Repository: cxf-fediz Updated Branches: refs/heads/master 02a0b82a1 -> 01c101637
Send a 400 error code from the IdP on a bad request Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/01c10163 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/01c10163 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/01c10163 Branch: refs/heads/master Commit: 01c1016379cc4a21313b074634b87179a1561d7c Parents: 02a0b82 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Sep 17 12:11:49 2014 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Sep 17 12:11:49 2014 +0100 ---------------------------------------------------------------------- .../service/idp/beans/STSClientAction.java | 55 ++++++++++++-------- .../WEB-INF/federation-validate-request.xml | 3 +- .../cxf/fediz/integrationtests/BadWReqTest.java | 3 +- 3 files changed, 37 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/01c10163/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java ---------------------------------------------------------------------- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java index 0ea2cd4..a7e51a6 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java @@ -37,6 +37,7 @@ import org.w3c.dom.NodeList; import org.apache.commons.lang3.StringEscapeUtils; import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; +import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.fediz.core.FederationConstants; import org.apache.cxf.fediz.core.exception.ProcessingException; import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE; @@ -271,25 +272,7 @@ public class STSClientAction { } sts.setEnableLifetime(true); - if (serviceConfig.getLifeTime() > 0) { - try { - int lifetime = serviceConfig.getLifeTime(); - sts.setTtl(lifetime); - sts.setEnableLifetime(lifetime > 0); - LOG.debug("Lifetime set to {} seconds for realm {}", serviceConfig.getLifeTime(), wtrealm); - } catch (NumberFormatException ex) { - LOG.warn("Invalid lifetime configured for service provider " + wtrealm); - sts.setTtl(this.ttl); - sts.setEnableLifetime(this.ttl > 0); - } - } else { - sts.setTtl(this.ttl); - sts.setEnableLifetime(this.ttl > 0); - if (LOG.isDebugEnabled()) { - LOG.debug("Lifetime set to {} seconds for realm {}", this.ttl, wtrealm); - } - } - + setLifetime(sts, serviceConfig, wtrealm); sts.setOnBehalfOf(idpToken.getToken()); if (!(serviceConfig.getProtocol() == null @@ -298,7 +281,17 @@ public class STSClientAction { throw new ProcessingException(TYPE.BAD_REQUEST); } - String rpToken = sts.requestSecurityTokenResponse(wtrealm); + String rpToken = null; + try { + rpToken = sts.requestSecurityTokenResponse(wtrealm); + } catch (SoapFault ex) { + LOG.error("Error in retrieving a token", ex.getMessage()); + if (ex.getFaultCode() != null + && "RequestFailed".equals(ex.getFaultCode().getLocalPart())) { + throw new ProcessingException(TYPE.BAD_REQUEST); + } + throw ex; + } InputStream is = new ByteArrayInputStream(rpToken.getBytes()); Document doc = StaxUtils.read(is); @@ -312,7 +305,7 @@ public class STSClientAction { LOG.info("[RP_TOKEN={}] successfully created for realm [{}] on behalf of [IDP_TOKEN={}]", id, wtrealm, idpToken.getId()); - return StringEscapeUtils.escapeXml(rpToken); + return StringEscapeUtils.escapeXml11(rpToken); } private SecurityToken getSecurityToken(RequestContext context) throws ProcessingException { @@ -406,4 +399,24 @@ public class STSClientAction { this.use200502Namespace = use200502Namespace; } + private void setLifetime(STSClient sts, Application serviceConfig, String wtrealm) { + if (serviceConfig.getLifeTime() > 0) { + try { + int lifetime = serviceConfig.getLifeTime(); + sts.setTtl(lifetime); + sts.setEnableLifetime(lifetime > 0); + LOG.debug("Lifetime set to {} seconds for realm {}", serviceConfig.getLifeTime(), wtrealm); + } catch (NumberFormatException ex) { + LOG.warn("Invalid lifetime configured for service provider " + wtrealm); + sts.setTtl(this.ttl); + sts.setEnableLifetime(this.ttl > 0); + } + } else { + sts.setTtl(this.ttl); + sts.setEnableLifetime(this.ttl > 0); + if (LOG.isDebugEnabled()) { + LOG.debug("Lifetime set to {} seconds for realm {}", this.ttl, wtrealm); + } + } + } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/01c10163/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml index 9c30318..455ec71 100644 --- a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml @@ -125,6 +125,7 @@ <evaluate expression="signInParamCacheAction.storeRPUrlInSession(flowRequestContext)" result="flowScope.res"/> <transition to="formResponseView" /> + <transition on-exception="org.apache.cxf.fediz.core.exception.ProcessingException" to="viewBadRequest" /> <transition on-exception="java.lang.Throwable" to="scInternalServerError" /> </action-state> @@ -152,7 +153,7 @@ <on-entry> <evaluate expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" /> - <set name="requestScope.reason" value="flowRequestContext.currentTransition" /> + <!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />--> </on-entry> </end-state> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/01c10163/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java ---------------------------------------------------------------------- diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java index 1538a14..99c4fe1 100644 --- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java +++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/BadWReqTest.java @@ -189,9 +189,8 @@ public class BadWReqTest { try { HTTPTestUtils.login(url, user, password, getIdpHttpsPort()); Assert.fail("Exception expected"); - // TODO change exception } catch (FailingHttpStatusCodeException ex) { - Assert.assertEquals(ex.getStatusCode(), 500); + Assert.assertEquals(ex.getStatusCode(), 400); } }