Author: coheigea
Date: Tue May 29 15:22:54 2012
New Revision: 1343774
URL: http://svn.apache.org/viewvc?rev=1343774&view=rev
Log:
Adding in a new default EhCache-based StateManager for Web SSO
Added:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
(original)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
Tue May 29 15:22:54 2012
@@ -29,6 +29,7 @@ import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.annotation.PreDestroy;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
@@ -123,6 +124,13 @@ public abstract class AbstractServicePro
return signatureUsername;
}
+ @PreDestroy
+ public void close() throws IOException {
+ if (getStateProvider() != null) {
+ getStateProvider().close();
+ }
+ }
+
private String getIssuerId(Message m) {
if (issuerId == null) {
return new UriInfoImpl(m).getBaseUri().toString();
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java
(original)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/EHCacheTokenReplayCache.java
Tue May 29 15:22:54 2012
@@ -19,7 +19,6 @@
package org.apache.cxf.rs.security.saml.sso;
-import java.io.Closeable;
import java.io.IOException;
import java.net.URL;
@@ -34,7 +33,7 @@ import org.apache.ws.security.util.Loade
* An in-memory EHCache implementation of the TokenReplayCache interface.
* The default TTL is 60 minutes and the max TTL is 12 hours.
*/
-public class EHCacheTokenReplayCache implements TokenReplayCache<String>,
Closeable {
+public class EHCacheTokenReplayCache implements TokenReplayCache<String> {
public static final long DEFAULT_TTL = 3600L;
public static final long MAX_TTL = DEFAULT_TTL * 12L;
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
(original)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerService.java
Tue May 29 15:22:54 2012
@@ -19,6 +19,7 @@
package org.apache.cxf.rs.security.saml.sso;
import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
@@ -29,6 +30,7 @@ import java.util.UUID;
import java.util.logging.Logger;
import java.util.zip.DataFormatException;
+import javax.annotation.PreDestroy;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
@@ -121,6 +123,16 @@ public class RequestAssertionConsumerSer
return doProcessSamlResponse(encodedSamlResponse, relayState, false);
}
+ @PreDestroy
+ public void close() throws IOException {
+ if (replayCache != null) {
+ replayCache.close();
+ }
+ if (getStateProvider() != null) {
+ getStateProvider().close();
+ }
+ }
+
protected Response doProcessSamlResponse(String encodedSamlResponse,
String relayState,
boolean postBinding) {
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java
(original)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/TokenReplayCache.java
Tue May 29 15:22:54 2012
@@ -19,11 +19,16 @@
package org.apache.cxf.rs.security.saml.sso;
-public interface TokenReplayCache<T> {
+import java.io.Closeable;
+import java.io.IOException;
+
+public interface TokenReplayCache<T> extends Closeable {
T getId(T id);
void putId(T id);
void putId(T id, long timeToLive);
+
+ void close() throws IOException;
}
\ No newline at end of file
Added:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java?rev=1343774&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java
(added)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/EHCacheSPStateManager.java
Tue May 29 15:22:54 2012
@@ -0,0 +1,152 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.sso.state;
+
+import java.io.IOException;
+import java.net.URL;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+import net.sf.ehcache.Element;
+
+import org.apache.ws.security.util.Loader;
+
+/**
+ * An in-memory EHCache implementation of the SPStateManager interface.
+ * The default TTL is 5 minutes.
+ */
+public class EHCacheSPStateManager implements SPStateManager {
+
+ public static final long DEFAULT_TTL = 60L * 5L;
+ private static final String REQUEST_CACHE_KEY =
"cxf-samlp-request-state-cache";
+ private static final String RESPONSE_CACHE_KEY =
"cxf-samlp-response-state-cache";
+ private Ehcache requestCache;
+ private Ehcache responseCache;
+ private CacheManager cacheManager;
+ private long ttl = DEFAULT_TTL;
+
+ public EHCacheSPStateManager() {
+ String defaultConfigFile = "cxf-samlp-ehcache.xml";
+ URL configFileURL = Loader.getResource(defaultConfigFile);
+ createCaches(configFileURL);
+ }
+
+ public EHCacheSPStateManager(URL configFileURL) {
+ createCaches(configFileURL);
+ }
+
+ private void createCaches(URL configFileURL) {
+ if (configFileURL == null) {
+ cacheManager = CacheManager.create();
+ } else {
+ cacheManager = CacheManager.create(configFileURL);
+ }
+
+ Ehcache newCache = new Cache(REQUEST_CACHE_KEY, 50000, true, false,
DEFAULT_TTL, DEFAULT_TTL);
+ requestCache = cacheManager.addCacheIfAbsent(newCache);
+
+ newCache = new Cache(RESPONSE_CACHE_KEY, 50000, true, false,
DEFAULT_TTL, DEFAULT_TTL);
+ responseCache = cacheManager.addCacheIfAbsent(newCache);
+ }
+
+ /**
+ * Set a new (default) TTL value in seconds
+ * @param newTtl a new (default) TTL value in seconds
+ */
+ public void setTTL(long newTtl) {
+ ttl = newTtl;
+ }
+
+ /**
+ * Get the (default) TTL value in seconds
+ * @return the (default) TTL value in seconds
+ */
+ public long getTTL() {
+ return ttl;
+ }
+
+ public ResponseState getResponseState(String securityContextKey) {
+ Element element = responseCache.get(securityContextKey);
+ if (element != null) {
+ if (responseCache.isExpired(element)) {
+ responseCache.remove(securityContextKey);
+ return null;
+ }
+ return (ResponseState)element.getObjectValue();
+ }
+ return null;
+ }
+
+ public ResponseState removeResponseState(String securityContextKey) {
+ Element element = responseCache.get(securityContextKey);
+ if (element != null) {
+ responseCache.remove(securityContextKey);
+ return (ResponseState)element.getObjectValue();
+ }
+ return null;
+ }
+
+ public void setResponseState(String securityContextKey, ResponseState
state) {
+ if (securityContextKey == null || "".equals(securityContextKey)) {
+ return;
+ }
+
+ int parsedTTL = (int)ttl;
+ if (ttl != (long)parsedTTL) {
+ // Fall back to 5 minutes if the default TTL is set incorrectly
+ parsedTTL = 60 * 5;
+ }
+
+ responseCache.put(new Element(securityContextKey, state, false,
parsedTTL, parsedTTL));
+ }
+
+ public void setRequestState(String relayState, RequestState state) {
+ if (relayState == null || "".equals(relayState)) {
+ return;
+ }
+
+ int parsedTTL = (int)ttl;
+ if (ttl != (long)parsedTTL) {
+ // Fall back to 60 minutes if the default TTL is set incorrectly
+ parsedTTL = 3600;
+ }
+
+ requestCache.put(new Element(relayState, state, false, parsedTTL,
parsedTTL));
+ }
+
+ public RequestState removeRequestState(String relayState) {
+ Element element = requestCache.get(relayState);
+ if (element != null) {
+ requestCache.remove(relayState);
+ return (RequestState)element.getObjectValue();
+ }
+ return null;
+ }
+
+ public void close() throws IOException {
+ if (cacheManager != null) {
+ cacheManager.shutdown();
+ cacheManager = null;
+ requestCache = null;
+ responseCache = null;
+ }
+ }
+
+}
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
(original)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/MemorySPStateManager.java
Tue May 29 15:22:54 2012
@@ -18,6 +18,7 @@
*/
package org.apache.cxf.rs.security.saml.sso.state;
+import java.io.IOException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@@ -49,8 +50,9 @@ public class MemorySPStateManager implem
return requestStateMap.remove(relayState);
}
- public void close() {
- // complete
+ public void close() throws IOException {
+ requestStateMap.clear();
+ responseStateMap.clear();
}
}
Modified:
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java?rev=1343774&r1=1343773&r2=1343774&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
(original)
+++
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/state/SPStateManager.java
Tue May 29 15:22:54 2012
@@ -18,6 +18,9 @@
*/
package org.apache.cxf.rs.security.saml.sso.state;
+import java.io.Closeable;
+import java.io.IOException;
+
/**
* SSO Service Provider State Manager.
*
@@ -28,7 +31,7 @@ package org.apache.cxf.rs.security.saml.
* needs to be run in its own war file instead of having every application
* war on the SP side have a dedicated RequestAssertionConsumerService
endpoint
*/
-public interface SPStateManager {
+public interface SPStateManager extends Closeable {
void setRequestState(String relayState, RequestState state);
RequestState removeRequestState(String relayState);
@@ -37,5 +40,5 @@ public interface SPStateManager {
ResponseState getResponseState(String contextKey);
ResponseState removeResponseState(String contextKey);
- void close();
+ void close() throws IOException;
}
