[FEDIZ-144] Added Spring EL support for HomeRealm Discovery
Conflicts:
services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6a6ffd0b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6a6ffd0b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6a6ffd0b
Branch: refs/heads/1.2.x-fixes
Commit: 6a6ffd0b9e97177b276a8dabf8c4aea7b345a3a3
Parents: b272bfa
Author: Jan Bernhardt <[email protected]>
Authored: Tue Jan 19 12:19:48 2016 +0100
Committer: Jan Bernhardt <[email protected]>
Committed: Tue Feb 9 08:26:42 2016 +0100
----------------------------------------------------------------------
.../idp/beans/ProcessHRDSExpressionAction.java | 46 +++++++++++++++-----
.../idp/src/main/resources/entities-realma.xml | 9 ++--
.../WEB-INF/federation-signin-request.xml | 44 +++++--------------
3 files changed, 51 insertions(+), 48 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a6ffd0b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
----------------------------------------------------------------------
diff --git
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
index 5389247..088af6c 100644
---
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
+++
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
@@ -18,31 +18,57 @@
*/
package org.apache.cxf.fediz.service.idp.beans;
+import javax.servlet.http.Cookie;
+
+import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.expression.Expression;
+import org.springframework.expression.ExpressionParser;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.stereotype.Component;
import org.springframework.webflow.execution.RequestContext;
/**
* This class is responsible to process Home Realm Discovery Service
Expression.
*/
-
+@Component
public class ProcessHRDSExpressionAction {
private static final String IDP_CONFIG = "idpConfig";
- private static final Logger LOG = LoggerFactory
- .getLogger(ProcessHRDSExpressionAction.class);
+
+ private static final Logger LOG =
LoggerFactory.getLogger(ProcessHRDSExpressionAction.class);
+
+ @Autowired
+ private HomeRealmReminder homeRealmReminder;
public String submit(RequestContext context) {
+ // Check if home realm is known already
+ Cookie whrCookie = homeRealmReminder.readCookie(context);
+ if (whrCookie != null) {
+ LOG.debug("WHR Cookie set: {}", whrCookie);
+ return whrCookie.getValue();
+ }
+
+ // Check if custom HRDS is defined
Idp idpConfig = (Idp)WebUtils.getAttributeFromFlowScope(context,
IDP_CONFIG);
String hrds = idpConfig.getHrds();
- //TODO
- if (hrds == null) {
- LOG.info("HRDS is null (Mock).");
- return "";
+
+ if (hrds != null) {
+ LOG.debug("HomeRealmDiscoveryService EL: {}", hrds);
+ ExpressionParser parser = new SpelExpressionParser();
+ Expression exp = parser.parseExpression(hrds);
+ String result = exp.getValue(context, String.class);
+ LOG.info("Realm resolved by HomeRealmDiscoveryService: {}",
result);
+ return result;
}
- LOG.info("HRDS is not null (Mock).");
- return "some-whr-value";
+
+ // Return whr parameter unchanged
+ String whr = (String)WebUtils.getAttributeFromFlowScope(context,
FederationConstants.PARAM_HOME_REALM);
+ LOG.debug("No custom homeRealm handling, using whr parameter as
provided in request: {}", whr);
+ return whr;
}
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a6ffd0b/services/idp/src/main/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/entities-realma.xml
b/services/idp/src/main/resources/entities-realma.xml
index 995b92d..2ccb07f 100644
--- a/services/idp/src/main/resources/entities-realma.xml
+++ b/services/idp/src/main/resources/entities-realma.xml
@@ -38,10 +38,8 @@
<property name="rpSingleSignOutConfirmation" value="true"/>
<property name="supportedProtocols">
<util:list>
- <value>http://docs.oasis-open.org/wsfed/federation/200706
- </value>
- <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512
- </value>
+
<value>http://docs.oasis-open.org/wsfed/federation/200706</value>
+ <value>http://docs.oasis-open.org/ws-sx/ws-trust/200512</value>
</util:list>
</property>
<property name="tokenTypesOffered">
@@ -52,7 +50,8 @@
</property>
<property name="authenticationURIs">
<util:map>
- <entry key="default" value="federation/up" />
+ <entry key="default"
+ value="federation/up" />
<entry
key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey";
value="federation/krb" />
<entry
key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default";
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6a6ffd0b/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
b/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
index 1231444..08e1d2b 100644
--- a/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/federation-signin-request.xml
@@ -32,51 +32,29 @@
<input name="whr" />
<decision-state id="checkHRDSEnabled">
- <if test="true" then="checkWhrInSigninRequest"
else="checkDefaultToThisIDP" />
+ <if test="true" then="processHRDSExpression"
else="checkDefaultToThisIDP" />
</decision-state>
- <decision-state id="checkWhrInSigninRequest">
- <if test="flowScope.whr == null or flowScope.whr.trim().isEmpty()"
- then="checkHomeRealm" else="checkIsThisIDP" />
+ <decision-state id="checkDefaultToThisIDP">
+ <if test="flowScope.idpConfig.isUseCurrentIdp()"
then="checkWauthTypeSupported"
+ else="viewBadRequest" />
</decision-state>
- <decision-state id="checkHomeRealm">
- <if test="homeRealmReminder.readCookie(flowRequestContext) == null"
- then="processHRDSExpression" else="restoreHomeRealm" />
+ <decision-state id="processHRDSExpression">
+ <on-entry>
+ <evaluate
expression="processHRDSExpressionAction.submit(flowRequestContext)"
result="flowScope.whr" />
+ </on-entry>
+ <if test="flowScope.whr == null or flowScope.whr.trim().isEmpty()"
+ then="provideIDPListForUser" else="checkIsThisIDP" />
</decision-state>
- <action-state id="restoreHomeRealm">
- <evaluate
- expression="homeRealmReminder.readCookie(flowRequestContext).value"
- result="flowScope.whr" />
- <transition to="checkIsThisIDP" />
- </action-state>
-
- <action-state id="processHRDSExpression">
- <!-- TODO -->
- <evaluate
- expression="processHRDSExpressionAction.submit(flowRequestContext)"
- result="flowScope.whr" />
- <transition on="" to="provideIDPListForUser" />
- <transition to="checkIsThisIDP">
- <evaluate
- expression="homeRealmReminder.addCookie(flowRequestContext,
flowScope.whr)" />
- </transition>
- </action-state>
-
<decision-state id="provideIDPListForUser">
- <if
- test="flowScope.idpConfig.trustedIdps == null or
idpConfig.trustedIdps.isEmpty()"
+ <if test="flowScope.idpConfig.trustedIdps == null or
idpConfig.trustedIdps.isEmpty()"
then="checkDefaultToThisIDP" />
<if test="flowScope.idpConfig.isProvideIdpList() == false"
then="checkDefaultToThisIDP" else="showIDPList" />
</decision-state>
- <decision-state id="checkDefaultToThisIDP">
- <if test="flowScope.idpConfig.isUseCurrentIdp()"
then="checkWauthTypeSupported"
- else="viewBadRequest" />
- </decision-state>
-
<view-state id="showIDPList" view="idplist" model="trustedIDPSelection">
<var name="trustedIDPSelection"
class="org.apache.cxf.fediz.service.idp.model.TrustedIDPSelection"
/>
