You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/05/29 18:15:29 UTC
svn commit: r1343810 - in
/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso:
SamlRedirectBindingFilter.java state/RequestState.java
state/ResponseState.java
Author: coheigea
Date: Tue May 29 16:15:28 2012
New Revision: 1343810
URL: http://svn.apache.org/viewvc?rev=1343810&view=rev
Log:
Fixed signature creation for the redirect binding of Web SSO
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java?rev=1343810&r1=1343809&r2=1343810&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java Tue May 29 16:15:28 2012
@@ -59,7 +59,7 @@ public class SamlRedirectBindingFilter e
ub.queryParam(SSOConstants.SAML_REQUEST, urlEncodedRequest);
ub.queryParam(SSOConstants.RELAY_STATE, info.getRelayState());
if (isSignRequest()) {
- signRequest(ub);
+ signRequest(urlEncodedRequest, info.getRelayState(), ub);
}
String contextCookie = createCookie(SSOConstants.RELAY_STATE,
@@ -95,7 +95,11 @@ public class SamlRedirectBindingFilter e
/**
* Sign a request according to the redirect binding spec for Web SSO
*/
- private void signRequest(UriBuilder ub) throws Exception {
+ private void signRequest(
+ String authnRequest,
+ String relayState,
+ UriBuilder ub
+ ) throws Exception {
Crypto crypto = getSignatureCrypto();
if (crypto == null) {
LOG.fine("No crypto instance of properties file configured for signature");
@@ -148,7 +152,13 @@ public class SamlRedirectBindingFilter e
// Sign the request
Signature signature = Signature.getInstance(jceSigAlgo);
signature.initSign(privateKey);
- signature.update(ub.toString().getBytes("UTF-8"));
+
+ String requestToSign =
+ SSOConstants.SAML_REQUEST + "=" + authnRequest + "&"
+ + SSOConstants.RELAY_STATE + "=" + relayState + "&"
+ + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(sigAlgo, "UTF-8");
+
+ signature.update(requestToSign.getBytes("UTF-8"));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.encode(signBytes);
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java?rev=1343810&r1=1343809&r2=1343810&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/RequestState.java Tue May 29 16:15:28 2012
@@ -18,8 +18,15 @@
*/
package org.apache.cxf.rs.security.saml.sso.state;
-public class RequestState {
+import java.io.Serializable;
+public class RequestState implements Serializable {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 869323136115571943L;
+
private String targetAddress;
private String idpServiceAddress;
private String samlRequestId;
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java?rev=1343810&r1=1343809&r2=1343810&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/ResponseState.java Tue May 29 16:15:28 2012
@@ -18,9 +18,16 @@
*/
package org.apache.cxf.rs.security.saml.sso.state;
+import java.io.Serializable;
-public class ResponseState {
+public class ResponseState implements Serializable {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3247188797004342462L;
+
private String assertion;
private String relayState;
private String webAppContext;