This is an automated email from the ASF dual-hosted git repository.
buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/master by this push:
new a728111 upgrade to CXF 3.4.3 & WSS4J 2.3.1 (#62)
a728111 is described below
commit a728111cd4b90a2b71a30a18e605d36e09770685
Author: Alexey Markevich <[email protected]>
AuthorDate: Mon Mar 29 22:31:07 2021 +0000
upgrade to CXF 3.4.3 & WSS4J 2.3.1 (#62)
---
plugins/core/pom.xml | 39 +++---
.../apache/cxf/fediz/core/config/FedizContext.java | 37 +++---
.../core/processor/AbstractFedizProcessor.java | 4 +-
.../core/samlsso/SAMLSSOResponseValidator.java | 7 +-
plugins/core/src/main/resources/fediz-ehcache.xml | 35 ------
.../fediz/core/AbstractSAMLCallbackHandler.java | 11 +-
.../fediz/core/config/FedizConfigurationTest.java | 7 +-
.../core/federation/FederationResponseTest.java | 11 +-
plugins/core/src/test/resources/logging.properties | 2 +-
plugins/cxf/pom.xml | 25 ++--
.../cxf/plugin/AbstractServiceProviderFilter.java | 10 +-
.../cxf/plugin/state/EHCacheSPStateManager.java | 131 ++++++---------------
plugins/cxf/src/main/resources/fediz-ehcache.xml | 25 ++++
.../cxf/fediz/cxf/plugin/Messages.properties | 0
.../plugin/state/EHCacheSPStateManagerTest.java | 78 ++++++++++++
pom.xml | 11 +-
.../protocols/TrustedIdpSAMLProtocolHandler.java | 4 +-
services/oidc/pom.xml | 17 ---
.../oidc/PrivateKeyPasswordProviderImpl.java | 2 +-
services/sts/src/main/resources/log4j.properties | 4 +-
.../cxf/fediz/systests/cxf/FederationTest.java | 1 -
.../src/main/resources/logging.properties | 2 +-
.../src/main/resources/logging.properties | 2 +-
systests/oidc/pom.xml | 4 +-
24 files changed, 237 insertions(+), 232 deletions(-)
diff --git a/plugins/core/pom.xml b/plugins/core/pom.xml
index f6e77e8..1cd900f 100644
--- a/plugins/core/pom.xml
+++ b/plugins/core/pom.xml
@@ -33,12 +33,6 @@
</properties>
<dependencies>
<dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>org.apache.wss4j</groupId>
<artifactId>wss4j-ws-security-dom</artifactId>
<version>${wss4j.version}</version>
@@ -51,16 +45,14 @@
</exclusions>
</dependency>
<dependency>
- <groupId>net.sf.ehcache</groupId>
- <artifactId>ehcache</artifactId>
- <version>${ehcache.version}</version>
- <scope>compile</scope>
+ <groupId>javax.cache</groupId>
+ <artifactId>cache-api</artifactId>
+ <version>${jcache.version}</version>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-jdk14</artifactId>
- <version>${slf4j.version}</version>
- <scope>test</scope>
+ <groupId>org.ehcache</groupId>
+ <artifactId>ehcache</artifactId>
+ <version>${ehcache3.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
@@ -73,12 +65,31 @@
<version>${servlet.version}</version>
<scope>provided</scope>
</dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.easymock</groupId>
<artifactId>easymock</artifactId>
<version>${easymock.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jdk14</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.12.1</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<plugins>
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index d23165a..ef38e67 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -24,6 +24,8 @@ import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
+import java.nio.file.Files;
+import java.nio.file.Path;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -44,10 +46,11 @@ import
org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
import org.apache.cxf.fediz.core.exception.IllegalConfigurationException;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.processor.ClaimsProcessor;
import org.apache.cxf.fediz.core.util.CertsUtils;
+import org.apache.wss4j.common.cache.EHCacheReplayCache;
import org.apache.wss4j.common.cache.ReplayCache;
-import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.common.crypto.CertificateStore;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -239,26 +242,26 @@ public class FedizContext implements Closeable {
}
- public ReplayCache getTokenReplayCache() {
+ public ReplayCache getTokenReplayCache() throws ProcessingException {
if (replayCache != null) {
return replayCache;
}
- String replayCacheString = config.getTokenReplayCache();
- String cacheKey = CACHE_KEY_PREFIX + "-" + config.getName();
- ReplayCacheFactory replayCacheFactory =
ReplayCacheFactory.newInstance();
- if (replayCacheString == null || "".equals(replayCacheString)) {
- replayCache = replayCacheFactory.newReplayCache(cacheKey,
"/fediz-ehcache.xml");
- } else {
- try {
- Class<?> replayCacheClass =
Loader.loadClass(replayCacheString);
- replayCache = (ReplayCache) replayCacheClass.newInstance();
- } catch (ClassNotFoundException e) {
- replayCache = replayCacheFactory.newReplayCache(cacheKey,
"/fediz-ehcache.xml");
- } catch (InstantiationException e) {
- replayCache = replayCacheFactory.newReplayCache(cacheKey,
"/fediz-ehcache.xml");
- } catch (IllegalAccessException e) {
- replayCache = replayCacheFactory.newReplayCache(cacheKey,
"/fediz-ehcache.xml");
+ final String replayCacheString = config.getTokenReplayCache();
+ final String cacheKey = CACHE_KEY_PREFIX + '-' + config.getName();
+ try {
+ final Path diskstorePath = Files.createTempDirectory("fediz");
+ if (replayCacheString == null || replayCacheString.isEmpty()) {
+ replayCache = new EHCacheReplayCache(cacheKey, diskstorePath);
+ } else {
+ try {
+ Class<?> replayCacheClass =
Loader.loadClass(replayCacheString);
+ replayCache = (ReplayCache)
replayCacheClass.getDeclaredConstructor().newInstance();
+ } catch (ReflectiveOperationException e) {
+ replayCache = new EHCacheReplayCache(cacheKey,
diskstorePath);
+ }
}
+ } catch (Exception e) {
+ throw new ProcessingException(e.getMessage(), e);
}
return replayCache;
}
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
index 37a4a63..354408c 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
@@ -94,9 +94,7 @@ public abstract class AbstractFedizProcessor implements
FedizProcessor {
if (!config.getTokenReplayCache().contains(tokenId)) {
// not cached
if (expires != null) {
- Instant now = Instant.now();
- long ttl = expires.getEpochSecond() - now.getEpochSecond();
- config.getTokenReplayCache().add(tokenId, ttl);
+ config.getTokenReplayCache().add(tokenId, expires);
} else {
config.getTokenReplayCache().add(tokenId);
}
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
index a027ffa..5e15ec9 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
@@ -19,7 +19,6 @@
package org.apache.cxf.fediz.core.samlsso;
import java.time.Instant;
-import java.util.Date;
import java.util.List;
import org.w3c.dom.Element;
@@ -228,10 +227,8 @@ public class SAMLSSOResponseValidator {
// Need to keep bearer assertion IDs based on NotOnOrAfter to detect
replay attacks
if (postBinding && replayCache != null) {
if (replayCache.contains(id)) {
- Date expires = subjectConfData.getNotOnOrAfter().toDate();
- Date currentTime = new Date();
- long ttl = expires.getTime() - currentTime.getTime();
- replayCache.add(id, ttl / 1000L);
+ Instant expires =
subjectConfData.getNotOnOrAfter().toDate().toInstant();
+ replayCache.add(id, expires);
} else {
LOG.debug("Replay attack with token id: " + id);
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
diff --git a/plugins/core/src/main/resources/fediz-ehcache.xml
b/plugins/core/src/main/resources/fediz-ehcache.xml
deleted file mode 100644
index b888f0f..0000000
--- a/plugins/core/src/main/resources/fediz-ehcache.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false"
monitoring="autodetect" dynamicConfig="true">
-
- <diskStore path="java.io.tmpdir"/>
-
- <defaultCache
- maxEntriesLocalHeap="5000"
- eternal="false"
- timeToIdleSeconds="3600"
- timeToLiveSeconds="3600"
- overflowToDisk="true"
- maxElementsOnDisk="10000000"
- diskPersistent="false"
- diskExpiryThreadIntervalSeconds="120"
- memoryStoreEvictionPolicy="LRU"
- />
-</ehcache>
diff --git
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
index 7fc9ece..f7b4a2b 100644
---
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
+++
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
@@ -28,6 +28,8 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -47,6 +49,7 @@ import
org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
@@ -422,8 +425,12 @@ public abstract class AbstractSAMLCallbackHandler
implements CallbackHandler {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrKey.setUseThisCert(certs[0]);
- encrKey.prepare(null);
- ephemeralKey = encrKey.getEphemeralKey();
+
+ KeyGenerator keyGen =
KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ encrKey.prepare(null, symmetricKey);
+ ephemeralKey = symmetricKey.getEncoded();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
index 9fbaa06..cc72508 100644
---
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
+++
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
@@ -49,6 +49,7 @@ import
org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
+import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.processor.ClaimsProcessor;
import org.apache.wss4j.common.cache.EHCacheReplayCache;
import org.apache.wss4j.common.cache.MemoryReplayCache;
@@ -350,7 +351,7 @@ public class FedizConfigurationTest {
}
@org.junit.Test
- public void testTokenReplayCacheFederation() throws JAXBException,
IOException {
+ public void testTokenReplayCacheFederation() throws Exception {
FedizConfig config = createConfiguration(true);
// Test the default TokenReplayCache
@@ -375,7 +376,7 @@ public class FedizConfigurationTest {
}
@org.junit.Test
- public void testTokenReplayCacheSAML() throws JAXBException, IOException {
+ public void testTokenReplayCacheSAML() throws Exception {
FedizConfig config = createConfiguration(false);
// Test the default TokenReplayCache
@@ -400,7 +401,7 @@ public class FedizConfigurationTest {
}
private ReplayCache parseConfigAndReturnTokenReplayCache(FedizConfig
config)
- throws JAXBException {
+ throws JAXBException, ProcessingException {
final JAXBContext jaxbContext =
JAXBContext.newInstance(FedizConfig.class);
StringWriter writer = new StringWriter();
diff --git
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
index b013ac6..abdc062 100644
---
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
+++
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
@@ -28,6 +28,8 @@ import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -77,6 +79,7 @@ import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.DOM2Writer;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecEncrypt;
@@ -1757,8 +1760,12 @@ public class FederationResponseTest {
encryptionPart.setElement(token);
Crypto encrCrypto = CryptoFactory.getInstance("signature.properties");
- builder.prepare(encrCrypto);
- builder.encryptForRef(null, Collections.singletonList(encryptionPart));
+
+ KeyGenerator keyGen =
KeyUtils.getKeyGenerator(builder.getSymmetricEncAlgorithm());
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ builder.prepare(encrCrypto, symmetricKey);
+ builder.encryptForRef(null, Collections.singletonList(encryptionPart),
symmetricKey);
// return doc.getDocumentElement();
return DOM2Writer.nodeToString(doc);
diff --git a/plugins/core/src/test/resources/logging.properties
b/plugins/core/src/test/resources/logging.properties
index 040b210..0d8d902 100644
--- a/plugins/core/src/test/resources/logging.properties
+++ b/plugins/core/src/test/resources/logging.properties
@@ -15,7 +15,7 @@
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the WARNING and above levels.
-handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.ConsoleHandler
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
# Default global logging level.
diff --git a/plugins/cxf/pom.xml b/plugins/cxf/pom.xml
index fa58019..a0544c1 100644
--- a/plugins/cxf/pom.xml
+++ b/plugins/cxf/pom.xml
@@ -62,25 +62,16 @@
<version>${cxf.version}</version>
<scope>compile</scope>
</dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
+
<build>
- <sourceDirectory>${basedir}/src/main/java</sourceDirectory>
- <resources>
- <resource>
- <directory>src/main/java</directory>
- <excludes>
- <exclude>**/*.java</exclude>
- </excludes>
- </resource>
- <resource>
- <directory>src/main/resources</directory>
- <includes>
- <include>**/*</include>
- </includes>
- </resource>
- </resources>
-
-
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
diff --git
a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
index 679f9e7..5ad15bf 100644
---
a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
+++
b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
@@ -21,7 +21,6 @@ package org.apache.cxf.fediz.cxf.plugin;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
-import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.util.List;
@@ -117,12 +116,9 @@ public abstract class AbstractServiceProviderFilter
implements ContainerRequestF
} catch (JAXBException e) {
LOG.error("Error in parsing configuration", e);
throw e;
- } catch (MalformedURLException e) {
+ } catch (IOException e) {
LOG.error("Error in loading configuration file", e);
throw e;
- } catch (Exception e) {
- LOG.error("Error in loading configuration file", e);
- throw new IOException(e);
}
}
@@ -146,7 +142,9 @@ public abstract class AbstractServiceProviderFilter
implements ContainerRequestF
}
}
- stateManager.close();
+ if (stateManager != null) {
+ stateManager.close();
+ }
}
protected boolean checkSecurityContext(FedizContext fedConfig, Message m,
MultivaluedMap<String, String> params) {
diff --git
a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
index 27c4bc6..159a40a 100644
---
a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
+++
b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManager.java
@@ -21,14 +21,12 @@ package org.apache.cxf.fediz.cxf.plugin.state;
import java.io.IOException;
import java.net.URL;
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Ehcache;
-import net.sf.ehcache.Element;
-import net.sf.ehcache.config.CacheConfiguration;
import org.apache.cxf.fediz.core.RequestState;
-import org.apache.wss4j.common.cache.EHCacheManagerHolder;
import org.apache.wss4j.common.util.Loader;
+import org.ehcache.Cache;
+import org.ehcache.CacheManager;
+import org.ehcache.config.builders.CacheManagerBuilder;
+import org.ehcache.xml.XmlConfiguration;
/**
* An in-memory EHCache implementation of the SPStateManager interface.
@@ -36,137 +34,82 @@ import org.apache.wss4j.common.util.Loader;
*/
public class EHCacheSPStateManager implements SPStateManager {
- public static final long DEFAULT_TTL = 60L * 5L;
public static final String REQUEST_CACHE_KEY =
"cxf.fediz.samlp.request.state.cache";
public static final String RESPONSE_CACHE_KEY =
"cxf.fediz.samlp.response.state.cache";
- private Ehcache requestCache;
- private Ehcache responseCache;
+ private Cache<String, RequestState> requestCache;
+ private Cache<String, ResponseState> responseCache;
private CacheManager cacheManager;
- private long ttl = DEFAULT_TTL;
public EHCacheSPStateManager(String configFile) {
this(getConfigFileURL(configFile));
}
public EHCacheSPStateManager(URL configFileURL) {
- this(EHCacheManagerHolder.getCacheManager("", configFileURL));
+ XmlConfiguration xmlConfig = new XmlConfiguration(configFileURL);
+ cacheManager = CacheManagerBuilder.newCacheManager(xmlConfig);
+ cacheManager.init();
+ initCache();
}
public EHCacheSPStateManager(CacheManager cacheManager) {
this.cacheManager = cacheManager;
-
- CacheConfiguration requestCC =
EHCacheManagerHolder.getCacheConfiguration(REQUEST_CACHE_KEY, cacheManager);
-
- Ehcache newCache = new Cache(requestCC);
- requestCache = cacheManager.addCacheIfAbsent(newCache);
-
- CacheConfiguration responseCC =
EHCacheManagerHolder.getCacheConfiguration(RESPONSE_CACHE_KEY, cacheManager);
-
- newCache = new Cache(responseCC);
- responseCache = cacheManager.addCacheIfAbsent(newCache);
+ initCache();
}
- private static URL getConfigFileURL(Object o) {
- if (o instanceof String) {
- try {
- URL url = Loader.getResource((String)o);
- if (url == null) {
- url = new URL((String)o);
- }
- return url;
- } catch (IOException e) {
- // Do nothing
+ private static URL getConfigFileURL(String configFile) {
+ try {
+ URL url = Loader.getResource(configFile);
+ if (url == null) {
+ url = new URL(configFile);
}
- } else if (o instanceof URL) {
- return (URL)o;
+ return url;
+ } catch (IOException e) {
+ // Do nothing
}
return null;
}
- /**
- * Set a new (default) TTL value in seconds
- * @param newTtl a new (default) TTL value in seconds
- */
- public void setTTL(long newTtl) {
- ttl = newTtl;
- }
-
- /**
- * Get the (default) TTL value in seconds
- * @return the (default) TTL value in seconds
- */
- public long getTTL() {
- return ttl;
+ private void initCache() {
+ requestCache = cacheManager.getCache(REQUEST_CACHE_KEY, String.class,
RequestState.class);
+ responseCache = cacheManager.getCache(RESPONSE_CACHE_KEY,
String.class, ResponseState.class);
}
public void setRequestState(String relayState, RequestState state) {
- if (relayState == null || "".equals(relayState)) {
- return;
+ if (relayState != null && !relayState.isEmpty()) {
+ requestCache.put(relayState, state);
}
-
- int parsedTTL = (int)ttl;
- if (ttl != (long)parsedTTL) {
- // Fall back to 60 minutes if the default TTL is set incorrectly
- parsedTTL = 3600;
- }
-
- Element element = new Element(relayState, state);
- element.setTimeToLive(parsedTTL);
- element.setTimeToIdle(parsedTTL);
- requestCache.put(element);
}
public RequestState removeRequestState(String relayState) {
- Element element = requestCache.get(relayState);
- if (element != null) {
+ RequestState state = requestCache.get(relayState);
+ if (state != null) {
requestCache.remove(relayState);
- return (RequestState)element.getObjectValue();
}
- return null;
+ return state;
}
public ResponseState getResponseState(String securityContextKey) {
- Element element = responseCache.get(securityContextKey);
- if (element != null) {
- if (responseCache.isExpired(element)) {
- responseCache.remove(securityContextKey);
- return null;
- }
- return (ResponseState)element.getObjectValue();
- }
- return null;
- }
-
- public ResponseState removeResponseState(String securityContextKey) {
- Element element = responseCache.get(securityContextKey);
- if (element != null) {
- responseCache.remove(securityContextKey);
- return (ResponseState)element.getObjectValue();
- }
- return null;
+ return responseCache.get(securityContextKey);
}
public void setResponseState(String securityContextKey, ResponseState
state) {
- if (securityContextKey == null || "".equals(securityContextKey)) {
- return;
+ if (securityContextKey != null && !securityContextKey.isEmpty()) {
+ responseCache.put(securityContextKey, state);
}
+ }
- int parsedTTL = (int)ttl;
- if (ttl != (long)parsedTTL) {
- // Fall back to 5 minutes if the default TTL is set incorrectly
- parsedTTL = 60 * 5;
+ public ResponseState removeResponseState(String securityContextKey) {
+ ResponseState state = responseCache.get(securityContextKey);
+ if (state != null) {
+ responseCache.remove(securityContextKey);
}
- Element element = new Element(securityContextKey, state);
- element.setTimeToLive(parsedTTL);
- element.setTimeToIdle(parsedTTL);
-
- responseCache.put(element);
+ return state;
}
public void close() throws IOException {
if (cacheManager != null) {
- cacheManager.shutdown();
+ cacheManager.close();
cacheManager = null;
requestCache = null;
responseCache = null;
diff --git a/plugins/cxf/src/main/resources/fediz-ehcache.xml
b/plugins/cxf/src/main/resources/fediz-ehcache.xml
new file mode 100644
index 0000000..c45fb18
--- /dev/null
+++ b/plugins/cxf/src/main/resources/fediz-ehcache.xml
@@ -0,0 +1,25 @@
+<config
+ xmlns='http://www.ehcache.org/v3'
+ xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+ xsi:schemaLocation="http://www.ehcache.org/v3
https://www.ehcache.org/schema/ehcache-core.xsd";>
+
+ <cache-template name="cxf.fediz.samlp.state.cache.template">
+ <key-type>java.lang.String</key-type>
+ <expiry>
+ <ttl unit="seconds">300</ttl>
+ </expiry>
+ <resources>
+ <heap unit="entries">5000</heap>
+ <offheap unit="MB">10</offheap>
+ </resources>
+ </cache-template>
+
+ <cache alias="cxf.fediz.samlp.request.state.cache"
uses-template="cxf.fediz.samlp.state.cache.template">
+ <value-type>org.apache.cxf.fediz.core.RequestState</value-type>
+ </cache>
+
+ <cache alias="cxf.fediz.samlp.response.state.cache"
uses-template="cxf.fediz.samlp.state.cache.template">
+
<value-type>org.apache.cxf.fediz.cxf.plugin.state.ResponseState</value-type>
+ </cache>
+
+</config>
diff --git
a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/Messages.properties
b/plugins/cxf/src/main/resources/org/apache/cxf/fediz/cxf/plugin/Messages.properties
similarity index 100%
rename from
plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/Messages.properties
rename to
plugins/cxf/src/main/resources/org/apache/cxf/fediz/cxf/plugin/Messages.properties
diff --git
a/plugins/cxf/src/test/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManagerTest.java
b/plugins/cxf/src/test/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManagerTest.java
new file mode 100644
index 0000000..2a25767
--- /dev/null
+++
b/plugins/cxf/src/test/java/org/apache/cxf/fediz/cxf/plugin/state/EHCacheSPStateManagerTest.java
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.cxf.plugin.state;
+
+import org.apache.cxf.fediz.core.RequestState;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+public class EHCacheSPStateManagerTest {
+
+ private static final int HEAP_ENTRIES = 5000;
+
+ private static SPStateManager stateManager;
+
+ @Test
+ public void testRequestState() {
+ RequestState requestState = new RequestState();
+ for (int i = 0; i < 2 * HEAP_ENTRIES; ++i) {
+ stateManager.setRequestState(String.valueOf(i), requestState);
+ }
+ for (int i = 0; i < 2 * HEAP_ENTRIES; ++i) {
+ assertNotNull(String.valueOf(i),
stateManager.removeRequestState(String.valueOf(i)));
+ assertNull(stateManager.removeRequestState(String.valueOf(i)));
+ }
+ }
+
+ @Test
+ public void testResponseState() {
+ assertNull(stateManager.getResponseState(""));
+ ResponseState responseState = new ResponseState();
+ for (int i = 0; i < 2 * HEAP_ENTRIES; ++i) {
+ stateManager.setResponseState(String.valueOf(i), responseState);
+ }
+ for (int i = 0; i < 2 * HEAP_ENTRIES; ++i) {
+ assertNotNull(String.valueOf(i),
stateManager.getResponseState(String.valueOf(i)));
+ assertNotNull(String.valueOf(i),
stateManager.removeResponseState(String.valueOf(i)));
+ assertNull(stateManager.removeResponseState(String.valueOf(i)));
+ }
+ }
+
+ @Test
+ public void testTwoManagers() throws Exception {
+ try (SPStateManager stateManager = new
EHCacheSPStateManager("fediz-ehcache.xml")) {
+ assertNotNull(stateManager);
+ }
+ }
+
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
+ }
+
+ @AfterClass
+ public static void afterClass() throws Exception {
+ stateManager.close();
+ }
+}
diff --git a/pom.xml b/pom.xml
index db44dca..c1e68c2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,15 +43,14 @@
<commons.logging.version>1.2</commons.logging.version>
<commons.text.version>1.9</commons.text.version>
<commons.validator.version>1.7</commons.validator.version>
- <cxf.version>3.3.9</cxf.version>
+ <cxf.version>3.4.3</cxf.version>
<cxf.build-utils.version>3.4.4</cxf.build-utils.version>
<easymock.version>4.0.2</easymock.version>
- <ehcache.version>2.10.6</ehcache.version>
<ehcache3.version>3.8.1</ehcache3.version>
- <jcache.version>1.0.0</jcache.version>
+ <jcache.version>1.1.1</jcache.version>
<hsqldb.version>2.5.1</hsqldb.version>
<htmlunit.version>2.47.1</htmlunit.version>
- <jackson.version>2.10.5</jackson.version>
+ <jackson.version>2.11.4</jackson.version>
<jaxb.version>2.3.2</jaxb.version>
<jetty9.version>9.4.39.v20210325</jetty9.version>
<junit.version>4.13.2</junit.version>
@@ -62,11 +61,11 @@
<slf4j.version>1.7.30</slf4j.version>
<spring.version>4.3.30.RELEASE</spring.version>
<spring-ldap-core.version>2.3.3.RELEASE</spring-ldap-core.version>
- <spring.security.version>4.2.19.RELEASE</spring.security.version>
+ <spring.security.version>4.2.20.RELEASE</spring.security.version>
<spring-webflow.version>2.5.1.RELEASE</spring-webflow.version>
<tomcat.version>9.0.44</tomcat.version>
<validation-api.version>2.0.2</validation-api.version>
- <wss4j.version>2.2.6</wss4j.version>
+ <wss4j.version>2.3.1</wss4j.version>
<tomcat.url>http://localhost:8080/manager/text</tomcat.url>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index bc6c417..0fc37a6 100644
---
a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -389,7 +389,7 @@ public class TrustedIdpSAMLProtocolHandler extends
AbstractTrustedIdpProtocolHan
}
return ssoResponseValidator.validateSamlResponse(samlResponse,
post);
- } catch (WSSecurityException ex) {
+ } catch (Exception ex) {
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toBadRequestException(ex, null);
}
@@ -399,7 +399,7 @@ public class TrustedIdpSAMLProtocolHandler extends
AbstractTrustedIdpProtocolHan
this.replayCache = replayCache;
}
- public TokenReplayCache<String> getReplayCache() {
+ public TokenReplayCache<String> getReplayCache() throws
IllegalAccessException, ReflectiveOperationException {
if (replayCache == null) {
replayCache = new EHCacheTokenReplayCache();
}
diff --git a/services/oidc/pom.xml b/services/oidc/pom.xml
index 7c3a93d..d867383 100644
--- a/services/oidc/pom.xml
+++ b/services/oidc/pom.xml
@@ -40,13 +40,6 @@
<artifactId>fediz-core</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
- <!-- TODO Remove when we pick up WSS4J 2.3.0-SNAPSHOT -->
- <exclusions>
- <exclusion>
- <groupId>net.sf.ehcache</groupId>
- <artifactId>ehcache</artifactId>
- </exclusion>
- </exclusions>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
@@ -54,16 +47,6 @@
<version>${cxf.version}</version>
</dependency>
<dependency>
- <groupId>javax.cache</groupId>
- <artifactId>cache-api</artifactId>
- <version>${jcache.version}</version>
- </dependency>
- <dependency>
- <groupId>org.ehcache</groupId>
- <artifactId>ehcache</artifactId>
- <version>${ehcache3.version}</version>
- </dependency>
- <dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-extension-providers</artifactId>
<version>${cxf.version}</version>
diff --git
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/PrivateKeyPasswordProviderImpl.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/PrivateKeyPasswordProviderImpl.java
index 9ad8a2d..51ca53d 100644
---
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/PrivateKeyPasswordProviderImpl.java
+++
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/PrivateKeyPasswordProviderImpl.java
@@ -20,7 +20,7 @@ package org.apache.cxf.fediz.service.oidc;
import java.util.Properties;
-import org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider;
+import org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider;
public class PrivateKeyPasswordProviderImpl implements
PrivateKeyPasswordProvider {
diff --git a/services/sts/src/main/resources/log4j.properties
b/services/sts/src/main/resources/log4j.properties
index 3c00256..87a741b 100644
--- a/services/sts/src/main/resources/log4j.properties
+++ b/services/sts/src/main/resources/log4j.properties
@@ -28,5 +28,5 @@ log4j.appender.AUDIT.File=${catalina.base}/logs/audit.log
log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd
log4j.appender.AUDIT.Append=true
log4j.appender.AUDIT.Threshold=DEBUG
-log4j.appender.AUDIT.layout=org.apache.cxf.sts.event.LoggerPatternLayoutLog4J
-log4j.appender.AUDIT.layout.ConversionPattern=%m%n
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout
+log4j.appender.AUDIT.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
diff --git
a/systests/cxf/src/test/java/org/apache/cxf/fediz/systests/cxf/FederationTest.java
b/systests/cxf/src/test/java/org/apache/cxf/fediz/systests/cxf/FederationTest.java
index 53817e7..3636a8a 100644
---
a/systests/cxf/src/test/java/org/apache/cxf/fediz/systests/cxf/FederationTest.java
+++
b/systests/cxf/src/test/java/org/apache/cxf/fediz/systests/cxf/FederationTest.java
@@ -56,7 +56,6 @@ public class FederationTest extends AbstractTests {
@BeforeClass
public static void init() throws Exception {
idpHttpsPort = System.getProperty("idp.https.port");
- // idpHttpsPort = "12345";
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
diff --git
a/systests/federation/oidcIdpWebapp/src/main/resources/logging.properties
b/systests/federation/oidcIdpWebapp/src/main/resources/logging.properties
index 20617fe..a173f06 100644
--- a/systests/federation/oidcIdpWebapp/src/main/resources/logging.properties
+++ b/systests/federation/oidcIdpWebapp/src/main/resources/logging.properties
@@ -15,7 +15,7 @@
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the WARNING and above levels.
-handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.ConsoleHandler
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
# Default global logging level.
diff --git
a/systests/federation/samlIdpWebapp/src/main/resources/logging.properties
b/systests/federation/samlIdpWebapp/src/main/resources/logging.properties
index 20617fe..a173f06 100644
--- a/systests/federation/samlIdpWebapp/src/main/resources/logging.properties
+++ b/systests/federation/samlIdpWebapp/src/main/resources/logging.properties
@@ -15,7 +15,7 @@
# Note that these classes must be on the system classpath.
# By default we only configure a ConsoleHandler, which will only
# show messages at the WARNING and above levels.
-handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.ConsoleHandler
#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
# Default global logging level.
diff --git a/systests/oidc/pom.xml b/systests/oidc/pom.xml
index 9752bf2..ec43b38 100644
--- a/systests/oidc/pom.xml
+++ b/systests/oidc/pom.xml
@@ -189,7 +189,7 @@
<configuration>
<outputDirectory>${project.build.directory}/tomcat/rp/webapps/fediz-oidc-tomcat/WEB-INF/lib</outputDirectory>
<includeScope>compile</includeScope>
-
<excludeGroupIds>org.springframework.security,org.apache.cxf.fediz,jakarta.xml.bind</excludeGroupIds>
+
<excludeGroupIds>org.springframework.security,org.apache.cxf.fediz,jakarta.xml.bind,javax.cache,org.ehcache</excludeGroupIds>
</configuration>
</execution>
<execution>
@@ -200,7 +200,7 @@
</goals>
<configuration>
<outputDirectory>${project.build.directory}/tomcat/rp/webapps/fediz-oidc-spring/WEB-INF/lib</outputDirectory>
- <includeScope>compile</includeScope>
+ <includeScope>compile</includeScope>
</configuration>
</execution>
</executions>
