Fixing Metadata Logout URL
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/be392d35 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/be392d35 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/be392d35 Branch: refs/heads/master Commit: be392d35c78ca0a5dc24211b051cfeacba5f59d3 Parents: 1b6058d Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Sep 30 11:46:34 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Sep 30 11:46:34 2014 +0100 ---------------------------------------------------------------------- .../cxf/fediz/core/metadata/MetadataWriter.java | 41 ++++++++++++++++++-- .../core/processor/FederationProcessorImpl.java | 4 +- .../fediz/core/processor/FedizProcessor.java | 4 +- .../fediz/core/processor/SAMLProcessorImpl.java | 4 +- .../core/federation/FederationMetaDataTest.java | 6 +-- .../fediz/core/samlsso/SAMLMetaDataTest.java | 26 +++++++++++-- .../cxf/plugin/FedizRedirectBindingFilter.java | 3 +- .../fediz/jetty/FederationAuthenticator.java | 2 +- .../web/FederationAuthenticationEntryPoint.java | 2 +- .../web/FederationAuthenticationEntryPoint.java | 4 +- .../fediz/tomcat/FederationAuthenticator.java | 2 +- 11 files changed, 76 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java index 20fa3fe..3edde28 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java @@ -24,17 +24,19 @@ import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.io.OutputStreamWriter; import java.io.Writer; +import java.net.MalformedURLException; +import java.net.URL; import java.security.cert.X509Certificate; import java.util.List; import javax.security.auth.callback.CallbackHandler; +import javax.servlet.http.HttpServletRequest; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.stream.XMLOutputFactory; import javax.xml.stream.XMLStreamException; import javax.xml.stream.XMLStreamWriter; import org.w3c.dom.Document; - import org.apache.cxf.fediz.core.config.Claim; import org.apache.cxf.fediz.core.config.FederationProtocol; import org.apache.cxf.fediz.core.config.FedizContext; @@ -66,7 +68,9 @@ public class MetadataWriter { } //CHECKSTYLE:OFF - public Document getMetaData(FedizContext config) throws ProcessingException { + public Document getMetaData( + HttpServletRequest request, FedizContext config + ) throws ProcessingException { try { ByteArrayOutputStream bout = new ByteArrayOutputStream(4096); @@ -102,7 +106,7 @@ public class MetadataWriter { if (protocol instanceof FederationProtocol) { writeFederationMetadata(writer, config, serviceURL); } else if (protocol instanceof SAMLProtocol) { - writeSAMLMetadata(writer, config, serviceURL); + writeSAMLMetadata(writer, request, config, serviceURL); } writer.writeEndElement(); // EntityDescriptor @@ -235,6 +239,7 @@ public class MetadataWriter { private void writeSAMLMetadata( XMLStreamWriter writer, + HttpServletRequest request, FedizContext config, String serviceURL ) throws Exception { @@ -248,7 +253,15 @@ public class MetadataWriter { if (config.getLogoutURL() != null) { writer.writeStartElement("md", "SingleLogoutService", SAML2_METADATA_NS); - writer.writeAttribute("Location", config.getLogoutURL()); + + String logoutURL = config.getLogoutURL(); + if (logoutURL.startsWith("/")) { + logoutURL = extractFullContextPath(request).concat(logoutURL.substring(1)); + } else { + logoutURL = extractFullContextPath(request).concat(logoutURL); + } + writer.writeAttribute("Location", logoutURL); + writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); writer.writeEndElement(); // SingleLogoutService } @@ -323,4 +336,24 @@ public class MetadataWriter { writer.writeEndElement(); // SPSSODescriptor } + private String extractFullContextPath(HttpServletRequest request) throws MalformedURLException { + String result = null; + String contextPath = request.getContextPath(); + String requestUrl = request.getRequestURL().toString(); + String requestPath = new URL(requestUrl).getPath(); + // Cut request path of request url and add context path if not ROOT + if (requestPath != null && requestPath.length() > 0) { + int lastIndex = requestUrl.lastIndexOf(requestPath); + result = requestUrl.substring(0, lastIndex); + } else { + result = requestUrl; + } + if (contextPath != null && contextPath.length() > 0) { + // contextPath contains starting slash + result = result + contextPath + "/"; + } else { + result = result + "/"; + } + return result; + } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java index 9e0d383..ed830e6 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java @@ -109,8 +109,8 @@ public class FederationProcessorImpl extends AbstractFedizProcessor { } - public Document getMetaData(FedizContext config) throws ProcessingException { - return new MetadataWriter().getMetaData(config); + public Document getMetaData(HttpServletRequest request, FedizContext config) throws ProcessingException { + return new MetadataWriter().getMetaData(request, config); } protected FedizResponse processSignInRequest( http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java index 0f7af91..c6cea4e 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java @@ -37,6 +37,8 @@ public interface FedizProcessor { HttpServletRequest request, FedizContext config ) throws ProcessingException; - Document getMetaData(FedizContext config) throws ProcessingException; + Document getMetaData( + HttpServletRequest request, FedizContext config + ) throws ProcessingException; } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java index 64ffe36..99703af 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java @@ -98,8 +98,8 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor { } - public Document getMetaData(FedizContext config) throws ProcessingException { - return new MetadataWriter().getMetaData(config); + public Document getMetaData(HttpServletRequest request, FedizContext config) throws ProcessingException { + return new MetadataWriter().getMetaData(request, config); } private RequestState processRelayState( http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java index 441b4be..a0bb6e8 100644 --- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java +++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java @@ -73,7 +73,7 @@ public class FederationMetaDataTest { FedizContext config = loadConfig("ROOT"); FedizProcessor wfProc = new FederationProcessorImpl(); - Document doc = wfProc.getMetaData(config); + Document doc = wfProc.getMetaData(null, config); Assert.assertNotNull(doc); Node signatureNode = doc.getElementsByTagName("Signature").item(0); @@ -105,7 +105,7 @@ public class FederationMetaDataTest { FedizProcessor wfProc = new FederationProcessorImpl(); Document doc; - doc = wfProc.getMetaData(config); + doc = wfProc.getMetaData(null, config); Assert.assertNull(doc); fail("Failure expected as signing store contains more than one certificate"); } catch (ProcessingException ex) { @@ -119,7 +119,7 @@ public class FederationMetaDataTest { FedizContext config = loadConfig("ROOT_NO_SIGNINGKEY"); FedizProcessor wfProc = new FederationProcessorImpl(); - Document doc = wfProc.getMetaData(config); + Document doc = wfProc.getMetaData(null, config); Assert.assertNotNull(doc); try { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java index 3c04d9d..aafeb34 100644 --- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java +++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLMetaDataTest.java @@ -22,12 +22,12 @@ package org.apache.cxf.fediz.core.samlsso; import java.io.File; import java.net.URL; +import javax.servlet.http.HttpServletRequest; import javax.xml.transform.TransformerException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; - import org.apache.cxf.fediz.common.SecurityTestUtil; import org.apache.cxf.fediz.core.config.FedizConfigurator; import org.apache.cxf.fediz.core.config.FedizContext; @@ -39,6 +39,7 @@ import org.apache.xml.security.exceptions.XMLSecurityException; import org.apache.xml.security.keys.KeyInfo; import org.apache.xml.security.signature.XMLSignature; import org.apache.xml.security.signature.XMLSignatureException; +import org.easymock.EasyMock; import org.junit.AfterClass; import org.junit.Assert; @@ -49,6 +50,8 @@ import static org.junit.Assert.fail; */ public class SAMLMetaDataTest { private static final String CONFIG_FILE = "fediz_meta_test_config_saml.xml"; + private static final String TEST_REQUEST_URL = "https://localhost/fedizhelloworld/";; + private static final String CONTEXT_PATH = "https://localhost:9443/";; @AfterClass public static void cleanup() { @@ -75,7 +78,12 @@ public class SAMLMetaDataTest { FedizContext config = loadConfig("ROOT"); FedizProcessor wfProc = new FederationProcessorImpl(); - Document doc = wfProc.getMetaData(config); + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); + EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); + EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH); + EasyMock.replay(req); + + Document doc = wfProc.getMetaData(req, config); Assert.assertNotNull(doc); Node signatureNode = doc.getElementsByTagName("Signature").item(0); @@ -107,8 +115,13 @@ public class SAMLMetaDataTest { FedizProcessor wfProc = new FederationProcessorImpl(); Document doc; + + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); + EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); + EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH); + EasyMock.replay(req); - doc = wfProc.getMetaData(config); + doc = wfProc.getMetaData(req, config); Assert.assertNull(doc); fail("Failure expected as signing store contains more than one certificate"); } catch (ProcessingException ex) { @@ -122,7 +135,12 @@ public class SAMLMetaDataTest { FedizContext config = loadConfig("ROOT_NO_SIGNINGKEY"); FedizProcessor wfProc = new FederationProcessorImpl(); - Document doc = wfProc.getMetaData(config); + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); + EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); + EasyMock.expect(req.getContextPath()).andReturn(CONTEXT_PATH); + EasyMock.replay(req); + + Document doc = wfProc.getMetaData(req, config); Assert.assertNotNull(doc); try { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java ---------------------------------------------------------------------- diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java index 6a1e81a..83eb3b5 100644 --- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java +++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java @@ -243,7 +243,8 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter { FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); try { - Document metadata = wfProc.getMetaData(fedConfig); + HttpServletRequest request = messageContext.getHttpServletRequest(); + Document metadata = wfProc.getMetaData(request, fedConfig); String metadataStr = DOM2Writer.nodeToString(metadata); ResponseBuilder response = Response.ok(metadataStr, "text/xml"); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java index 9b8033c..e727ae1 100644 --- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java +++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java @@ -176,7 +176,7 @@ public class FederationAuthenticator extends LoginAuthenticator { FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); try { - Document metadata = wfProc.getMetaData(fedConfig); + Document metadata = wfProc.getMetaData(request, fedConfig); out.write(DOM2Writer.nodeToString(metadata)); return Authentication.SEND_CONTINUE; } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java index e777ab8..9749927 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java @@ -97,7 +97,7 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol()); try { - Document metadata = wfProc.getMetaData(fedContext); + Document metadata = wfProc.getMetaData(servletRequest, fedContext); out.write(DOM2Writer.nodeToString(metadata)); return; } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java index ffc4fe6..3fd799f 100644 --- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java +++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java @@ -100,7 +100,7 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol()); try { - Document metadata = wfProc.getMetaData(fedContext); + Document metadata = wfProc.getMetaData(servletRequest, fedContext); out.write(DOM2Writer.nodeToString(metadata)); return; } catch (Exception ex) { @@ -189,7 +189,7 @@ public class FederationAuthenticationEntryPoint implements AuthenticationEntryPo FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol()); try { - Document metadata = wfProc.getMetaData(fedContext); + Document metadata = wfProc.getMetaData(hrequest, fedContext); out.write(DOM2Writer.nodeToString(metadata)); return; } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/be392d35/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java index 024fd14..40d0538 100644 --- a/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java +++ b/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java @@ -201,7 +201,7 @@ public class FederationAuthenticator extends FormAuthenticator { FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol()); try { - Document metadata = wfProc.getMetaData(fedConfig); + Document metadata = wfProc.getMetaData(request, fedConfig); out.write(DOM2Writer.nodeToString(metadata)); return; } catch (Exception ex) {
