Author: mposolda
Date: 2012-04-13 08:59:49 -0400 (Fri, 13 Apr 2012)
New Revision: 8689
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/OpenSSOCDLoginRedirectFilter.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/CDMessageContext.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/CDMessageParser.java
components/sso/trunk/agent/src/test/java/org/gatein/sso/agent/opensso/
components/sso/trunk/agent/src/test/java/org/gatein/sso/agent/opensso/TestParsingMessageFromCDC.java
Modified:
components/sso/trunk/
components/sso/trunk/agent/pom.xml
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/AbstractLogoutFilter.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/InitiateLoginFilter.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/LoginRedirectFilter.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java
components/sso/trunk/pom.xml
Log:
GTNSSO-9 Support for GateIn and OpenSSO in different domains
Property changes on: components/sso/trunk
___________________________________________________________________
Modified: svn:ignore
- *.iml
.idea
+ *.iml
*.ipr
*.iws
.idea
Modified: components/sso/trunk/agent/pom.xml
===================================================================
--- components/sso/trunk/agent/pom.xml 2012-04-12 08:43:26 UTC (rev 8688)
+++ components/sso/trunk/agent/pom.xml 2012-04-13 12:59:49 UTC (rev 8689)
@@ -75,6 +75,12 @@
<artifactId>picketlink-bindings-jboss</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <scope>test</scope>
+ </dependency>
+
</dependencies>
<build>
@@ -116,7 +122,7 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
- <skip>true</skip>
+ <skip>false</skip>
</configuration>
</plugin>
</plugins>
Modified:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/AbstractLogoutFilter.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/AbstractLogoutFilter.java 2012-04-12
08:43:26 UTC (rev 8688)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/AbstractLogoutFilter.java 2012-04-13
12:59:49 UTC (rev 8689)
@@ -21,6 +21,9 @@
*/
package org.gatein.sso.agent.filter;
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
+
import java.io.IOException;
import java.io.UnsupportedEncodingException;
@@ -39,11 +42,15 @@
public abstract class AbstractLogoutFilter implements Filter
{
protected String logoutUrl;
- private static final String fileEncoding =
System.getProperty("file.encoding");
+ private static final String fileEncoding =
System.getProperty("file.encoding");
+ private final Logger log = LoggerFactory.getLogger(this.getClass());
+
public void init(FilterConfig config) throws ServletException
{
this.logoutUrl = config.getInitParameter("LOGOUT_URL");
+
+ log.info("Reading filter configuration: logoutUrl=" + this.logoutUrl);
}
public void destroy()
Modified:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/InitiateLoginFilter.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/InitiateLoginFilter.java 2012-04-12
08:43:26 UTC (rev 8688)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/InitiateLoginFilter.java 2012-04-13
12:59:49 UTC (rev 8689)
@@ -14,6 +14,8 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
import org.gatein.sso.agent.cas.CASAgent;
import org.gatein.sso.agent.josso.JOSSOAgent;
import org.gatein.sso.agent.opensso.OpenSSOAgent;
@@ -24,11 +26,15 @@
*/
public class InitiateLoginFilter implements Filter
{
+ private static Logger log = LoggerFactory.getLogger(InitiateLoginFilter.class);
+ private static final int DEFAULT_MAX_NUMBER_OF_LOGIN_ERRORS = 3;
+
private String ssoServerUrl;
private String ssoCookieName;
private boolean casRenewTicket;
private String casServiceUrl;
private String loginUrl;
+ private int maxNumberOfLoginErrors;
public void init(FilterConfig filterConfig) throws ServletException
{
@@ -47,6 +53,16 @@
{
casServiceUrl = casServiceUrlConfig;
}
+
+ String maxNumberOfLoginErrorsConfig =
filterConfig.getInitParameter("maxNumberOfLoginErrors");
+ this.maxNumberOfLoginErrors = maxNumberOfLoginErrorsConfig == null ?
DEFAULT_MAX_NUMBER_OF_LOGIN_ERRORS : Integer.parseInt(maxNumberOfLoginErrorsConfig);
+
+ log.info("InitiateLoginFilter configuration: ssoServerUrl=" +
this.ssoServerUrl +
+ ", ssoCookieName=" + this.ssoCookieName +
+ ", loginUrl=" + this.loginUrl +
+ ", casRenewTicket=" + this.casRenewTicket +
+ ", casServiceUrl=" + this.casServiceUrl +
+ ", maxNumberOfLoginErrors=" + this.maxNumberOfLoginErrors);
}
public void doFilter(ServletRequest request, ServletResponse response,
@@ -57,8 +73,14 @@
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse)response;
- this.processSSOToken(req,resp);
-
+ this.processSSOToken(req,resp);
+
+ // Redirection can be already performed from processSSOToken call
+ if (resp.isCommitted())
+ {
+ return;
+ }
+
String portalContext = req.getContextPath();
if(req.getAttribute("abort") != null)
{
@@ -66,9 +88,10 @@
resp.sendRedirect(ssoRedirect);
return;
}
-
+
resp.sendRedirect(loginUrl);
- return;
+
+ return;
}
catch(Exception e)
{
@@ -101,13 +124,40 @@
try
{
//See if an OpenSSO Token was used
- OpenSSOAgent.getInstance(this.ssoServerUrl,
this.ssoCookieName).validateTicket(httpRequest);
+ OpenSSOAgent.getInstance(this.ssoServerUrl,
this.ssoCookieName).validateTicket(httpRequest, httpResponse);
}
- catch(IllegalStateException ilse)
+ catch (IllegalStateException ilse)
{
- //somehow cookie failed validation, retry by starting the opensso login
process again
- httpRequest.setAttribute("abort", Boolean.TRUE);
+ // Somehow cookie failed validation, retry by starting the opensso login
process again.
+ // To avoid infinite loop of redirects, we are tracking maximum number of
SSO errors for this client
+ int currentNumberOfErrors = getCountOfUnsuccessfulAttempts(httpRequest);
+ log.warn("Count of login errors: " + currentNumberOfErrors);
+
+ if (currentNumberOfErrors >= maxNumberOfLoginErrors)
+ {
+ log.warn("Max. number of login errors reached. Rethrowing
exception");
+ throw ilse;
+ }
+ else
+ {
+ httpRequest.setAttribute("abort", Boolean.TRUE);
+ }
}
}
- }
+ }
+
+ // Tracking maximum number of SSO errors for this client in session attribute
+ private int getCountOfUnsuccessfulAttempts(HttpServletRequest httpRequest)
+ {
+ Integer currentNumberOfErrors =
(Integer)httpRequest.getSession().getAttribute("InitiateLoginFilter.currentNumberOfErrors");
+ if (currentNumberOfErrors == null)
+ {
+ currentNumberOfErrors = 0;
+ }
+
+ currentNumberOfErrors = currentNumberOfErrors + 1;
+
httpRequest.getSession().setAttribute("InitiateLoginFilter.currentNumberOfErrors",
currentNumberOfErrors);
+
+ return currentNumberOfErrors;
+ }
}
Modified:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/LoginRedirectFilter.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/LoginRedirectFilter.java 2012-04-12
08:43:26 UTC (rev 8688)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/LoginRedirectFilter.java 2012-04-13
12:59:49 UTC (rev 8689)
@@ -21,6 +21,9 @@
*/
package org.gatein.sso.agent.filter;
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
+
import java.io.IOException;
import javax.servlet.Filter;
@@ -38,11 +41,13 @@
*/
public class LoginRedirectFilter implements Filter
{
- private String loginUrl;
+ String loginUrl;
+ private static final Logger log = LoggerFactory.getLogger(LoginRedirectFilter.class);
public void init(FilterConfig config) throws ServletException
{
this.loginUrl = config.getInitParameter("LOGIN_URL");
+ log.info("Filter configuration: loginUrl=" + loginUrl);
}
public void destroy()
@@ -58,13 +63,23 @@
boolean isLoginInProgress = this.isLoginInProgress(httpRequest);
if(isLoginInProgress)
{
- httpResponse.sendRedirect(this.loginUrl);
+ String urlToRedirect = getLoginRedirectURL(httpRequest);
+ urlToRedirect = httpResponse.encodeRedirectURL(urlToRedirect);
+ httpResponse.sendRedirect(urlToRedirect);
return;
}
chain.doFilter(request, response);
}
+
+ /**
+ * @return value of parameter loginUrl. But can be overriden by subclasses.
+ */
+ protected String getLoginRedirectURL(HttpServletRequest httpRequest)
+ {
+ return this.loginUrl;
+ }
private boolean isLoginInProgress(HttpServletRequest request)
{
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/OpenSSOCDLoginRedirectFilter.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/OpenSSOCDLoginRedirectFilter.java
(rev 0)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/OpenSSOCDLoginRedirectFilter.java 2012-04-13
12:59:49 UTC (rev 8689)
@@ -0,0 +1,123 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ *
+ */
+
+package org.gatein.sso.agent.filter;
+
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
+import org.gatein.sso.agent.opensso.OpenSSOAgent;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Locale;
+import java.util.Random;
+
+/**
+ * Filter is used for redirection to OpenSSO CDCServlet. It is intended to be used in
Cross-Domain authentication scenario
+ * when GateIn and OpenSSO servers are in different DNS domains.
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class OpenSSOCDLoginRedirectFilter extends LoginRedirectFilter
+{
+ private static final Logger log =
LoggerFactory.getLogger(OpenSSOCDLoginRedirectFilter.class);
+
+ private String openSSORealm;
+ private String agentUrl;
+
+ private Random random = new Random();
+ private SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd", new
Locale("en"));
+ private SimpleDateFormat timeFormat = new SimpleDateFormat("HH:mm:ss", new
Locale("en"));
+
+ @Override
+ public void init(FilterConfig config) throws ServletException
+ {
+ super.init(config);
+
+ this.openSSORealm = config.getInitParameter("OpenSSORealm");
+ this.agentUrl = config.getInitParameter("AgentUrl");
+ log.info("Filter configuration: loginUrl=" + loginUrl +
+ ", openSSORealm=" + openSSORealm +
+ ", agentUrl=" + agentUrl);
+ }
+
+ /**
+ * Constructs URL for redirection to OpenSSO CDCServlet.
+ * It will be something like:
+ *
http://localhost:8888/opensso/cdcservlet?realm=gatein&goto=http://ope...
+ *
ProviderID=http://opensso.local.network:8080/portal/initiatessologin/?Realm=ggatein
+ *
&RequestID=124&IssueInstant=2012-04-10T23:28:50Z&MajorVersion=1&MinorVersion=0
+ *
+ * @return url for redirection
+ */
+ @Override
+ protected String getLoginRedirectURL(HttpServletRequest httpRequest)
+ {
+ try
+ {
+ StringBuilder urlBuilder = new StringBuilder(loginUrl);
+ urlBuilder.append("?realm=").append(openSSORealm);
+ urlBuilder.append("&goto=").append(URLEncoder.encode(agentUrl,
"UTF-8"));
+
+ // We need to use Realm=g because of bug (or strange behaviour) of OpenAM, which
cuts first character of realmName during parsing
+ String providerId = agentUrl + "/?Realm=g" + openSSORealm;
+
urlBuilder.append("&ProviderID=").append(URLEncoder.encode(providerId,
"UTF-8"));
+
+ // Generate random number for parameter "inResponseTo" and save it to
session. This ID must be in response message in parameter "inResponseTo"
+ int requestId = random.nextInt(100000) + 1;
+ urlBuilder.append("&RequestID=").append(requestId);
+ httpRequest.getSession().setAttribute(OpenSSOAgent.IN_RESPONSE_TO_ATTR,
requestId);
+
+ String issueInstant = getFormattedDate();
+ urlBuilder.append("&IssueInstant=" +
URLEncoder.encode(issueInstant, "UTF-8"));
+
+ urlBuilder.append("&MajorVersion=1&MinorVersion=0");
+
+ String urlToRedirect = urlBuilder.toString();
+
+ if (log.isTraceEnabled())
+ {
+ log.trace("URL for redirection to CDCServlet: " + urlToRedirect);
+ }
+
+ return urlToRedirect;
+ }
+ catch (UnsupportedEncodingException uee)
+ {
+ throw new RuntimeException(uee);
+ }
+
+ }
+
+ private String getFormattedDate()
+ {
+ Date d = new Date();
+ return dateFormat.format(d) + "T" + timeFormat.format(d) +
"Z";
+ }
+
+}
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/CDMessageContext.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/CDMessageContext.java
(rev 0)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/CDMessageContext.java 2012-04-13
12:59:49 UTC (rev 8689)
@@ -0,0 +1,85 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ *
+ */
+
+package org.gatein.sso.agent.opensso;
+
+/**
+ * Encapsulate all important informations from SAML message received from OpenSSO
CDCServlet
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+class CDMessageContext
+{
+
+ private final Boolean success;
+ private final Integer inResponseTo;
+ private final String notBefore;
+ private final String notOnOrAfter;
+ private final String ssoToken;
+
+ public CDMessageContext(Boolean success, Integer inResponseTo, String notBefore,
+ String notOnOrAfter, String ssoToken)
+ {
+ this.success = success;
+ this.inResponseTo = inResponseTo;
+ this.notBefore = notBefore;
+ this.notOnOrAfter = notOnOrAfter;
+ this.ssoToken = ssoToken;
+ }
+
+ public Boolean getSuccess()
+ {
+ return success;
+ }
+
+ public Integer getInResponseTo()
+ {
+ return inResponseTo;
+ }
+
+ public String getNotBefore()
+ {
+ return notBefore;
+ }
+
+ public String getNotOnOrAfter()
+ {
+ return notOnOrAfter;
+ }
+
+ public String getSsoToken()
+ {
+ return ssoToken;
+ }
+
+ @Override
+ public String toString()
+ {
+ StringBuilder builder = new StringBuilder("CDMessageContext [
success=");
+ builder.append(success).append(", inResponseTo=").append(inResponseTo);
+ builder.append(", notBefore=").append(notBefore);
+ builder.append(", notOnOrAfter=").append(notOnOrAfter);
+ builder.append(", token=").append(ssoToken).append(" ]");
+ return builder.toString();
+ }
+}
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/CDMessageParser.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/CDMessageParser.java
(rev 0)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/CDMessageParser.java 2012-04-13
12:59:49 UTC (rev 8689)
@@ -0,0 +1,121 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ *
+ */
+
+package org.gatein.sso.agent.opensso;
+
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
+import org.gatein.common.util.Base64;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * Parsing of SAML message received from OpenSSO CDCServlet
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+class CDMessageParser
+{
+
+ private static final Logger log = LoggerFactory.getLogger(CDMessageParser.class);
+
+ private static final Pattern SAML_SUCCESS_PATTERN =
Pattern.compile("<samlp:StatusCode Value=(.*)>");
+ private static final Pattern SAML_DATE_CONDITIONS =
Pattern.compile("<saml:Conditions NotBefore=\"(.*)\"
NotOnOrAfter=\"(.*)\" >");
+ private static final Pattern IN_RESPONSE_TO_PATTERN =
Pattern.compile("InResponseTo=\"([0-9]*)\"");
+ private static final Pattern TOKEN_PATTERN =
Pattern.compile("<saml:NameIdentifier
.*>(.*)</saml:NameIdentifier>");
+
+ /**
+ *
+ * @param encodedInputMessage
+ * @return decoded and parsed object with all important informations from SAML
message
+ */
+ public CDMessageContext parseMessage(String encodedInputMessage)
+ {
+ String decodedMessage = decodeMessage(encodedInputMessage);
+
+ if (log.isTraceEnabled())
+ {
+ log.trace("Decoded message from CDCServlet: ");
+ log.trace(decodedMessage);
+ }
+
+ boolean success = false;
+ Matcher m = SAML_SUCCESS_PATTERN.matcher(decodedMessage);
+ if (m.find())
+ {
+ String group = m.group(1);
+ if (group.contains("samlp:Success"))
+ {
+ success = true;
+ }
+ }
+
+ String beforeDate = null;
+ String afterDate = null;
+ m = SAML_DATE_CONDITIONS.matcher(decodedMessage);
+ if (m.find())
+ {
+ beforeDate = m.group(1);
+ afterDate = m.group(2);
+ }
+
+ Integer inResponseTo = -1;
+ m = IN_RESPONSE_TO_PATTERN.matcher(decodedMessage);
+ if (m.find())
+ {
+ inResponseTo = Integer.parseInt(m.group(1));
+ }
+
+ String token = null;
+ m = TOKEN_PATTERN.matcher(decodedMessage);
+ if (m.find())
+ {
+ token = m.group(1);
+ }
+ // Token is URL encoded in OpenSSO and we need to decode it (not encoded in OpenAM
but we can decode in either case)
+ try
+ {
+ token = URLDecoder.decode(token, "UTF-8");
+ }
+ catch (UnsupportedEncodingException uee)
+ {
+ throw new RuntimeException(uee);
+ }
+
+ return new CDMessageContext(success, inResponseTo, beforeDate, afterDate, token);
+ }
+
+ /**
+ * @param encodedInputMessage
+ * @return decoded string, which represents SAML message received from CDCServlet
+ */
+ String decodeMessage(String encodedInputMessage)
+ {
+ byte[] bytes = Base64.decode(encodedInputMessage);
+ String decodedSamlMessage = new String(bytes);
+ return decodedSamlMessage;
+ }
+}
Modified:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java 2012-04-12
08:43:26 UTC (rev 8688)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java 2012-04-13
12:59:49 UTC (rev 8689)
@@ -21,30 +21,34 @@
*/
package org.gatein.sso.agent.opensso;
-import java.io.InputStream;
-import java.util.Properties;
-
-import org.apache.log4j.Logger;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.Cookie;
-
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;
-
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
import org.gatein.sso.agent.GenericAgent;
-import org.gatein.wci.security.Credentials;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
public class OpenSSOAgent extends GenericAgent
{
- private static Logger log = Logger.getLogger(OpenSSOAgent.class);
+ // HttpSession attribute, which will be used to check that response message from CDC
contains same ID of InResponseTo as the ID, which we used in OpenSSOCDLoginRedirectFilter
+ public static final String IN_RESPONSE_TO_ATTR =
"OpenSSOAgent.InResponseTo";
+
+ private static Logger log = LoggerFactory.getLogger(OpenSSOAgent.class);
private static OpenSSOAgent singleton;
private String cookieName;
private String serverUrl;
+
+ private CDMessageParser cdcMessageParser = new CDMessageParser();
private OpenSSOAgent(String serverUrl, String cookieName)
{
@@ -67,13 +71,20 @@
return OpenSSOAgent.singleton;
}
- public void validateTicket(HttpServletRequest httpRequest) throws Exception
- {
+ public void validateTicket(HttpServletRequest httpRequest, HttpServletResponse
httpResponse) throws Exception
+ {
+ // Start with processing message from CDCServlet if this message is available (it
should be in servlet request parameter "LARES")
+ if (tryMessageFromCDC(httpRequest, httpResponse))
+ {
+ return;
+ }
+
+ // Now cookie should be set and we can continue with cookie processing
String token = null;
Cookie[] cookies = httpRequest.getCookies();
if(cookies == null)
{
- return;
+ return;
}
for(Cookie cookie: cookies)
@@ -87,7 +98,7 @@
if(token == null)
{
- throw new IllegalStateException("No SSO Tokens Found");
+ throwIllegalStateException("No SSO Tokens Found");
}
if(token != null)
@@ -96,7 +107,7 @@
if(!isValid)
{
- throw new IllegalStateException("OpenSSO Token is not valid!!");
+ throwIllegalStateException("OpenSSO Token is not valid!!");
}
String subject = this.getSubject(token);
@@ -105,7 +116,92 @@
this.saveSSOCredentials(subject, httpRequest);
}
}
- }
+ }
+
+ /**
+ * This method is useful only for Cross-Domain (CD) authentication scenario when
GateIn and OpenSSO are in different DNS domains and they can't share cookie.
+ *
+ * It performs:
+ * <li>Parse and validate message from OpenSSO CDCServlet.</li>
+ * <li>Use ssoToken from parsed message and establish OpenSSO cookie
iPlanetDirectoryPro</li>
+ * <li>Redirects to InitiateLoginFilter but with cookie established. So in next
request, we can perform agent validation against OpenSSO server</li>
+ *
+ * @param httpRequest
+ * @param httpResponse
+ * @return true if parameter LARES with message from CDC is present in
HttpServletRequest
+ * @throws IOException
+ */
+ protected boolean tryMessageFromCDC(HttpServletRequest httpRequest,
HttpServletResponse httpResponse) throws IOException
+ {
+ String encodedCDCMessage = httpRequest.getParameter("LARES");
+
+ if (encodedCDCMessage == null)
+ {
+ if (log.isTraceEnabled())
+ {
+ log.trace("Message from CDC not found in this
HttpServletRequest");
+ }
+ return false;
+ }
+
+ CDMessageContext messageContext =
cdcMessageParser.parseMessage(encodedCDCMessage);
+ if (log.isTraceEnabled())
+ {
+ log.trace("Successfully parsed messageContext " + messageContext);
+ }
+
+ // Validate received messageContext
+ validateCDMessageContext(httpRequest, messageContext);
+
+ // Establish cookie with ssoToken
+ String ssoToken = messageContext.getSsoToken();
+ Cookie cookie = new Cookie(cookieName, "\"" + ssoToken +
"\"");
+ cookie.setPath(httpRequest.getContextPath());
+ httpResponse.addCookie(cookie);
+ if (log.isTraceEnabled())
+ {
+ log.trace("Cookie " + cookieName + " with value " + ssoToken
+ " added to HttpResponse");
+ }
+
+ // Redirect again this request to be processed by OpenSSOAgent. Now we have cookie
established
+ String urlToRedirect =
httpResponse.encodeRedirectURL(httpRequest.getRequestURI());
+ httpResponse.sendRedirect(urlToRedirect);
+
+ return true;
+ }
+
+
+ /**
+ * Validation of various criterias in {@link CDMessageContext}
+ *
+ * @param httpRequest
+ * @param context
+ */
+ protected void validateCDMessageContext(HttpServletRequest httpRequest,
CDMessageContext context)
+ {
+ // First validate if context contains success
+ if (!context.getSuccess())
+ {
+ throwIllegalStateException("CDMessageContext contains success=false. Check
SAML message from CDCServlet");
+ }
+
+ // Now validate inResponseTo
+ Integer inResponseToFromCDC = context.getInResponseTo();
+ Integer inResponseToFromSession =
(Integer)httpRequest.getSession().getAttribute(IN_RESPONSE_TO_ATTR);
+ if (inResponseToFromSession == null || inResponseToFromCDC == null ||
!inResponseToFromCDC.equals(inResponseToFromSession))
+ {
+ throwIllegalStateException("inResponseTo from CDC message is " +
inResponseToFromCDC + ", inResponseTo from Http session is " +
inResponseToFromSession + ". Both should have same value");
+ }
+
+ // TODO: validate dates notBefore and notOnOrAfter
+
+ // Validate that token is present
+ if (context.getSsoToken() == null)
+ {
+ throwIllegalStateException("No token found in CDMessageContext. Check SAML
message from CDCServlet");
+ }
+ }
+
//-------------------------------------------------------------------------------------------------------------------------------------------------------------------
private boolean isTokenValid(String token) throws Exception
{
@@ -218,4 +314,12 @@
}
}
}
+
+ private void throwIllegalStateException(String message)
+ {
+ log.warn(message);
+ IllegalStateException ise = new IllegalStateException(message);
+ throw ise;
+ }
+
}
Added:
components/sso/trunk/agent/src/test/java/org/gatein/sso/agent/opensso/TestParsingMessageFromCDC.java
===================================================================
---
components/sso/trunk/agent/src/test/java/org/gatein/sso/agent/opensso/TestParsingMessageFromCDC.java
(rev 0)
+++
components/sso/trunk/agent/src/test/java/org/gatein/sso/agent/opensso/TestParsingMessageFromCDC.java 2012-04-13
12:59:49 UTC (rev 8689)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ *
+ */
+
+package org.gatein.sso.agent.opensso;
+
+import junit.framework.TestCase;
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class TestParsingMessageFromCDC extends TestCase
+{
+ private static Logger log = LoggerFactory.getLogger(TestParsingMessageFromCDC.class);
+
+ // SSO token is not URL encoded in OpenAM
+ private static final String TEST_MESSAGE_OPENAM =
"PGxpYjpBdXRoblJlc3BvbnNlIHhtbG5zOmxpYj0iaHR0cDovL3Byb2plY3RsaWJlcnR5Lm9yZy9zY2hlbWFzL2NvcmUvMjAwMi8xMiIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDpwcm90b2NvbCIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFJlc3BvbnNlSUQ9InNmYWMwNTU4MmJkMmMwNzgwZTg3Yjc3YTUzOTkxNjYxOTA3ZTk1ZDdhIiAgSW5SZXNwb25zZVRvPSIxMjQiIE1ham9yVmVyc2lvbj0iMSIgTWlub3JWZXJzaW9uPSIwIiBJc3N1ZUluc3RhbnQ9IjIwMTItMDQtMTJUMDc6NDY6MTVaIj48c2FtbHA6U3RhdHVzPgo8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0ic2FtbHA6U3VjY2VzcyI+Cjwvc2FtbHA6U3RhdHVzQ29kZT4KPC9zYW1scDpTdGF0dXM+CjxzYW1sOkFzc2VydGlvbiAgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgIHhtbG5zOmxpYj0iaHR0cDovL3Byb2plY3RsaWJlcnR5Lm9yZy9zY2hlbWFzL2NvcmUvMjAwMi8xMiIgIG!
lkPSJzYTMxOWVmZTljNGQzYzUyNDQwNzRhMmFjMTg1MmY4MWJhYWNjYjE0NzAxIiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCIgQXNzZXJ0aW9uSUQ9InNhMzE5ZWZlOWM0ZDNjNTI0NDA3NGEyYWMxODUyZjgxYmFhY2NiMTQ3MDEiIElzc3Vlcj0iaHR0cDovL2xvY2FsaG9zdDo4ODg4L29wZW5zc28vY2Rjc2VydmxldCIgSXNzdWVJbnN0YW50PSIyMDEyLTA0LTEyVDA3OjQ2OjE1WiIgSW5SZXNwb25zZVRvPSIxMjQiIHhzaTp0eXBlPSJsaWI6QXNzZXJ0aW9uVHlwZSI+CjxzYW1sOkNvbmRpdGlvbnMgIE5vdEJlZm9yZT0iMjAxMi0wNC0xMlQwNzo0NjoxNVoiIE5vdE9uT3JBZnRlcj0iMjAxMi0wNC0xMlQwNzo0NzoxNVoiID4KPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbkNvbmRpdGlvbj4KPHNhbWw6QXVkaWVuY2U+aHR0cDovL2pvc3NvLTAxLmxvY2FsLm5ldHdvcms6ODA4MC9wb3J0YWwvaW5pdGlhdGVzc29sb2dpbi8/UmVhbG09Z2dhdGVpbjwvc2FtbDpBdWRpZW5jZT4KPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb25Db25kaXRpb24+Cjwvc2FtbDpDb25kaXRpb25zPgo8c2FtbDpBdXRoZW50aWNhdGlvblN0YXRlbWVudCAgQXV0aGVudGljYXRpb25NZXRob2Q9IkF1dGhlbnRpY2F0aW9uUGx1Z2luIiBBdXRoZW50aWNhdGlvbkluc3RhbnQ9IjIwMTItMDQtMTJUMDc6NDY6MTVaIiBSZWF1dGhlbnRpY2F0ZU9uT3JBZnRlcj0iMjAxMi0wNC0xMlQwNzo0NzoxNVoiIHhzaTp0eXBlPSJsaW!
I6QXV0aGVudGljYXRpb25TdGF0ZW1lbnRUeXBlIj48c2FtbDpTdWJqZWN0ICAg!
eHNpOnR5
cGU9ImxpYjpTdWJqZWN0VHlwZSI+PHNhbWw6TmFtZUlkZW50aWZpZXIgTmFtZVF1YWxpZmllcj0iaHR0cDovL2xvY2FsaG9zdDo4ODg4L29wZW5zc28vY2Rjc2VydmxldCI+QVFJQzV3TTJMWTRTZmN3QU42aGppak9DUE8xdTdVdXJFbjlEdnFGWEt6d0ZzaTAuKkFBSlRTUUFDTURFLio8L3NhbWw6TmFtZUlkZW50aWZpZXI+CjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24+CjxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206YmVhcmVyPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CjxsaWI6SURQUHJvdmlkZWROYW1lSWRlbnRpZmllciAgTmFtZVF1YWxpZmllcj0iaHR0cDovL2xvY2FsaG9zdDo4ODg4L29wZW5zc28vY2Rjc2VydmxldCIgPkFRSUM1d00yTFk0U2Zjd0FONmhqaWpPQ1BPMXU3VXVyRW45RHZxRlhLendGc2kwLipBQUpUU1FBQ01ERS4qPC9saWI6SURQUHJvdmlkZWROYW1lSWRlbnRpZmllcj4KPC9zYW1sOlN1YmplY3Q+PHNhbWw6U3ViamVjdExvY2FsaXR5ICBJUEFkZHJlc3M9IjEyNy4wLjAuMSIgRE5TQWRkcmVzcz0ibG9jYWxob3N0IiAvPjxsaWI6QXV0aG5Db250ZXh0PjxsaWI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+aHR0cDovL3d3dy5wcm9qZWN0bGliZXJ0eS5vcmcvc2NoZW1hcy9hdXRoY3R4L2NsYXNzZXMvUGFzc3dvcmQ8L2xpYjpBdXRobkNvbnRleHRDbGFzc1JlZj48bGliOkF1dGhuQ!
29udGV4dFN0YXRlbWVudFJlZj5odHRwOi8vd3d3LnByb2plY3RsaWJlcnR5Lm9yZy9zY2hlbWFzL2F1dGhjdHgvY2xhc3Nlcy9QYXNzd29yZDwvbGliOkF1dGhuQ29udGV4dFN0YXRlbWVudFJlZj48L2xpYjpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhlbnRpY2F0aW9uU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+CjxsaWI6UHJvdmlkZXJJRD5odHRwOi8vbG9jYWxob3N0Ojg4ODgvb3BlbnNzby9jZGNzZXJ2bGV0PC9saWI6UHJvdmlkZXJJRD48L2xpYjpBdXRoblJlc3BvbnNlPgo=";
+
+ // SSO token is URL encoded in OpenSSO
+ private static final String TEST_MESSAGE_OPENSSO =
"PGxpYjpBdXRoblJlc3BvbnNlIHhtbG5zOmxpYj0iaHR0cDovL3Byb2plY3RsaWJlcnR5Lm9yZy9zY2hlbWFzL2NvcmUvMjAwMi8xMiIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDpwcm90b2NvbCIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFJlc3BvbnNlSUQ9InNmZTNjNWI5MzIwZDA5MjM5MGUxYmJjMmE0MzE4NzcwM2NkOTM0NDY1IiAgSW5SZXNwb25zZVRvPSI0NzU3MyIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIElzc3VlSW5zdGFudD0iMjAxMi0wNC0xMlQyMjoxMTo0MloiPjxzYW1scDpTdGF0dXM+CjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJzYW1scDpTdWNjZXNzIj4KPC9zYW1scDpTdGF0dXNDb2RlPgo8L3NhbWxwOlN0YXR1cz4KPHNhbWw6QXNzZXJ0aW9uICB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6YXNzZXJ0aW9uIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAgeG1sbnM6bGliPSJodHRwOi8vcHJvamVjdGxpYmVydHkub3JnL3NjaGVtYXMvY29yZS8yMDAyLzEyI!
iAgaWQ9InNmMzQ3NTgzODZhMWNjYjI2YmVjMzc4ZjQxM2U1ZDE1MGU4MDMzYWQyMDEiIE1ham9yVmVyc2lvbj0iMSIgTWlub3JWZXJzaW9uPSIwIiBBc3NlcnRpb25JRD0ic2YzNDc1ODM4NmExY2NiMjZiZWMzNzhmNDEzZTVkMTUwZTgwMzNhZDIwMSIgSXNzdWVyPSJodHRwOi8vbG9jYWxob3N0Ojg4ODgvb3BlbnNzby9jZGNzZXJ2bGV0IiBJc3N1ZUluc3RhbnQ9IjIwMTItMDQtMTJUMjI6MTE6NDJaIiBJblJlc3BvbnNlVG89IjQ3NTczIiB4c2k6dHlwZT0ibGliOkFzc2VydGlvblR5cGUiPgo8c2FtbDpDb25kaXRpb25zICBOb3RCZWZvcmU9IjIwMTItMDQtMTJUMjI6MTE6NDJaIiBOb3RPbk9yQWZ0ZXI9IjIwMTItMDQtMTJUMjI6MTI6NDJaIiA+CjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb25Db25kaXRpb24+CjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9qb3Nzby0wMS5sb2NhbC5uZXR3b3JrOjgwODAvcG9ydGFsL2luaXRpYXRlc3NvbG9naW4vP1JlYWxtPWdnYXRlaW48L3NhbWw6QXVkaWVuY2U+Cjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uQ29uZGl0aW9uPgo8L3NhbWw6Q29uZGl0aW9ucz4KPHNhbWw6QXV0aGVudGljYXRpb25TdGF0ZW1lbnQgIEF1dGhlbnRpY2F0aW9uTWV0aG9kPSJBdXRoZW50aWNhdGlvblBsdWdpbiIgQXV0aGVudGljYXRpb25JbnN0YW50PSIyMDEyLTA0LTEyVDIyOjExOjQyWiIgUmVhdXRoZW50aWNhdGVPbk9yQWZ0ZXI9IjIwMTItMDQtMTJUMjI6MTI6NDJaIiB4c2k6dHlwZ!
T0ibGliOkF1dGhlbnRpY2F0aW9uU3RhdGVtZW50VHlwZSI+PHNhbWw6U3ViamV!
jdCAgIHh
zaTp0eXBlPSJsaWI6U3ViamVjdFR5cGUiPjxzYW1sOk5hbWVJZGVudGlmaWVyIE5hbWVRdWFsaWZpZXI9Imh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC9vcGVuc3NvL2NkY3NlcnZsZXQiPkFRSUM1d00yTFk0U2ZjeUVQJTJGTjVsOUljQ3F5WXhtY01yUlBMVDY3azFEZUlDTmclM0QlNDBBQUpUU1FBQ01ERSUzRCUyMzwvc2FtbDpOYW1lSWRlbnRpZmllcj4KPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KPHNhbWw6Q29uZmlybWF0aW9uTWV0aG9kPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDpjbTpiZWFyZXI8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgo8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KPGxpYjpJRFBQcm92aWRlZE5hbWVJZGVudGlmaWVyICBOYW1lUXVhbGlmaWVyPSJodHRwOi8vbG9jYWxob3N0Ojg4ODgvb3BlbnNzby9jZGNzZXJ2bGV0IiA+QVFJQzV3TTJMWTRTZmN5RVAlMkZONWw5SWNDcXlZeG1jTXJSUExUNjdrMURlSUNOZyUzRCU0MEFBSlRTUUFDTURFJTNEJTIzPC9saWI6SURQUHJvdmlkZWROYW1lSWRlbnRpZmllcj4KPC9zYW1sOlN1YmplY3Q+PHNhbWw6U3ViamVjdExvY2FsaXR5ICBJUEFkZHJlc3M9IjEyNy4wLjAuMSIgRE5TQWRkcmVzcz0ibG9jYWxob3N0IiAvPjxsaWI6QXV0aG5Db250ZXh0PjxsaWI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+aHR0cDovL3d3dy5wcm9qZWN0bGliZXJ0eS5vcmcvc2NoZW1hcy9hdXRoY3R4L2NsYXNzZXMvUGFzc3dvcmQ8L2xpYjpBdXRobkNv!
bnRleHRDbGFzc1JlZj48bGliOkF1dGhuQ29udGV4dFN0YXRlbWVudFJlZj5odHRwOi8vd3d3LnByb2plY3RsaWJlcnR5Lm9yZy9zY2hlbWFzL2F1dGhjdHgvY2xhc3Nlcy9QYXNzd29yZDwvbGliOkF1dGhuQ29udGV4dFN0YXRlbWVudFJlZj48L2xpYjpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhlbnRpY2F0aW9uU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+CjxsaWI6UHJvdmlkZXJJRD5odHRwOi8vbG9jYWxob3N0Ojg4ODgvb3BlbnNzby9jZGNzZXJ2bGV0PC9saWI6UHJvdmlkZXJJRD48L2xpYjpBdXRoblJlc3BvbnNlPgo=";
+
+
+ public void testParsingOpenAMMessage() throws Exception
+ {
+ parseMessageAndTest(TEST_MESSAGE_OPENAM, 124, "2012-04-12T07:46:15Z",
"2012-04-12T07:47:15Z",
"AQIC5wM2LY4SfcwAN6hjijOCPO1u7UurEn9DvqFXKzwFsi0.*AAJTSQACMDE.*");
+ }
+
+ public void testParsingOpenSSOMessage() throws Exception
+ {
+ parseMessageAndTest(TEST_MESSAGE_OPENSSO, 47573, "2012-04-12T22:11:42Z",
"2012-04-12T22:12:42Z",
"AQIC5wM2LY4SfcyEP/N5l9IcCqyYxmcMrRPLT67k1DeICNg=@AAJTSQACMDE=#");
+ }
+
+
+ private void parseMessageAndTest(String inputMessage, int expectedInResponseTo, String
expectedNotBefore, String expectedNotOnOrAfter, String expectedToken) throws Exception
+ {
+ log.info("Test parsing message from CDCServlet");
+
+ CDMessageParser messageParser = new CDMessageParser();
+ String message = messageParser.decodeMessage(inputMessage);
+
+ log.info("Message from CDCServlet is:");
+ log.info(message);
+
+ CDMessageContext messageContext = messageParser.parseMessage(inputMessage);
+
+ assertTrue(messageContext.getSuccess());
+ assertTrue(messageContext.getInResponseTo() == expectedInResponseTo);
+ assertEquals(messageContext.getNotBefore(), expectedNotBefore);
+ assertEquals(messageContext.getNotOnOrAfter(), expectedNotOnOrAfter);
+ assertEquals(messageContext.getSsoToken(), expectedToken);
+ }
+}
Modified: components/sso/trunk/pom.xml
===================================================================
--- components/sso/trunk/pom.xml 2012-04-12 08:43:26 UTC (rev 8688)
+++ components/sso/trunk/pom.xml 2012-04-13 12:59:49 UTC (rev 8689)
@@ -56,6 +56,7 @@
<version.jboss.logging>2.0.5.GA</version.jboss.logging>
<version.apache.logging>1.0.4-jboss</version.apache.logging>
<version.commons-logging>1.0.4</version.commons-logging>
+ <version.slf4j>1.5.8</version.slf4j>
<!-- cas -->
<version.cas>3.3.4</version.cas>
@@ -255,6 +256,11 @@
<artifactId>commons-logging</artifactId>
<version>${version.commons-logging}</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>${version.slf4j}</version>
+ </dependency>
<!-- httpclient -->
<dependency>