coheigea closed pull request #29: FEDIZ-224 fixed request state not being
stored in session for Saml SS…
URL: https://github.com/apache/cxf-fediz/pull/29
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index caa521a6..16dfbf4a 100644
---
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -113,7 +113,7 @@ public void commence(final HttpServletRequest
servletRequest, final HttpServletR
}
HttpSession session = servletRequest.getSession(true);
- session.setAttribute(SAVED_CONTEXT,
redirectionResponse.getRequestState().getState());
+ session.setAttribute(SAVED_CONTEXT,
redirectionResponse.getRequestState());
} catch (ProcessingException ex) {
LOG.warn("Failed to create SignInRequest", ex);
throw new ServletException("Failed to create SignInRequest: " +
ex.getMessage());
diff --git
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 49a05930..565bc645 100644
---
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -29,6 +29,7 @@
import javax.servlet.http.HttpSession;
import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.processor.FedizRequest;
import org.apache.cxf.fediz.spring.FederationConfig;
@@ -43,6 +44,8 @@
import
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import
org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import static
org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint.SAVED_CONTEXT;
+
public class FederationAuthenticationFilter extends
AbstractAuthenticationProcessingFilter {
@@ -61,7 +64,7 @@ public Authentication attemptAuthentication(final
HttpServletRequest request, fi
throw new ExpiredTokenException("Token is expired");
}
- verifySavedState(request);
+ RequestState savedRequestState = verifySavedState(request);
String wa = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request);
@@ -71,6 +74,7 @@ public Authentication attemptAuthentication(final
HttpServletRequest request, fi
wfReq.setResponseToken(responseToken);
wfReq.setState(getState(request));
wfReq.setRequest(request);
+ wfReq.setRequestState(savedRequestState);
X509Certificate certs[] =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
@@ -126,7 +130,7 @@ private String getState(ServletRequest request) {
return null;
}
- private void verifySavedState(HttpServletRequest request) {
+ private RequestState verifySavedState(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session == null) {
@@ -134,13 +138,14 @@ private void verifySavedState(HttpServletRequest request)
{
throw new BadCredentialsException("The received state does not
match the state saved in the context");
}
- String savedContext =
(String)session.getAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+ RequestState savedRequestState = (RequestState)
session.getAttribute(SAVED_CONTEXT);
String state = getState(request);
- if (savedContext == null || !savedContext.equals(state)) {
+ if (savedRequestState == null ||
!savedRequestState.getState().equals(state)) {
logger.warn("The received state does not match the state saved in
the context");
throw new BadCredentialsException("The received state does not
match the state saved in the context");
}
-
session.removeAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+ session.removeAttribute(SAVED_CONTEXT);
+ return savedRequestState;
}
/**
diff --git
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index 6786290f..932d8b4e 100644
---
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -136,7 +136,7 @@ public void commence(ServletRequest request,
ServletResponse response,
}
HttpSession session =
((HttpServletRequest)request).getSession(true);
- session.setAttribute(SAVED_CONTEXT,
redirectionResponse.getRequestState().getState());
+ session.setAttribute(SAVED_CONTEXT,
redirectionResponse.getRequestState());
} catch (ProcessingException ex) {
System.err.println("Failed to create SignInRequest: " +
ex.getMessage());
LOG.warn("Failed to create SignInRequest: " + ex.getMessage());
diff --git
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 44fcc559..fd841ba6 100644
---
a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++
b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -31,6 +31,7 @@
import javax.servlet.http.HttpSession;
import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.config.FedizContext;
import org.apache.cxf.fediz.core.exception.ProcessingException;
@@ -52,6 +53,8 @@
import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.ui.FilterChainOrder;
+import static
org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint.SAVED_CONTEXT;
+
public class FederationAuthenticationFilter extends AbstractProcessingFilter {
@@ -111,15 +114,17 @@ public Authentication
attemptAuthentication(HttpServletRequest request) throws A
throw new ExpiredTokenException("Token is expired");
}
- verifySavedState(request);
+ RequestState savedRequestState = verifySavedState(request);
String wa = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request);
+
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(wa);
wfReq.setResponseToken(responseToken);
wfReq.setState(getState(request));
wfReq.setRequest(request);
+ wfReq.setRequestState(savedRequestState);
X509Certificate certs[] =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
@@ -132,7 +137,7 @@ public Authentication
attemptAuthentication(HttpServletRequest request) throws A
return this.getAuthenticationManager().authenticate(authRequest);
}
- private void verifySavedState(HttpServletRequest request) {
+ private RequestState verifySavedState(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session == null) {
@@ -140,13 +145,14 @@ private void verifySavedState(HttpServletRequest request)
{
throw new BadCredentialsException("The received state does not
match the state saved in the context");
}
- String savedContext =
(String)session.getAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+ RequestState savedRequestState = (RequestState)
session.getAttribute(SAVED_CONTEXT);
String state = getState(request);
- if (savedContext == null || !savedContext.equals(state)) {
+ if (savedRequestState == null ||
!savedRequestState.getState().equals(state)) {
logger.warn("The received state does not match the state saved in
the context");
throw new BadCredentialsException("The received state does not
match the state saved in the context");
}
-
session.removeAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+ session.removeAttribute(SAVED_CONTEXT);
+ return savedRequestState;
}
private String getState(ServletRequest request) {
diff --git
a/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
b/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
index d8b66115..81861f43 100644
---
a/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
+++
b/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationEntryPoint.java
@@ -113,7 +113,7 @@ public final void commence(final HttpServletRequest
servletRequest, final HttpSe
}
HttpSession session = servletRequest.getSession(true);
- session.setAttribute(SAVED_CONTEXT,
redirectionResponse.getRequestState().getState());
+ session.setAttribute(SAVED_CONTEXT,
redirectionResponse.getRequestState());
} catch (ProcessingException ex) {
LOG.warn("Failed to create SignInRequest", ex);
throw new ServletException("Failed to create SignInRequest: " +
ex.getMessage());
diff --git
a/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
b/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
index 49a05930..565bc645 100644
---
a/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
+++
b/plugins/spring3/src/main/java/org/apache/cxf/fediz/spring/web/FederationAuthenticationFilter.java
@@ -29,6 +29,7 @@
import javax.servlet.http.HttpSession;
import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.processor.FedizRequest;
import org.apache.cxf.fediz.spring.FederationConfig;
@@ -43,6 +44,8 @@
import
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import
org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import static
org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint.SAVED_CONTEXT;
+
public class FederationAuthenticationFilter extends
AbstractAuthenticationProcessingFilter {
@@ -61,7 +64,7 @@ public Authentication attemptAuthentication(final
HttpServletRequest request, fi
throw new ExpiredTokenException("Token is expired");
}
- verifySavedState(request);
+ RequestState savedRequestState = verifySavedState(request);
String wa = request.getParameter(FederationConstants.PARAM_ACTION);
String responseToken = getResponseToken(request);
@@ -71,6 +74,7 @@ public Authentication attemptAuthentication(final
HttpServletRequest request, fi
wfReq.setResponseToken(responseToken);
wfReq.setState(getState(request));
wfReq.setRequest(request);
+ wfReq.setRequestState(savedRequestState);
X509Certificate certs[] =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
@@ -126,7 +130,7 @@ private String getState(ServletRequest request) {
return null;
}
- private void verifySavedState(HttpServletRequest request) {
+ private RequestState verifySavedState(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session == null) {
@@ -134,13 +138,14 @@ private void verifySavedState(HttpServletRequest request)
{
throw new BadCredentialsException("The received state does not
match the state saved in the context");
}
- String savedContext =
(String)session.getAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+ RequestState savedRequestState = (RequestState)
session.getAttribute(SAVED_CONTEXT);
String state = getState(request);
- if (savedContext == null || !savedContext.equals(state)) {
+ if (savedRequestState == null ||
!savedRequestState.getState().equals(state)) {
logger.warn("The received state does not match the state saved in
the context");
throw new BadCredentialsException("The received state does not
match the state saved in the context");
}
-
session.removeAttribute(FederationAuthenticationEntryPoint.SAVED_CONTEXT);
+ session.removeAttribute(SAVED_CONTEXT);
+ return savedRequestState;
}
/**
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
