Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 69658738f -> deae3617d
Updating Collocated RACS to delegate to the abstract handler Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/deae3617 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/deae3617 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/deae3617 Branch: refs/heads/2.7.x-fixes Commit: deae3617da19424f67428ed413adc806c9c58414 Parents: 6965873 Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Fri Apr 25 15:50:54 2014 +0100 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Fri Apr 25 15:52:44 2014 +0100 ---------------------------------------------------------------------- ...AbstractRequestAssertionConsumerHandler.java | 30 ++++++++++++++++++ .../sso/RequestAssertionConsumerFilter.java | 18 +---------- .../sso/RequestAssertionConsumerService.java | 33 -------------------- 3 files changed, 31 insertions(+), 50 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/deae3617/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java index 64e2065..f622ace 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java @@ -23,6 +23,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.UnsupportedEncodingException; +import java.net.URI; import java.util.Date; import java.util.ResourceBundle; import java.util.UUID; @@ -33,6 +34,7 @@ import java.util.zip.DataFormatException; import javax.annotation.PreDestroy; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; +import javax.ws.rs.core.Response; import org.w3c.dom.Document; @@ -127,6 +129,34 @@ public class AbstractRequestAssertionConsumerHandler extends AbstractSSOSpHandle super.close(); } + protected Response doProcessSamlResponse(String encodedSamlResponse, + String relayState, + boolean postBinding) { + RequestState requestState = processRelayState(relayState); + + String contextCookie = createSecurityContext(requestState, + encodedSamlResponse, + relayState, + postBinding); + + // Finally, redirect to the service provider endpoint + URI targetURI = getTargetURI(requestState.getTargetAddress()); + return Response.seeOther(targetURI).header("Set-Cookie", contextCookie).build(); + } + + private URI getTargetURI(String targetAddress) { + if (targetAddress != null) { + try { + return URI.create(targetAddress); + } catch (IllegalArgumentException ex) { + reportError("INVALID_TARGET_URI"); + } + } else { + reportError("MISSING_TARGET_URI"); + } + throw ExceptionUtils.toBadRequestException(null, null); + } + protected String createSecurityContext(RequestState requestState, String encodedSamlResponse, String relayState, http://git-wip-us.apache.org/repos/asf/cxf/blob/deae3617/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java index db8fb61..d609215 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.java @@ -25,14 +25,12 @@ import javax.ws.rs.HttpMethod; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.container.PreMatching; -import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import org.apache.cxf.helpers.IOUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; -import org.apache.cxf.rs.security.saml.sso.state.RequestState; @PreMatching @BindingPriority(BindingPriority.AUTHENTICATION) @@ -66,21 +64,7 @@ public class RequestAssertionConsumerFilter extends AbstractRequestAssertionCons JAXRSUtils.getCurrentMessage().put(SSOConstants.RACS_IS_COLLOCATED, Boolean.TRUE); return; } - RequestState requestState = processRelayState(relayState); - String targetUri = requestState.getTargetAddress(); - if (targetUri != null - && targetUri.startsWith(ct.getUriInfo().getRequestUri().toString())) { - reportError("INVALID_TARGET_URI"); - ct.abortWith(Response.status(400).build()); - return; - } - - - String contextCookie = createSecurityContext(requestState, - encodedSamlResponse, - relayState, - postBinding); - ct.getHeaders().add(HttpHeaders.COOKIE, contextCookie); + ct.abortWith(doProcessSamlResponse(encodedSamlResponse, relayState, postBinding)); } http://git-wip-us.apache.org/repos/asf/cxf/blob/deae3617/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java index 5b594e4..376ecd2 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java @@ -18,8 +18,6 @@ */ package org.apache.cxf.rs.security.saml.sso; -import java.net.URI; - import javax.ws.rs.FormParam; import javax.ws.rs.GET; import javax.ws.rs.POST; @@ -29,9 +27,6 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import org.apache.cxf.jaxrs.utils.ExceptionUtils; -import org.apache.cxf.rs.security.saml.sso.state.RequestState; - @Path("sso") public class RequestAssertionConsumerService extends AbstractRequestAssertionConsumerHandler { @POST @@ -47,32 +42,4 @@ public class RequestAssertionConsumerService extends AbstractRequestAssertionCon @QueryParam(SSOConstants.RELAY_STATE) String relayState) { return doProcessSamlResponse(encodedSamlResponse, relayState, false); } - - protected Response doProcessSamlResponse(String encodedSamlResponse, - String relayState, - boolean postBinding) { - RequestState requestState = processRelayState(relayState); - - String contextCookie = createSecurityContext(requestState, - encodedSamlResponse, - relayState, - postBinding); - - // Finally, redirect to the service provider endpoint - URI targetURI = getTargetURI(requestState.getTargetAddress()); - return Response.seeOther(targetURI).header("Set-Cookie", contextCookie).build(); - } - - private URI getTargetURI(String targetAddress) { - if (targetAddress != null) { - try { - return URI.create(targetAddress); - } catch (IllegalArgumentException ex) { - reportError("INVALID_TARGET_URI"); - } - } else { - reportError("MISSING_TARGET_URI"); - } - throw ExceptionUtils.toBadRequestException(null, null); - } }