You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/08 15:59:36 UTC
cxf-fediz git commit: Add support to specify sign out query parameters
Repository: cxf-fediz
Updated Branches:
refs/heads/master 325089aa2 -> e8aec20af
Add support to specify sign out query parameters
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e8aec20a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e8aec20a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e8aec20a
Branch: refs/heads/master
Commit: e8aec20af5e9f6ca5428dfb74ff1fd2c0e448298
Parents: 325089a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 8 15:59:11 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 8 15:59:11 2017 +0000
----------------------------------------------------------------------
.../fediz/core/config/FederationProtocol.java | 22 +++++++++
.../core/processor/FederationProcessorImpl.java | 37 +++++++++++++++
.../fediz/core/spi/SignOutQueryCallback.java | 42 +++++++++++++++++
.../src/main/resources/schemas/FedizConfig.xsd | 2 +
.../core/federation/FederationLogoutTest.java | 25 ++++++++++
.../core/federation/SignoutQueryHandler.java | 49 ++++++++++++++++++++
.../test/resources/fediz_test_config_logout.xml | 35 ++++++++++++++
7 files changed, 212 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
index 614d811..b25795a 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationProtocol.java
@@ -37,6 +37,7 @@ public class FederationProtocol extends Protocol {
private Object homeRealm;
private Object freshness;
private Object signInQuery;
+ private Object signOutQuery;
private Object reply;
public FederationProtocol(ProtocolType protocolType) {
@@ -141,6 +142,27 @@ public class FederationProtocol extends Protocol {
}
}
+ public Object getSignOutQuery() {
+ if (this.signOutQuery != null) {
+ return this.signOutQuery;
+ }
+ CallbackType cbt = getFederationProtocol().getSignOutQuery();
+ this.signOutQuery = loadCallbackType(cbt, "SignOutQuery");
+ return this.signOutQuery;
+ }
+
+ public void setSignOutQuery(Object value) {
+ final boolean isString = value instanceof String;
+ final boolean isCallbackHandler = value instanceof CallbackHandler;
+ if (isString || isCallbackHandler) {
+ this.signOutQuery = value;
+ } else {
+ LOG.error("Unsupported 'SignOutQuery' object");
+ throw new IllegalArgumentException("Unsupported 'SignOutQuery' object. Type must be "
+ + "java.lang.String or javax.security.auth.callback.CallbackHandler.");
+ }
+ }
+
public Object getRequest() {
if (this.request != null) {
return this.request;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index aecee13..fa8778e 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -59,6 +59,7 @@ import org.apache.cxf.fediz.core.spi.FreshnessCallback;
import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
import org.apache.cxf.fediz.core.spi.ReplyCallback;
import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
+import org.apache.cxf.fediz.core.spi.SignOutQueryCallback;
import org.apache.cxf.fediz.core.spi.WAuthCallback;
import org.apache.cxf.fediz.core.spi.WReqCallback;
import org.apache.cxf.fediz.core.util.DOMUtils;
@@ -539,7 +540,15 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
sb.append(URLEncoder.encode(logoutRedirectTo, "UTF-8"));
}
}
+
+ String signOutQuery = resolveSignOutQuery(request, config);
+ LOG.debug("SignIn Query: {}", signOutQuery);
+ // add signout query extensions
+ if (signOutQuery != null && signOutQuery.length() > 0) {
+ sb.append('&').append(signOutQuery);
+ }
+
redirectURL = redirectURL + "?" + sb.toString();
} catch (Exception ex) {
LOG.error("Failed to create SignInRequest", ex);
@@ -578,6 +587,34 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
}
return signInQuery;
}
+
+ private String resolveSignOutQuery(HttpServletRequest request, FedizContext config) throws IOException,
+ UnsupportedCallbackException, UnsupportedEncodingException {
+ Object signOutQueryObj = ((FederationProtocol)config.getProtocol()).getSignOutQuery();
+ String signOutQuery = null;
+ if (signOutQueryObj != null) {
+ if (signOutQueryObj instanceof String) {
+ signOutQuery = (String)signOutQueryObj;
+ } else if (signOutQueryObj instanceof CallbackHandler) {
+ CallbackHandler frCB = (CallbackHandler)signOutQueryObj;
+ SignOutQueryCallback callback = new SignOutQueryCallback(request);
+ frCB.handle(new Callback[] {
+ callback
+ });
+ Map<String, String> signInQueryMap = callback.getSignOutQueryParamMap();
+ StringBuilder sbQuery = new StringBuilder();
+ for (Entry<String, String> entry : signInQueryMap.entrySet()) {
+ if (sbQuery.length() > 0) {
+ sbQuery.append("&");
+ }
+ sbQuery.append(entry.getKey()).append('=').append(URLEncoder.encode(entry.getValue(), "UTF-8"));
+ }
+ signOutQuery = sbQuery.toString();
+
+ }
+ }
+ return signOutQuery;
+ }
private String resolveFreshness(HttpServletRequest request, FedizContext config) throws IOException,
UnsupportedCallbackException {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignOutQueryCallback.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignOutQueryCallback.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignOutQueryCallback.java
new file mode 100644
index 0000000..ab19855
--- /dev/null
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/spi/SignOutQueryCallback.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.spi;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class SignOutQueryCallback extends AbstractServletCallback {
+
+ private Map<String, String> signOutQueryParamMap;
+
+ public SignOutQueryCallback(HttpServletRequest request) {
+ super(request);
+ }
+
+ public Map<String, String> getSignOutQueryParamMap() {
+ return signOutQueryParamMap;
+ }
+
+ public void setSignOutQueryParamMap(Map<String, String> signOutQueryParamMap) {
+ this.signOutQueryParamMap = signOutQueryParamMap;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index 879e08d..7d95384 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -165,6 +165,7 @@
<xs:element ref="reply" />
<xs:element ref="request" />
<xs:element ref="signInQuery" />
+ <xs:element ref="signOutQuery" />
</xs:sequence>
<xs:attribute name="version" use="required" type="xs:string" />
</xs:extension>
@@ -225,6 +226,7 @@
<xs:element name="request" type="CallbackType" />
<xs:element name="freshness" type="CallbackType" />
<xs:element name="signInQuery" type="CallbackType" />
+ <xs:element name="signOutQuery" type="CallbackType" />
<xs:element name="reply" type="CallbackType" />
<xs:simpleType name="argumentType">
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
index dedc9f4..67c01a5 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
@@ -354,4 +354,29 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
+
+ @org.junit.Test
+ public void testSignoutCustomQueryParameter() throws Exception {
+ FedizContext config = getFederationConfigurator().getFedizContext("ROOT3");
+
+ HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
+ EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
+ EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(null);
+ EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(LOGOUT_URL));
+ EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
+ EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
+ EasyMock.replay(req);
+
+ LogoutHandler logoutHandler = new LogoutHandler(config);
+ Assert.assertTrue(logoutHandler.canHandleRequest(req));
+
+ HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
+ String expectedRedirectToIdP =
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html"
+ + "&custom=param";
+ resp.sendRedirect(expectedRedirectToIdP);
+ EasyMock.expectLastCall();
+ EasyMock.replay(resp);
+ logoutHandler.handleRequest(req, resp);
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SignoutQueryHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SignoutQueryHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SignoutQueryHandler.java
new file mode 100644
index 0000000..26c0c31
--- /dev/null
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/SignoutQueryHandler.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.federation;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.fediz.core.spi.SignOutQueryCallback;
+
+public class SignoutQueryHandler implements CallbackHandler {
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ if (callbacks != null) {
+ for (Callback callback : callbacks) {
+ if (callback instanceof SignOutQueryCallback) {
+ SignOutQueryCallback signOutQueryCallback = (SignOutQueryCallback)callback;
+ Map<String, String> signOutQueryMap = new HashMap<>();
+ signOutQueryMap.put("custom", "param");
+ signOutQueryCallback.setSignOutQueryParamMap(signOutQueryMap);
+ }
+ }
+ }
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8aec20a/plugins/core/src/test/resources/fediz_test_config_logout.xml
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/fediz_test_config_logout.xml b/plugins/core/src/test/resources/fediz_test_config_logout.xml
index 030281e..8e8f5c0 100644
--- a/plugins/core/src/test/resources/fediz_test_config_logout.xml
+++ b/plugins/core/src/test/resources/fediz_test_config_logout.xml
@@ -85,4 +85,39 @@
<logoutRedirectTo>/index.html</logoutRedirectTo>
</contextConfig>
+ <contextConfig name="ROOT3">
+ <audienceUris>
+ <audienceItem>http://host_one:port/url</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass"
+ type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.2">
+ <realm>target realm</realm>
+ <issuer>http://url_to_the_issuer</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type" type="String" />
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ </claimTypesRequested>
+ <signOutQuery type="Class">org.apache.cxf.fediz.core.federation.SignoutQueryHandler</signOutQuery>
+ </protocol>
+ <logoutURL>secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ <logoutRedirectToConstraint>.*wreply.html</logoutRedirectToConstraint>
+ </contextConfig>
+
</FedizConfig>