You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/20 17:31:12 UTC
[1/2] cxf-fediz git commit: NPE fix
Repository: cxf-fediz
Updated Branches:
refs/heads/master 0dabf1562 -> 5667ed43a
NPE fix
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d48929d9
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d48929d9
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d48929d9
Branch: refs/heads/master
Commit: d48929d903db8ddf71137aeb2b551c8e686b52ef
Parents: 0dabf15
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 20 17:11:12 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 20 17:11:12 2017 +0000
----------------------------------------------------------------------
.../logout/LogoutRedirectConstraintHandler.java | 23 +++++++++++++-------
1 file changed, 15 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d48929d9/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutRedirectConstraintHandler.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutRedirectConstraintHandler.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutRedirectConstraintHandler.java
index b1100d7..8335a5c 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutRedirectConstraintHandler.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutRedirectConstraintHandler.java
@@ -48,19 +48,26 @@ public class LogoutRedirectConstraintHandler implements CallbackHandler {
if (request != null && request.getParameter(OAuthConstants.CLIENT_ID) != null) {
String clientId = request.getParameter(OAuthConstants.CLIENT_ID);
- ApplicationContext ctx = ApplicationContextProvider.getApplicationContext();
- OAuthDataProvider dataManager = (OAuthDataProvider)ctx.getBean("oauthProvider");
-
- Client client = dataManager.getClient(clientId);
- String logoutUri = client.getProperties().get(CLIENT_LOGOUT_URI);
- if (logoutUri != null) {
- replyConstraintCallback.setReplyConstraint(Pattern.compile(logoutUri));
- }
+ replyConstraintCallback.setReplyConstraint(getLogoutRedirectConstraint(clientId));
}
}
}
}
}
+ private Pattern getLogoutRedirectConstraint(String clientId) {
+ ApplicationContext ctx = ApplicationContextProvider.getApplicationContext();
+ OAuthDataProvider dataManager = (OAuthDataProvider)ctx.getBean("oauthProvider");
+
+ Client client = dataManager.getClient(clientId);
+ if (client != null) {
+ String logoutUri = client.getProperties().get(CLIENT_LOGOUT_URI);
+ if (logoutUri != null) {
+ return Pattern.compile(logoutUri);
+ }
+ }
+
+ return null;
+ }
}
[2/2] cxf-fediz git commit: Add support for a config option to
automatically redirect to the RP after logout
Posted by co...@apache.org.
Add support for a config option to automatically redirect to the RP after logout
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/5667ed43
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/5667ed43
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/5667ed43
Branch: refs/heads/master
Commit: 5667ed43af372034782fe1f69ac03bb58db3a539
Parents: d48929d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 20 17:11:27 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 20 17:11:27 2017 +0000
----------------------------------------------------------------------
.../org/apache/cxf/fediz/service/idp/domain/Idp.java | 13 ++++++++++++-
.../fediz/service/idp/service/jpa/IdpDAOJPAImpl.java | 2 ++
.../cxf/fediz/service/idp/service/jpa/IdpEntity.java | 10 ++++++++++
services/idp/src/main/resources/entities-realma.xml | 1 +
.../WEB-INF/flows/federation-validate-request.xml | 12 +++++++++---
5 files changed, 34 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
index 0674b5a..2fc7a64 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
@@ -35,7 +35,8 @@ import javax.xml.bind.annotation.XmlType;
@XmlType(propOrder = {"realm", "uri", "serviceDisplayName", "serviceDescription", "idpUrl", "stsUrl",
"certificate", "certificatePassword", "provideIdpList", "useCurrentIdp", "hrds",
"rpSingleSignOutConfirmation", "supportedProtocols", "tokenTypesOffered", "claimTypesOffered",
- "authenticationURIs", "applications", "trustedIdps", "id", "rpSingleSignOutCleanupConfirmation" })
+ "authenticationURIs", "applications", "trustedIdps", "id", "rpSingleSignOutCleanupConfirmation",
+ "automaticRedirectToRpAfterLogout"})
public class Idp implements Serializable {
private static final long serialVersionUID = -5570301342547139039L;
@@ -117,6 +118,8 @@ public class Idp implements Serializable {
// Is explicit confirmation required when the "cleanup" URL is called
private boolean rpSingleSignOutCleanupConfirmation;
+
+ private boolean automaticRedirectToRpAfterLogout;
@XmlAttribute
public int getId() {
@@ -301,4 +304,12 @@ public class Idp implements Serializable {
this.rpSingleSignOutCleanupConfirmation = rpSingleSignOutCleanupConfirmation;
}
+ public boolean isAutomaticRedirectToRpAfterLogout() {
+ return automaticRedirectToRpAfterLogout;
+ }
+
+ public void setAutomaticRedirectToRpAfterLogout(boolean automaticRedirectToRpAfterLogout) {
+ this.automaticRedirectToRpAfterLogout = automaticRedirectToRpAfterLogout;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
index f085333..f2a23bd 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
@@ -294,6 +294,7 @@ public class IdpDAOJPAImpl implements IdpDAO {
entity.setUseCurrentIdp(idp.isUseCurrentIdp());
entity.setRpSingleSignOutConfirmation(idp.isRpSingleSignOutConfirmation());
entity.setRpSingleSignOutCleanupConfirmation(idp.isRpSingleSignOutCleanupConfirmation());
+ entity.setAutomaticRedirectToRpAfterLogout(idp.isAutomaticRedirectToRpAfterLogout());
entity.getAuthenticationURIs().clear();
for (Map.Entry<String, String> item : idp.getAuthenticationURIs().entrySet()) {
@@ -328,6 +329,7 @@ public class IdpDAOJPAImpl implements IdpDAO {
idp.setUseCurrentIdp(entity.isUseCurrentIdp());
idp.setRpSingleSignOutConfirmation(entity.isRpSingleSignOutConfirmation());
idp.setRpSingleSignOutCleanupConfirmation(entity.isRpSingleSignOutCleanupConfirmation());
+ idp.setAutomaticRedirectToRpAfterLogout(entity.isAutomaticRedirectToRpAfterLogout());
if (expandList != null && (expandList.contains("all") || expandList.contains("applications"))) {
for (ApplicationEntity item : entity.getApplications()) {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
index 1430fbc..af1ee49 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
@@ -136,6 +136,8 @@ public class IdpEntity {
private String serviceDescription;
private boolean rpSingleSignOutCleanupConfirmation;
+
+ private boolean automaticRedirectToRpAfterLogout;
public int getId() {
@@ -298,4 +300,12 @@ public class IdpEntity {
this.rpSingleSignOutCleanupConfirmation = rpSingleSignOutCleanupConfirmation;
}
+ public boolean isAutomaticRedirectToRpAfterLogout() {
+ return automaticRedirectToRpAfterLogout;
+ }
+
+ public void setAutomaticRedirectToRpAfterLogout(boolean automaticRedirectToRpAfterLogout) {
+ this.automaticRedirectToRpAfterLogout = automaticRedirectToRpAfterLogout;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp/src/main/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/entities-realma.xml b/services/idp/src/main/resources/entities-realma.xml
index 61cfa0d..c1e4058 100644
--- a/services/idp/src/main/resources/entities-realma.xml
+++ b/services/idp/src/main/resources/entities-realma.xml
@@ -36,6 +36,7 @@
<property name="stsUrl" value="https://localhost:9443/fediz-idp-sts/REALMA" />
<property name="idpUrl" value="https://localhost:9443/fediz-idp/federation" />
<property name="rpSingleSignOutConfirmation" value="true"/>
+ <property name="automaticRedirectToRpAfterLogout" value="false"/>
<property name="supportedProtocols">
<util:list>
<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index ea9ce68..6d90263 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -232,9 +232,9 @@
</view-state>
<view-state id="redirect" view="externalRedirect:#{flowScope.wreply}" />
-
+
<!-- normal exit point for logout -->
- <end-state id="invalidateSessionAction" view="signoutresponse">
+ <decision-state id="invalidateSessionAction">
<on-entry>
<!-- store the realmConfigMap in the request map before we invalidate the session below.
Its needed in the signoutresponse.jsp page -->
@@ -247,7 +247,13 @@
<evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
<evaluate expression="logoutAction.submit(flowRequestContext)" />
</on-entry>
- </end-state>
+ <if test="flowScope.idpConfig.isAutomaticRedirectToRpAfterLogout()"
+ then="redirectToRPLogoutPage" else="showLogoutResponsePage" />
+ </decision-state>
+
+ <end-state id="showLogoutResponsePage" view="signoutresponse" />
+
+ <end-state id="redirectToRPLogoutPage" view="externalRedirect:#{flowScope.wreply}" />
<!-- redirect to remote idp -->
<end-state id="redirectToTrustedIDP" view="externalRedirect:#{flowScope.remoteIdpUrl}">