You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/01 17:00:35 UTC
[2/3] cxf-fediz git commit: More refactoring of the caching code
More refactoring of the caching code
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/4538aca7
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/4538aca7
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/4538aca7
Branch: refs/heads/master
Commit: 4538aca7cd22a4ab56587c113e6c96f91d2a4502
Parents: 5a0c0b7
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 1 16:41:03 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 1 16:41:03 2016 +0000
----------------------------------------------------------------------
.../idp/beans/SigninParametersCacheAction.java | 115 ++++++++++---------
.../WEB-INF/flows/federation-signin-request.xml | 3 +-
.../flows/federation-validate-request.xml | 2 +
.../WEB-INF/flows/saml-signin-request.xml | 3 +-
.../WEB-INF/flows/saml-validate-request.xml | 2 +
.../webapp/WEB-INF/flows/signin-response.xml | 3 +-
6 files changed, 73 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
index e3e055e..18216e7 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/SigninParametersCacheAction.java
@@ -44,35 +44,40 @@ public class SigninParametersCacheAction {
private static final Logger LOG = LoggerFactory.getLogger(SigninParametersCacheAction.class);
- public void store(RequestContext context) {
+ public void store(RequestContext context, String protocol) {
Map<String, Object> signinParams = new HashMap<>();
String uuidKey = UUID.randomUUID().toString();
- Object value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REPLY);
- if (value != null) {
- signinParams.put(FederationConstants.PARAM_REPLY, value);
- }
- value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_TREALM);
- if (value != null) {
- signinParams.put(FederationConstants.PARAM_TREALM, value);
- }
- value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
+ Object value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
if (value != null) {
signinParams.put(IdpConstants.HOME_REALM, value);
}
- value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
- if (value != null) {
- signinParams.put(FederationConstants.PARAM_CONTEXT, value);
- }
- // TODO
- value = WebUtils.getAttributeFromFlowScope(context, "RelayState");
- if (value != null) {
- signinParams.put("RelayState", value);
- }
- value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
- if (value != null) {
- signinParams.put(IdpConstants.SAML_AUTHN_REQUEST, value);
+
+ if ("wsfed".equals(protocol)) {
+ value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_REPLY);
+ if (value != null) {
+ signinParams.put(FederationConstants.PARAM_REPLY, value);
+ }
+ value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_TREALM);
+ if (value != null) {
+ signinParams.put(FederationConstants.PARAM_TREALM, value);
+ }
+ value = WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
+ if (value != null) {
+ signinParams.put(FederationConstants.PARAM_CONTEXT, value);
+ }
+ } else if ("samlsso".equals(protocol)) {
+ // TODO
+ value = WebUtils.getAttributeFromFlowScope(context, "RelayState");
+ if (value != null) {
+ signinParams.put("RelayState", value);
+ }
+ value = WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
+ if (value != null) {
+ signinParams.put(IdpConstants.SAML_AUTHN_REQUEST, value);
+ }
}
+
WebUtils.putAttributeInExternalContext(context, uuidKey, signinParams);
LOG.debug("SignIn parameters cached: {}", signinParams.toString());
@@ -80,7 +85,7 @@ public class SigninParametersCacheAction {
LOG.info("SignIn parameters cached and context set to [" + uuidKey + "].");
}
- public void restore(RequestContext context, String contextKey) {
+ public void restore(RequestContext context, String contextKey, String protocol) {
if (contextKey != null) {
@SuppressWarnings("unchecked")
@@ -88,44 +93,50 @@ public class SigninParametersCacheAction {
(Map<String, Object>)WebUtils.getAttributeFromExternalContext(context, contextKey);
if (signinParams != null) {
- String value = (String)signinParams.get(FederationConstants.PARAM_REPLY);
- if (value != null) {
- WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_REPLY, value);
- }
- value = (String)signinParams.get(FederationConstants.PARAM_TREALM);
- if (value != null) {
- WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_TREALM, value);
- }
- value = (String)signinParams.get(IdpConstants.HOME_REALM);
- if (value != null) {
- WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
- }
-
- SAMLAuthnRequest authnRequest =
- (SAMLAuthnRequest)signinParams.get(IdpConstants.SAML_AUTHN_REQUEST);
- if (authnRequest != null) {
- WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, authnRequest);
- }
+ LOG.debug("SignIn parameters restored: {}", signinParams.toString());
- // TODO
- value = (String)signinParams.get("RelayState");
+ String value = (String)signinParams.get(IdpConstants.HOME_REALM);
if (value != null) {
- WebUtils.putAttributeInFlowScope(context, "RelayState", value);
+ WebUtils.putAttributeInFlowScope(context, IdpConstants.HOME_REALM, value);
}
- LOG.debug("SignIn parameters restored: {}", signinParams.toString());
- WebUtils.removeAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
- LOG.info("SignIn parameters restored and " + FederationConstants.PARAM_CONTEXT + "["
- + contextKey + "] cleared.");
-
- value = (String)signinParams.get(FederationConstants.PARAM_CONTEXT);
- if (value != null) {
- WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_CONTEXT, value);
+ if ("wsfed".equals(protocol)) {
+ value = (String)signinParams.get(FederationConstants.PARAM_REPLY);
+ if (value != null) {
+ WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_REPLY, value);
+ }
+ value = (String)signinParams.get(FederationConstants.PARAM_TREALM);
+ if (value != null) {
+ WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_TREALM, value);
+ }
+
+ WebUtils.removeAttributeFromFlowScope(context, FederationConstants.PARAM_CONTEXT);
+ LOG.info("SignIn parameters restored and " + FederationConstants.PARAM_CONTEXT + "["
+ + contextKey + "] cleared.");
+
+ value = (String)signinParams.get(FederationConstants.PARAM_CONTEXT);
+ if (value != null) {
+ WebUtils.putAttributeInFlowScope(context, FederationConstants.PARAM_CONTEXT, value);
+ }
+ } else if ("samlsso".equals(protocol)) {
+ SAMLAuthnRequest authnRequest =
+ (SAMLAuthnRequest)signinParams.get(IdpConstants.SAML_AUTHN_REQUEST);
+ if (authnRequest != null) {
+ WebUtils.putAttributeInFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST, authnRequest);
+ }
+
+ // TODO
+ value = (String)signinParams.get("RelayState");
+ if (value != null) {
+ WebUtils.putAttributeInFlowScope(context, "RelayState", value);
+ }
}
} else {
LOG.debug("Error in restoring security context");
}
+
+ WebUtils.removeAttributeFromFlowScope(context, contextKey);
} else {
LOG.debug("Error in restoring security context");
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
index 59c2a67..d62c115 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-signin-request.xml
@@ -30,6 +30,7 @@
<input name="wfresh" />
<input name="wauth" />
<input name="home_realm" />
+ <input name="protocol" />
<decision-state id="processHRDSExpression">
<on-entry>
@@ -166,7 +167,7 @@
<!-- redirects to requestor idp -->
<end-state id="redirectToTrustedIDP">
<on-entry>
- <evaluate expression="signinParametersCacheAction.store(flowRequestContext)" />
+ <evaluate expression="signinParametersCacheAction.store(flowRequestContext, protocol)" />
</on-entry>
<output name="home_realm" value="flowScope.home_realm" />
<output name="trusted_idp_context" value="flowScope.trusted_idp_context" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index e0d86aa..e42c7ee 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -99,6 +99,7 @@
<input name="wfresh" value="flowScope.wfresh" />
<input name="wauth" value="flowScope.wauth" />
<input name="home_realm" value="flowScope.whr" />
+ <input name="protocol" value="'wsfed'" />
<output name="home_realm" />
<output name="wctx" />
@@ -131,6 +132,7 @@
<input name="state" value="flowScope.state" />
<input name="code" value="flowScope.code" />
<input name="home_realm" value="flowScope.whr" />
+ <input name="protocol" value="'wsfed'" />
<output name="wtrealm" />
<output name="wreply" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index 446aa8e..e385a25 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -27,6 +27,7 @@
<input name="SAMLRequest" />
<input name="RelayState" />
<input name="Signature" />
+ <input name="protocol" />
<action-state id="parseAuthnRequest">
<evaluate expression="authnRequestParser.parseSAMLRequest(flowRequestContext, flowScope.idpConfig,
@@ -180,7 +181,7 @@
<!-- redirects to requestor idp -->
<end-state id="redirectToTrustedIDP">
<on-entry>
- <evaluate expression="signinParametersCacheAction.store(flowRequestContext)" />
+ <evaluate expression="signinParametersCacheAction.store(flowRequestContext, protocol)" />
</on-entry>
<output name="home_realm" value="flowScope.home_realm" />
<output name="trusted_idp_context" value="flowScope.trusted_idp_context" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
index d45a48b..2816487 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-validate-request.xml
@@ -67,6 +67,7 @@
<input name="SAMLRequest" value="flowScope.SAMLRequest" />
<input name="RelayState" value="flowScope.RelayState" />
<input name="Signature" value="flowScope.Signature" />
+ <input name="protocol" value="'samlsso'" />
<output name="home_realm" />
<output name="idpToken" />
@@ -99,6 +100,7 @@
<input name="state" value="flowScope.state" />
<input name="code" value="flowScope.code" />
<input name="home_realm" value="flowScope.whr" />
+ <input name="protocol" value="'samlsso'" />
<output name="wtrealm" />
<output name="wreply" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4538aca7/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
index 1a2aa2e..38c4392 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/signin-response.xml
@@ -36,10 +36,11 @@ subflow to get a RP token from the STS.
<input name="state" />
<input name="code" />
<input name="home_realm" />
+ <input name="protocol" />
<on-start>
<!-- restore the original request parameters for the current context -->
- <evaluate expression="signinParametersCacheAction.restore(flowRequestContext, request_context)" />
+ <evaluate expression="signinParametersCacheAction.restore(flowRequestContext, request_context, protocol)" />
</on-start>
<!-- validate token issued by requestor IDP given its home realm -->