You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/11/29 17:19:25 UTC
[2/2] cxf-fediz git commit: Renaming common signin-response flow
Renaming common signin-response flow
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/21fd134c
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/21fd134c
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/21fd134c
Branch: refs/heads/master
Commit: 21fd134c4f35bdd710adf035d310c4c78e1442c0
Parents: a19f43d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Nov 29 17:18:09 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Nov 29 17:18:09 2016 +0000
----------------------------------------------------------------------
.../webapp/WEB-INF/config/idp-core-servlet.xml | 3 +-
.../flows/federation-signin-response.xml | 81 --------------------
.../webapp/WEB-INF/flows/signin-response.xml | 81 ++++++++++++++++++++
3 files changed, 83 insertions(+), 82 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/21fd134c/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml b/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
index 4debb30..1bba46e 100644
--- a/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
+++ b/services/idp/src/main/webapp/WEB-INF/config/idp-core-servlet.xml
@@ -65,13 +65,14 @@
<webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/krb" />
<webflow:flow-location path="/WEB-INF/flows/federation-validate-request.xml" id="federation/clientcert" />
<webflow:flow-location path="/WEB-INF/flows/federation-signin-request.xml" id="signinRequest" />
- <webflow:flow-location path="/WEB-INF/flows/federation-signin-response.xml" id="signinResponse" />
<webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml" />
<webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/up" />
<webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/krb" />
<webflow:flow-location path="/WEB-INF/flows/saml-validate-request.xml" id="saml/clientcert" />
<webflow:flow-location path="/WEB-INF/flows/saml-signin-request.xml" id="signinSAMLRequest" />
+
+ <webflow:flow-location path="/WEB-INF/flows/signin-response.xml" id="signinResponse" />
</webflow:flow-registry>
<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" p:flowRegistry-ref="flowRegistry"
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/21fd134c/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
deleted file mode 100644
index 1a2aa2e..0000000
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-response.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<!--
-Process a response from a trusted third party IdP. It starts by restoring the original request parameters for the current context.
-It then converts the response from the third party IdP into a SecurityToken via the TrustedIdPProtocolAction. It then exits this
-subflow to get a RP token from the STS.
- -->
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/webflow
- http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
-
- <input name="idpConfig" />
- <input name="request_context" />
- <input name="wresult" />
- <input name="RelayState" />
- <input name="SAMLResponse" />
- <input name="state" />
- <input name="code" />
- <input name="home_realm" />
-
- <on-start>
- <!-- restore the original request parameters for the current context -->
- <evaluate expression="signinParametersCacheAction.restore(flowRequestContext, request_context)" />
- </on-start>
-
- <!-- validate token issued by requestor IDP given its home realm -->
- <action-state id="validateToken">
- <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext, home_realm)"
- result="flowScope.idpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken" />
- <transition to="checkCacheTrustedIdpToken" />
- <transition
- on-exception="org.apache.cxf.fediz.core.exception.ProcessingException"
- to="viewBadRequest" />
- <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
- </action-state>
-
- <action-state id="checkCacheTrustedIdpToken">
- <evaluate expression="idpConfig.findTrustedIdp(flowScope.home_realm).cacheTokens" />
- <transition on="yes" to="requestRpToken">
- <set name="externalContext.sessionMap[flowScope.home_realm]"
- value="flowScope.idpToken" />
- </transition>
- <transition on="no" to="requestRpToken" />
- </action-state>
-
- <end-state id="requestRpToken">
- <output name="home_realm" value="flowScope.home_realm" />
- <output name="wctx" value="flowScope.wctx" />
- <output name="wreply" value="flowScope.wreply" />
- <output name="wtrealm" value="flowScope.wtrealm" />
- <output name="idpToken" value="flowScope.idpToken" />
- <output name="saml_authn_request" value="flowScope.saml_authn_request" />
- <output name="RelayState" value="flowScope.RelayState" />
- </end-state>
-
- <!-- abnormal exit point : Http 400 Bad Request -->
- <end-state id="viewBadRequest" />
-
- <!-- abnormal exit point : Http 500 Internal Server Error -->
- <end-state id="scInternalServerError" />
-
-</flow>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/21fd134c/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
new file mode 100644
index 0000000..1a2aa2e
--- /dev/null
+++ b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!--
+Process a response from a trusted third party IdP. It starts by restoring the original request parameters for the current context.
+It then converts the response from the third party IdP into a SecurityToken via the TrustedIdPProtocolAction. It then exits this
+subflow to get a RP token from the STS.
+ -->
+<flow xmlns="http://www.springframework.org/schema/webflow"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/webflow
+ http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
+
+ <input name="idpConfig" />
+ <input name="request_context" />
+ <input name="wresult" />
+ <input name="RelayState" />
+ <input name="SAMLResponse" />
+ <input name="state" />
+ <input name="code" />
+ <input name="home_realm" />
+
+ <on-start>
+ <!-- restore the original request parameters for the current context -->
+ <evaluate expression="signinParametersCacheAction.restore(flowRequestContext, request_context)" />
+ </on-start>
+
+ <!-- validate token issued by requestor IDP given its home realm -->
+ <action-state id="validateToken">
+ <evaluate expression="trustedIdpProtocolAction.mapSignInResponse(flowRequestContext, home_realm)"
+ result="flowScope.idpToken" result-type="org.apache.cxf.ws.security.tokenstore.SecurityToken" />
+ <transition to="checkCacheTrustedIdpToken" />
+ <transition
+ on-exception="org.apache.cxf.fediz.core.exception.ProcessingException"
+ to="viewBadRequest" />
+ <transition on-exception="java.lang.Throwable" to="scInternalServerError" />
+ </action-state>
+
+ <action-state id="checkCacheTrustedIdpToken">
+ <evaluate expression="idpConfig.findTrustedIdp(flowScope.home_realm).cacheTokens" />
+ <transition on="yes" to="requestRpToken">
+ <set name="externalContext.sessionMap[flowScope.home_realm]"
+ value="flowScope.idpToken" />
+ </transition>
+ <transition on="no" to="requestRpToken" />
+ </action-state>
+
+ <end-state id="requestRpToken">
+ <output name="home_realm" value="flowScope.home_realm" />
+ <output name="wctx" value="flowScope.wctx" />
+ <output name="wreply" value="flowScope.wreply" />
+ <output name="wtrealm" value="flowScope.wtrealm" />
+ <output name="idpToken" value="flowScope.idpToken" />
+ <output name="saml_authn_request" value="flowScope.saml_authn_request" />
+ <output name="RelayState" value="flowScope.RelayState" />
+ </end-state>
+
+ <!-- abnormal exit point : Http 400 Bad Request -->
+ <end-state id="viewBadRequest" />
+
+ <!-- abnormal exit point : Http 500 Internal Server Error -->
+ <end-state id="scInternalServerError" />
+
+</flow>