssuers = new TrustedIssuers();
TrustedIssuerType ti0 = new TrustedIssuerType();
@@ -1444,7 +1444,7 @@ public class FederationResponseTest {
protocol.setRoleURI("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
FedizContext fedContext = new FedizContext(config);
-
+
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
@@ -1459,27 +1459,27 @@ public class FederationResponseTest {
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_MSG);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, fedContext);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
.size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
-
+
fedContext.close();
}
-
+
@org.junit.Test
public void testModifiedSignature() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1492,11 +1492,11 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
WSPasswordCallback[] cb = {
new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE)
};
@@ -1506,7 +1506,7 @@ public class FederationResponseTest {
assertion.signAssertion("mystskey", password, crypto, false);
Document doc = STSUtil.toSOAPPart(STSUtil.SAMPLE_RSTR_COLL_MSG);
Element token = assertion.toDOM(doc);
-
+
// Change IssueInstant attribute
String issueInstance = token.getAttributeNS(null, "IssueInstant");
DateTime issueDateTime = new DateTime(issueInstance, DateTimeZone.UTC);
@@ -1520,15 +1520,15 @@ public class FederationResponseTest {
FederationConstants.WS_TRUST_2005_02_NS);
}
e.appendChild(token);
- String rstr = DOM2Writer.nodeToString(doc);
-
+ String rstr = DOM2Writer.nodeToString(doc);
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -1537,7 +1537,7 @@ public class FederationResponseTest {
// expected
}
}
-
+
@org.junit.Test
public void testTrustFailure() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1550,19 +1550,19 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("CLIENT_TRUST");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -1571,7 +1571,7 @@ public class FederationResponseTest {
// expected
}
}
-
+
@org.junit.Test
public void testUnableToFindTruststore() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -1584,19 +1584,19 @@ public class FederationResponseTest {
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("BAD_KEYSTORE");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, config);
@@ -1606,11 +1606,11 @@ public class FederationResponseTest {
// expected
}
}
-
+
private String encryptAndSignToken(
SamlAssertionWrapper assertion
) throws Exception {
-
+
WSPasswordCallback[] cb = {
new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE)
};
@@ -1618,7 +1618,7 @@ public class FederationResponseTest {
String password = cb[0].getPassword();
assertion.signAssertion("mystskey", password, crypto, false);
-
+
Document doc = STSUtil.toSOAPPart(STSUtil.SAMPLE_RSTR_COLL_MSG);
Element token = assertion.toDOM(doc);
@@ -1629,31 +1629,31 @@ public class FederationResponseTest {
FederationConstants.WS_TRUST_2005_02_NS);
}
e.appendChild(token);
-
+
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("mystskey");
-
+
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
builder.setSymmetricEncAlgorithm(WSConstants.AES_128);
builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP);
builder.setEmbedEncryptedKey(true);
-
+
WSEncryptionPart encryptionPart = new WSEncryptionPart(assertion.getId(), "Element");
encryptionPart.setElement(token);
-
+
Crypto encrCrypto = CryptoFactory.getInstance("signature.properties");
builder.prepare(token.getOwnerDocument(), encrCrypto);
builder.encryptForRef(null, Collections.singletonList(encryptionPart));
-
+
// return doc.getDocumentElement();
return DOM2Writer.nodeToString(doc);
}
-
+
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
return createSamlToken(assertion, alias, sign, STSUtil.SAMPLE_RSTR_COLL_MSG);
}
-
+
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
WSPasswordCallback[] cb = {
@@ -1677,16 +1677,16 @@ public class FederationResponseTest {
e.appendChild(token);
return DOM2Writer.nodeToString(doc);
}
-
+
private void assertClaims(List<Claim> claims, String roleClaimType) {
for (Claim c : claims) {
- Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
+ Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
c.getClaimType().equals(roleClaimType)
|| c.getClaimType().equals(ClaimTypes.COUNTRY)
|| c.getClaimType().equals(AbstractSAMLCallbackHandler.CLAIM_TYPE_LANGUAGE)
);
}
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/RequestedClaimsTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/RequestedClaimsTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/RequestedClaimsTest.java
index ef01936..45de6ad 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/RequestedClaimsTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/RequestedClaimsTest.java
@@ -105,7 +105,7 @@ public class RequestedClaimsTest {
private static Crypto crypto;
private static CallbackHandler cbPasswordHandler = new KeystoreCallbackHandler();
-
+
@BeforeClass
public static void init() {
try {
@@ -115,7 +115,7 @@ public class RequestedClaimsTest {
}
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
@@ -132,26 +132,26 @@ public class RequestedClaimsTest {
config.setMaximumClockSkew(new BigInteger(CLOCK_SKEW));
CertificateStores certStores = new CertificateStores();
-
- TrustManagersType tm0 = new TrustManagersType();
+
+ TrustManagersType tm0 = new TrustManagersType();
KeyStoreType ks0 = new KeyStoreType();
ks0.setType("JKS");
ks0.setPassword("storepass");
ks0.setResource("ststrust.jks");
tm0.setKeyStore(ks0);
-
+
certStores.getTrustManager().add(tm0);
-
+
config.setCertificateStores(certStores);
-
+
TrustedIssuers trustedIssuers = new TrustedIssuers();
-
+
TrustedIssuerType ti0 = new TrustedIssuerType();
ti0.setCertificateValidation(ValidationType.PEER_TRUST);
trustedIssuers.getIssuer().add(ti0);
-
+
config.setTrustedIssuers(trustedIssuers);
-
+
ProtocolType protocol = new FederationProtocolType();
CallbackType authType = new CallbackType();
@@ -172,9 +172,9 @@ public class RequestedClaimsTest {
reply.setValue(REPLY);
((FederationProtocolType)protocol).setReply(reply);
((FederationProtocolType)protocol).setVersion(PROTOCOL_VERSION);
-
+
config.setProtocol(protocol);
-
+
AudienceUris audienceUris = new AudienceUris();
audienceUris.getAudienceItem().add(AUDIENCE_URI_1);
config.setAudienceUris(audienceUris);
@@ -198,7 +198,7 @@ public class RequestedClaimsTest {
CallbackType realm = new CallbackType();
realm.setValue(TARGET_REALM);
protocol.setRealm(realm);
-
+
CallbackType issuer = new CallbackType();
issuer.setValue(ISSUER);
protocol.setIssuer(issuer);
@@ -219,46 +219,46 @@ public class RequestedClaimsTest {
callbackHandler.setRoleAttributeName("role");
callbackHandler.setCustomClaimName(CLAIM_TYPE_1);
callbackHandler.setCustomAttributeValues(Collections.singletonList("xyz"));
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(AUDIENCE_URI_1);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
FedizConfig config = createConfiguration();
StringWriter writer = new StringWriter();
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
jaxbContext.createMarshaller().marshal(config, writer);
StringReader reader = new StringReader(writer.toString());
-
+
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
FedizContext context = configurator.getFedizContext(CONFIG_NAME);
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, context);
-
+
Object claimValue = null;
for (Claim c : wfRes.getClaims()) {
if (CLAIM_TYPE_1.equals(c.getClaimType().toString())) {
claimValue = c.getValue();
}
}
-
+
Assert.assertEquals("xyz", claimValue);
}
-
+
@org.junit.Test
public void testRequiredClaimNotIncluded() throws Exception {
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
@@ -271,33 +271,33 @@ public class RequestedClaimsTest {
callbackHandler.setRoleAttributeName("role");
callbackHandler.setCustomClaimName(CLAIM_TYPE_2);
callbackHandler.setCustomAttributeValues(Collections.singletonList("xyz"));
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(AUDIENCE_URI_1);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
FedizConfig config = createConfiguration();
StringWriter writer = new StringWriter();
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
jaxbContext.createMarshaller().marshal(config, writer);
StringReader reader = new StringReader(writer.toString());
-
+
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
FedizContext context = configurator.getFedizContext(CONFIG_NAME);
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
try {
wfProc.processRequest(wfReq, context);
@@ -306,12 +306,12 @@ public class RequestedClaimsTest {
// expected
}
}
-
+
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
return createSamlToken(assertion, alias, sign, STSUtil.SAMPLE_RSTR_COLL_MSG);
}
-
+
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
WSPasswordCallback[] cb = {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SAMLTokenValidatorOldTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SAMLTokenValidatorOldTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SAMLTokenValidatorOldTest.java
index fb21c21..d8d1ae8 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SAMLTokenValidatorOldTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SAMLTokenValidatorOldTest.java
@@ -68,14 +68,14 @@ public class SAMLTokenValidatorOldTest {
static final String TEST_USER = "alice";
static final String TEST_RSTR_ISSUER = "FedizSTSIssuer";
static final String TEST_AUDIENCE = "https://localhost/fedizhelloworld";
-
+
private static final String CONFIG_FILE = "fediz_test_config.xml";
-
+
private static Crypto crypto;
private static CallbackHandler cbPasswordHandler;
private static FedizConfigurator configurator;
-
-
+
+
@BeforeClass
public static void init() {
try {
@@ -88,12 +88,12 @@ public class SAMLTokenValidatorOldTest {
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -111,7 +111,7 @@ public class SAMLTokenValidatorOldTest {
return null;
}
}
-
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* Roles are encoded as a multi-value saml attribute
@@ -126,29 +126,29 @@ public class SAMLTokenValidatorOldTest {
callbackHandler.setAttributeNameFormat(ClaimTypes.URI_BASE.toString());
callbackHandler.setCountryClaimName("country");
callbackHandler.setRoleAttributeName("role");
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -156,9 +156,9 @@ public class SAMLTokenValidatorOldTest {
.size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
-
+
}
-
+
/**
* Validate SAML 2 token where role information is provided
* within another SAML attribute
@@ -173,36 +173,36 @@ public class SAMLTokenValidatorOldTest {
callbackHandler.setAttributeNameFormat(ClaimTypes.URI_BASE.toString());
callbackHandler.setCountryClaimName("country");
callbackHandler.setRoleAttributeName("http://schemas.mycompany.com/claims/role");
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(cp);
-
+
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles().size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 2 token where role information is provided
* within another SAML attribute
@@ -226,26 +226,26 @@ public class SAMLTokenValidatorOldTest {
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("CUSTOMROLEURI");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles().size());
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
+
/**
* Validate SAML 1.1 token which includes the role attribute with 2 values
* Roles are encoded as a multi-value saml attribute
@@ -260,7 +260,7 @@ public class SAMLTokenValidatorOldTest {
callbackHandler.setUseNameFormatAsNamespace(true);
callbackHandler.setAttributeNameFormat(ClaimTypes.URI_BASE.toString());
callbackHandler.setRoleAttributeName("role");
-
+
ConditionsBean cp = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
@@ -270,19 +270,19 @@ public class SAMLTokenValidatorOldTest {
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
-
+
String rstr = createSamlToken(assertion, "mystskey", true);
-
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(FederationConstants.ACTION_SIGNIN);
wfReq.setResponseToken(rstr);
-
+
configurator = null;
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
FedizProcessor wfProc = new FederationProcessorImpl();
FedizResponse wfRes = wfProc.processRequest(wfReq, config);
-
+
Assert.assertEquals("Principal name wrong", TEST_USER,
wfRes.getUsername());
Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
@@ -291,13 +291,13 @@ public class SAMLTokenValidatorOldTest {
Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
assertClaims(wfRes.getClaims(), callbackHandler.getRoleAttributeName());
}
-
-
+
+
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
return createSamlToken(assertion, alias, sign, STSUtil.SAMPLE_RSTR_COLL_MSG);
}
-
+
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
WSPasswordCallback[] cb = {
@@ -321,16 +321,16 @@ public class SAMLTokenValidatorOldTest {
e.appendChild(token);
return DOM2Writer.nodeToString(doc);
}
-
-
-
+
+
+
/**
* Returns the first element that matches <code>name</code> and
* <code>namespace</code>. <p/> This is a replacement for a XPath lookup
* <code>//name</code> with the given namespace. It's somewhat faster than
* XPath, and we do not deal with prefixes, just with the real namespace URI
- *
+ *
* @param startNode Where to start the search
* @param name Local name of the element
* @param namespace Namespace URI of the element
@@ -382,10 +382,10 @@ public class SAMLTokenValidatorOldTest {
}
return null;
}
-
+
private void assertClaims(List<Claim> claims, String roleClaimType) {
for (Claim c : claims) {
- Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
+ Assert.assertTrue("Invalid ClaimType URI: " + c.getClaimType(),
c.getClaimType().equals(roleClaimType)
|| c.getClaimType().equals(ClaimTypes.COUNTRY)
|| c.getClaimType().equals(AbstractSAMLCallbackHandler.CLAIM_TYPE_LANGUAGE)
@@ -394,6 +394,6 @@ public class SAMLTokenValidatorOldTest {
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
index 26aa0ca..b4ced24 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
@@ -36,7 +36,7 @@ import org.apache.cxf.fediz.core.handler.SigninHandler;
import org.apache.cxf.fediz.core.processor.FedizResponse;
public class TestSigninHandler extends SigninHandler<FedizPrincipal> {
-
+
public TestSigninHandler(FedizContext fedizContext) {
super(fedizContext);
}
@@ -56,14 +56,14 @@ public class TestSigninHandler extends SigninHandler<FedizPrincipal> {
return principal;
}
-
+
private static class FederationPrincipalImpl implements FedizPrincipal {
protected ClaimCollection claims;
protected Element loginToken;
private String username;
private List<String> roles = new ArrayList<>();
-
+
FederationPrincipalImpl(String username, List<String> roles,
List<Claim> claims, Element loginToken) {
this.claims = new ClaimCollection(claims);
@@ -73,11 +73,11 @@ public class TestSigninHandler extends SigninHandler<FedizPrincipal> {
this.roles = roles;
}
}
-
+
public ClaimCollection getClaims() {
return this.claims;
}
-
+
@Override
public Element getLoginToken() {
return loginToken;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/CustomValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/CustomValidator.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/CustomValidator.java
index 2c7f8aa..7f083dc 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/CustomValidator.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/CustomValidator.java
@@ -40,7 +40,7 @@ public class CustomValidator implements TokenValidator {
@Override
public TokenValidatorResponse validateAndProcessToken(
- TokenValidatorRequest request,
+ TokenValidatorRequest request,
FedizContext config
) {
return new TokenValidatorResponse(null,
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java
index 068bd29..e280f63 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java
@@ -36,24 +36,24 @@ import org.opensaml.saml.saml2.core.StatusMessage;
* A (basic) set of utility methods to construct SAML 2.0 Protocol Response statements
*/
public final class SAML2PResponseComponentBuilder {
-
+
private static SAMLObjectBuilder<Response> responseBuilder;
-
+
private static SAMLObjectBuilder<Issuer> issuerBuilder;
-
+
private static SAMLObjectBuilder<Status> statusBuilder;
-
+
private static SAMLObjectBuilder<StatusCode> statusCodeBuilder;
-
+
private static SAMLObjectBuilder<StatusMessage> statusMessageBuilder;
-
- private static XMLObjectBuilderFactory builderFactory =
+
+ private static XMLObjectBuilderFactory builderFactory =
XMLObjectProviderRegistrySupport.getBuilderFactory();
-
+
private SAML2PResponseComponentBuilder() {
-
+
}
-
+
public static Response createSAMLResponse(
String inResponseTo,
String issuer,
@@ -61,7 +61,7 @@ public final class SAML2PResponseComponentBuilder {
) {
return createSAMLResponse(inResponseTo, createIssuer(issuer), status);
}
-
+
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
String inResponseTo,
@@ -73,17 +73,17 @@ public final class SAML2PResponseComponentBuilder {
builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
-
+
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(issuer);
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
-
+
return response;
}
-
+
@SuppressWarnings("unchecked")
public static Issuer createIssuer(
String issuerValue
@@ -94,10 +94,10 @@ public final class SAML2PResponseComponentBuilder {
}
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerValue);
-
+
return issuer;
}
-
+
@SuppressWarnings("unchecked")
public static Issuer createIssuer(
String issuerValue,
@@ -110,10 +110,10 @@ public final class SAML2PResponseComponentBuilder {
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerValue);
issuer.setFormat(issuerFormat);
-
+
return issuer;
}
-
+
@SuppressWarnings("unchecked")
public static Status createStatus(
String statusCodeValue,
@@ -131,21 +131,21 @@ public final class SAML2PResponseComponentBuilder {
statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
}
-
+
Status status = statusBuilder.buildObject();
-
+
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
-
+
if (statusMessage != null) {
StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
statusMessageObject.setMessage(statusMessage);
status.setStatusMessage(statusMessageObject);
}
-
+
return status;
}
-
-
+
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java
index 00eac28..1c16e9e 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java
@@ -50,15 +50,15 @@ import static org.junit.Assert.fail;
*/
public class SAMLMetaDataTest {
private static final String CONFIG_FILE = "fediz_meta_test_config_saml.xml";
- private static final String TEST_REQUEST_URL =
+ private static final String TEST_REQUEST_URL =
"https://localhost/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml";
private static final String CONTEXT_PATH = "/fedizhelloworld";
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private FedizContext loadConfig(String context) {
try {
FedizConfigurator configurator = new FedizConfigurator();
@@ -72,7 +72,7 @@ public class SAMLMetaDataTest {
return null;
}
}
-
+
@org.junit.Test
public void validateMetaDataWithAlias() throws ProcessingException, XMLSignatureException, XMLSecurityException {
@@ -83,21 +83,21 @@ public class SAMLMetaDataTest {
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(2);
EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH).times(2);
EasyMock.replay(req);
-
+
Document doc = wfProc.getMetaData(req, config);
Assert.assertNotNull(doc);
-
+
Node signatureNode = doc.getElementsByTagName("Signature").item(0);
Assert.assertNotNull(signatureNode);
-
+
doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
try {
DOMUtils.writeXml(doc, System.out);
} catch (TransformerException e) {
- fail("Exception not expected: " + e.getMessage());
+ fail("Exception not expected: " + e.getMessage());
}
-
+
// Validate the signature
XMLSignature signature = new XMLSignature((Element)signatureNode, "");
KeyInfo ki = signature.getKeyInfo();
@@ -105,7 +105,7 @@ public class SAMLMetaDataTest {
Assert.assertNotNull(ki.getX509Certificate());
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
-
+
}
@org.junit.Test
@@ -116,12 +116,12 @@ public class SAMLMetaDataTest {
FedizProcessor wfProc = new FederationProcessorImpl();
Document doc;
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(2);
EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH).times(2);
EasyMock.replay(req);
-
+
doc = wfProc.getMetaData(req, config);
Assert.assertNull(doc);
fail("Failure expected as signing store contains more than one certificate");
@@ -129,7 +129,7 @@ public class SAMLMetaDataTest {
//Expected as signing store contains more than one certificate
}
}
-
+
@org.junit.Test
public void validateMetaDataNoSigningKey() throws ProcessingException {
@@ -140,14 +140,14 @@ public class SAMLMetaDataTest {
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(2);
EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH).times(2);
EasyMock.replay(req);
-
+
Document doc = wfProc.getMetaData(req, config);
Assert.assertNotNull(doc);
-
+
try {
DOMUtils.writeXml(doc, System.out);
} catch (TransformerException e) {
- fail("Exception not expected: " + e.getMessage());
+ fail("Exception not expected: " + e.getMessage());
}
}
}
\ No newline at end of file