[GitHub] coheigea closed pull request #30: FEDIZ-224 spring plugins Saml SSO profile fix

GitBox Mon, 27 Aug 2018 04:21:02 -0700

coheigea closed pull request #30: FEDIZ-224 spring plugins Saml SSO profile fix
URL: https://github.com/apache/cxf-fediz/pull/30


This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index caa521a6..16dfbf4a 100644
--- 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -113,7 +113,7 @@ public void commence(final HttpServletRequest 
servletRequest, final HttpServletR
             }
 
             HttpSession session = servletRequest.getSession(true);
-            session.setAttribute(SAVED_CONTEXT, 
redirectionResponse.getRequestState().getState());
+            session.setAttribute(SAVED_CONTEXT, 
redirectionResponse.getRequestState());
         } catch (ProcessingException ex) {
             LOG.warn("Failed to create SignInRequest", ex);
             throw new ServletException("Failed to create SignInRequest: " + 
ex.getMessage());
diff --git 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index f6c3d9dd..e9f567b5 100644
--- 
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ 
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -29,6 +29,7 @@
 import javax.servlet.http.HttpSession;
 
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.processor.FedizRequest;
 import org.apache.cxf.fediz.spring.FederationConfig;
@@ -43,6 +44,8 @@
 import 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import 
org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 
+import static 
org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint.SAVED_CONTEXT;
+
 
 public class FederationAuthenticationFilter extends 
AbstractAuthenticationProcessingFilter {
 
@@ -61,7 +64,7 @@ public Authentication attemptAuthentication(final 
HttpServletRequest request, fi
             throw new ExpiredTokenException("Token is expired");
         }
 
-        verifySavedState(request);
+        RequestState savedRequestState = verifySavedState(request);
 
         String wa = request.getParameter(FederationConstants.PARAM_ACTION);
         String responseToken = getResponseToken(request);
@@ -71,6 +74,7 @@ public Authentication attemptAuthentication(final 
HttpServletRequest request, fi
         wfReq.setResponseToken(responseToken);
         wfReq.setState(getState(request));
         wfReq.setRequest(request);
+        wfReq.setRequestState(savedRequestState);
 
         X509Certificate certs[] =
             
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
@@ -126,7 +130,7 @@ private String getState(ServletRequest request) {
         return null;
     }
 
-    private void verifySavedState(HttpServletRequest request) {
+    private RequestState verifySavedState(HttpServletRequest request) {
         HttpSession session = request.getSession(false);
 
         if (session == null) {
@@ -134,13 +138,14 @@ private void verifySavedState(HttpServletRequest request) 
{
             throw new BadCredentialsException("The received state does not 
match the state saved in the context");
         }
 
-        String savedContext = 
(String)session.getAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+        RequestState savedRequestState = (RequestState) 
session.getAttribute(SAVED_CONTEXT);
         String state = getState(request);
-        if (savedContext == null || !savedContext.equals(state)) {
+        if (savedRequestState == null || 
!savedRequestState.getState().equals(state)) {
             logger.warn("The received state does not match the state saved in 
the context");
             throw new BadCredentialsException("The received state does not 
match the state saved in the context");
         }
-        
session.removeAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+        session.removeAttribute(SAVED_CONTEXT);
+        return savedRequestState;
     }
 
     /**
diff --git 
a/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
 
b/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index d8b66115..81861f43 100644
--- 
a/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++ 
b/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -113,7 +113,7 @@ public final void commence(final HttpServletRequest 
servletRequest, final HttpSe
             }
 
             HttpSession session = servletRequest.getSession(true);
-            session.setAttribute(SAVED_CONTEXT, 
redirectionResponse.getRequestState().getState());
+            session.setAttribute(SAVED_CONTEXT, 
redirectionResponse.getRequestState());
         } catch (ProcessingException ex) {
             LOG.warn("Failed to create SignInRequest", ex);
             throw new ServletException("Failed to create SignInRequest: " + 
ex.getMessage());
diff --git 
a/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
 
b/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index f6c3d9dd..e9f567b5 100644
--- 
a/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++ 
b/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -29,6 +29,7 @@
 import javax.servlet.http.HttpSession;
 
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.processor.FedizRequest;
 import org.apache.cxf.fediz.spring.FederationConfig;
@@ -43,6 +44,8 @@
 import 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import 
org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 
+import static 
org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint.SAVED_CONTEXT;
+
 
 public class FederationAuthenticationFilter extends 
AbstractAuthenticationProcessingFilter {
 
@@ -61,7 +64,7 @@ public Authentication attemptAuthentication(final 
HttpServletRequest request, fi
             throw new ExpiredTokenException("Token is expired");
         }
 
-        verifySavedState(request);
+        RequestState savedRequestState = verifySavedState(request);
 
         String wa = request.getParameter(FederationConstants.PARAM_ACTION);
         String responseToken = getResponseToken(request);
@@ -71,6 +74,7 @@ public Authentication attemptAuthentication(final 
HttpServletRequest request, fi
         wfReq.setResponseToken(responseToken);
         wfReq.setState(getState(request));
         wfReq.setRequest(request);
+        wfReq.setRequestState(savedRequestState);
 
         X509Certificate certs[] =
             
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
@@ -126,7 +130,7 @@ private String getState(ServletRequest request) {
         return null;
     }
 
-    private void verifySavedState(HttpServletRequest request) {
+    private RequestState verifySavedState(HttpServletRequest request) {
         HttpSession session = request.getSession(false);
 
         if (session == null) {
@@ -134,13 +138,14 @@ private void verifySavedState(HttpServletRequest request) 
{
             throw new BadCredentialsException("The received state does not 
match the state saved in the context");
         }
 
-        String savedContext = 
(String)session.getAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+        RequestState savedRequestState = (RequestState) 
session.getAttribute(SAVED_CONTEXT);
         String state = getState(request);
-        if (savedContext == null || !savedContext.equals(state)) {
+        if (savedRequestState == null || 
!savedRequestState.getState().equals(state)) {
             logger.warn("The received state does not match the state saved in 
the context");
             throw new BadCredentialsException("The received state does not 
match the state saved in the context");
         }
-        
session.removeAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+        session.removeAttribute(SAVED_CONTEXT);
+        return savedRequestState;
     }
 
     /**


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

[GitHub] coheigea closed pull request #30: FEDIZ-224 spring plugins Saml SSO profile fix

Reply via email to