Author: owulff
Date: Fri Feb 3 09:31:18 2012
New Revision: 1240038
URL: http://svn.apache.org/viewvc?rev=1240038&view=rev
Log:
[CXF-4082] Wrong realm calculation for relying party applications deployed in
root context
Modified:
cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Modified:
cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java?rev=1240038&r1=1240037&r2=1240038&view=diff
==============================================================================
---
cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
(original)
+++
cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Fri Feb 3 09:31:18 2012
@@ -3,6 +3,7 @@ package org.apache.cxf.fediz.tomcat;
import java.io.File;
import java.io.IOException;
import java.net.URI;
+import java.net.URL;
import java.net.URLEncoder;
import java.security.Principal;
import java.util.ArrayList;
@@ -30,68 +31,68 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
public class FederationAuthenticator extends FormAuthenticator {
-
- //[TODO] Expired token
-
+
+ //[TODO] Expired token
+
private static final Log log = LogFactory.getLog(FormAuthenticator.class);
-
+
/**
* Descriptive information about this implementation.
*/
protected static final String info =
"org.apache.cxf.fediz.tomcat.WsFedAuthenticator/1.0";
-
+
public static final String FEDERATION_NOTE =
"org.apache.cxf.fediz.tomcat.FEDERATION";
-
+
public static final String SECURITY_TOKEN =
"org.apache.fediz.SECURITY_TOKEN";
-
+
/**
* IssuerURL
*/
protected String issuerURL = null;
-
+
/**
* Requested Authentication type.
* See org.apache.cxf.fediz.tomcat.WsFedConstants.AUTH_TYPE_*
*/
protected URI authenticationType = null;
-
+
/**
* Trusted Issuer Name
*/
protected String trustedIssuer = null;
-
-
+
+
/**
* Truststore file
*/
protected String truststoreFile = null;
-
- /**
+
+ /**
* Truststore password
*/
protected String truststorePassword = null;
-
- /**
+
+ /**
* Role URI in Claim
*/
protected String roleClaimURI = null;
-
+
/**
* Role delimiter in claim value
*/
protected String roleDelimiter = ",";
-
-
- public FederationAuthenticator() {
- log.debug("WsFedAuthenticator()");
- }
-
+
+
+ public FederationAuthenticator() {
+ log.debug("WsFedAuthenticator()");
+ }
+
/**
* Return descriptive information about this Valve implementation.
*/
@@ -99,24 +100,24 @@ public class FederationAuthenticator ext
public String getInfo() {
return (info);
}
-
-
+
+
/**
* Return the character encoding to use to read the username and password.
*/
public String getIssuerURL() {
return issuerURL;
}
-
+
/**
* Set the character encoding to be used to read the username and
password.
*/
public void setIssuerURL(String issuerURL) {
- this.issuerURL = issuerURL;
+ this.issuerURL = issuerURL;
}
-
-
+
+
/**
* Return the requested authentication type.
*/
@@ -128,27 +129,27 @@ public class FederationAuthenticator ext
* Set the requested authentication type.
*/
public void setAuthenticationType(String authenticationType) {
- FederationConstants.AUTH_TYPE_MAP.containsKey(authenticationType);
- this.authenticationType =
FederationConstants.AUTH_TYPE_MAP.get(authenticationType);
+ FederationConstants.AUTH_TYPE_MAP.containsKey(authenticationType);
+ this.authenticationType =
FederationConstants.AUTH_TYPE_MAP.get(authenticationType);
}
-
+
public String getTruststorePassword() {
- return truststorePassword;
- }
+ return truststorePassword;
+ }
+
+ public void setTruststorePassword(String truststorePassword) {
+ this.truststorePassword = truststorePassword;
+ }
+
- public void setTruststorePassword(String truststorePassword) {
- this.truststorePassword = truststorePassword;
- }
-
-
public String getTruststoreFile() {
- return truststoreFile;
- }
+ return truststoreFile;
+ }
+
+ public void setTruststoreFile(String truststoreFile) {
+ this.truststoreFile = truststoreFile;
+ }
- public void setTruststoreFile(String truststoreFile) {
- this.truststoreFile = truststoreFile;
- }
-
/**
*
*/
@@ -160,9 +161,9 @@ public class FederationAuthenticator ext
*
*/
public void setRoleClaimURI(String roleClaimURI) {
- this.roleClaimURI = roleClaimURI;
+ this.roleClaimURI = roleClaimURI;
}
-
+
/**
*
*/
@@ -174,10 +175,10 @@ public class FederationAuthenticator ext
*
*/
public void setRoleDelimiter(String roleDelimiter) {
- this.roleDelimiter = roleDelimiter;
+ this.roleDelimiter = roleDelimiter;
}
-
-
+
+
/**
*
*/
@@ -189,25 +190,25 @@ public class FederationAuthenticator ext
*
*/
public void setTrustedIssuer(String trustedIssuer) {
- this.trustedIssuer = trustedIssuer;
+ this.trustedIssuer = trustedIssuer;
}
-
-
-
+
+
+
@Override
public void invoke(Request request, Response response)
- throws IOException, ServletException {
-
- log.debug("WsFedAuthenticator:invoke()");
- super.invoke(request, response);
-
- }
-
- @Override
- public boolean authenticate(Request request, HttpServletResponse
response,
- LoginConfig config) throws IOException {
+ throws IOException, ServletException {
+
+ log.debug("WsFedAuthenticator:invoke()");
+ super.invoke(request, response);
+
+ }
+
+ @Override
+ public boolean authenticate(Request request, HttpServletResponse response,
+ LoginConfig config) throws IOException {
- log.debug("authenticate invoked");
+ log.debug("authenticate invoked");
// References to objects we will need later
Session session = null;
@@ -217,34 +218,34 @@ public class FederationAuthenticator ext
if (principal != null) {
if (log.isDebugEnabled())
log.debug("Already authenticated '" +
- principal.getName() + "'");
+ principal.getName() + "'");
// Associate the session with any existing SSO session
/*
if (ssoId != null)
associate(ssoId, request.getSessionInternal(true));
*/
-
+
// Check whether security token still valid
session = request.getSessionInternal();
if (session == null) {
- log.debug("Session should not be null after authentication");
+ log.debug("Session should not be null after authentication");
} else {
- FederationResponse wfRes =
(FederationResponse)session.getNote(FEDERATION_NOTE);
-
- Date tokenExpires = wfRes.getTokenExpires();
- if (tokenExpires == null) {
- log.debug("Token doesn't expire");
- return (true);
- }
- Calendar cal = Calendar.getInstance();
- if ( cal.getTime().after(wfRes.getTokenExpires()) ) {
- log.debug("Token already expired. Clean up and
redirect");
-
- session.removeNote(FEDERATION_NOTE);
- session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
- session.setPrincipal(null);
- request.getSession().removeAttribute(SECURITY_TOKEN);
-
+ FederationResponse wfRes =
(FederationResponse)session.getNote(FEDERATION_NOTE);
+
+ Date tokenExpires = wfRes.getTokenExpires();
+ if (tokenExpires == null) {
+ log.debug("Token doesn't expire");
+ return (true);
+ }
+ Calendar cal = Calendar.getInstance();
+ if ( cal.getTime().after(wfRes.getTokenExpires()) ) {
+ log.debug("Token already expired. Clean up and redirect");
+
+ session.removeNote(FEDERATION_NOTE);
+ session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
+ session.setPrincipal(null);
+ request.getSession().removeAttribute(SECURITY_TOKEN);
+
if (log.isDebugEnabled())
log.debug("Save request in session '" +
session.getIdInternal() + "'");
try {
@@ -256,11 +257,11 @@ public class FederationAuthenticator ext
return (false);
}
redirectToLoginPage(request, response, config);
-
- return (false);
- }
+
+ return (false);
+ }
}
-
+
return (true);
}
@@ -270,13 +271,13 @@ public class FederationAuthenticator ext
session = request.getSessionInternal(true);
if (log.isDebugEnabled())
log.debug("Restore request from session '"
- + session.getIdInternal()
- + "'");
+ + session.getIdInternal()
+ + "'");
principal =
(Principal)session.getNote(Constants.FORM_PRINCIPAL_NOTE);
register(request, response, principal,
FederationConstants.WSFED_METHOD,
null,
null);
-
+
if (restoreRequest(request, session)) {
if (log.isDebugEnabled())
log.debug("Proceed to restored request");
@@ -290,17 +291,17 @@ public class FederationAuthenticator ext
}
// Acquire references to objects we will need to evaluate
-/*
+ /*
MessageBytes uriMB = MessageBytes.newInstance();
CharChunk uriCC = uriMB.getCharChunk();
uriCC.setLimit(-1);
-*/
+ */
//String contextPath = request.getContextPath();
String requestURI = request.getDecodedRequestURI();
-
+
String wa = request.getParameter("wa");
- // Unauthenticated -> redirect
+ // Unauthenticated -> redirect
if (wa == null) {
session = request.getSessionInternal(true);
if (log.isDebugEnabled())
@@ -316,120 +317,120 @@ public class FederationAuthenticator ext
redirectToLoginPage(request, response, config);
return (false);
}
-
+
// Check whether it is the signin request, validate the token.
// If failed, redirect to the error page if they are not correct
String wresult = request.getParameter("wresult");
FederationResponse wfRes = null;
- if ( wa.equals(FederationConstants.ACTION_SIGNIN) ) {
- if (log.isDebugEnabled())
+ if ( wa.equals(FederationConstants.ACTION_SIGNIN) ) {
+ if (log.isDebugEnabled())
log.debug("SignIn request found");
- log.debug("SignIn action...");
-
- if (wresult == null) {
- if (log.isDebugEnabled())
- log.debug("SignIn request must contain
wresult");
-
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return (false);
- }
- else {
- request.getResponse().sendAcknowledgement();
- //processSignInRequest
- if (log.isDebugEnabled()){
- log.debug("Process SignIn request");
- log.debug("wresult=\n" + wresult);
- }
-
- FederationRequest wfReq = new
FederationRequest();
- wfReq.setWa(wa);
- wfReq.setWresult(wresult);
- //wfReq.setWtrealm(wtrealm);
-
- FederationConfiguration fedConfig = new
FederationConfiguration();
-
fedConfig.setTrustedIssuer(this.getTrustedIssuer());
-
fedConfig.setRoleDelimiter(this.getRoleDelimiter());
- if (this.getRoleClaimURI() == null ||
this.getRoleClaimURI().length() == 0) {
-
fedConfig.setRoleURI(FederationConstants.DEFAULT_ROLE_URI);
- }
- else {
-
fedConfig.setRoleURI(URI.create(this.getRoleClaimURI()));
- }
-
-
- if (this.getTruststoreFile() == null ||
this.getTruststoreFile().length() == 0) {
- log.error("Truststore file
configuration must be checked before redirect to IDP");
- //TODO would an exception not be the
better solution here ?
- return false;
- }
- if (this.getTruststorePassword() == null ||
this.getTruststorePassword().length() == 0) {
- log.error("Truststore password
configuration must be checked before redirect to IDP");
- //TODO would an exception not be the
better solution here ?
- return false;
- }
- else {
- if ( (new
File(getTruststoreFile())).exists() ) {
-
fedConfig.setTrustStoreFile(this.getTruststoreFile());
- } else {
- String catalinaHome =
System.getProperty("catalina.home");
- if (catalinaHome != null &&
catalinaHome.length() > 0) {
-
- String fqTruststoreFile
= catalinaHome.concat(File.separator + getTruststoreFile());
-
this.setTruststoreFile(fqTruststoreFile);
-
fedConfig.setTrustStoreFile(this.getTruststoreFile());
- }
- else {
- log.error("Truststore
file configuration not valid");
- return false;
- }
- }
-
-
fedConfig.setTrustStoreFile(this.getTruststoreFile());
-
fedConfig.setTrustStorePassword(this.getTruststorePassword());
- if (log.isDebugEnabled()) {
- log.debug("Truststore file: " +
fedConfig.getTrustStoreFile());
- log.debug("Truststore password:
" + fedConfig.getTrustStorePassword());
- }
- }
-
-
- FederationProcessor wfProc = new
FederationProcessorImpl();
- wfRes = wfProc.processRequest(wfReq, fedConfig);
-
- if ( wfRes.getAudience() != null &&
request.getRequestURL().indexOf(wfRes.getAudience()) == -1 ) {
- log.debug("Audience doesn't match with
request URL [" + wfRes.getAudience() + "] [" + request.getRequestURL() + "]");
- }
-
- List<String> roles = wfRes.getRoles();
- if (roles == null || roles.size() == 0) {
- roles = new ArrayList<String>();
- roles.add(new String("Authenticated"));
- }
-
- principal = new
FederationPrincipal(wfRes.getUsername(), roles, wfRes.getClaims());
-
- //[TODO] Cache lifetime (in session), token (in
session/TLS), ?audience?
- //[TODO] clocksqew
- }
- }
- else {
- log.error("Not supported action found in parameter wa:
" + wa);
- response.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return (false);
- }
+ log.debug("SignIn action...");
+
+ if (wresult == null) {
+ if (log.isDebugEnabled())
+ log.debug("SignIn request must contain wresult");
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return (false);
+ }
+ else {
+ request.getResponse().sendAcknowledgement();
+ //processSignInRequest
+ if (log.isDebugEnabled()){
+ log.debug("Process SignIn request");
+ log.debug("wresult=\n" + wresult);
+ }
+
+ FederationRequest wfReq = new FederationRequest();
+ wfReq.setWa(wa);
+ wfReq.setWresult(wresult);
+ //wfReq.setWtrealm(wtrealm);
+
+ FederationConfiguration fedConfig = new
FederationConfiguration();
+ fedConfig.setTrustedIssuer(this.getTrustedIssuer());
+ fedConfig.setRoleDelimiter(this.getRoleDelimiter());
+ if (this.getRoleClaimURI() == null ||
this.getRoleClaimURI().length() == 0) {
+ fedConfig.setRoleURI(FederationConstants.DEFAULT_ROLE_URI);
+ }
+ else {
+ fedConfig.setRoleURI(URI.create(this.getRoleClaimURI()));
+ }
+
+
+ if (this.getTruststoreFile() == null ||
this.getTruststoreFile().length() == 0) {
+ log.error("Truststore file configuration must be checked
before redirect to IDP");
+ //TODO would an exception not be the better solution here ?
+ return false;
+ }
+ if (this.getTruststorePassword() == null ||
this.getTruststorePassword().length() == 0) {
+ log.error("Truststore password configuration must be
checked before redirect to IDP");
+ //TODO would an exception not be the better solution here ?
+ return false;
+ }
+ else {
+ if ( (new File(getTruststoreFile())).exists() ) {
+ fedConfig.setTrustStoreFile(this.getTruststoreFile());
+ } else {
+ String catalinaHome =
System.getProperty("catalina.home");
+ if (catalinaHome != null && catalinaHome.length() > 0)
{
+
+ String fqTruststoreFile =
catalinaHome.concat(File.separator + getTruststoreFile());
+ this.setTruststoreFile(fqTruststoreFile);
+
fedConfig.setTrustStoreFile(this.getTruststoreFile());
+ }
+ else {
+ log.error("Truststore file configuration not
valid");
+ return false;
+ }
+ }
+
+ fedConfig.setTrustStoreFile(this.getTruststoreFile());
+
fedConfig.setTrustStorePassword(this.getTruststorePassword());
+ if (log.isDebugEnabled()) {
+ log.debug("Truststore file: " +
fedConfig.getTrustStoreFile());
+ log.debug("Truststore password: " +
fedConfig.getTrustStorePassword());
+ }
+ }
+
+
+ FederationProcessor wfProc = new FederationProcessorImpl();
+ wfRes = wfProc.processRequest(wfReq, fedConfig);
+
+ if ( wfRes.getAudience() != null &&
request.getRequestURL().indexOf(wfRes.getAudience()) == -1 ) {
+ log.debug("Audience doesn't match with request URL [" +
wfRes.getAudience() + "] [" + request.getRequestURL() + "]");
+ }
+
+ List<String> roles = wfRes.getRoles();
+ if (roles == null || roles.size() == 0) {
+ roles = new ArrayList<String>();
+ roles.add(new String("Authenticated"));
+ }
+
+ principal = new FederationPrincipal(wfRes.getUsername(),
roles, wfRes.getClaims());
+
+ //[TODO] Cache lifetime (in session), token (in session/TLS),
?audience?
+ //[TODO] clocksqew
+ }
+ }
+ else {
+ log.error("Not supported action found in parameter wa: " + wa);
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return (false);
+ }
+
+
-
-
/*
Realm realm = context.getRealm();
if (characterEncoding != null) {
request.setCharacterEncoding(characterEncoding);
-
+
String username = request.getParameter(Constants.FORM_USERNAME);
String password = request.getParameter(Constants.FORM_PASSWORD);
if (log.isDebugEnabled())
log.debug("Authenticating username '" + username + "'");
principal = realm.authenticate(username, password);
- */
+ */
if (principal == null) {
forwardToErrorPage(request, response, config);
return (false);
@@ -441,13 +442,13 @@ public class FederationAuthenticator ext
//context.addServletContainerInitializer(sci, classes)
//session.addSessionListener(listener)
//HttpSessionAttributeListener
-
+
if (session == null)
session = request.getSessionInternal(false);
if (session == null) {
if (containerLog.isDebugEnabled())
containerLog.debug
- ("User took so long to log on the session expired");
+ ("User took so long to log on the session expired");
if (landingPage == null) {
response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
sm.getString("authenticator.sessionExpired"));
@@ -467,18 +468,18 @@ public class FederationAuthenticator ext
// Save the authenticated Principal in our session
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
-
+
// Save Federation response in our session
session.setNote(FEDERATION_NOTE, wfRes);
-
+
// Save Federation response in public session
request.getSession(true).setAttribute(SECURITY_TOKEN,
wfRes.getToken());
-/*
+ /*
// Save the username and password as well
session.setNote(Constants.SESS_USERNAME_NOTE, username);
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
-*/
+ */
// Redirect the user to the original request URI (which will cause
// the original request to be restored)
requestURI = savedRequestURL(session);
@@ -496,18 +497,18 @@ public class FederationAuthenticator ext
saved.setMethod("GET");
saved.setRequestURI(uri);
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
-
+
response.sendRedirect(response.encodeRedirectURL(uri));
}
else
response.sendRedirect(response.encodeRedirectURL(requestURI));
return (false);
- }
+ }
- @Override
- protected String getAuthMethod() {
- return FederationConstants.WSFED_METHOD;
- }
+ @Override
+ protected String getAuthMethod() {
+ return FederationConstants.WSFED_METHOD;
+ }
/**
* Called to redirect to the login page
@@ -522,88 +523,84 @@ public class FederationAuthenticator ext
*/
protected void redirectToLoginPage(Request request,
HttpServletResponse response, LoginConfig config)
- throws IOException {
-
- String redirectURL = null;
- String issuerURL = getIssuerURL();
- if (issuerURL != null && issuerURL.length() > 0) {
- redirectURL = issuerURL;
- }
- String loginPage = config.getLoginPage();
- if (redirectURL == null) {
- if (loginPage != null && loginPage.length() > 0) {
- redirectURL = loginPage;
- } else {
- String msg =
sm.getString("formAuthenticator.noLoginPage",
- context.getName());
- log.warn(msg);
-
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
- msg);
- return;
- }
- }
+ throws IOException {
+
+ String redirectURL = null;
+ String issuerURL = getIssuerURL();
+ if (issuerURL != null && issuerURL.length() > 0) {
+ redirectURL = issuerURL;
+ }
+ String loginPage = config.getLoginPage();
+ if (redirectURL == null) {
+ if (loginPage != null && loginPage.length() > 0) {
+ redirectURL = loginPage;
+ } else {
+ String msg = sm.getString("formAuthenticator.noLoginPage",
+ context.getName());
+ log.warn(msg);
+
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+ msg);
+ return;
+ }
+ }
StringBuilder sb = new StringBuilder();
-
- //StringBuilder sb = new StringBuilder(redirectURL);
+
+ //StringBuilder sb = new StringBuilder(redirectURL);
//sb.append('?');
-
+
sb.append(FederationConstants.PARAM_ACTION).append('=').append(FederationConstants.ACTION_SIGNIN);
- sb.append('&').append(FederationConstants.PARAM_REPLY).append('=');
- sb.append(URLEncoder.encode(request.getRequestURL().toString(),
"UTF-8"));
-
-
- /*
- * http://hostname.com:80/mywebapp/servlet/MyServlet/a/b;c=123?d=789
- public static String getUrl3(HttpServletRequest req) {
- String scheme = req.getScheme(); // http
- String serverName = req.getServerName(); // hostname.com
- int serverPort = req.getServerPort(); // 80
- String contextPath = req.getContextPath(); // /mywebapp
- */
- String contextPath = request.getContextPath();
- String requestUrl = request.getRequestURL().toString();
- int ctxIn = requestUrl.indexOf(contextPath);
- //String realm = request.getRequestURL().toString();
- String realm = requestUrl.substring(0, ctxIn + contextPath.length() +
1);
-
- StringBuffer realmSb = new StringBuffer(request.getScheme());
- realmSb.append("://").append(request.getServerName()).
- append(":").append(request.getServerPort()).
- append(request.getContextPath());
-//
sb.append('&').append(WsFedConstants.PARAM_TREALM).append('=').append(realmSb.toString());
-
sb.append('&').append(FederationConstants.PARAM_TREALM).append('=').append(URLEncoder.encode(realm,
"UTF-8"));
-
-
- //[TODO] Current time, wct
-
-// if (false) {
-// sb.append("&");
-// sb.append("wfresh=jjjj");
-// }
-// if (false) {
-// sb.append("&");
-// sb.append("wauth=jjjj");
-// }
-// if (false) {
-// sb.append("&");wct
-// sb.append("wreq=jjjj");
-// }
-// if (false) {
-// sb.append("&");
-// sb.append("wct=").append("jjjj");
-// }
-
-
- //WORKS, why didn't it when sb.toSring(contained redirectURL)
- //response.sendRedirect(response.encodeRedirectURL(redirectURL + "?" +
response.encodeURL(sb.toString())));
- //response.sendRedirect(redirectURL + "?" +
response.encodeURL(sb.toString()));
- response.sendRedirect(redirectURL + "?" + sb.toString());
-
- //WORKS NOW TOO, no, maybe already signed in, session with idp
- //response.sendRedirect(response.encodeRedirectURL(sb.toString()));
+ sb.append('&').append(FederationConstants.PARAM_REPLY).append('=');
+ sb.append(URLEncoder.encode(request.getRequestURL().toString(),
"UTF-8"));
+
+ String realm = null;
+ String contextPath = request.getContextPath();
+ String requestUrl = request.getRequestURL().toString();
+ String requestPath = new URL(requestUrl).getPath();
+
+ // Cut request path of request url and add context path if not ROOT
+ if (requestPath != null && requestPath.length() > 0) {
+ int lastIndex = requestUrl.lastIndexOf(requestPath);
+ realm = requestUrl.substring(0, lastIndex);
+ } else {
+ realm = requestUrl;
+ }
+ if (contextPath != null && contextPath.length() > 0) {
+ //contextPath contains starting slash
+ realm = realm + contextPath + "/";
+ } else {
+ realm = realm + "/";
+ }
+ log.debug("wtrealm=" + realm);
+ StringBuffer realmSb = new StringBuffer(request.getScheme());
+ realmSb.append("://").append(request.getServerName()).
+ append(":").append(request.getServerPort()).
+ append(request.getContextPath());
+
sb.append('&').append(FederationConstants.PARAM_TREALM).append('=').append(URLEncoder.encode(realm,
"UTF-8"));
+
+ //[TODO] Current time, wct
+
+ // if (false) {
+ // sb.append("&");
+ // sb.append("wfresh=jjjj");
+ // }
+ // if (false) {
+ // sb.append("&");
+ // sb.append("wauth=jjjj");
+ // }
+ // if (false) {
+ // sb.append("&");wct
+ // sb.append("wreq=jjjj");
+ // }
+ // if (false) {
+ // sb.append("&");
+ // sb.append("wct=").append("jjjj");
+ // }
+
+
+ response.sendRedirect(redirectURL + "?" + sb.toString());
}
-
-
+
+
}
