[seam-commits] Seam SVN: r13771 - in modules/security/trunk/external/src: main/java/org/jboss/seam/security/external/api and 14 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Tue Sep 21 08:35:04 EDT 2010
Author: marcelkolsteren
Date: 2010-09-21 08:35:01 -0400 (Tue, 21 Sep 2010)
New Revision: 13771
Added:
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/ContextualInstanceImpl.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/HashMapBeanStore.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueFilter.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueManagerImpl.java
Removed:
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/DialogueFilter.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/AfterDialogueActivation.java
Modified:
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHolderImpl.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/ResponseHolder.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserIdentityProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserServiceProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContext.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdProviderAuthenticationService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdProviderBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpAuthenticationService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServlet.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServlet.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleUser.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleUser.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdRelyingPartySpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContext.java
modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationManager.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/op/OpTestServlet.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/op/OpenIdProviderApplicationMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/rp/OpenIdRpApplicationMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/rp/RpTestServlet.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/idp/IdpTestServlet.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/idp/SamlIdpApplicationMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/sp/SamlSpApplicationMock.java
modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/sp/SpTestServlet.java
Log:
External authentication changes:
- Removed dependencies on Weld implementation classes
- Added HTTP servlet response parameters to API and SPI methods (previously the response was shared by means of a request scoped ResponseHolder bean)
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/DialogueFilter.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/DialogueFilter.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/DialogueFilter.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -1,86 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external;
-
-import java.io.IOException;
-
-import javax.inject.Inject;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletResponse;
-
-import org.jboss.seam.security.external.api.ResponseHolder;
-import org.jboss.seam.security.external.dialogues.DialogueManager;
-
- at WebFilter(filterName = "DialogueFilter", urlPatterns = "/*")
-public class DialogueFilter implements Filter
-{
- public final static String DIALOGUE_ID_PARAM = "dialogueId";
-
- @Inject
- private DialogueManager manager;
-
- @Inject
- private ResponseHolder responseHolder;
-
- public void init(FilterConfig filterConfig) throws ServletException
- {
- }
-
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
- {
- responseHolder.setResponse((HttpServletResponse) response);
-
- if (manager.isAttached())
- {
- manager.detachDialogue();
- }
-
- String dialogueId = request.getParameter(DIALOGUE_ID_PARAM);
-
- if (dialogueId != null)
- {
- if (!manager.isExistingDialogue(dialogueId))
- {
- ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "dialogue " + dialogueId + " does not exist");
- return;
- }
- manager.attachDialogue(dialogueId);
- }
-
- chain.doFilter(request, response);
-
- if (manager.isAttached())
- {
- manager.detachDialogue();
- }
- }
-
- public void destroy()
- {
- }
-}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHandler.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -5,8 +5,10 @@
import java.io.Writer;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
-import org.jboss.seam.security.external.api.ResponseHolder;
+import org.jboss.seam.security.external.dialogues.DialogueManager;
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
import org.jboss.seam.security.external.saml.SamlMessage;
import org.jboss.seam.security.external.saml.SamlPostMessage;
import org.jboss.seam.security.external.saml.SamlRedirectMessage;
@@ -18,9 +20,12 @@
public class ResponseHandler
{
@Inject
- private ResponseHolder responseHolder;
+ private DialogueManager dialogueManager;
- public void sendFormToUserAgent(String destination, SamlPostMessage message)
+ @Inject
+ private Dialogue dialogue;
+
+ public void sendFormToUserAgent(String destination, SamlPostMessage message, HttpServletResponse response)
{
String key = message.getRequestOrResponse().isRequest() ? SamlMessage.QSP_SAML_REQUEST : SamlMessage.QSP_SAML_RESPONSE;
@@ -47,16 +52,16 @@
}
builder.append("</FORM></BODY></HTML>");
- PrintWriter writer = getWriter();
+ PrintWriter writer = getWriter(response);
writer.print(builder.toString());
writer.flush();
}
- public void sendHttpRedirectToUserAgent(String url)
+ public void sendHttpRedirectToUserAgent(String url, HttpServletResponse response)
{
try
{
- responseHolder.getResponse().sendRedirect(url);
+ response.sendRedirect(url);
}
catch (IOException e)
{
@@ -64,17 +69,17 @@
}
}
- public void sendHttpRedirectToUserAgent(String location, SamlRedirectMessage redirectMessage)
+ public void sendHttpRedirectToUserAgent(String location, SamlRedirectMessage redirectMessage, HttpServletResponse response)
{
String url = location + "?" + redirectMessage.createQueryString();
- sendHttpRedirectToUserAgent(url);
+ sendHttpRedirectToUserAgent(url, response);
}
- public void sendError(int statusCode, String message)
+ public void sendError(int statusCode, String message, HttpServletResponse response)
{
try
{
- responseHolder.getResponse().sendError(statusCode, message);
+ response.sendError(statusCode, message);
}
catch (IOException e)
{
@@ -82,11 +87,11 @@
}
}
- private PrintWriter getWriter()
+ private PrintWriter getWriter(HttpServletResponse response)
{
try
{
- return responseHolder.getResponse().getWriter();
+ return response.getWriter();
}
catch (IOException e)
{
@@ -94,9 +99,19 @@
}
}
- public Writer getWriter(String mimeType)
+ public Writer getWriter(String mimeType, HttpServletResponse response)
{
- responseHolder.getResponse().setContentType(mimeType);
- return getWriter();
+ response.setContentType(mimeType);
+ return getWriter(response);
}
+
+ public ResponseHolderImpl createResponseHolder(HttpServletResponse response)
+ {
+ String dialogueId = null;
+ if (dialogueManager.isAttached())
+ {
+ dialogueId = dialogue.getDialogueId();
+ }
+ return new ResponseHolderImpl(response, dialogueId);
+ }
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHolderImpl.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHolderImpl.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/ResponseHolderImpl.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -21,27 +21,64 @@
*/
package org.jboss.seam.security.external;
-import javax.enterprise.context.RequestScoped;
+import java.io.IOException;
+
import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.api.ResponseHolder;
+import org.jboss.seam.security.external.dialogues.DialogueFilter;
/**
* @author Marcel Kolsteren
*
*/
- at RequestScoped
public class ResponseHolderImpl implements ResponseHolder
{
- private HttpServletResponse httpServletResponse;
+ private HttpServletResponse response;
+ private String dialogueId;
+
+ public ResponseHolderImpl(HttpServletResponse response, String dialogueId)
+ {
+ this.response = response;
+ this.dialogueId = dialogueId;
+ }
+
public HttpServletResponse getResponse()
{
- return httpServletResponse;
+ return response;
}
public void setResponse(HttpServletResponse response)
{
- httpServletResponse = response;
+ this.response = response;
}
+
+ public void redirectWithDialoguePropagation(String url)
+ {
+ if (dialogueId != null)
+ {
+ url = addDialogueIdToUrl(url);
+ }
+ String encodedUrl = response.encodeURL(url);
+ try
+ {
+ response.sendRedirect(encodedUrl);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public String addDialogueIdToUrl(String url)
+ {
+ String paramName = DialogueFilter.DIALOGUE_ID_PARAM;
+ int queryStringIndex = url.indexOf("?");
+ if (queryStringIndex < 0 || url.indexOf(paramName + "=", queryStringIndex) < 0)
+ {
+ url = new StringBuilder(url).append(queryStringIndex < 0 ? "?" : "&").append(paramName).append("=").append(dialogueId).toString();
+ }
+ return url;
+ }
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdProviderApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdProviderApi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdProviderApi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -24,17 +24,19 @@
import java.util.List;
import java.util.Map;
+import javax.servlet.http.HttpServletResponse;
+
/**
* @author Marcel Kolsteren
*
*/
public interface OpenIdProviderApi
{
- void authenticationSucceeded(String userName);
+ void authenticationSucceeded(String userName, HttpServletResponse response);
- void authenticationFailed();
+ void authenticationFailed(HttpServletResponse response);
- void setAttributes(Map<String, List<String>> attributeValues);
+ void setAttributes(Map<String, List<String>> attributeValues, HttpServletResponse response);
String getOpLocalIdentifierForUserName(String userName);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/OpenIdRelyingPartyApi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -23,6 +23,8 @@
import java.util.List;
+import javax.servlet.http.HttpServletResponse;
+
/**
* @author Marcel Kolsteren
*
@@ -37,5 +39,5 @@
* has an account)
* @param attributes attributes that are requested
*/
- void login(String identifier, List<OpenIdRequestedAttribute> attributes);
+ void login(String identifier, List<OpenIdRequestedAttribute> attributes, HttpServletResponse response);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/ResponseHolder.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/ResponseHolder.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/ResponseHolder.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -32,4 +32,8 @@
void setResponse(HttpServletResponse response);
HttpServletResponse getResponse();
+
+ void redirectWithDialoguePropagation(String url);
+
+ String addDialogueIdToUrl(String url);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlIdentityProviderApi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -23,6 +23,8 @@
import java.util.List;
+import javax.servlet.http.HttpServletResponse;
+
import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
import org.jboss.seam.security.external.spi.SamlIdentityProviderSpi;
@@ -61,7 +63,7 @@
* @param remoteUrl the URL where the user agent needs to be redirected to by
* the service provider (can be null)
*/
- void remoteLogin(String spEntityId, String remoteUrl);
+ void remoteLogin(String spEntityId, String remoteUrl, HttpServletResponse response);
/**
* This is one of the possible responses that relate to the SPI call
@@ -71,7 +73,7 @@
* service provider, using the local SAML session, which must have been
* established before this call is done.
*/
- void authenticationSucceeded();
+ void authenticationSucceeded(HttpServletResponse response);
/**
* This is one of the possible responses that relate to the SPI call
@@ -80,7 +82,7 @@
* identity provider to send a positive authentication result back to the
* service provider.
*/
- void authenticationFailed();
+ void authenticationFailed(HttpServletResponse response);
/**
* Gets the current SAML session. This contains information about the logged
@@ -106,5 +108,5 @@
* participate in the current session. The result of the global logout is
* reported asynchronously through the SPI.
*/
- void globalLogout();
+ void globalLogout(HttpServletResponse response);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserIdentityProviderApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserIdentityProviderApi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserIdentityProviderApi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -24,6 +24,8 @@
import java.util.List;
import java.util.Set;
+import javax.servlet.http.HttpServletResponse;
+
import org.jboss.seam.security.external.jaxb.samlv2.assertion.AttributeType;
import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
@@ -33,17 +35,17 @@
*/
public interface SamlMultiUserIdentityProviderApi
{
- void authenticationSucceeded(SamlIdpSession session);
+ void authenticationSucceeded(SamlIdpSession session, HttpServletResponse response);
- void authenticationFailed();
+ void authenticationFailed(HttpServletResponse response);
Set<SamlIdpSession> getSessions();
SamlIdpSession localLogin(SamlNameId nameId, List<AttributeType> attributes);
- void remoteLogin(String spEntityId, SamlIdpSession session, String remoteUrl);
+ void remoteLogin(String spEntityId, SamlIdpSession session, String remoteUrl, HttpServletResponse response);
void localLogout(SamlIdpSession session);
- void globalLogout(SamlIdpSession session);
+ void globalLogout(SamlIdpSession session, HttpServletResponse response);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserServiceProviderApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserServiceProviderApi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlMultiUserServiceProviderApi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -23,6 +23,8 @@
import java.util.Set;
+import javax.servlet.http.HttpServletResponse;
+
import org.jboss.seam.security.external.saml.sp.SamlSpSession;
/**
@@ -31,11 +33,11 @@
*/
public interface SamlMultiUserServiceProviderApi
{
- public void login(String idpEntityId);
+ public void login(String idpEntityId, HttpServletResponse response);
public void localLogout(SamlSpSession session);
- public void globalLogout(SamlSpSession session);
+ public void globalLogout(SamlSpSession session, HttpServletResponse response);
public Set<SamlSpSession> getSessions();
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/api/SamlServiceProviderApi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -21,6 +21,8 @@
*/
package org.jboss.seam.security.external.api;
+import javax.servlet.http.HttpServletResponse;
+
import org.jboss.seam.security.external.dialogues.api.Dialogued;
import org.jboss.seam.security.external.saml.sp.SamlSpInApplicationScopeProducer;
import org.jboss.seam.security.external.saml.sp.SamlSpInVirtualApplicationScopeProducer;
@@ -76,7 +78,7 @@
*
* @param idpEntityId
*/
- public void login(String idpEntityId);
+ public void login(String idpEntityId, HttpServletResponse response);
/**
* <p>
@@ -105,7 +107,7 @@
* active when the SPI method is called. This allows the API client to store
* state information in the dialogue.
*/
- public void globalLogout();
+ public void globalLogout(HttpServletResponse response);
/**
* Gets the current session (login). If there is no active session, null is
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/ContextualInstanceImpl.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/ContextualInstanceImpl.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/ContextualInstanceImpl.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.contexts;
+
+import javax.enterprise.context.spi.Contextual;
+import javax.enterprise.context.spi.CreationalContext;
+
+import org.jboss.weld.context.api.ContextualInstance;
+
+public class ContextualInstanceImpl<T> implements ContextualInstance<T>
+{
+ private Contextual<T> contextual;
+
+ private CreationalContext<T> creationalContext;
+
+ private T instance;
+
+ public ContextualInstanceImpl(Contextual<T> contextual, CreationalContext<T> creationalContext, T instance)
+ {
+ this.contextual = contextual;
+ this.creationalContext = creationalContext;
+ this.instance = instance;
+ }
+
+ public Contextual<T> getContextual()
+ {
+ return contextual;
+ }
+
+ public CreationalContext<T> getCreationalContext()
+ {
+ return creationalContext;
+ }
+
+ public T getInstance()
+ {
+ return instance;
+ }
+
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/ContextualInstanceImpl.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Added: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/HashMapBeanStore.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/HashMapBeanStore.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/HashMapBeanStore.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -0,0 +1,75 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.contexts;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.enterprise.context.spi.Contextual;
+
+import org.jboss.weld.context.api.ContextualInstance;
+
+/**
+ * Non-serializable bean store, based on a hash map. This bean store should not
+ * be used for passivating scopes!
+ *
+ * @author Marcel Kolsteren
+ *
+ */
+public class HashMapBeanStore
+{
+ private static final long serialVersionUID = -8676730520345382886L;
+
+ protected Map<Contextual<?>, ContextualInstance<? extends Object>> contextualInstanceMap;
+
+ public HashMapBeanStore()
+ {
+ contextualInstanceMap = new HashMap<Contextual<?>, ContextualInstance<? extends Object>>();
+ }
+
+ public <T extends Object> ContextualInstance<T> get(Contextual<T> contextual)
+ {
+ @SuppressWarnings("unchecked")
+ ContextualInstance<T> instance = (ContextualInstance<T>) contextualInstanceMap.get(contextual);
+ return instance;
+ }
+
+ private <T> void destroy(Contextual<T> contextual)
+ {
+ ContextualInstance<T> beanInstance = get(contextual);
+ beanInstance.getContextual().destroy(beanInstance.getInstance(), beanInstance.getCreationalContext());
+ }
+
+ public void clear()
+ {
+ for (Contextual<?> contextual : contextualInstanceMap.keySet())
+ {
+ destroy(contextual);
+ }
+ contextualInstanceMap.clear();
+ }
+
+ public <T> void put(Contextual<T> contextual, ContextualInstance<T> beanInstance)
+ {
+ contextualInstanceMap.put(contextual, beanInstance);
+ }
+}
Property changes on: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/contexts/HashMapBeanStore.java
___________________________________________________________________
Name: svn
+ eol-style=native
Name: svn:keywords
+ Revision Author Date
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContext.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContext.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContext.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -21,46 +21,51 @@
*/
package org.jboss.seam.security.external.dialogues;
+import java.lang.annotation.Annotation;
import java.util.UUID;
+import javax.enterprise.context.ContextNotActiveException;
+import javax.enterprise.context.spi.Context;
+import javax.enterprise.context.spi.Contextual;
+import javax.enterprise.context.spi.CreationalContext;
import javax.servlet.ServletContext;
+import org.jboss.seam.security.external.contexts.ContextualInstanceImpl;
+import org.jboss.seam.security.external.contexts.HashMapBeanStore;
import org.jboss.seam.security.external.dialogues.api.DialogueScoped;
-import org.jboss.weld.context.AbstractMapContext;
-import org.jboss.weld.context.api.BeanStore;
-import org.jboss.weld.context.beanstore.HashMapBeanStore;
+import org.jboss.weld.context.api.ContextualInstance;
/**
* @author Marcel Kolsteren
*
*/
-public class DialogueContext extends AbstractMapContext
+public class DialogueContext implements Context
{
private static final String BEAN_STORE_ATTRIBUTE_NAME_PREFIX = "DialogueContextBeanStore";
+
private ServletContext servletContext;
+
private final ThreadLocal<String> dialogueIdThreadLocal;
public DialogueContext()
{
- super(DialogueScoped.class);
dialogueIdThreadLocal = new ThreadLocal<String>();
}
- @Override
- protected BeanStore getBeanStore()
+ protected HashMapBeanStore getBeanStore()
{
return getBeanStore(dialogueIdThreadLocal.get());
}
- private BeanStore getBeanStore(String dialogueId)
+ private HashMapBeanStore getBeanStore(String dialogueId)
{
- BeanStore beanStore = (BeanStore) servletContext.getAttribute(getAttributeName(dialogueId));
+ HashMapBeanStore beanStore = (HashMapBeanStore) servletContext.getAttribute(getAttributeName(dialogueId));
return beanStore;
}
private void createBeanStore(String dialogueId)
{
- BeanStore beanStore = new HashMapBeanStore();
+ HashMapBeanStore beanStore = new HashMapBeanStore();
servletContext.setAttribute(getAttributeName(dialogueId), beanStore);
}
@@ -74,13 +79,6 @@
return BEAN_STORE_ATTRIBUTE_NAME_PREFIX + "_" + dialogueId;
}
- @Override
- protected boolean isCreationLockRequired()
- {
- // TODO: find out whether the creation lock is required
- return false;
- }
-
public void initialize(ServletContext servletContext)
{
this.servletContext = servletContext;
@@ -107,15 +105,14 @@
this.dialogueIdThreadLocal.set(dialogueId);
createBeanStore(dialogueId);
- setActive(true);
return dialogueId;
}
public void remove()
{
+ getBeanStore().clear();
removeBeanStore(this.dialogueIdThreadLocal.get());
this.dialogueIdThreadLocal.set(null);
- setActive(false);
}
public boolean isExistingDialogue(String dialogueId)
@@ -124,7 +121,7 @@
}
/**
- * Attaches an existing request to the current thread
+ * Attaches an existing dialogue to the current thread
*
* @param dialogueIdThreadLocal
*/
@@ -139,20 +136,60 @@
throw new RuntimeException("There is no active context with request id " + dialogueId);
}
this.dialogueIdThreadLocal.set(dialogueId);
- setActive(true);
}
/**
- * Detaches the request from the current thread
+ * Detaches the dialogue from the current thread
*/
public void detach()
{
this.dialogueIdThreadLocal.set(null);
- setActive(false);
}
public boolean isAttached()
{
return dialogueIdThreadLocal.get() != null;
}
+
+ public <T> T get(Contextual<T> contextual, CreationalContext<T> creationalContext)
+ {
+ if (!isActive())
+ {
+ throw new ContextNotActiveException();
+ }
+ ContextualInstance<T> beanInstance = getBeanStore().get(contextual);
+ if (beanInstance != null)
+ {
+ return beanInstance.getInstance();
+ }
+ else if (creationalContext != null)
+ {
+ T instance = contextual.create(creationalContext);
+ if (instance != null)
+ {
+ beanInstance = new ContextualInstanceImpl<T>(contextual, creationalContext, instance);
+ getBeanStore().put(contextual, beanInstance);
+ }
+ return instance;
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+ public <T> T get(Contextual<T> contextual)
+ {
+ return get(contextual, null);
+ }
+
+ public Class<? extends Annotation> getScope()
+ {
+ return DialogueScoped.class;
+ }
+
+ public boolean isActive()
+ {
+ return dialogueIdThreadLocal.get() != null;
+ }
}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -1,99 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.dialogues;
-
-import javax.enterprise.event.Observes;
-import javax.enterprise.inject.Instance;
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.servlet.ServletContextEvent;
-
-import org.jboss.seam.security.external.dialogues.api.AfterDialogueActivation;
-import org.jboss.seam.security.external.dialogues.api.Dialogue;
-import org.jboss.seam.servlet.event.qualifier.Destroyed;
-import org.jboss.seam.servlet.event.qualifier.Initialized;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public class DialogueContextManagerImpl implements DialogueManager
-{
- @Inject
- private DialogueContextExtension dialogueContextExtension;
-
- @Inject
- private Instance<Dialogue> dialogue;
-
- @Inject
- private BeanManager beanManager;
-
- protected void servletInitialized(@Observes @Initialized final ServletContextEvent e)
- {
- dialogueContextExtension.getDialogueContext().initialize(e.getServletContext());
- }
-
- protected void servletDestroyed(@Observes @Destroyed final ServletContextEvent e)
- {
- dialogueContextExtension.getDialogueContext().destroy();
- }
-
- public void beginDialogue()
- {
- String dialogueId = dialogueContextExtension.getDialogueContext().create();
- dialogue.get().setDialogueId(dialogueId);
- beanManager.fireEvent(new AfterDialogueActivation());
- }
-
- public void endDialogue()
- {
- dialogueContextExtension.getDialogueContext().remove();
- }
-
- public void attachDialogue(String requestId)
- {
- dialogueContextExtension.getDialogueContext().attach(requestId);
- beanManager.fireEvent(new AfterDialogueActivation());
- }
-
- public void detachDialogue()
- {
- if (dialogue.get().isFinished())
- {
- endDialogue();
- }
- else
- {
- dialogueContextExtension.getDialogueContext().detach();
- }
- }
-
- public boolean isExistingDialogue(String dialogueId)
- {
- return dialogueContextExtension.getDialogueContext().isExistingDialogue(dialogueId);
- }
-
- public boolean isAttached()
- {
- return dialogueContextExtension.getDialogueContext().isAttached();
- }
-}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueFilter.java (from rev 13767, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/DialogueFilter.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueFilter.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueFilter.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletResponse;
+
+ at WebFilter(filterName = "DialogueFilter", urlPatterns = "/*")
+public class DialogueFilter implements Filter
+{
+ public final static String DIALOGUE_ID_PARAM = "dialogueId";
+
+ @Inject
+ private DialogueManager manager;
+
+ public void init(FilterConfig filterConfig) throws ServletException
+ {
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
+ {
+ if (manager.isAttached())
+ {
+ manager.detachDialogue();
+ }
+
+ String dialogueId = request.getParameter(DIALOGUE_ID_PARAM);
+
+ if (dialogueId != null)
+ {
+ if (!manager.isExistingDialogue(dialogueId))
+ {
+ ((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "dialogue " + dialogueId + " does not exist");
+ return;
+ }
+ manager.attachDialogue(dialogueId);
+ }
+
+ chain.doFilter(request, response);
+
+ if (manager.isAttached())
+ {
+ manager.detachDialogue();
+ }
+ }
+
+ public void destroy()
+ {
+ }
+}
Copied: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueManagerImpl.java (from rev 13764, modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueContextManagerImpl.java)
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueManagerImpl.java (rev 0)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/DialogueManagerImpl.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2010, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.seam.security.external.dialogues;
+
+import javax.enterprise.event.Observes;
+import javax.enterprise.inject.Instance;
+import javax.inject.Inject;
+import javax.servlet.ServletContextEvent;
+
+import org.jboss.seam.security.external.dialogues.api.Dialogue;
+import org.jboss.seam.servlet.event.qualifier.Destroyed;
+import org.jboss.seam.servlet.event.qualifier.Initialized;
+
+/**
+ * @author Marcel Kolsteren
+ *
+ */
+public class DialogueManagerImpl implements DialogueManager
+{
+ @Inject
+ private DialogueContextExtension dialogueContextExtension;
+
+ @Inject
+ private Instance<Dialogue> dialogue;
+
+ public void servletInitialized(@Observes @Initialized final ServletContextEvent e)
+ {
+ dialogueContextExtension.getDialogueContext().initialize(e.getServletContext());
+ }
+
+ public void servletDestroyed(@Observes @Destroyed final ServletContextEvent e)
+ {
+ dialogueContextExtension.getDialogueContext().destroy();
+ }
+
+ public void beginDialogue()
+ {
+ String dialogueId = dialogueContextExtension.getDialogueContext().create();
+ dialogue.get().setDialogueId(dialogueId);
+ }
+
+ public void endDialogue()
+ {
+ dialogueContextExtension.getDialogueContext().remove();
+ }
+
+ public void attachDialogue(String requestId)
+ {
+ dialogueContextExtension.getDialogueContext().attach(requestId);
+ }
+
+ public void detachDialogue()
+ {
+ if (dialogue.get().isFinished())
+ {
+ endDialogue();
+ }
+ else
+ {
+ dialogueContextExtension.getDialogueContext().detach();
+ }
+ }
+
+ public boolean isExistingDialogue(String dialogueId)
+ {
+ return dialogueContextExtension.getDialogueContext().isExistingDialogue(dialogueId);
+ }
+
+ public boolean isAttached()
+ {
+ return dialogueContextExtension.getDialogueContext().isAttached();
+ }
+}
Deleted: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/AfterDialogueActivation.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/AfterDialogueActivation.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/dialogues/api/AfterDialogueActivation.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -1,31 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2010, Red Hat, Inc., and individual contributors
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.seam.security.external.dialogues.api;
-
-/**
- * @author Marcel Kolsteren
- *
- */
-public class AfterDialogueActivation
-{
-
-}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdProviderAuthenticationService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdProviderAuthenticationService.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdProviderAuthenticationService.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -30,6 +30,7 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.InvalidRequestException;
import org.jboss.seam.security.external.ResponseHandler;
@@ -75,18 +76,18 @@
@Inject
private Instance<OpenIdProviderBean> opBean;
- public void handleIncomingMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ public void handleIncomingMessage(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
{
ParameterList parameterList = new ParameterList(httpRequest.getParameterMap());
String mode = parameterList.getParameterValue("openid.mode");
- Message response;
+ Message associationResponse;
if ("associate".equals(mode))
{
- response = openIdServerManager.get().associationResponse(parameterList);
- writeMessageToResponse(response);
+ associationResponse = openIdServerManager.get().associationResponse(parameterList);
+ writeMessageToResponse(associationResponse, httpResponse);
}
else if ("checkid_setup".equals(mode) || "checkid_immediate".equals(mode))
{
@@ -133,30 +134,30 @@
if (opLocalIdentifier.equals(AuthRequest.SELECT_ID))
{
- openIdProviderSpi.get().authenticate(realm, null, immediate);
+ openIdProviderSpi.get().authenticate(realm, null, immediate, responseHandler.createResponseHolder(httpResponse));
}
else
{
String userName = opBean.get().getUserNameFromOpLocalIdentifier(opLocalIdentifier);
- openIdProviderSpi.get().authenticate(realm, userName, immediate);
+ openIdProviderSpi.get().authenticate(realm, userName, immediate, responseHandler.createResponseHolder(httpResponse));
}
}
else
{
- response = DirectError.createDirectError("Invalid request; claimed_id or identity attribute is missing");
- writeMessageToResponse(response);
+ associationResponse = DirectError.createDirectError("Invalid request; claimed_id or identity attribute is missing");
+ writeMessageToResponse(associationResponse, httpResponse);
}
dialogueManager.detachDialogue();
}
else if ("check_authentication".equals(mode))
{
- response = openIdServerManager.get().verify(parameterList);
- writeMessageToResponse(response);
+ associationResponse = openIdServerManager.get().verify(parameterList);
+ writeMessageToResponse(associationResponse, httpResponse);
}
else
{
- response = DirectError.createDirectError("Unknown request");
- writeMessageToResponse(response);
+ associationResponse = DirectError.createDirectError("Unknown request");
+ writeMessageToResponse(associationResponse, httpResponse);
}
}
@@ -176,7 +177,7 @@
}
}
- public void sendAuthenticationResponse(boolean authenticationSuccesful, Map<String, List<String>> attributeValues)
+ public void sendAuthenticationResponse(boolean authenticationSuccesful, Map<String, List<String>> attributeValues, HttpServletResponse response)
{
ParameterList parameterList = openIdProviderRequest.get().getParameterList();
String userName = openIdProviderRequest.get().getUserName();
@@ -187,11 +188,11 @@
claimedIdentifier = opLocalIdentifier;
}
- Message response = openIdServerManager.get().authResponse(parameterList, opLocalIdentifier, claimedIdentifier, authenticationSuccesful);
+ Message authResponse = openIdServerManager.get().authResponse(parameterList, opLocalIdentifier, claimedIdentifier, authenticationSuccesful);
if (response instanceof DirectError)
{
- writeMessageToResponse(response);
+ writeMessageToResponse(authResponse, response);
}
else
{
@@ -200,7 +201,7 @@
try
{
FetchResponse fetchResponse = FetchResponse.createFetchResponse(openIdProviderRequest.get().getFetchRequest(), attributeValues);
- response.addExtension(fetchResponse);
+ authResponse.addExtension(fetchResponse);
}
catch (MessageException e)
{
@@ -211,8 +212,8 @@
// caller will need to decide which of the following to use:
// option1: GET HTTP-redirect to the return_to URL
- String destinationUrl = response.getDestinationUrl(true);
- responseHandler.sendHttpRedirectToUserAgent(destinationUrl);
+ String destinationUrl = authResponse.getDestinationUrl(true);
+ responseHandler.sendHttpRedirectToUserAgent(destinationUrl, response);
// option2: HTML FORM Redirection
// RequestDispatcher dispatcher =
@@ -227,9 +228,9 @@
dialogue.get().setFinished(true);
}
- private void writeMessageToResponse(Message message)
+ private void writeMessageToResponse(Message message, HttpServletResponse response)
{
- Writer writer = responseHandler.getWriter("text/plain");
+ Writer writer = responseHandler.getWriter("text/plain", response);
try
{
writer.append(message.keyValueFormEncoding());
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdProviderBean.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdProviderBean.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdProviderBean.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -31,12 +31,14 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import org.jboss.seam.security.external.EntityBean;
import org.jboss.seam.security.external.JaxbContext;
+import org.jboss.seam.security.external.ResponseHandler;
import org.jboss.seam.security.external.api.OpenIdProviderApi;
import org.jboss.seam.security.external.api.OpenIdProviderConfigurationApi;
import org.jboss.seam.security.external.dialogues.api.Dialogued;
@@ -72,6 +74,9 @@
@JaxbContext(ObjectFactory.class)
private JAXBContext jaxbContext;
+ @Inject
+ private ResponseHandler responseHandler;
+
public String getServiceURL(OpenIdService service)
{
String path = servletContext.getContextPath() + "/openid/OP/" + service.getName();
@@ -210,28 +215,28 @@
}
@Dialogued(join = true)
- public void authenticationFailed()
+ public void authenticationFailed(HttpServletResponse response)
{
- openIdSingleLoginSender.sendAuthenticationResponse(false, null);
+ openIdSingleLoginSender.sendAuthenticationResponse(false, null, response);
}
@Dialogued(join = true)
- public void authenticationSucceeded(String userName)
+ public void authenticationSucceeded(String userName, HttpServletResponse response)
{
openIdProviderRequest.get().setUserName(userName);
if (openIdProviderRequest.get().getRequestedAttributes() == null)
{
- openIdSingleLoginSender.sendAuthenticationResponse(true, null);
+ openIdSingleLoginSender.sendAuthenticationResponse(true, null, response);
}
else
{
- openIdProviderSpi.get().fetchParameters(openIdProviderRequest.get().getRequestedAttributes());
+ openIdProviderSpi.get().fetchParameters(openIdProviderRequest.get().getRequestedAttributes(), responseHandler.createResponseHolder(response));
}
}
@Dialogued(join = true)
- public void setAttributes(Map<String, List<String>> attributeValues)
+ public void setAttributes(Map<String, List<String>> attributeValues, HttpServletResponse response)
{
- openIdSingleLoginSender.sendAuthenticationResponse(true, attributeValues);
+ openIdSingleLoginSender.sendAuthenticationResponse(true, attributeValues, response);
}
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpAuthenticationService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpAuthenticationService.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpAuthenticationService.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -34,7 +34,6 @@
import org.jboss.seam.security.external.ResponseHandler;
import org.jboss.seam.security.external.api.OpenIdPrincipal;
import org.jboss.seam.security.external.api.OpenIdRequestedAttribute;
-import org.jboss.seam.security.external.dialogues.DialogueManager;
import org.jboss.seam.security.external.dialogues.api.Dialogue;
import org.jboss.seam.security.external.dialogues.api.Dialogued;
import org.jboss.seam.security.external.spi.OpenIdRelyingPartySpi;
@@ -78,16 +77,13 @@
@Inject
private Instance<Dialogue> dialogue;
- @Inject
- private DialogueManager dialogueManager;
-
- public void handleIncomingMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ public void handleIncomingMessage(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws InvalidRequestException
{
try
{
// extract the parameters from the authentication response
// (which comes in as a HTTP request from the OpenID provider)
- ParameterList response = new ParameterList(httpRequest.getParameterMap());
+ ParameterList parameterList = new ParameterList(httpRequest.getParameterMap());
// retrieve the previously stored discovery information
DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
@@ -100,7 +96,7 @@
// verify the response; ConsumerManager needs to be the same
// (static) instance used to place the authentication request
- VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), response, discovered);
+ VerificationResult verification = openIdConsumerManager.verify(receivingURL.toString(), parameterList, discovered);
// examine the verification result and extract the verified identifier
Identifier identifier = verification.getVerifiedId();
@@ -120,16 +116,16 @@
OpenIdPrincipal principal = createPrincipal(identifier.getIdentifier(), discovered.getOPEndpoint(), attributeValues);
- openIdRelyingPartySpi.get().loginSucceeded(principal);
+ openIdRelyingPartySpi.get().loginSucceeded(principal, responseHandler.createResponseHolder(httpResponse));
}
else
{
- openIdRelyingPartySpi.get().loginFailed(verification.getStatusMsg());
+ openIdRelyingPartySpi.get().loginFailed(verification.getStatusMsg(), responseHandler.createResponseHolder(httpResponse));
}
}
catch (OpenIDException e)
{
- responseHandler.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ responseHandler.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage(), httpResponse);
return;
}
@@ -137,7 +133,7 @@
}
@Dialogued(join = true)
- public void sendAuthRequest(String openId, List<OpenIdRequestedAttribute> attributes)
+ public void sendAuthRequest(String openId, List<OpenIdRequestedAttribute> attributes, HttpServletResponse response)
{
try
{
@@ -166,12 +162,12 @@
String url = authReq.getDestinationUrl(true);
- responseHandler.sendHttpRedirectToUserAgent(url);
+ responseHandler.sendHttpRedirectToUserAgent(url, response);
}
catch (OpenIDException e)
{
log.warn("Authentication failed", e);
- openIdRelyingPartySpi.get().loginFailed(e.getMessage());
+ openIdRelyingPartySpi.get().loginFailed(e.getMessage(), responseHandler.createResponseHolder(response));
}
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpBean.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpBean.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpBean.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -26,6 +26,7 @@
import javax.inject.Inject;
import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
@@ -61,9 +62,9 @@
private JAXBContext jaxbContext;
@Dialogued(join = true)
- public void login(String identifier, List<OpenIdRequestedAttribute> attributes)
+ public void login(String identifier, List<OpenIdRequestedAttribute> attributes, HttpServletResponse response)
{
- openIdSingleLoginSender.sendAuthRequest(identifier, attributes);
+ openIdSingleLoginSender.sendAuthRequest(identifier, attributes, response);
}
public String getServiceURL(OpenIdService service)
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServlet.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServlet.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/openid/OpenIdServlet.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -34,7 +34,6 @@
import org.jboss.seam.security.external.InvalidRequestException;
import org.jboss.seam.security.external.ResponseHandler;
-import org.jboss.seam.security.external.api.ResponseHolder;
import org.slf4j.Logger;
/**
@@ -49,9 +48,6 @@
private Logger log;
@Inject
- private ResponseHolder responseHolder;
-
- @Inject
private ResponseHandler responseHandler;
@Inject
@@ -82,8 +78,7 @@
{
try
{
- responseHolder.setResponse(response);
- handleMessage(request);
+ handleMessage(request, response);
}
catch (InvalidRequestException e)
{
@@ -95,13 +90,13 @@
}
}
- private void handleMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ private void handleMessage(HttpServletRequest httpRequest, HttpServletResponse response) throws InvalidRequestException
{
Matcher matcher = Pattern.compile("/(OP|RP)/([^/]*?)$").matcher(httpRequest.getRequestURI());
boolean found = matcher.find();
if (!found)
{
- responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.");
+ responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.", response);
return;
}
OpenIdProviderOrRelyingParty opOrRp = OpenIdProviderOrRelyingParty.valueOf(matcher.group(1));
@@ -109,7 +104,7 @@
if (service == null)
{
- responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.");
+ responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.", response);
return;
}
@@ -118,21 +113,21 @@
case OPEN_ID_SERVICE:
if (opOrRp == OpenIdProviderOrRelyingParty.OP)
{
- openIdProviderAuthenticationService.handleIncomingMessage(httpRequest);
+ openIdProviderAuthenticationService.handleIncomingMessage(httpRequest, response);
}
else
{
- openIdRpAuthenticationService.handleIncomingMessage(httpRequest);
+ openIdRpAuthenticationService.handleIncomingMessage(httpRequest, response);
}
break;
case XRDS_SERVICE:
if (opOrRp == OpenIdProviderOrRelyingParty.OP)
{
- opBean.get().writeOpIdentifierXrds(responseHandler.getWriter("application/xrds+xml"));
+ opBean.get().writeOpIdentifierXrds(responseHandler.getWriter("application/xrds+xml", response));
}
else
{
- rpBean.get().writeRpXrds(responseHandler.getWriter("application/xrds+xml"));
+ rpBean.get().writeRpXrds(responseHandler.getWriter("application/xrds+xml", response));
}
break;
default:
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageReceiver.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -31,6 +31,7 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
@@ -103,7 +104,7 @@
@JaxbContext( { RequestAbstractType.class, StatusResponseType.class })
private JAXBContext jaxbContext;
- public void handleIncomingSamlMessage(SamlServiceType service, HttpServletRequest httpRequest, SamlIdpOrSp idpOrSp) throws InvalidRequestException
+ public void handleIncomingSamlMessage(SamlServiceType service, HttpServletRequest httpRequest, HttpServletResponse httpResponse, SamlIdpOrSp idpOrSp) throws InvalidRequestException
{
String samlRequestParam = httpRequest.getParameter(SamlRedirectMessage.QSP_SAML_REQUEST);
String samlResponseParam = httpRequest.getParameter(SamlRedirectMessage.QSP_SAML_RESPONSE);
@@ -248,11 +249,11 @@
{
if (samlRequestOrResponse.isRequest())
{
- samlIdpSingleSignOnService.processSPRequest(httpRequest, samlRequestMessage);
+ samlIdpSingleSignOnService.processSPRequest(httpRequest, httpResponse, samlRequestMessage);
}
else
{
- samlSpSingleSignOnService.processIDPResponse(httpRequest, samlResponseMessage);
+ samlSpSingleSignOnService.processIDPResponse(httpRequest, httpResponse, samlResponseMessage);
}
}
else
@@ -261,22 +262,22 @@
{
if (idpOrSp == SamlIdpOrSp.IDP)
{
- samlIdpSingleLogoutService.processSPRequest(httpRequest, samlRequestMessage);
+ samlIdpSingleLogoutService.processSPRequest(httpRequest, httpResponse, samlRequestMessage);
}
else
{
- samlSpSingleLogoutService.processIDPRequest(httpRequest, samlRequestMessage);
+ samlSpSingleLogoutService.processIDPRequest(httpRequest, httpResponse, samlRequestMessage);
}
}
else
{
if (idpOrSp == SamlIdpOrSp.IDP)
{
- samlIdpSingleLogoutService.processSPResponse(httpRequest, samlResponseMessage);
+ samlIdpSingleLogoutService.processSPResponse(httpRequest, httpResponse, samlResponseMessage);
}
else
{
- samlSpSingleLogoutService.processIDPResponse(httpRequest, samlResponseMessage);
+ samlSpSingleLogoutService.processIDPResponse(httpRequest, httpResponse, samlResponseMessage);
}
}
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlMessageSender.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -33,6 +33,7 @@
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.Binder;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
@@ -85,7 +86,7 @@
@Inject
private Instance<SamlDialogue> samlDialogue;
- public void sendRequest(SamlExternalEntity samlProvider, SamlProfile profile, RequestAbstractType samlRequest)
+ public void sendRequest(SamlExternalEntity samlProvider, SamlProfile profile, RequestAbstractType samlRequest, HttpServletResponse response)
{
Document message = null;
@@ -132,10 +133,10 @@
throw new RuntimeException(e);
}
- sendMessage(samlProvider, message, SamlRequestOrResponse.REQUEST, endpoint);
+ sendMessage(samlProvider, message, SamlRequestOrResponse.REQUEST, endpoint, response);
}
- public void sendResponse(SamlExternalEntity samlProvider, StatusResponseType samlResponse, SamlProfile profile)
+ public void sendResponse(SamlExternalEntity samlProvider, StatusResponseType samlResponse, SamlProfile profile, HttpServletResponse response)
{
Document message = null;
@@ -176,7 +177,7 @@
throw new RuntimeException(e);
}
- sendMessage(samlDialogue.get().getExternalProvider(), message, SamlRequestOrResponse.RESPONSE, endpoint);
+ sendMessage(samlDialogue.get().getExternalProvider(), message, SamlRequestOrResponse.RESPONSE, endpoint, response);
}
public SamlEndpoint getEndpoint(SamlService service)
@@ -194,7 +195,7 @@
return endpoint;
}
- private void sendMessage(SamlExternalEntity samlProvider, Document message, SamlRequestOrResponse samlRequestOrResponse, SamlEndpoint endpoint)
+ private void sendMessage(SamlExternalEntity samlProvider, Document message, SamlRequestOrResponse samlRequestOrResponse, SamlEndpoint endpoint, HttpServletResponse response)
{
if (log.isDebugEnabled())
{
@@ -239,7 +240,7 @@
{
privateKey = samlEntityBean.get().getSigningKey().getPrivateKey();
}
- sendSamlRedirect(base64EncodedResponse, signMessage, samlRequestOrResponse, privateKey, endpoint);
+ sendSamlRedirect(base64EncodedResponse, signMessage, samlRequestOrResponse, privateKey, endpoint, response);
}
else
{
@@ -257,7 +258,7 @@
samlPostMessage.setRequestOrResponse(samlRequestOrResponse);
samlPostMessage.setSamlMessage(base64EncodedMessage);
samlPostMessage.setRelayState(samlDialogue.get().getExternalProviderRelayState());
- responseHandler.sendFormToUserAgent(endpoint.getLocation(), samlPostMessage);
+ responseHandler.sendFormToUserAgent(endpoint.getLocation(), samlPostMessage, response);
}
}
catch (IOException e)
@@ -266,7 +267,7 @@
}
}
- private void sendSamlRedirect(String base64EncodedSamlMessage, boolean sign, SamlRequestOrResponse samlRequestOrResponse, PrivateKey signingKey, SamlEndpoint endpoint)
+ private void sendSamlRedirect(String base64EncodedSamlMessage, boolean sign, SamlRequestOrResponse samlRequestOrResponse, PrivateKey signingKey, SamlEndpoint endpoint, HttpServletResponse response)
{
SamlRedirectMessage redirectMessage = new SamlRedirectMessage();
@@ -295,7 +296,7 @@
redirectMessage.setSamlMessage(base64EncodedSamlMessage);
}
- responseHandler.sendHttpRedirectToUserAgent(endpoint.getLocation(), redirectMessage);
+ responseHandler.sendHttpRedirectToUserAgent(endpoint.getLocation(), redirectMessage, response);
}
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServlet.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServlet.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/SamlServlet.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -34,7 +34,6 @@
import org.jboss.seam.security.external.InvalidRequestException;
import org.jboss.seam.security.external.ResponseHandler;
-import org.jboss.seam.security.external.api.ResponseHolder;
import org.slf4j.Logger;
/**
@@ -49,9 +48,6 @@
private Logger log;
@Inject
- private ResponseHolder responseHolder;
-
- @Inject
private SamlMessageReceiver samlMessageReceiver;
@Inject
@@ -76,8 +72,7 @@
{
try
{
- responseHolder.setResponse(response);
- handleMessage(request);
+ handleMessage(request, response);
}
catch (InvalidRequestException e)
{
@@ -89,13 +84,13 @@
}
}
- private void handleMessage(HttpServletRequest httpRequest) throws InvalidRequestException
+ private void handleMessage(HttpServletRequest httpRequest, HttpServletResponse response) throws InvalidRequestException
{
Matcher matcher = Pattern.compile("/(IDP|SP)/(.*?)$").matcher(httpRequest.getRequestURI());
boolean found = matcher.find();
if (!found)
{
- responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.");
+ responseHandler.sendError(HttpServletResponse.SC_NOT_FOUND, "No service endpoint exists for this URL.", response);
}
SamlIdpOrSp idpOrSp = SamlIdpOrSp.valueOf(matcher.group(1));
SamlServiceType service = SamlServiceType.getByName(matcher.group(2));
@@ -105,10 +100,10 @@
case SAML_SINGLE_LOGOUT_SERVICE:
case SAML_SINGLE_SIGN_ON_SERVICE:
case SAML_ASSERTION_CONSUMER_SERVICE:
- samlMessageReceiver.handleIncomingSamlMessage(service, httpRequest, idpOrSp);
+ samlMessageReceiver.handleIncomingSamlMessage(service, httpRequest, response, idpOrSp);
break;
case SAML_META_DATA_SERVICE:
- samlEntityBean.get().writeMetaData(responseHandler.getWriter("application/xml"));
+ samlEntityBean.get().writeMetaData(responseHandler.getWriter("application/xml", response));
break;
default:
throw new RuntimeException("Unsupported service " + service);
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpBean.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -23,12 +23,14 @@
import java.io.Reader;
import java.io.Writer;
+import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
@@ -50,8 +52,6 @@
import org.jboss.seam.security.external.saml.SamlIdpOrSp;
import org.jboss.seam.security.external.saml.SamlServiceType;
-import com.google.common.collect.Lists;
-
/**
* @author Marcel Kolsteren
*
@@ -174,16 +174,16 @@
}
@Dialogued(join = true)
- public void authenticationSucceeded(SamlIdpSession session)
+ public void authenticationSucceeded(SamlIdpSession session, HttpServletResponse response)
{
session.getServiceProviders().add((SamlExternalServiceProvider) samlDialogue.get().getExternalProvider());
- samlIdpSingleSignOnService.handleSucceededAuthentication(session);
+ samlIdpSingleSignOnService.handleSucceededAuthentication(session, response);
}
@Dialogued(join = true)
- public void authenticationFailed()
+ public void authenticationFailed(HttpServletResponse response)
{
- samlIdpSingleSignOnService.handleFailedAuthentication();
+ samlIdpSingleSignOnService.handleFailedAuthentication(response);
}
public Set<SamlIdpSession> getSessions()
@@ -212,7 +212,7 @@
}
@Dialogued(join = true)
- public void remoteLogin(String spEntityId, SamlIdpSession session, String remoteUrl)
+ public void remoteLogin(String spEntityId, SamlIdpSession session, String remoteUrl, HttpServletResponse response)
{
for (SamlExternalServiceProvider sp : session.getServiceProviders())
{
@@ -222,7 +222,7 @@
}
}
session.getServiceProviders().add(getExternalSamlEntityByEntityId(spEntityId));
- samlIdpSingleSignOnService.remoteLogin(spEntityId, session, remoteUrl);
+ samlIdpSingleSignOnService.remoteLogin(spEntityId, session, remoteUrl, response);
}
public void localLogout(SamlIdpSession session)
@@ -231,10 +231,10 @@
}
@Dialogued(join = true)
- public void globalLogout(SamlIdpSession session)
+ public void globalLogout(SamlIdpSession session, HttpServletResponse response)
{
SamlPrincipal principal = session.getPrincipal();
- samlIdpSingleSignLogoutService.handleIDPInitiatedSingleLogout(principal, Lists.newArrayList(session.getSessionIndex()));
+ samlIdpSingleSignLogoutService.handleIDPInitiatedSingleLogout(principal, Arrays.asList(session.getSessionIndex()), response);
}
@Override
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -26,8 +26,10 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.ResponseHandler;
import org.jboss.seam.security.external.api.SamlNameId;
import org.jboss.seam.security.external.api.SamlPrincipal;
import org.jboss.seam.security.external.dialogues.DialogueManager;
@@ -76,7 +78,10 @@
@Inject
private DialogueManager dialogueManager;
- public void processSPRequest(HttpServletRequest httpRequest, RequestAbstractType request) throws InvalidRequestException
+ @Inject
+ private ResponseHandler responseHandler;
+
+ public void processSPRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, RequestAbstractType request) throws InvalidRequestException
{
if (!(request instanceof LogoutRequestType))
{
@@ -91,18 +96,18 @@
samlIdpIncomingLogoutDialogue.get().setNameId(samlNameId);
samlIdpIncomingLogoutDialogue.get().setSessionIndexes(logoutRequest.getSessionIndex());
- removeNextSessionParticipant();
+ removeNextSessionParticipant(httpResponse);
}
- public void handleIDPInitiatedSingleLogout(SamlPrincipal principal, List<String> indexes)
+ public void handleIDPInitiatedSingleLogout(SamlPrincipal principal, List<String> indexes, HttpServletResponse response)
{
samlIdpIncomingLogoutDialogue.get().setNameId(principal.getNameId());
samlIdpIncomingLogoutDialogue.get().setSessionIndexes(indexes);
- removeNextSessionParticipant();
+ removeNextSessionParticipant(response);
}
- private void removeNextSessionParticipant()
+ private void removeNextSessionParticipant(HttpServletResponse response)
{
SamlNameId samlNameId = samlIdpIncomingLogoutDialogue.get().getNameId();
List<String> sessionIndexes = samlIdpIncomingLogoutDialogue.get().getSessionIndexes();
@@ -147,7 +152,7 @@
dialogueManager.beginDialogue();
samlIdpOutgoingLogoutDialogue.get().setIncomingDialogueId(incomingDialogueId);
- sendSingleLogoutRequestToSP(sessionToRemove, sp);
+ sendSingleLogoutRequestToSP(sessionToRemove, sp, response);
readyForNow = true;
}
}
@@ -164,35 +169,35 @@
}
else
{
- finishSingleLogoutProcess();
+ finishSingleLogoutProcess(response);
readyForNow = true;
}
}
}
- private void finishSingleLogoutProcess()
+ private void finishSingleLogoutProcess(HttpServletResponse response)
{
boolean failed = samlIdpIncomingLogoutDialogue.get().isFailed();
if (samlDialogue.get().getExternalProvider() != null)
{
- StatusResponseType response = samlMessageFactory.createStatusResponse(failed ? SamlConstants.STATUS_RESPONDER : SamlConstants.STATUS_SUCCESS, null);
- samlMessageSender.sendResponse(samlDialogue.get().getExternalProvider(), response, SamlProfile.SINGLE_LOGOUT);
+ StatusResponseType statusResponse = samlMessageFactory.createStatusResponse(failed ? SamlConstants.STATUS_RESPONDER : SamlConstants.STATUS_SUCCESS, null);
+ samlMessageSender.sendResponse(samlDialogue.get().getExternalProvider(), statusResponse, SamlProfile.SINGLE_LOGOUT, response);
}
else
{
if (failed)
{
- samlIdentityProviderSpi.get().singleLogoutFailed();
+ samlIdentityProviderSpi.get().singleLogoutFailed(responseHandler.createResponseHolder(response));
}
else
{
- samlIdentityProviderSpi.get().singleLogoutSucceeded();
+ samlIdentityProviderSpi.get().singleLogoutSucceeded(responseHandler.createResponseHolder(response));
}
}
dialogue.get().setFinished(true);
}
- public void processSPResponse(HttpServletRequest httpRequest, StatusResponseType response)
+ public void processSPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType statusResponse)
{
// End the outgoing samlDialogue and re-attach to the incoming
// samlDialogue
@@ -200,20 +205,20 @@
dialogueManager.endDialogue();
dialogueManager.attachDialogue(incomingDialogueId);
- if (response.getStatus() != null && !response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
+ if (statusResponse.getStatus() != null && !statusResponse.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
{
samlIdpIncomingLogoutDialogue.get().setFailed(true);
}
- removeNextSessionParticipant();
+ removeNextSessionParticipant(httpResponse);
}
- public void sendSingleLogoutRequestToSP(SamlIdpSession session, SamlExternalServiceProvider sp)
+ public void sendSingleLogoutRequestToSP(SamlIdpSession session, SamlExternalServiceProvider sp, HttpServletResponse response)
{
LogoutRequestType logoutRequest;
logoutRequest = samlMessageFactory.createLogoutRequest(session.getPrincipal().getNameId(), session.getSessionIndex());
samlDialogue.get().setExternalProvider(sp);
- samlMessageSender.sendRequest(sp, SamlProfile.SINGLE_LOGOUT, logoutRequest);
+ samlMessageSender.sendRequest(sp, SamlProfile.SINGLE_LOGOUT, logoutRequest, response);
}
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleSignOnService.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -24,8 +24,10 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.ResponseHandler;
import org.jboss.seam.security.external.dialogues.api.Dialogue;
import org.jboss.seam.security.external.dialogues.api.Dialogued;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
@@ -66,62 +68,65 @@
@Inject
private Instance<SamlEntityBean> samlEntityBean;
- public void processSPRequest(HttpServletRequest httpRequest, RequestAbstractType request) throws InvalidRequestException
+ @Inject
+ private ResponseHandler responseHandler;
+
+ public void processSPRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, RequestAbstractType request) throws InvalidRequestException
{
if (!(request instanceof AuthnRequestType))
{
throw new InvalidRequestException("Request should be an authentication request.");
}
- samlIdentityProviderSpi.get().authenticate();
+ samlIdentityProviderSpi.get().authenticate(responseHandler.createResponseHolder(httpResponse));
}
- public void handleSucceededAuthentication(SamlIdpSession session)
+ public void handleSucceededAuthentication(SamlIdpSession session, HttpServletResponse response)
{
- sendAuthenticationResponse(samlDialogue.getExternalProvider(), session, false);
+ sendAuthenticationResponse(samlDialogue.getExternalProvider(), session, false, response);
}
- private void sendAuthenticationResponse(SamlExternalEntity serviceProvider, SamlIdpSession session, boolean failed)
+ private void sendAuthenticationResponse(SamlExternalEntity serviceProvider, SamlIdpSession session, boolean failed, HttpServletResponse response)
{
- StatusResponseType response;
+ StatusResponseType statusResponse;
if (failed)
{
- response = samlMessageFactory.createStatusResponse(SamlConstants.STATUS_RESPONDER, null);
+ statusResponse = samlMessageFactory.createStatusResponse(SamlConstants.STATUS_RESPONDER, null);
}
else
{
SamlService service = serviceProvider.getService(SamlProfile.SINGLE_SIGN_ON);
- response = samlMessageFactory.createResponse(session, samlMessageSender.getEndpoint(service));
+ statusResponse = samlMessageFactory.createResponse(session, samlMessageSender.getEndpoint(service));
}
- samlMessageSender.sendResponse(serviceProvider, response, SamlProfile.SINGLE_SIGN_ON);
+ samlMessageSender.sendResponse(serviceProvider, statusResponse, SamlProfile.SINGLE_SIGN_ON, response);
dialogue.setFinished(true);
}
- public void handleFailedAuthentication()
+ public void handleFailedAuthentication(HttpServletResponse response)
{
- sendAuthenticationResponse(samlDialogue.getExternalProvider(), null, true);
+ sendAuthenticationResponse(samlDialogue.getExternalProvider(), null, true, response);
}
@Dialogued
- public void sendAuthenticationResponseToIDP(SamlExternalIdentityProvider idp)
+ public void sendAuthenticationResponseToIDP(SamlExternalIdentityProvider idp, HttpServletResponse response)
{
AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
samlDialogue.setExternalProvider(idp);
- samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_SIGN_ON, authnRequest);
+ samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_SIGN_ON, authnRequest, response);
}
- public void remoteLogin(String spEntityId, SamlIdpSession session, String remoteUrl)
+ public void remoteLogin(String spEntityId, SamlIdpSession session, String remoteUrl, HttpServletResponse response)
{
SamlExternalEntity serviceProvider = samlEntityBean.get().getExternalSamlEntityByEntityId(spEntityId);
samlDialogue.setExternalProvider(serviceProvider);
samlDialogue.setExternalProviderRelayState(remoteUrl);
// Send an unsolicited authentication response to the service provider
- sendAuthenticationResponse(serviceProvider, session, false);
+ sendAuthenticationResponse(serviceProvider, session, false, response);
}
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleUser.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleUser.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/idp/SamlIdpSingleUser.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -25,6 +25,7 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.api.SamlIdentityProviderApi;
import org.jboss.seam.security.external.api.SamlMultiUserIdentityProviderApi;
@@ -36,14 +37,14 @@
@Inject
private Instance<SamlMultiUserIdentityProviderApi> multiUserApi;
- public void authenticationSucceeded()
+ public void authenticationSucceeded(HttpServletResponse response)
{
- multiUserApi.get().authenticationSucceeded(getSession());
+ multiUserApi.get().authenticationSucceeded(getSession(), response);
}
- public void authenticationFailed()
+ public void authenticationFailed(HttpServletResponse response)
{
- multiUserApi.get().authenticationFailed();
+ multiUserApi.get().authenticationFailed(response);
}
public SamlIdpSession getSession()
@@ -63,14 +64,14 @@
multiUserApi.get().localLogin(nameId, attributes);
}
- public void remoteLogin(String spEntityId, String remoteUrl)
+ public void remoteLogin(String spEntityId, String remoteUrl, HttpServletResponse response)
{
SamlIdpSession session = getSession();
if (session == null)
{
throw new IllegalStateException("Need to login locally first.");
}
- multiUserApi.get().remoteLogin(spEntityId, session, remoteUrl);
+ multiUserApi.get().remoteLogin(spEntityId, session, remoteUrl, response);
}
public void localLogout()
@@ -83,13 +84,13 @@
multiUserApi.get().localLogout(session);
}
- public void globalLogout()
+ public void globalLogout(HttpServletResponse response)
{
SamlIdpSession session = getSession();
if (session == null)
{
throw new IllegalStateException("Logout not possible because there is no current session.");
}
- multiUserApi.get().globalLogout(session);
+ multiUserApi.get().globalLogout(session, response);
}
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpBean.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -27,8 +27,8 @@
import java.util.List;
import java.util.Set;
-import javax.enterprise.inject.Typed;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
@@ -179,7 +179,7 @@
}
@Dialogued(join = true)
- public void login(String idpEntityId)
+ public void login(String idpEntityId, HttpServletResponse response)
{
SamlExternalIdentityProvider idp = getExternalSamlEntityByEntityId(idpEntityId);
if (idp == null)
@@ -187,7 +187,7 @@
throw new RuntimeException("Identity provider " + idpEntityId + " not found");
}
- samlSpSingleSignOnService.sendAuthenticationRequestToIDP(idp);
+ samlSpSingleSignOnService.sendAuthenticationRequestToIDP(idp, response);
}
@Dialogued(join = true)
@@ -197,10 +197,10 @@
}
@Dialogued(join = true)
- public void globalLogout(SamlSpSession session)
+ public void globalLogout(SamlSpSession session, HttpServletResponse response)
{
localLogout(session);
- samlSpSingleLogoutService.sendSingleLogoutRequestToIDP(session);
+ samlSpSingleLogoutService.sendSingleLogoutRequestToIDP(session, response);
}
public Set<SamlSpSession> getSessions()
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleLogoutService.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -26,8 +26,10 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.ResponseHandler;
import org.jboss.seam.security.external.api.SamlNameId;
import org.jboss.seam.security.external.dialogues.api.Dialogue;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
@@ -68,7 +70,10 @@
@Inject
private SamlDialogue samlDialogue;
- public void processIDPRequest(HttpServletRequest httpRequest, RequestAbstractType request) throws InvalidRequestException
+ @Inject
+ private ResponseHandler responseHandler;
+
+ public void processIDPRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, RequestAbstractType request) throws InvalidRequestException
{
if (!(request instanceof LogoutRequestType))
{
@@ -82,9 +87,9 @@
SamlNameId samlNameId = new SamlNameId(nameIdJaxb.getValue(), nameIdJaxb.getFormat(), nameIdJaxb.getNameQualifier());
removeSessions(samlNameId, idp.getEntityId(), logoutRequest.getSessionIndex());
- StatusResponseType response = samlMessageFactory.createStatusResponse(SamlConstants.STATUS_SUCCESS, null);
+ StatusResponseType statusResponse = samlMessageFactory.createStatusResponse(SamlConstants.STATUS_SUCCESS, null);
- samlMessageSender.sendResponse(idp, response, SamlProfile.SINGLE_LOGOUT);
+ samlMessageSender.sendResponse(idp, statusResponse, SamlProfile.SINGLE_LOGOUT, httpResponse);
dialogue.setFinished(true);
}
@@ -104,21 +109,21 @@
}
}
- public void processIDPResponse(HttpServletRequest httpRequest, StatusResponseType response)
+ public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType statusResponse)
{
- if (response.getStatus() != null && response.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
+ if (statusResponse.getStatus() != null && statusResponse.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS))
{
- samlServiceProviderSpi.get().globalLogoutSucceeded();
+ samlServiceProviderSpi.get().globalLogoutSucceeded(responseHandler.createResponseHolder(httpResponse));
}
else
{
- String statusCode = response.getStatus() == null ? "null" : response.getStatus().getStatusCode().getValue();
- samlServiceProviderSpi.get().globalLogoutFailed(statusCode);
+ String statusCode = statusResponse.getStatus() == null ? "null" : statusResponse.getStatus().getStatusCode().getValue();
+ samlServiceProviderSpi.get().globalLogoutFailed(statusCode, responseHandler.createResponseHolder(httpResponse));
}
dialogue.setFinished(true);
}
- public void sendSingleLogoutRequestToIDP(SamlSpSession session)
+ public void sendSingleLogoutRequestToIDP(SamlSpSession session, HttpServletResponse httpResponse)
{
SamlExternalIdentityProvider idp = session.getIdentityProvider();
LogoutRequestType logoutRequest;
@@ -127,6 +132,6 @@
samlDialogue.setExternalProvider(idp);
samlSpLogoutDialogue.setSession(session);
- samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_LOGOUT, logoutRequest);
+ samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_LOGOUT, logoutRequest, httpResponse);
}
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleSignOnService.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -27,10 +27,12 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBElement;
import javax.xml.datatype.DatatypeConstants;
import org.jboss.seam.security.external.InvalidRequestException;
+import org.jboss.seam.security.external.ResponseHandler;
import org.jboss.seam.security.external.api.SamlNameId;
import org.jboss.seam.security.external.api.SamlPrincipal;
import org.jboss.seam.security.external.dialogues.api.Dialogue;
@@ -88,7 +90,10 @@
@Inject
private SamlMessageFactory samlMessageFactory;
- public void processIDPResponse(HttpServletRequest httpRequest, StatusResponseType statusResponse) throws InvalidRequestException
+ @Inject
+ private ResponseHandler responseHandler;
+
+ public void processIDPResponse(HttpServletRequest httpRequest, HttpServletResponse httpResponse, StatusResponseType statusResponse) throws InvalidRequestException
{
SamlExternalIdentityProvider idp = (SamlExternalIdentityProvider) samlDialogue.getExternalProvider();
@@ -101,7 +106,7 @@
String statusValue = status.getStatusCode().getValue();
if (SamlConstants.STATUS_SUCCESS.equals(statusValue) == false)
{
- samlServiceProviderSpi.get().loginFailed();
+ samlServiceProviderSpi.get().loginFailed(responseHandler.createResponseHolder(httpResponse));
}
if (!(statusResponse instanceof ResponseType))
@@ -125,7 +130,7 @@
else
{
session.setIdentityProvider(idp);
- loginUser(httpRequest, session, statusResponse.getInResponseTo() == null, httpRequest.getParameter(SamlRedirectMessage.QSP_RELAY_STATE));
+ loginUser(httpRequest, httpResponse, session, statusResponse.getInResponseTo() == null, httpRequest.getParameter(SamlRedirectMessage.QSP_RELAY_STATE));
}
dialogue.setFinished(true);
@@ -272,26 +277,26 @@
}
}
- private void loginUser(HttpServletRequest httpRequest, SamlSpSession session, boolean unsolicited, String relayState)
+ private void loginUser(HttpServletRequest httpRequest, HttpServletResponse response, SamlSpSession session, boolean unsolicited, String relayState)
{
samlSpSessions.addSession(session);
if (unsolicited)
{
- samlServiceProviderSpi.get().loggedIn(session, relayState);
+ samlServiceProviderSpi.get().loggedIn(session, relayState, responseHandler.createResponseHolder(response));
}
else
{
- samlServiceProviderSpi.get().loginSucceeded(session);
+ samlServiceProviderSpi.get().loginSucceeded(session, responseHandler.createResponseHolder(response));
}
}
- public void sendAuthenticationRequestToIDP(SamlExternalIdentityProvider idp)
+ public void sendAuthenticationRequestToIDP(SamlExternalIdentityProvider idp, HttpServletResponse response)
{
AuthnRequestType authnRequest = samlMessageFactory.createAuthnRequest();
samlDialogue.setExternalProvider(idp);
- samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_SIGN_ON, authnRequest);
+ samlMessageSender.sendRequest(idp, SamlProfile.SINGLE_SIGN_ON, authnRequest, response);
}
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleUser.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleUser.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/saml/sp/SamlSpSingleUser.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -23,6 +23,7 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.api.SamlMultiUserServiceProviderApi;
import org.jboss.seam.security.external.api.SamlServiceProviderApi;
@@ -36,9 +37,9 @@
@Inject
private Instance<SamlMultiUserServiceProviderApi> multiUserApi;
- public void login(String idpEntityId)
+ public void login(String idpEntityId, HttpServletResponse response)
{
- multiUserApi.get().login(idpEntityId);
+ multiUserApi.get().login(idpEntityId, response);
}
public void localLogout()
@@ -51,14 +52,14 @@
multiUserApi.get().localLogout(session);
}
- public void globalLogout()
+ public void globalLogout(HttpServletResponse response)
{
SamlSpSession session = getSession();
if (session == null)
{
throw new IllegalStateException("Logout not possible because there is no current session.");
}
- multiUserApi.get().globalLogout(session);
+ multiUserApi.get().globalLogout(session, response);
}
public SamlSpSession getSession()
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdProviderSpi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdProviderSpi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -25,6 +25,7 @@
import org.jboss.seam.security.external.api.OpenIdProviderApi;
import org.jboss.seam.security.external.api.OpenIdRequestedAttribute;
+import org.jboss.seam.security.external.api.ResponseHolder;
/**
* @author Marcel Kolsteren
@@ -51,7 +52,7 @@
* @param immediate if this is true, there must be no interaction with the
* user (silent authentication)
*/
- void authenticate(String realm, String userName, boolean immediate);
+ void authenticate(String realm, String userName, boolean immediate, ResponseHolder responseHolder);
/**
* This method is called to check whether a username exists.
@@ -61,5 +62,5 @@
*/
boolean userExists(String userName);
- void fetchParameters(List<OpenIdRequestedAttribute> requestedAttributes);
+ void fetchParameters(List<OpenIdRequestedAttribute> requestedAttributes, ResponseHolder responseHolder);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdRelyingPartySpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdRelyingPartySpi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/OpenIdRelyingPartySpi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -22,6 +22,7 @@
package org.jboss.seam.security.external.spi;
import org.jboss.seam.security.external.api.OpenIdPrincipal;
+import org.jboss.seam.security.external.api.ResponseHolder;
/**
* @author Marcel Kolsteren
@@ -29,7 +30,7 @@
*/
public interface OpenIdRelyingPartySpi
{
- public void loginSucceeded(OpenIdPrincipal principal);
+ public void loginSucceeded(OpenIdPrincipal principal, ResponseHolder responseHolder);
- public void loginFailed(String message);
+ public void loginFailed(String message, ResponseHolder responseHolder);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlIdentityProviderSpi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -21,6 +21,7 @@
*/
package org.jboss.seam.security.external.spi;
+import org.jboss.seam.security.external.api.ResponseHolder;
import org.jboss.seam.security.external.saml.idp.SamlIdpSession;
/**
@@ -29,11 +30,11 @@
*/
public interface SamlIdentityProviderSpi
{
- public void authenticate();
+ public void authenticate(ResponseHolder responseHolder);
public void loggedOut(SamlIdpSession session);
- public void singleLogoutSucceeded();
+ public void singleLogoutSucceeded(ResponseHolder responseHolder);
- public void singleLogoutFailed();
+ public void singleLogoutFailed(ResponseHolder responseHolder);
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/spi/SamlServiceProviderSpi.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -51,14 +51,14 @@
*
* @param session session
*/
- void loginSucceeded(SamlSpSession session);
+ void loginSucceeded(SamlSpSession session, ResponseHolder responseHolder);
/**
* This method is called after failed external authentication of the user.
* The call takes place in the same dialogue context as the corresponding API
* call.
*/
- void loginFailed();
+ void loginFailed(ResponseHolder responseHolder);
/**
* When the service provider receives an unsolicited login from an identity
@@ -68,7 +68,7 @@
* @param url URL where the user needs to be redirected to; this URL is
* supplied by the identity provider and can be null
*/
- void loggedIn(SamlSpSession session, String url);
+ void loggedIn(SamlSpSession session, String url, ResponseHolder responseHolder);
/**
* This method is the asynchronous callbacks related to
@@ -78,7 +78,7 @@
* implementation of this method will typically redirect the user to a page
* where a message is shown that the user has been logged out.
*/
- void globalLogoutSucceeded();
+ void globalLogoutSucceeded(ResponseHolder responseHolder);
/**
* <p>
@@ -96,7 +96,7 @@
* couldn't perform a successful logout, while the others could.
* </p>
*/
- void globalLogoutFailed(String statusCode);
+ void globalLogoutFailed(String statusCode, ResponseHolder responseHolder);
/**
* When the service provider receives a logout request from an identity
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContext.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContext.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationContext.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -21,46 +21,51 @@
*/
package org.jboss.seam.security.external.virtualapplications;
+import java.lang.annotation.Annotation;
+
+import javax.enterprise.context.ContextNotActiveException;
+import javax.enterprise.context.spi.Context;
+import javax.enterprise.context.spi.Contextual;
+import javax.enterprise.context.spi.CreationalContext;
import javax.servlet.ServletContext;
+import org.jboss.seam.security.external.contexts.ContextualInstanceImpl;
+import org.jboss.seam.security.external.contexts.HashMapBeanStore;
import org.jboss.seam.security.external.virtualapplications.api.VirtualApplicationScoped;
-import org.jboss.weld.context.AbstractMapContext;
-import org.jboss.weld.context.api.BeanStore;
-import org.jboss.weld.context.beanstore.HashMapBeanStore;
+import org.jboss.weld.context.api.ContextualInstance;
/**
* @author Marcel Kolsteren
*
*/
-public class VirtualApplicationContext extends AbstractMapContext
+public class VirtualApplicationContext implements Context
{
private static final String BEAN_STORE_ATTRIBUTE_NAME_PREFIX = "virtualApplicationContextBeanStore";
+
private ServletContext servletContext;
+
private final ThreadLocal<String> hostNameThreadLocal;
public VirtualApplicationContext()
{
- super(VirtualApplicationScoped.class);
hostNameThreadLocal = new ThreadLocal<String>();
}
- @Override
- protected BeanStore getBeanStore()
+ protected HashMapBeanStore getBeanStore()
{
return getBeanStore(hostNameThreadLocal.get());
}
- private BeanStore getBeanStore(String hostName)
+ private HashMapBeanStore getBeanStore(String hostName)
{
- BeanStore beanStore = (BeanStore) servletContext.getAttribute(getAttributeName(hostName));
+ HashMapBeanStore beanStore = (HashMapBeanStore) servletContext.getAttribute(getAttributeName(hostName));
return beanStore;
}
- private BeanStore createBeanStore(String hostName)
+ private void createBeanStore(String hostName)
{
- BeanStore beanStore = new HashMapBeanStore();
+ HashMapBeanStore beanStore = new HashMapBeanStore();
servletContext.setAttribute(getAttributeName(hostName), beanStore);
- return beanStore;
}
private void removeBeanStore(String hostName)
@@ -73,13 +78,6 @@
return BEAN_STORE_ATTRIBUTE_NAME_PREFIX + "_" + hostName;
}
- @Override
- protected boolean isCreationLockRequired()
- {
- // TODO: find out whether the creation lock is required
- return false;
- }
-
public void initialize(ServletContext servletContext)
{
this.servletContext = servletContext;
@@ -98,6 +96,7 @@
public void remove()
{
+ getBeanStore().clear();
removeBeanStore(this.hostNameThreadLocal.get());
detach();
}
@@ -110,12 +109,52 @@
public void attach(String hostName)
{
this.hostNameThreadLocal.set(hostName);
- setActive(true);
}
public void detach()
{
this.hostNameThreadLocal.set(null);
- setActive(false);
}
+
+ public <T> T get(Contextual<T> contextual, CreationalContext<T> creationalContext)
+ {
+ if (!isActive())
+ {
+ throw new ContextNotActiveException();
+ }
+ ContextualInstance<T> beanInstance = getBeanStore().get(contextual);
+ if (beanInstance != null)
+ {
+ return beanInstance.getInstance();
+ }
+ else if (creationalContext != null)
+ {
+ T instance = contextual.create(creationalContext);
+ if (instance != null)
+ {
+ beanInstance = new ContextualInstanceImpl<T>(contextual, creationalContext, instance);
+ getBeanStore().put(contextual, beanInstance);
+ }
+ return instance;
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+ public <T> T get(Contextual<T> contextual)
+ {
+ return get(contextual, null);
+ }
+
+ public Class<? extends Annotation> getScope()
+ {
+ return VirtualApplicationScoped.class;
+ }
+
+ public boolean isActive()
+ {
+ return hostNameThreadLocal.get() != null;
+ }
}
Modified: modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationManager.java
===================================================================
--- modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationManager.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/main/java/org/jboss/seam/security/external/virtualapplications/VirtualApplicationManager.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -64,7 +64,7 @@
protected void servletInitialized(@Observes @Initialized final ServletContextEvent e)
{
log.trace("Servlet initialized with event {}", e);
- virtualApplicationContextExtension.getVirtualApplicationContext().initialize(e.getServletContext());
+ getVirtualApplicationContext().initialize(e.getServletContext());
AfterVirtualApplicationManagerCreation afterVirtualApplicationManagerCreation = new AfterVirtualApplicationManagerCreation();
beanManager.fireEvent(afterVirtualApplicationManagerCreation);
@@ -72,10 +72,10 @@
for (String hostName : afterVirtualApplicationManagerCreation.getHostNames())
{
hostNames.add(hostName);
- virtualApplicationContextExtension.getVirtualApplicationContext().create(hostName);
+ getVirtualApplicationContext().create(hostName);
virtualApplication.get().setHostName(hostName);
beanManager.fireEvent(new AfterVirtualApplicationCreation());
- virtualApplicationContextExtension.getVirtualApplicationContext().detach();
+ getVirtualApplicationContext().detach();
}
beanManager.fireEvent(new AfterVirtualApplicationsCreation());
}
@@ -85,10 +85,10 @@
log.trace("Servlet destroyed with event {}", e);
for (String hostName : hostNames)
{
- if (virtualApplicationContextExtension.getVirtualApplicationContext().isExistingVirtualApplication(hostName))
+ if (getVirtualApplicationContext().isExistingVirtualApplication(hostName))
{
attach(hostName);
- virtualApplicationContextExtension.getVirtualApplicationContext().destroy();
+ getVirtualApplicationContext().destroy();
}
}
}
@@ -97,28 +97,39 @@
{
log.trace("Servlet request initialized with event {}", e);
String hostName = e.getServletRequest().getServerName();
- attach(hostName);
+ if (getVirtualApplicationContext().isExistingVirtualApplication(hostName))
+ {
+ attach(hostName);
+ }
}
protected void requestDestroyed(@Observes @Destroyed final ServletRequestEvent e)
{
log.trace("Servlet request destroyed with event {}", e);
- detach();
+ if (getVirtualApplicationContext().isActive())
+ {
+ detach();
+ }
}
public void attach(String hostName)
{
- virtualApplicationContextExtension.getVirtualApplicationContext().attach(hostName);
+ getVirtualApplicationContext().attach(hostName);
virtualApplication.get().setHostName(hostName);
}
public void detach()
{
- virtualApplicationContextExtension.getVirtualApplicationContext().detach();
+ getVirtualApplicationContext().detach();
}
public Set<String> getHostNames()
{
return hostNames;
}
+
+ private VirtualApplicationContext getVirtualApplicationContext()
+ {
+ return virtualApplicationContextExtension.getVirtualApplicationContext();
+ }
}
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/client/IntegrationTest.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -27,6 +27,7 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
@@ -60,8 +61,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.collect.Maps;
-
@RunWith(Arquillian.class)
@Run(RunModeType.AS_CLIENT)
public class IntegrationTest
@@ -106,7 +105,7 @@
@Test
public void samlTest()
{
- Map<String, String> params = Maps.newHashMap();
+ Map<String, String> params = new HashMap<String, String>();
params.put("command", "loadMetaData");
sendMessageToApplication("www.sp1.com", "sp", params);
sendMessageToApplication("www.sp2.com", "sp", params);
@@ -157,7 +156,7 @@
String opIdentifier = "http://localhost:8080/op/openid/OP/XrdsService";
String userName = "john_doe";
- Map<String, String> params = Maps.newHashMap();
+ Map<String, String> params = new HashMap<String, String>();
params.put("command", "login");
params.put("identifier", opIdentifier);
params.put("fetchEmail", "false");
@@ -165,7 +164,7 @@
checkApplicationMessage("Please login.");
- params = Maps.newHashMap();
+ params = new HashMap<String, String>();
params.put("command", "authenticate");
params.put("userName", userName);
sendMessageToApplication("localhost", "op", params);
@@ -183,7 +182,7 @@
String userName = "jane_doe";
String claimedId = "http://localhost:8080/op/users/" + userName;
- Map<String, String> params = Maps.newHashMap();
+ Map<String, String> params = new HashMap<String, String>();
params.put("command", "login");
params.put("identifier", claimedId);
params.put("fetchEmail", "true");
@@ -191,14 +190,14 @@
checkApplicationMessage("Please provide the password for " + userName + ".");
- params = Maps.newHashMap();
+ params = new HashMap<String, String>();
params.put("command", "authenticate");
params.put("userName", userName);
sendMessageToApplication("localhost", "op", params);
checkApplicationMessage("Please provide your email.");
- params = Maps.newHashMap();
+ params = new HashMap<String, String>();
params.put("command", "setAttribute");
String email = "jane_doe at op.com";
params.put("email", email);
@@ -213,7 +212,7 @@
private void checkNrOfSessions(String serverName, String spOrIdp, int expectedNumber)
{
- Map<String, String> params = Maps.newHashMap();
+ Map<String, String> params = new HashMap<String, String>();
params.put("command", "getNrOfSessions");
sendMessageToApplication(serverName, spOrIdp, params);
checkApplicationMessage(Integer.toString(expectedNumber));
@@ -221,14 +220,14 @@
private void samlSignOn(String spHostName, String idpEntityId, String userName)
{
- Map<String, String> params = Maps.newHashMap();
+ Map<String, String> params = new HashMap<String, String>();
params.put("command", "login");
params.put("idpEntityId", idpEntityId);
sendMessageToApplication(spHostName, "sp", params);
checkApplicationMessage("Please login");
- params = Maps.newHashMap();
+ params = new HashMap<String, String>();
params.put("command", "authenticate");
params.put("userName", userName);
sendMessageToApplication("www.idp.com", "idp", params);
@@ -263,7 +262,7 @@
private void checkDialogueTermination(String serverName, String spOrIdp)
{
- Map<String, String> params = Maps.newHashMap();
+ Map<String, String> params = new HashMap<String, String>();
params.put("command", "getNrOfDialogues");
sendMessageToApplication(serverName, spOrIdp, params);
checkApplicationMessage("0");
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/op/OpTestServlet.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/op/OpTestServlet.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/op/OpTestServlet.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -10,8 +10,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.jboss.seam.security.external.api.ResponseHolder;
-
@WebServlet(name = "OpTestServlet", urlPatterns = { "/testservlet" })
public class OpTestServlet extends HttpServlet
{
@@ -20,23 +18,19 @@
@Inject
private OpenIdProviderApplicationMock openIdProviderApplicationMock;
- @Inject
- private ResponseHolder responseHolder;
-
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
- responseHolder.setResponse(response);
String command = request.getParameter("command");
if (command.equals("authenticate"))
{
String userName = request.getParameter("userName");
- openIdProviderApplicationMock.handleLogin(userName);
+ openIdProviderApplicationMock.handleLogin(userName, response);
}
else if (command.equals("setAttribute"))
{
String email = request.getParameter("email");
- openIdProviderApplicationMock.setAttribute("email", email);
+ openIdProviderApplicationMock.setAttribute("email", email, response);
}
else if (command.equals("getNrOfDialogues"))
{
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/op/OpenIdProviderApplicationMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/op/OpenIdProviderApplicationMock.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/op/OpenIdProviderApplicationMock.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -27,6 +27,7 @@
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.api.OpenIdProviderApi;
import org.jboss.seam.security.external.api.OpenIdRequestedAttribute;
@@ -42,9 +43,6 @@
public class OpenIdProviderApplicationMock implements OpenIdProviderSpi
{
@Inject
- private ResponseHolder responseHolder;
-
- @Inject
private OpenIdProviderApi opApi;
private String dialogueId;
@@ -55,36 +53,36 @@
@Inject
private DialogueManager dialogueManager;
- public void handleLogin(String userName)
+ public void handleLogin(String userName, HttpServletResponse response)
{
dialogueManager.attachDialogue(dialogueId);
- opApi.authenticationSucceeded(userName);
+ opApi.authenticationSucceeded(userName, response);
dialogueManager.detachDialogue();
}
- public void setAttribute(String alias, String value)
+ public void setAttribute(String alias, String value, HttpServletResponse response)
{
dialogueManager.attachDialogue(dialogueId);
Map<String, List<String>> attributes = Maps.newHashMap();
attributes.put(alias, Lists.newArrayList(value));
- opApi.setAttributes(attributes);
+ opApi.setAttributes(attributes, response);
dialogueManager.detachDialogue();
}
- public void authenticate(String realm, String userName, boolean immediate)
+ public void authenticate(String realm, String userName, boolean immediate, ResponseHolder responseHolder)
{
if (userName == null)
{
- writeMessageToResponse("Please login.");
+ writeMessageToResponse("Please login.", responseHolder);
}
else
{
- writeMessageToResponse("Please provide the password for " + userName + ".");
+ writeMessageToResponse("Please provide the password for " + userName + ".", responseHolder);
}
dialogueId = dialogue.getDialogueId();
}
- private void writeMessageToResponse(String message)
+ private void writeMessageToResponse(String message, ResponseHolder responseHolder)
{
try
{
@@ -101,9 +99,9 @@
return true;
}
- public void fetchParameters(List<OpenIdRequestedAttribute> requestedAttributes)
+ public void fetchParameters(List<OpenIdRequestedAttribute> requestedAttributes, ResponseHolder responseHolder)
{
- writeMessageToResponse("Please provide your " + requestedAttributes.get(0).getAlias() + ".");
+ writeMessageToResponse("Please provide your " + requestedAttributes.get(0).getAlias() + ".", responseHolder);
dialogueId = dialogue.getDialogueId();
}
}
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/rp/OpenIdRpApplicationMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/rp/OpenIdRpApplicationMock.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/rp/OpenIdRpApplicationMock.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -24,6 +24,7 @@
import java.io.IOException;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.api.OpenIdPrincipal;
import org.jboss.seam.security.external.api.OpenIdRelyingPartyApi;
@@ -37,44 +38,41 @@
public class OpenIdRpApplicationMock implements OpenIdRelyingPartySpi
{
@Inject
- private ResponseHolder responseHolder;
-
- @Inject
private OpenIdRelyingPartyApi rpApi;
@Dialogued
- public void login(String identifier, boolean fetchEmail)
+ public void login(String identifier, boolean fetchEmail, HttpServletResponse response)
{
if (fetchEmail)
{
OpenIdRequestedAttribute requestedAttribute = new OpenIdRequestedAttribute("email", "http://axschema.org/contact/email", true, 1);
- rpApi.login(identifier, Lists.newArrayList(requestedAttribute));
+ rpApi.login(identifier, Lists.newArrayList(requestedAttribute), response);
}
else
{
- rpApi.login(identifier, null);
+ rpApi.login(identifier, null, response);
}
}
- public void loginFailed(String message)
+ public void loginFailed(String message, ResponseHolder responseHolder)
{
- writeMessageToResponse("Login failed: " + message);
+ writeMessageToResponse("Login failed: " + message, responseHolder);
}
- public void loginSucceeded(OpenIdPrincipal principal)
+ public void loginSucceeded(OpenIdPrincipal principal, ResponseHolder responseHolder)
{
if (principal.getAttributeValues() != null)
{
String email = (String) principal.getAttribute("email");
- writeMessageToResponse("Login succeeded (" + principal.getIdentifier() + ", email " + email + ")");
+ writeMessageToResponse("Login succeeded (" + principal.getIdentifier() + ", email " + email + ")", responseHolder);
}
else
{
- writeMessageToResponse("Login succeeded (" + principal.getIdentifier() + ")");
+ writeMessageToResponse("Login succeeded (" + principal.getIdentifier() + ")", responseHolder);
}
}
- private void writeMessageToResponse(String message)
+ private void writeMessageToResponse(String message, ResponseHolder responseHolder)
{
try
{
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/rp/RpTestServlet.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/rp/RpTestServlet.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/openid/rp/RpTestServlet.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -10,8 +10,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.jboss.seam.security.external.api.ResponseHolder;
-
@WebServlet(name = "RpTestServlet", urlPatterns = { "/testservlet" })
public class RpTestServlet extends HttpServlet
{
@@ -20,19 +18,15 @@
@Inject
private OpenIdRpApplicationMock openIdRpApplicationMock;
- @Inject
- private ResponseHolder responseHolder;
-
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
- responseHolder.setResponse(response);
String command = request.getParameter("command");
if (command.equals("login"))
{
String identifier = request.getParameter("identifier");
boolean fetchEmail = Boolean.parseBoolean(request.getParameter("fetchEmail"));
- openIdRpApplicationMock.login(identifier, fetchEmail);
+ openIdRpApplicationMock.login(identifier, fetchEmail, response);
}
else if (command.equals("getNrOfDialogues"))
{
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/idp/IdpTestServlet.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/idp/IdpTestServlet.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/idp/IdpTestServlet.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -10,7 +10,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.jboss.seam.security.external.api.ResponseHolder;
import org.jboss.seam.security.externaltest.integration.MetaDataLoader;
@WebServlet(name = "IdpTestServlet", urlPatterns = { "/testservlet" })
@@ -22,23 +21,19 @@
private SamlIdpApplicationMock samlIdpApplicationMock;
@Inject
- private ResponseHolder responseHolder;
-
- @Inject
private MetaDataLoader metaDataLoader;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
- responseHolder.setResponse(response);
String command = request.getParameter("command");
if (command.equals("authenticate"))
{
- samlIdpApplicationMock.handleLogin(request.getParameter("userName"));
+ samlIdpApplicationMock.handleLogin(request.getParameter("userName"), response);
}
else if (command.equals("singleLogout"))
{
- samlIdpApplicationMock.handleSingleLogout();
+ samlIdpApplicationMock.handleSingleLogout(response);
}
else if (command.equals("getNrOfSessions"))
{
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/idp/SamlIdpApplicationMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/idp/SamlIdpApplicationMock.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/idp/SamlIdpApplicationMock.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -26,6 +26,7 @@
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.api.ResponseHolder;
import org.jboss.seam.security.external.api.SamlMultiUserIdentityProviderApi;
@@ -41,9 +42,6 @@
public class SamlIdpApplicationMock implements SamlIdentityProviderSpi
{
@Inject
- private ResponseHolder responseHolder;
-
- @Inject
private DialogueManager dialogueManager;
@Inject
@@ -57,7 +55,7 @@
@Inject
private Logger log;
- public void authenticate()
+ public void authenticate(ResponseHolder responseHolder)
{
dialogueId = dialogue.getDialogueId();
try
@@ -70,11 +68,11 @@
}
}
- public void handleLogin(String userName)
+ public void handleLogin(String userName, HttpServletResponse response)
{
SamlIdpSession session = idpApi.get().localLogin(new SamlNameId(userName, null, null), null);
dialogueManager.attachDialogue(dialogueId);
- idpApi.get().authenticationSucceeded(session);
+ idpApi.get().authenticationSucceeded(session, response);
dialogueManager.detachDialogue();
}
@@ -83,7 +81,7 @@
return idpApi.get().getSessions().size();
}
- public void singleLogoutFailed()
+ public void singleLogoutFailed(ResponseHolder responseHolder)
{
try
{
@@ -95,7 +93,7 @@
}
}
- public void singleLogoutSucceeded()
+ public void singleLogoutSucceeded(ResponseHolder responseHolder)
{
try
{
@@ -108,9 +106,9 @@
}
@Dialogued
- public void handleSingleLogout()
+ public void handleSingleLogout(HttpServletResponse response)
{
- idpApi.get().globalLogout(idpApi.get().getSessions().iterator().next());
+ idpApi.get().globalLogout(idpApi.get().getSessions().iterator().next(), response);
}
public void loggedOut(SamlIdpSession session)
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/sp/SamlSpApplicationMock.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/sp/SamlSpApplicationMock.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/sp/SamlSpApplicationMock.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -25,6 +25,7 @@
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.api.ResponseHolder;
import org.jboss.seam.security.external.api.SamlMultiUserServiceProviderApi;
@@ -41,43 +42,40 @@
private Instance<SamlMultiUserServiceProviderApi> spApi;
@Inject
- private ResponseHolder responseHolder;
-
- @Inject
private Logger log;
@Dialogued
- public void login(String idpEntityId)
+ public void login(String idpEntityId, HttpServletResponse response)
{
- spApi.get().login(idpEntityId);
+ spApi.get().login(idpEntityId, response);
}
- public void loginFailed()
+ public void loginFailed(ResponseHolder responseHolder)
{
- writeMessageToResponse("login failed");
+ writeMessageToResponse("login failed", responseHolder);
}
- public void loginSucceeded(SamlSpSession session)
+ public void loginSucceeded(SamlSpSession session, ResponseHolder responseHolder)
{
- writeMessageToResponse("Login succeeded (" + session.getPrincipal().getNameId().getValue() + ")");
+ writeMessageToResponse("Login succeeded (" + session.getPrincipal().getNameId().getValue() + ")", responseHolder);
}
- public void globalLogoutFailed(String statusCode)
+ public void globalLogoutFailed(String statusCode, ResponseHolder responseHolder)
{
- writeMessageToResponse("Single logout failed");
+ writeMessageToResponse("Single logout failed", responseHolder);
}
- public void globalLogoutSucceeded()
+ public void globalLogoutSucceeded(ResponseHolder responseHolder)
{
- writeMessageToResponse("Single logout succeeded");
+ writeMessageToResponse("Single logout succeeded", responseHolder);
}
- public void loggedIn(SamlSpSession session, String url)
+ public void loggedIn(SamlSpSession session, String url, ResponseHolder responseHolder)
{
- writeMessageToResponse("Logged in unsolicited");
+ writeMessageToResponse("Logged in unsolicited", responseHolder);
}
- private void writeMessageToResponse(String message)
+ private void writeMessageToResponse(String message, ResponseHolder responseHolder)
{
try
{
@@ -95,10 +93,10 @@
}
@Dialogued
- public void handleGlobalLogout()
+ public void handleGlobalLogout(HttpServletResponse response)
{
SamlSpSession session = spApi.get().getSessions().iterator().next();
- spApi.get().globalLogout(session);
+ spApi.get().globalLogout(session, response);
}
public void loggedOut(SamlSpSession session)
Modified: modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/sp/SpTestServlet.java
===================================================================
--- modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/sp/SpTestServlet.java 2010-09-21 10:28:15 UTC (rev 13770)
+++ modules/security/trunk/external/src/test/java/org/jboss/seam/security/externaltest/integration/saml/sp/SpTestServlet.java 2010-09-21 12:35:01 UTC (rev 13771)
@@ -10,7 +10,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.jboss.seam.security.external.api.ResponseHolder;
import org.jboss.seam.security.externaltest.integration.MetaDataLoader;
@WebServlet(name = "SpTestServlet", urlPatterns = { "/testservlet" })
@@ -24,22 +23,18 @@
@Inject
private MetaDataLoader metaDataLoader;
- @Inject
- private ResponseHolder responseHolder;
-
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
- responseHolder.setResponse(response);
String command = request.getParameter("command");
if (command.equals("login"))
{
String idpEntityId = request.getParameter("idpEntityId");
- samlSpApplicationMock.login(idpEntityId);
+ samlSpApplicationMock.login(idpEntityId, response);
}
else if (command.equals("singleLogout"))
{
- samlSpApplicationMock.handleGlobalLogout();
+ samlSpApplicationMock.handleGlobalLogout(response);
}
else if (command.equals("getNrOfSessions"))
{
More information about the seam-commits
mailing list