You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/05/16 16:42:23 UTC
[cxf-fediz] 01/02: Fix to get correct context variable in the
Tomcat8 handler for SAML SSO
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit ec2892287987798e4f54639fc7d414a17534897f
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed May 16 16:04:57 2018 +0100
Fix to get correct context variable in the Tomcat8 handler for SAML SSO
---
.../cxf/fediz/core/handler/SigninHandler.java | 39 ++++++++++++++++------
.../cxf/fediz/tomcat8/FederationAuthenticator.java | 9 +++--
2 files changed, 32 insertions(+), 16 deletions(-)
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index 125e9fc..1bf80f9 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -58,7 +58,7 @@ public class SigninHandler<T> implements RequestHandler<T> {
&& FederationConstants.ACTION_SIGNIN.equals(request.getParameter(FederationConstants.PARAM_ACTION))) {
return true;
} else if (fedizContext.getProtocol() instanceof SAMLProtocol
- && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
+ && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
return true;
}
return false;
@@ -103,22 +103,23 @@ public class SigninHandler<T> implements RequestHandler<T> {
FedizRequest federationRequest = new FedizRequest();
String wa = req.getParameter(FederationConstants.PARAM_ACTION);
-
- String relayState = req.getParameter("RelayState");
federationRequest.setAction(wa);
federationRequest.setResponseToken(responseToken);
- federationRequest.setState(relayState);
+
+ if (fedizContext.getProtocol() instanceof SAMLProtocol) {
+ String relayState = req.getParameter("RelayState");
+ federationRequest.setState(relayState);
+ if (relayState != null) {
+ HttpSession session = req.getSession();
+ federationRequest.setRequestState((RequestState)
+ session.getAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState));
+ session.removeAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState);
+ }
+ }
federationRequest.setRequest(req);
federationRequest.setCerts((X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate"));
- if (relayState != null) {
- HttpSession session = req.getSession();
- federationRequest.setRequestState((RequestState)
- session.getAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState));
- session.removeAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState);
- }
-
FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedizContext.getProtocol());
return processor.processRequest(federationRequest, fedizContext);
}
@@ -166,6 +167,22 @@ public class SigninHandler<T> implements RequestHandler<T> {
return token;
}
+ public String getContextParameter(HttpServletRequest request) {
+ String context = null;
+ if (fedizContext.getProtocol() instanceof FederationProtocol) {
+ context = request.getParameter(FederationConstants.PARAM_CONTEXT);
+ if (context == null) {
+ throw new RuntimeException("Missing required parameter 'wctx'");
+ }
+ } else if (fedizContext.getProtocol() instanceof SAMLProtocol) {
+ context = request.getParameter("RelayState");
+ if (context == null) {
+ throw new RuntimeException("Missing required parameter 'RelayState'");
+ }
+ }
+ return context;
+ }
+
public FedizContext getFedizContext() {
return fedizContext;
}
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
index ff92c69..656f3f9 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
@@ -203,7 +203,7 @@ public class FederationAuthenticator extends FormAuthenticator {
FedizPrincipal principal = signinHandler.handleRequest(request, response);
if (principal != null) {
LOG.debug("Authentication of '{}' was successful", principal);
- resumeRequest(request, response);
+ resumeRequest(signinHandler.getContextParameter(request), request, response);
} else {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
@@ -231,12 +231,11 @@ public class FederationAuthenticator extends FormAuthenticator {
return authenticate(request, response);
}
- protected void resumeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
- String contextId = request.getParameter(FederationConstants.PARAM_CONTEXT);
+ protected void resumeRequest(String contextId, HttpServletRequest request,
+ HttpServletResponse response) throws IOException {
if (contextId == null) {
- LOG.warn("The 'wctx' parameter has not been provided back with signin request.");
+ LOG.warn("The context parameter has not been provided back with signin request.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
} else {
Session session = ((Request)request).getSessionInternal();
String originalURL = (String)session.getNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId);
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.