Author: owulff
Date: Fri Feb 3 12:24:30 2012
New Revision: 1240127
URL: http://svn.apache.org/viewvc?rev=1240127&view=rev
Log:
Callback added to support resolving IDP
Added:
cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java
Modified:
cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Added:
cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java?rev=1240127&view=auto
==============================================================================
---
cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java
(added)
+++
cxf/sandbox/fediz/fediz-core/src/main/java/org/apache/cxf/fediz/core/IDPCallback.java
Fri Feb 3 12:24:30 2012
@@ -0,0 +1,47 @@
+package org.apache.cxf.fediz.core;
+
+import java.net.URL;
+
+import javax.security.auth.callback.Callback;
+import javax.servlet.http.HttpServletRequest;
+
+
+public class IDPCallback implements Callback {
+
+ private HttpServletRequest request = null;
+ private URL issuerUrl = null;
+ private String trustedIssuer = null;
+
+ public IDPCallback(HttpServletRequest request) {
+ super();
+ this.request = request;
+ }
+
+ public IDPCallback(HttpServletRequest request, URL issuerUrl,
+ String trustedIssuer) {
+ super();
+ this.request = request;
+ this.issuerUrl = issuerUrl;
+ this.trustedIssuer = trustedIssuer;
+ }
+
+ public HttpServletRequest getRequest() {
+ return request;
+ }
+ public void setRequest(HttpServletRequest request) {
+ this.request = request;
+ }
+ public URL getIssuerUrl() {
+ return issuerUrl;
+ }
+ public void setIssuerUrl(URL issuerUrl) {
+ this.issuerUrl = issuerUrl;
+ }
+ public String getTrustedIssuer() {
+ return trustedIssuer;
+ }
+ public void setTrustedIssuer(String trustedIssuer) {
+ this.trustedIssuer = trustedIssuer;
+ }
+
+}
Modified:
cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java?rev=1240127&r1=1240126&r2=1240127&view=diff
==============================================================================
---
cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
(original)
+++
cxf/sandbox/fediz/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Fri Feb 3 12:24:30 2012
@@ -11,6 +11,8 @@ import java.util.Calendar;
import java.util.Date;
import java.util.List;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
@@ -27,6 +29,7 @@ import org.apache.cxf.fediz.core.Federat
import org.apache.cxf.fediz.core.FederationProcessorImpl;
import org.apache.cxf.fediz.core.FederationRequest;
import org.apache.cxf.fediz.core.FederationResponse;
+import org.apache.cxf.fediz.core.IDPCallback;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -47,6 +50,9 @@ public class FederationAuthenticator ext
public static final String SECURITY_TOKEN =
"org.apache.fediz.SECURITY_TOKEN";
+
+ protected static final String TRUSTED_ISSUER =
+ "org.apache.cxf.fediz.tomcat.TRUSTED_ISSUER";
/**
* IssuerURL
@@ -87,6 +93,12 @@ public class FederationAuthenticator ext
* Role delimiter in claim value
*/
protected String roleDelimiter = ",";
+
+
+ /**
+ * Role delimiter in claim value
+ */
+ protected CallbackHandler issuerCallbackHandler = null;
public FederationAuthenticator() {
@@ -103,6 +115,27 @@ public class FederationAuthenticator ext
/**
+ * Return the callback handler to figure out the IDP url
+ */
+ public CallbackHandler getIssuerCallbackHandler() {
+ return issuerCallbackHandler;
+ }
+
+
+ /**
+ * Set the callback handler class to figure out the IDP url
+ */
+ public void setIssuerCallbackHandler(String issuerCallbackHandler) {
+
+ try {
+ this.issuerCallbackHandler =
(CallbackHandler)Thread.currentThread().getContextClassLoader().loadClass(issuerCallbackHandler).newInstance();
+ } catch (Throwable ex) {
+ log.fatal("Callback handler not intialized: " + ex.getMessage());
+ }
+ }
+
+
+ /**
* Return the character encoding to use to read the username and password.
*/
public String getIssuerURL() {
@@ -117,7 +150,6 @@ public class FederationAuthenticator ext
this.issuerURL = issuerURL;
}
-
/**
* Return the requested authentication type.
*/
@@ -347,7 +379,26 @@ public class FederationAuthenticator ext
//wfReq.setWtrealm(wtrealm);
FederationConfiguration fedConfig = new
FederationConfiguration();
- fedConfig.setTrustedIssuer(this.getTrustedIssuer());
+
+ // Has the callback handler returned a trusted issuer, stored
in session
+ session = request.getSessionInternal();
+ String trustedIssuer = null;
+
+ if (session != null) {
+ trustedIssuer = (String)session.getNote(TRUSTED_ISSUER);
+ if ( trustedIssuer == null || trustedIssuer.length() == 0)
{
+ trustedIssuer = this.getTrustedIssuer();
+ } else {
+ log.debug("Trusted issuer cached in session");
+ session.removeNote(TRUSTED_ISSUER);
+ }
+ } else {
+ log.debug("request session null");
+ }
+
+ fedConfig.setTrustedIssuer(trustedIssuer);
+ log.info("Trusted issuer: " + trustedIssuer);
+
fedConfig.setRoleDelimiter(this.getRoleDelimiter());
if (this.getRoleClaimURI() == null ||
this.getRoleClaimURI().length() == 0) {
fedConfig.setRoleURI(FederationConstants.DEFAULT_ROLE_URI);
@@ -526,10 +577,27 @@ public class FederationAuthenticator ext
throws IOException {
String redirectURL = null;
- String issuerURL = getIssuerURL();
- if (issuerURL != null && issuerURL.length() > 0) {
- redirectURL = issuerURL;
+ if (this.getIssuerCallbackHandler() != null) {
+ IDPCallback callback = new IDPCallback(request);
+ try {
+ this.getIssuerCallbackHandler().handle(new
Callback[]{callback});
+ redirectURL = callback.getIssuerUrl().toString();
+ String trustedIssuer = callback.getTrustedIssuer();
+ if (trustedIssuer != null && trustedIssuer.length() > 0) {
+ request.getSessionInternal().setNote(TRUSTED_ISSUER,
trustedIssuer);
+ }
+ } catch (Exception ex) {
+ log.error("Failed to handle callback: " + ex.getMessage());
+ }
+ } else {
+ String issuerURL = getIssuerURL();
+ if (issuerURL != null && issuerURL.length() > 0) {
+ redirectURL = issuerURL;
+ }
}
+ log.info("Issuer url: " + redirectURL);
+
+
String loginPage = config.getLoginPage();
if (redirectURL == null) {
if (loginPage != null && loginPage.length() > 0) {
