[jboss-identity-commits] JBoss Identity SVN: r239 - in identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat: sp and 1 other directory.
jboss-identity-commits at lists.jboss.org
jboss-identity-commits at lists.jboss.org
Thu Jan 22 11:44:35 EST 2009
Author: anil.saldhana at jboss.com
Date: 2009-01-22 11:44:35 -0500 (Thu, 22 Jan 2009)
New Revision: 239
Removed:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java
Modified:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
Log:
logger fix
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-22 16:36:05 UTC (rev 238)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-22 16:44:35 UTC (rev 239)
@@ -58,7 +58,7 @@
*/
public class IDPRedirectValve extends ValveBase
{
- private static Logger log = Logger.getLogger(IDPRedirectValve.class);
+ protected static Logger log = null;
private RoleGenerator rg = new TomcatRoleGenerator();
@@ -75,6 +75,12 @@
{
this.identityURL = url;
}
+
+ public IDPRedirectValve()
+ {
+ super();
+ log = Logger.getLogger(IDPRedirectValve.class);
+ }
@Override
public void invoke(Request request, Response response) throws IOException, ServletException
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-01-22 16:36:05 UTC (rev 238)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-01-22 16:44:35 UTC (rev 239)
@@ -30,6 +30,7 @@
import java.security.PublicKey;
import org.apache.catalina.connector.Request;
+import org.apache.log4j.Logger;
import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
@@ -49,6 +50,20 @@
private String keyStorePass;
private KeyStore ks = null;
+
+ private boolean ignoreSignature = false;
+
+ public IDPRedirectWithSignatureValve()
+ {
+ super();
+ log = Logger.getLogger(IDPRedirectWithSignatureValve.class);
+ }
+
+ public void setIgnoreSignature(String val)
+ {
+ if(val != null && val.length() > 0)
+ this.ignoreSignature = Boolean.valueOf(val);
+ }
public void setKeyStore(String keyStore)
{
@@ -76,6 +91,12 @@
if( result == false)
return result;
+ if(this.ignoreSignature)
+ {
+ log.trace("Since signature is to be ignored, validation returns");
+ return true;
+ }
+
String queryString = request.getQueryString();
//Check if there is a signature
byte[] sigValue = RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-22 16:36:05 UTC (rev 238)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-22 16:44:35 UTC (rev 239)
@@ -58,7 +58,7 @@
*/
public class SPRedirectFormAuthenticator extends FormAuthenticator
{
- private static Logger log = Logger.getLogger(SPRedirectFormAuthenticator.class);
+ protected static Logger log = null;
private String serviceURL = null;
private String identityURL = null;
@@ -66,6 +66,12 @@
//Only important if you are deploying in JBoss environment
private JBossSubjectRegistration jbossRegistration = new DefaultJBossSubjectRegistration();
+ public SPRedirectFormAuthenticator()
+ {
+ super();
+ log = Logger.getLogger(SPRedirectFormAuthenticator.class);
+ }
+
public void setIdentityURL(String url)
{
this.identityURL = url;
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-01-22 16:36:05 UTC (rev 238)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-01-22 16:44:35 UTC (rev 239)
@@ -30,6 +30,7 @@
import java.security.PublicKey;
import org.apache.catalina.connector.Request;
+import org.apache.log4j.Logger;
import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
@@ -47,6 +48,12 @@
private String alias;
private String keyStorePass;
+ public SPRedirectSignatureFormAuthenticator()
+ {
+ super();
+ log = Logger.getLogger(SPRedirectSignatureFormAuthenticator.class);
+ }
+
public void setKeyStore(String keyStore)
{
this.keyStore = keyStore;
Deleted: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java 2009-01-22 16:36:05 UTC (rev 238)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java 2009-01-22 16:44:35 UTC (rev 239)
@@ -1,146 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.sp;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.Principal;
-
-import javax.servlet.ServletException;
-
-import org.apache.catalina.Session;
-import org.apache.catalina.authenticator.Constants;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.valves.ValveBase;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-
-/**
- * Valve at the Service Provider for the HTTP/Redirect binding
- * @author Anil.Saldhana at redhat.com
- * @since Dec 11, 2008
- */
-public class SPRedirectValve extends ValveBase
-{
- private static Logger log = Logger.getLogger(SPRedirectValve.class);
-
- private String serviceURL = null;
- private String identityURL = null;
-
- public void setIdentityURL(String url)
- {
- this.identityURL = url;
- }
-
- public void setServiceURL(String url)
- {
- this.serviceURL = url;
- }
-
- @Override
- public void invoke(Request request, Response response) throws IOException, ServletException
- {
- try
- {
- //Lets check if the user has been authenticated
- Principal userPrincipal = request.getUserPrincipal();
- if(userPrincipal == null)
- {
- String samlResponse = request.getParameter("SAMLResponse");
- if(samlResponse != null && samlResponse.length() > 0 )
- {
- //deal with saml response from IDP
- InputStream is = RedirectBindingUtil.urlBase64DeflateDecode(samlResponse);
-
- SAML2Response saml2Response = new SAML2Response();
-
- ResponseType responseType = saml2Response.getResponseType(is);
-
-
- SPUtil spUtil = new SPUtil();
- Principal idpPrincipal = spUtil.handleSAMLResponse(request, responseType);
-
- Session session = request.getSessionInternal(true);
- session.setNote(Constants.REQ_SSOID_NOTE, IDGenerator.create());
- request.setUserPrincipal(idpPrincipal);
- session.setPrincipal(idpPrincipal);
- }
- else
- {
- //create a saml request
- if(this.serviceURL == null)
- throw new ServletException("serviceURL is not configured");
-
- SPUtil spUtil = new SPUtil();
- SAML2Request saml2Request = new SAML2Request();
-
- AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL, identityURL);
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Request.marshall(authnRequest, baos);
-
- String base64Request = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
- String destination = authnRequest.getDestination() +
- getDestinationURL(base64Request, null);
- log.trace("Sending to destination="+destination);
- log.trace(" ");
-
- HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
- return;
- }
- }
- }
- catch(SecurityException e)
- {
- log.error("Security Exception:",e);
- response.sendError(Response.SC_FORBIDDEN);
- }
- catch(Exception e)
- {
- //TODO: send error via saml response status
- log.error("Exception:",e);
- response.sendError(Response.SC_INTERNAL_SERVER_ERROR, "Server Error");
- }
-
- //the user is already authenticated
- response.recycle();
- getNext().invoke(request, response);
- }
-
-
- protected String getDestinationURL(String urlEncodedRequest, String urlEncodedRelayState)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("SAMLRequest=").append(urlEncodedRequest);
- if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
- sb.append("&RelayState=").append(urlEncodedRelayState);
- return sb.toString();
- }
-}
\ No newline at end of file
More information about the jboss-identity-commits
mailing list