mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-07 17:38:32 +08:00
update
update
This commit is contained in:
shimingxy
parent
a087487ad1
commit
a7033d7f89
@ -9,7 +9,6 @@ import java.util.Enumeration;
|
|||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
import org.springframework.beans.factory.InitializingBean;
|
||||||
import org.springframework.beans.factory.annotation.Required;
|
|
||||||
import org.springframework.util.ResourceUtils;
|
import org.springframework.util.ResourceUtils;
|
||||||
|
|
||||||
|
|
||||||
@ -45,7 +44,6 @@ public class KeyStoreLoader implements InitializingBean{
|
|||||||
/**
|
/**
|
||||||
* @param keystoreFile the keystoreFile to set
|
* @param keystoreFile the keystoreFile to set
|
||||||
*/
|
*/
|
||||||
@Required
|
|
||||||
public void setKeystoreFile(String keystoreFile) {
|
public void setKeystoreFile(String keystoreFile) {
|
||||||
this.keystoreFile = keystoreFile;
|
this.keystoreFile = keystoreFile;
|
||||||
}
|
}
|
||||||
@ -55,7 +53,6 @@ public class KeyStoreLoader implements InitializingBean{
|
|||||||
/**
|
/**
|
||||||
* @param keystorePassword the keystorePassword to set
|
* @param keystorePassword the keystorePassword to set
|
||||||
*/
|
*/
|
||||||
@Required
|
|
||||||
public void setKeystorePassword(String keystorePassword) {
|
public void setKeystorePassword(String keystorePassword) {
|
||||||
this.keystorePassword = keystorePassword;
|
this.keystorePassword = keystorePassword;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,26 +5,18 @@ package org.maxkey.authz.saml.common;
|
|||||||
import javax.xml.namespace.QName;
|
import javax.xml.namespace.QName;
|
||||||
|
|
||||||
import org.apache.commons.lang.StringUtils;
|
import org.apache.commons.lang.StringUtils;
|
||||||
import org.opensaml.Configuration;
|
import org.opensaml.saml2.metadata.AssertionConsumerService;
|
||||||
import org.opensaml.common.SAMLObjectBuilder;
|
|
||||||
import org.opensaml.saml2.metadata.Endpoint;
|
import org.opensaml.saml2.metadata.Endpoint;
|
||||||
import org.opensaml.xml.XMLObjectBuilderFactory;
|
import org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
public class EndpointGenerator {
|
public class EndpointGenerator {
|
||||||
|
|
||||||
private final static Logger logger = LoggerFactory.getLogger(EndpointGenerator.class);
|
private final static Logger logger = LoggerFactory.getLogger(EndpointGenerator.class);
|
||||||
|
|
||||||
private XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
|
|
||||||
|
|
||||||
public Endpoint generateEndpoint( String location) {
|
public Endpoint generateEndpoint( String location) {
|
||||||
logger.debug("end point location: {}", location);
|
logger.debug("end point location: {}", location);
|
||||||
|
Endpoint samlEndpoint = new AssertionConsumerServiceBuilder().buildObject();
|
||||||
QName service=org.opensaml.saml2.metadata.AssertionConsumerService.DEFAULT_ELEMENT_NAME;
|
|
||||||
|
|
||||||
SAMLObjectBuilder<Endpoint> endpointBuilder = (SAMLObjectBuilder<Endpoint>) builderFactory.getBuilder(service);
|
|
||||||
Endpoint samlEndpoint = endpointBuilder.buildObject();
|
|
||||||
|
|
||||||
samlEndpoint.setLocation(location);
|
samlEndpoint.setLocation(location);
|
||||||
|
|
||||||
@ -35,12 +27,11 @@ public class EndpointGenerator {
|
|||||||
logger.debug("end point service: {}", service);
|
logger.debug("end point service: {}", service);
|
||||||
logger.debug("end point location: {}", location);
|
logger.debug("end point location: {}", location);
|
||||||
logger.debug("end point responseLocation: {}", responseLocation);
|
logger.debug("end point responseLocation: {}", responseLocation);
|
||||||
|
Endpoint samlEndpoint;
|
||||||
if(null==service){
|
if(null==service){
|
||||||
service=org.opensaml.saml2.metadata.AssertionConsumerService.DEFAULT_ELEMENT_NAME;
|
service = AssertionConsumerService.DEFAULT_ELEMENT_NAME;
|
||||||
}
|
}
|
||||||
SAMLObjectBuilder<Endpoint> endpointBuilder = (SAMLObjectBuilder<Endpoint>) builderFactory.getBuilder(service);
|
samlEndpoint = new AssertionConsumerServiceBuilder().buildObject(service);
|
||||||
Endpoint samlEndpoint = endpointBuilder.buildObject();
|
|
||||||
|
|
||||||
samlEndpoint.setLocation(location);
|
samlEndpoint.setLocation(location);
|
||||||
|
|
||||||
|
|||||||
@ -32,8 +32,7 @@ public class TrustResolver {
|
|||||||
Map<String, String> passwords = new HashMap<String, String>();
|
Map<String, String> passwords = new HashMap<String, String>();
|
||||||
passwords.put(key, password);
|
passwords.put(key, password);
|
||||||
|
|
||||||
keyStoreCredentialResolver = new KeyStoreCredentialResolver(
|
keyStoreCredentialResolver = new KeyStoreCredentialResolver(trustKeyStore, passwords);
|
||||||
trustKeyStore, passwords);
|
|
||||||
|
|
||||||
return keyStoreCredentialResolver;
|
return keyStoreCredentialResolver;
|
||||||
}
|
}
|
||||||
@ -60,13 +59,11 @@ public class TrustResolver {
|
|||||||
}
|
}
|
||||||
securityPolicyDelegate.addSecurityPolicy(issueInstantRule);
|
securityPolicyDelegate.addSecurityPolicy(issueInstantRule);
|
||||||
securityPolicyDelegate.addSecurityPolicy(messageReplayRule);
|
securityPolicyDelegate.addSecurityPolicy(messageReplayRule);
|
||||||
staticSecurityPolicyResolver = new StaticSecurityPolicyResolver(
|
staticSecurityPolicyResolver = new StaticSecurityPolicyResolver(securityPolicyDelegate);
|
||||||
securityPolicyDelegate);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void initPolicyRule(){
|
public void initPolicyRule(){
|
||||||
signatureSecurityPolicyRule = new SignatureSecurityPolicyRule(
|
signatureSecurityPolicyRule = new SignatureSecurityPolicyRule(keyStoreCredentialResolver, new SAMLSignatureProfileValidator());
|
||||||
keyStoreCredentialResolver, new SAMLSignatureProfileValidator());
|
|
||||||
signatureSecurityPolicyRule.loadTrustEngine();
|
signatureSecurityPolicyRule.loadTrustEngine();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -80,8 +77,7 @@ public class TrustResolver {
|
|||||||
securityPolicyDelegate.addSecurityPolicy(issueInstantRule);
|
securityPolicyDelegate.addSecurityPolicy(issueInstantRule);
|
||||||
securityPolicyDelegate.addSecurityPolicy(messageReplayRule);
|
securityPolicyDelegate.addSecurityPolicy(messageReplayRule);
|
||||||
|
|
||||||
staticSecurityPolicyResolver = new StaticSecurityPolicyResolver(
|
staticSecurityPolicyResolver = new StaticSecurityPolicyResolver(securityPolicyDelegate);
|
||||||
securityPolicyDelegate);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public KeyStoreCredentialResolver getKeyStoreCredentialResolver() {
|
public KeyStoreCredentialResolver getKeyStoreCredentialResolver() {
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
package org.maxkey.authz.saml20;
|
package org.maxkey.authz.saml20.binding;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
@ -7,12 +7,9 @@ import javax.servlet.http.HttpServletResponse;
|
|||||||
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
||||||
import org.maxkey.domain.apps.AppsSAML20Details;
|
import org.maxkey.domain.apps.AppsSAML20Details;
|
||||||
import org.opensaml.common.SignableSAMLObject;
|
import org.opensaml.common.SignableSAMLObject;
|
||||||
import org.opensaml.common.binding.SAMLMessageContext;
|
|
||||||
import org.opensaml.saml2.metadata.Endpoint;
|
import org.opensaml.saml2.metadata.Endpoint;
|
||||||
import org.opensaml.ws.message.decoder.MessageDecodingException;
|
|
||||||
import org.opensaml.ws.message.encoder.MessageEncodingException;
|
import org.opensaml.ws.message.encoder.MessageEncodingException;
|
||||||
import org.opensaml.ws.security.SecurityPolicyResolver;
|
import org.opensaml.ws.security.SecurityPolicyResolver;
|
||||||
import org.opensaml.xml.security.SecurityException;
|
|
||||||
import org.opensaml.xml.security.credential.Credential;
|
import org.opensaml.xml.security.credential.Credential;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -25,7 +22,6 @@ public interface BindingAdapter {
|
|||||||
|
|
||||||
public void sendSAMLMessage(SignableSAMLObject samlMessage, Endpoint endpoint, HttpServletRequest request, HttpServletResponse response) throws MessageEncodingException;
|
public void sendSAMLMessage(SignableSAMLObject samlMessage, Endpoint endpoint, HttpServletRequest request, HttpServletResponse response) throws MessageEncodingException;
|
||||||
|
|
||||||
|
|
||||||
public void setSecurityPolicyResolver(SecurityPolicyResolver securityPolicyResolver);
|
public void setSecurityPolicyResolver(SecurityPolicyResolver securityPolicyResolver);
|
||||||
|
|
||||||
public void setExtractBindingAdapter(ExtractBindingAdapter extractBindingAdapter);
|
public void setExtractBindingAdapter(ExtractBindingAdapter extractBindingAdapter);
|
||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
package org.maxkey.authz.saml20;
|
package org.maxkey.authz.saml20.binding;
|
||||||
|
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
|
|
||||||
@ -21,6 +21,7 @@ import org.opensaml.xml.security.credential.CredentialResolver;
|
|||||||
*/
|
*/
|
||||||
public interface ExtractBindingAdapter {
|
public interface ExtractBindingAdapter {
|
||||||
|
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
public SAMLMessageContext extractSAMLMessageContext(HttpServletRequest request) throws MessageDecodingException, SecurityException;
|
public SAMLMessageContext extractSAMLMessageContext(HttpServletRequest request) throws MessageDecodingException, SecurityException;
|
||||||
|
|
||||||
public String extractSAMLMessage(HttpServletRequest request);
|
public String extractSAMLMessage(HttpServletRequest request);
|
||||||
@ -1,9 +1,8 @@
|
|||||||
package org.maxkey.authz.saml20;
|
package org.maxkey.authz.saml20.binding.decoder;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.opensaml.common.binding.SAMLMessageContext;
|
import org.opensaml.common.binding.SAMLMessageContext;
|
||||||
import org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder;
|
|
||||||
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
|
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
|
||||||
import org.opensaml.ws.message.decoder.MessageDecodingException;
|
import org.opensaml.ws.message.decoder.MessageDecodingException;
|
||||||
import org.opensaml.ws.transport.InTransport;
|
import org.opensaml.ws.transport.InTransport;
|
||||||
@ -14,9 +13,7 @@ import org.slf4j.Logger;
|
|||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
public class OpenHTTPPostDecoder extends HTTPPostDecoder {
|
public class OpenHTTPPostDecoder extends HTTPPostDecoder {
|
||||||
|
private final Logger log = LoggerFactory.getLogger(OpenHTTPPostDecoder.class);
|
||||||
/** Class logger. */
|
|
||||||
private final Logger log = LoggerFactory.getLogger(BaseSAMLMessageDecoder.class);
|
|
||||||
|
|
||||||
private String receiverEndpoint;
|
private String receiverEndpoint;
|
||||||
|
|
||||||
@ -42,6 +39,7 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
|
|||||||
* thrown if there is a problem decoding and processing the
|
* thrown if there is a problem decoding and processing the
|
||||||
* message Destination or receiver endpoint information
|
* message Destination or receiver endpoint information
|
||||||
*/
|
*/
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
@Override
|
@Override
|
||||||
protected void checkEndpointURI(SAMLMessageContext messageContext)
|
protected void checkEndpointURI(SAMLMessageContext messageContext)
|
||||||
throws SecurityException, MessageDecodingException {
|
throws SecurityException, MessageDecodingException {
|
||||||
@ -99,8 +97,9 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
protected String getActualReceiverEndpointURI(
|
protected String getActualReceiverEndpointURI(
|
||||||
SAMLMessageContext messageContext) throws MessageDecodingException {
|
SAMLMessageContext messageContext) throws MessageDecodingException {
|
||||||
InTransport inTransport = messageContext.getInboundMessageTransport();
|
InTransport inTransport = messageContext.getInboundMessageTransport();
|
||||||
if (!(inTransport instanceof HttpServletRequestAdapter)) {
|
if (!(inTransport instanceof HttpServletRequestAdapter)) {
|
||||||
throw new MessageDecodingException(
|
throw new MessageDecodingException(
|
||||||
@ -1,9 +1,8 @@
|
|||||||
package org.maxkey.authz.saml20;
|
package org.maxkey.authz.saml20.binding.decoder;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.opensaml.common.binding.SAMLMessageContext;
|
import org.opensaml.common.binding.SAMLMessageContext;
|
||||||
import org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder;
|
|
||||||
import org.opensaml.saml2.binding.decoding.HTTPPostSimpleSignDecoder;
|
import org.opensaml.saml2.binding.decoding.HTTPPostSimpleSignDecoder;
|
||||||
import org.opensaml.ws.message.decoder.MessageDecodingException;
|
import org.opensaml.ws.message.decoder.MessageDecodingException;
|
||||||
import org.opensaml.ws.transport.InTransport;
|
import org.opensaml.ws.transport.InTransport;
|
||||||
@ -14,9 +13,7 @@ import org.slf4j.Logger;
|
|||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
|
public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
|
||||||
|
private final Logger log = LoggerFactory.getLogger(OpenHTTPPostSimpleSignDecoder.class);
|
||||||
/** Class logger. */
|
|
||||||
private final Logger log = LoggerFactory.getLogger(BaseSAMLMessageDecoder.class);
|
|
||||||
|
|
||||||
private String receiverEndpoint;
|
private String receiverEndpoint;
|
||||||
|
|
||||||
@ -42,7 +39,9 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
|
|||||||
* thrown if there is a problem decoding and processing the
|
* thrown if there is a problem decoding and processing the
|
||||||
* message Destination or receiver endpoint information
|
* message Destination or receiver endpoint information
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
protected void checkEndpointURI(SAMLMessageContext messageContext)
|
protected void checkEndpointURI(SAMLMessageContext messageContext)
|
||||||
throws SecurityException, MessageDecodingException {
|
throws SecurityException, MessageDecodingException {
|
||||||
|
|
||||||
@ -56,58 +55,48 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
|
|||||||
if (messageDestination == null) {
|
if (messageDestination == null) {
|
||||||
if (bindingRequires) {
|
if (bindingRequires) {
|
||||||
log.error("SAML message intended destination endpoint URI required by binding was empty");
|
log.error("SAML message intended destination endpoint URI required by binding was empty");
|
||||||
throw new SecurityException(
|
throw new SecurityException("SAML message intended destination (required by binding) was not present");
|
||||||
"SAML message intended destination (required by binding) was not present");
|
|
||||||
} else {
|
} else {
|
||||||
log.debug("SAML message intended destination endpoint in message was empty, not required by binding, skipping");
|
log.debug("SAML message intended destination endpoint in message was empty, not required by binding, skipping");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String receiverEndpoint = DatatypeHelper
|
String receiverEndpoint = DatatypeHelper.safeTrimOrNullString(getActualReceiverEndpointURI(messageContext));
|
||||||
.safeTrimOrNullString(getActualReceiverEndpointURI(messageContext));
|
|
||||||
|
|
||||||
log.debug("Intended message destination endpoint: {}",
|
log.debug("Intended message destination endpoint: {}",messageDestination);
|
||||||
messageDestination);
|
|
||||||
log.debug("Actual message receiver endpoint: {}", receiverEndpoint);
|
log.debug("Actual message receiver endpoint: {}", receiverEndpoint);
|
||||||
|
|
||||||
// 协议头统一(http或https,需要和destination统一)
|
// 协议头统一(http或https,需要和destination统一)
|
||||||
if (messageDestination.indexOf("/") != -1
|
if (messageDestination.indexOf("/") != -1
|
||||||
&& receiverEndpoint.indexOf("/") != -1) {
|
&& receiverEndpoint.indexOf("/") != -1) {
|
||||||
if (!messageDestination.substring(0,
|
if (!messageDestination.substring(0,messageDestination.indexOf("/"))
|
||||||
messageDestination.indexOf("/"))
|
.equalsIgnoreCase(receiverEndpoint.substring(0,receiverEndpoint.indexOf("/")))) {
|
||||||
.equalsIgnoreCase(
|
|
||||||
receiverEndpoint.substring(0,
|
receiverEndpoint = messageDestination.substring(0,messageDestination.indexOf("/"))
|
||||||
receiverEndpoint.indexOf("/")))) {
|
+ receiverEndpoint.substring(receiverEndpoint.indexOf("/"));
|
||||||
receiverEndpoint = messageDestination.substring(0,
|
|
||||||
messageDestination.indexOf("/"))
|
|
||||||
+ receiverEndpoint.substring(receiverEndpoint
|
|
||||||
.indexOf("/"));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
boolean matched = compareEndpointURIs(messageDestination,
|
boolean matched = compareEndpointURIs(messageDestination,
|
||||||
receiverEndpoint);
|
receiverEndpoint);
|
||||||
if (!matched) {
|
if (!matched) {
|
||||||
log.error(
|
log.error("SAML message intended destination endpoint '{}' did not match the recipient endpoint '{}'",
|
||||||
"SAML message intended destination endpoint '{}' did not match the recipient endpoint '{}'",
|
|
||||||
messageDestination, receiverEndpoint);
|
messageDestination, receiverEndpoint);
|
||||||
throw new SecurityException(
|
throw new SecurityException("SAML message intended destination endpoint did not match recipient endpoint");
|
||||||
"SAML message intended destination endpoint did not match recipient endpoint");
|
|
||||||
} else {
|
} else {
|
||||||
log.debug("SAML message intended destination endpoint matched recipient endpoint");
|
log.debug("SAML message intended destination endpoint matched recipient endpoint");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
protected String getActualReceiverEndpointURI(
|
protected String getActualReceiverEndpointURI(
|
||||||
SAMLMessageContext messageContext) throws MessageDecodingException {
|
SAMLMessageContext messageContext) throws MessageDecodingException {
|
||||||
InTransport inTransport = messageContext.getInboundMessageTransport();
|
InTransport inTransport = messageContext.getInboundMessageTransport();
|
||||||
if (!(inTransport instanceof HttpServletRequestAdapter)) {
|
if (!(inTransport instanceof HttpServletRequestAdapter)) {
|
||||||
throw new MessageDecodingException(
|
throw new MessageDecodingException("Message context InTransport instance was an unsupported type");
|
||||||
"Message context InTransport instance was an unsupported type");
|
|
||||||
}
|
}
|
||||||
HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport)
|
HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
|
||||||
.getWrappedRequest();
|
|
||||||
|
|
||||||
StringBuffer urlBuilder = httpRequest.getRequestURL();
|
StringBuffer urlBuilder = httpRequest.getRequestURL();
|
||||||
|
|
||||||
@ -1,9 +1,8 @@
|
|||||||
package org.maxkey.authz.saml20;
|
package org.maxkey.authz.saml20.binding.decoder;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.opensaml.common.binding.SAMLMessageContext;
|
import org.opensaml.common.binding.SAMLMessageContext;
|
||||||
import org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder;
|
|
||||||
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
|
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
|
||||||
import org.opensaml.ws.message.decoder.MessageDecodingException;
|
import org.opensaml.ws.message.decoder.MessageDecodingException;
|
||||||
import org.opensaml.ws.transport.InTransport;
|
import org.opensaml.ws.transport.InTransport;
|
||||||
@ -14,9 +13,7 @@ import org.slf4j.Logger;
|
|||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
public class OpenHTTPRedirectDecoder extends HTTPRedirectDeflateDecoder {
|
public class OpenHTTPRedirectDecoder extends HTTPRedirectDeflateDecoder {
|
||||||
|
private final Logger log = LoggerFactory.getLogger(OpenHTTPRedirectDecoder.class);
|
||||||
/** Class logger. */
|
|
||||||
private final Logger log = LoggerFactory.getLogger(BaseSAMLMessageDecoder.class);
|
|
||||||
|
|
||||||
private String receiverEndpoint;
|
private String receiverEndpoint;
|
||||||
|
|
||||||
@ -42,9 +39,10 @@ public class OpenHTTPRedirectDecoder extends HTTPRedirectDeflateDecoder {
|
|||||||
* thrown if there is a problem decoding and processing the
|
* thrown if there is a problem decoding and processing the
|
||||||
* message Destination or receiver endpoint information
|
* message Destination or receiver endpoint information
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void checkEndpointURI(SAMLMessageContext messageContext)
|
@SuppressWarnings("rawtypes")
|
||||||
throws SecurityException, MessageDecodingException {
|
protected void checkEndpointURI(SAMLMessageContext messageContext)throws SecurityException, MessageDecodingException {
|
||||||
|
|
||||||
log.debug("Checking SAML message intended destination endpoint against receiver endpoint");
|
log.debug("Checking SAML message intended destination endpoint against receiver endpoint");
|
||||||
|
|
||||||
@ -99,8 +97,8 @@ public class OpenHTTPRedirectDecoder extends HTTPRedirectDeflateDecoder {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected String getActualReceiverEndpointURI(
|
@SuppressWarnings("rawtypes")
|
||||||
SAMLMessageContext messageContext) throws MessageDecodingException {
|
protected String getActualReceiverEndpointURI(SAMLMessageContext messageContext) throws MessageDecodingException {
|
||||||
InTransport inTransport = messageContext.getInboundMessageTransport();
|
InTransport inTransport = messageContext.getInboundMessageTransport();
|
||||||
if (!(inTransport instanceof HttpServletRequestAdapter)) {
|
if (!(inTransport instanceof HttpServletRequestAdapter)) {
|
||||||
throw new MessageDecodingException(
|
throw new MessageDecodingException(
|
||||||
@ -1,11 +1,12 @@
|
|||||||
|
|
||||||
package org.maxkey.authz.saml20;
|
package org.maxkey.authz.saml20.binding.impl;
|
||||||
|
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import org.apache.commons.lang.StringUtils;
|
import org.apache.commons.lang.StringUtils;
|
||||||
import org.maxkey.authz.saml.common.TrustResolver;
|
import org.maxkey.authz.saml.common.TrustResolver;
|
||||||
|
import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
|
||||||
import org.maxkey.crypto.keystore.KeyStoreLoader;
|
import org.maxkey.crypto.keystore.KeyStoreLoader;
|
||||||
import org.maxkey.domain.apps.AppsSAML20Details;
|
import org.maxkey.domain.apps.AppsSAML20Details;
|
||||||
import org.opensaml.common.binding.BasicSAMLMessageContext;
|
import org.opensaml.common.binding.BasicSAMLMessageContext;
|
||||||
@ -18,10 +19,13 @@ import org.opensaml.ws.security.SecurityPolicyResolver;
|
|||||||
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
|
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
|
||||||
import org.opensaml.xml.security.SecurityException;
|
import org.opensaml.xml.security.SecurityException;
|
||||||
import org.opensaml.xml.security.credential.CredentialResolver;
|
import org.opensaml.xml.security.credential.CredentialResolver;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
import org.springframework.beans.factory.InitializingBean;
|
||||||
|
|
||||||
public class ExtractPostBindingAdapter implements ExtractBindingAdapter, InitializingBean{
|
public class ExtractPostBindingAdapter implements ExtractBindingAdapter, InitializingBean{
|
||||||
|
private final static Logger logger = LoggerFactory.getLogger(ExtractPostBindingAdapter.class);
|
||||||
|
|
||||||
static final String SAML_REQUEST_POST_PARAM_NAME = "SAMLRequest";
|
static final String SAML_REQUEST_POST_PARAM_NAME = "SAMLRequest";
|
||||||
static final String SAML_RESPONSE_POST_PARAM_NAME = "SAMLResponse";
|
static final String SAML_RESPONSE_POST_PARAM_NAME = "SAMLResponse";
|
||||||
|
|
||||||
@ -65,7 +69,9 @@ public class ExtractPostBindingAdapter implements ExtractBindingAdapter, Initial
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
public SAMLMessageContext extractSAMLMessageContext(HttpServletRequest request) throws MessageDecodingException, SecurityException {
|
public SAMLMessageContext extractSAMLMessageContext(HttpServletRequest request) throws MessageDecodingException, SecurityException {
|
||||||
|
|
||||||
BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext();
|
BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext();
|
||||||
@ -75,7 +81,7 @@ public class ExtractPostBindingAdapter implements ExtractBindingAdapter, Initial
|
|||||||
messageContext.setSecurityPolicyResolver(securityPolicyResolver);
|
messageContext.setSecurityPolicyResolver(securityPolicyResolver);
|
||||||
|
|
||||||
decoder.decode(messageContext);
|
decoder.decode(messageContext);
|
||||||
|
logger.debug("decode successed ");
|
||||||
return messageContext;
|
return messageContext;
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -1,4 +1,4 @@
|
|||||||
package org.maxkey.authz.saml20;
|
package org.maxkey.authz.saml20.binding.impl;
|
||||||
|
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
|
|
||||||
@ -31,7 +31,8 @@ public class ExtractRedirectBindingAdapter extends ExtractPostBindingAdapter{
|
|||||||
keyStoreLoader.getEntityName(),
|
keyStoreLoader.getEntityName(),
|
||||||
keyStoreLoader.getKeystorePassword(),
|
keyStoreLoader.getKeystorePassword(),
|
||||||
issueInstantRule,
|
issueInstantRule,
|
||||||
messageReplayRule,"Redirect");
|
messageReplayRule,
|
||||||
|
"Redirect");
|
||||||
credentialResolver = (CredentialResolver)trustResolver.getKeyStoreCredentialResolver();
|
credentialResolver = (CredentialResolver)trustResolver.getKeyStoreCredentialResolver();
|
||||||
this.securityPolicyResolver = trustResolver.getStaticSecurityPolicyResolver();
|
this.securityPolicyResolver = trustResolver.getStaticSecurityPolicyResolver();
|
||||||
}
|
}
|
||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
package org.maxkey.authz.saml20;
|
package org.maxkey.authz.saml20.binding.impl;
|
||||||
|
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
@ -9,6 +9,8 @@ import org.apache.commons.lang.Validate;
|
|||||||
import org.apache.velocity.app.VelocityEngine;
|
import org.apache.velocity.app.VelocityEngine;
|
||||||
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
||||||
import org.maxkey.authz.saml.common.TrustResolver;
|
import org.maxkey.authz.saml.common.TrustResolver;
|
||||||
|
import org.maxkey.authz.saml20.binding.BindingAdapter;
|
||||||
|
import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
|
||||||
import org.maxkey.crypto.keystore.KeyStoreLoader;
|
import org.maxkey.crypto.keystore.KeyStoreLoader;
|
||||||
import org.maxkey.crypto.keystore.KeyStoreUtil;
|
import org.maxkey.crypto.keystore.KeyStoreUtil;
|
||||||
import org.maxkey.domain.apps.AppsSAML20Details;
|
import org.maxkey.domain.apps.AppsSAML20Details;
|
||||||
@ -32,7 +34,6 @@ import org.opensaml.xml.security.criteria.UsageCriteria;
|
|||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
import org.springframework.beans.factory.InitializingBean;
|
||||||
import org.springframework.beans.factory.annotation.Required;
|
|
||||||
|
|
||||||
public class PostBindingAdapter implements BindingAdapter, InitializingBean{
|
public class PostBindingAdapter implements BindingAdapter, InitializingBean{
|
||||||
private final static Logger logger = LoggerFactory.getLogger(PostBindingAdapter.class);
|
private final static Logger logger = LoggerFactory.getLogger(PostBindingAdapter.class);
|
||||||
@ -73,12 +74,12 @@ public class PostBindingAdapter implements BindingAdapter, InitializingBean{
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Required
|
|
||||||
public void setVelocityEngine(VelocityEngine velocityEngine) {
|
public void setVelocityEngine(VelocityEngine velocityEngine) {
|
||||||
this.velocityEngine = velocityEngine;
|
this.velocityEngine = velocityEngine;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@SuppressWarnings({ "rawtypes", "unchecked" })
|
||||||
public void sendSAMLMessage(SignableSAMLObject samlMessage,
|
public void sendSAMLMessage(SignableSAMLObject samlMessage,
|
||||||
Endpoint endpoint,
|
Endpoint endpoint,
|
||||||
HttpServletRequest request,
|
HttpServletRequest request,
|
||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
package org.maxkey.authz.saml20;
|
package org.maxkey.authz.saml20.binding.impl;
|
||||||
|
|
||||||
import org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder;
|
import org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder;
|
||||||
import org.opensaml.ws.security.SecurityPolicyResolver;
|
import org.opensaml.ws.security.SecurityPolicyResolver;
|
||||||
@ -5,15 +5,11 @@ package org.maxkey.authz.saml20.consumer;
|
|||||||
import org.maxkey.authz.saml.service.IDService;
|
import org.maxkey.authz.saml.service.IDService;
|
||||||
import org.maxkey.authz.saml.service.TimeService;
|
import org.maxkey.authz.saml.service.TimeService;
|
||||||
import org.maxkey.authz.saml20.xml.IssuerGenerator;
|
import org.maxkey.authz.saml20.xml.IssuerGenerator;
|
||||||
import org.opensaml.Configuration;
|
|
||||||
import org.opensaml.saml2.core.AuthnRequest;
|
import org.opensaml.saml2.core.AuthnRequest;
|
||||||
import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
|
import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
|
||||||
import org.opensaml.xml.XMLObjectBuilderFactory;
|
|
||||||
|
|
||||||
|
|
||||||
public class AuthnRequestGenerator {
|
public class AuthnRequestGenerator {
|
||||||
|
|
||||||
private XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
|
|
||||||
|
|
||||||
private final String issuingEntityName;
|
private final String issuingEntityName;
|
||||||
private final TimeService timeService;
|
private final TimeService timeService;
|
||||||
@ -30,10 +26,7 @@ public class AuthnRequestGenerator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public AuthnRequest generateAuthnRequest(String destination, String responseLocation) {
|
public AuthnRequest generateAuthnRequest(String destination, String responseLocation) {
|
||||||
|
AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();
|
||||||
AuthnRequestBuilder authnRequestBuilder = (AuthnRequestBuilder) builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
|
|
||||||
|
|
||||||
AuthnRequest authnRequest = authnRequestBuilder.buildObject();
|
|
||||||
|
|
||||||
authnRequest.setAssertionConsumerServiceURL(responseLocation);
|
authnRequest.setAssertionConsumerServiceURL(responseLocation);
|
||||||
authnRequest.setID(idService.generateID());
|
authnRequest.setID(idService.generateID());
|
||||||
|
|||||||
@ -17,7 +17,7 @@ import org.maxkey.authz.saml.common.EndpointGenerator;
|
|||||||
import org.maxkey.authz.saml.common.TrustResolver;
|
import org.maxkey.authz.saml.common.TrustResolver;
|
||||||
import org.maxkey.authz.saml.service.IDService;
|
import org.maxkey.authz.saml.service.IDService;
|
||||||
import org.maxkey.authz.saml.service.TimeService;
|
import org.maxkey.authz.saml.service.TimeService;
|
||||||
import org.maxkey.authz.saml20.ExtractBindingAdapter;
|
import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
|
||||||
import org.maxkey.authz.saml20.consumer.AuthnRequestGenerator;
|
import org.maxkey.authz.saml20.consumer.AuthnRequestGenerator;
|
||||||
import org.maxkey.authz.saml20.consumer.spring.IdentityProviderAuthenticationException;
|
import org.maxkey.authz.saml20.consumer.spring.IdentityProviderAuthenticationException;
|
||||||
import org.maxkey.authz.saml20.consumer.spring.ServiceProviderAuthenticationException;
|
import org.maxkey.authz.saml20.consumer.spring.ServiceProviderAuthenticationException;
|
||||||
@ -174,13 +174,11 @@ public class ConsumerEndpoint {
|
|||||||
|
|
||||||
public void afterPropertiesSet() throws Exception {
|
public void afterPropertiesSet() throws Exception {
|
||||||
|
|
||||||
authnRequestGenerator = new AuthnRequestGenerator(
|
authnRequestGenerator = new AuthnRequestGenerator(keyStoreLoader.getEntityName(), timeService, idService);
|
||||||
keyStoreLoader.getEntityName(), timeService, idService);
|
|
||||||
endpointGenerator = new EndpointGenerator();
|
endpointGenerator = new EndpointGenerator();
|
||||||
|
|
||||||
CriteriaSet criteriaSet = new CriteriaSet();
|
CriteriaSet criteriaSet = new CriteriaSet();
|
||||||
criteriaSet.add(new EntityIDCriteria(keyStoreLoader
|
criteriaSet.add(new EntityIDCriteria(keyStoreLoader.getEntityName()));
|
||||||
.getEntityName()));
|
|
||||||
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
|
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -210,17 +208,13 @@ public class ConsumerEndpoint {
|
|||||||
InputStream keyStoreStream = new ByteArrayInputStream(keyStoreBytes);
|
InputStream keyStoreStream = new ByteArrayInputStream(keyStoreBytes);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
KeyStore keyStore = KeyStore.getInstance(keyStoreLoader
|
KeyStore keyStore = KeyStore.getInstance(keyStoreLoader.getKeystoreType());
|
||||||
.getKeystoreType());
|
keyStore.load(keyStoreStream, keyStoreLoader.getKeystorePassword().toCharArray());
|
||||||
keyStore.load(keyStoreStream, keyStoreLoader.getKeystorePassword()
|
|
||||||
.toCharArray());
|
|
||||||
|
|
||||||
Map<String, String> passwords = new HashMap<String, String>();
|
Map<String, String> passwords = new HashMap<String, String>();
|
||||||
for (Enumeration<String> en = keyStore.aliases(); en
|
for (Enumeration<String> en = keyStore.aliases(); en.hasMoreElements();) {
|
||||||
.hasMoreElements();) {
|
|
||||||
String aliase = en.nextElement();
|
String aliase = en.nextElement();
|
||||||
if (aliase.equalsIgnoreCase(keyStoreLoader
|
if (aliase.equalsIgnoreCase(keyStoreLoader.getEntityName())) {
|
||||||
.getEntityName())) {
|
|
||||||
passwords.put(aliase, keyStoreLoader.getKeystorePassword());
|
passwords.put(aliase, keyStoreLoader.getKeystorePassword());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,8 +6,6 @@ import java.io.IOException;
|
|||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
|
|||||||
@ -15,8 +15,12 @@ import org.springframework.security.core.AuthenticationException;
|
|||||||
* @author jcox
|
* @author jcox
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class ServiceProviderAuthenticationException extends
|
public class ServiceProviderAuthenticationException extends AuthenticationException {
|
||||||
AuthenticationException {
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
private static final long serialVersionUID = 8817095932085915398L;
|
||||||
|
|
||||||
public ServiceProviderAuthenticationException(String msg, Throwable t) {
|
public ServiceProviderAuthenticationException(String msg, Throwable t) {
|
||||||
super(msg, t);
|
super(msg, t);
|
||||||
|
|||||||
@ -157,25 +157,21 @@ public class MetadataDescriptorUtil {
|
|||||||
// System.out.println("3 : "+idpEntityDescriptor.);
|
// System.out.println("3 : "+idpEntityDescriptor.);
|
||||||
// System.out.println("+"+ entityDescriptor.getOrganization());
|
// System.out.println("+"+ entityDescriptor.getOrganization());
|
||||||
|
|
||||||
List<RoleDescriptor> listRoleDescriptor = entityDescriptor
|
List<RoleDescriptor> listRoleDescriptor = entityDescriptor.getRoleDescriptors();
|
||||||
.getRoleDescriptors();
|
|
||||||
for (RoleDescriptor roleDescriptor : listRoleDescriptor) {
|
for (RoleDescriptor roleDescriptor : listRoleDescriptor) {
|
||||||
|
|
||||||
// SPSSODescriptor
|
// SPSSODescriptor
|
||||||
// sPSSODescriptor1=idpEntityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
|
// sPSSODescriptor1=idpEntityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
|
||||||
if (roleDescriptor instanceof org.opensaml.saml2.metadata.impl.IDPSSODescriptorImpl) {
|
if (roleDescriptor instanceof IDPSSODescriptorImpl) {
|
||||||
IDPSSODescriptor iDPSSODescriptor = (IDPSSODescriptorImpl) roleDescriptor;
|
IDPSSODescriptor iDPSSODescriptor = (IDPSSODescriptorImpl) roleDescriptor;
|
||||||
// System.out.println("3 : "+sPSSODescriptor1.getAssertionConsumerServices().get(0).getLocation());
|
System.out.println("3 : "+iDPSSODescriptor.getSingleSignOnServices().get(0).getLocation());
|
||||||
|
|
||||||
// System.out.println("4 : "+sPSSODescriptor1.getAssertionConsumerServices().get(0).getBinding());
|
|
||||||
|
|
||||||
// System.out.println("- : "+iDPSSODescriptor.getNameIDFormats().get(0).getFormat());
|
// System.out.println("- : "+iDPSSODescriptor.getNameIDFormats().get(0).getFormat());
|
||||||
|
|
||||||
// System.out.println("- : "+iDPSSODescriptor.getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0));
|
// System.out.println("- : "+iDPSSODescriptor.getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0));
|
||||||
} else {
|
} else {
|
||||||
SPSSODescriptor sPSSODescriptor = (SPSSODescriptorImpl) roleDescriptor;
|
SPSSODescriptor sPSSODescriptor = (SPSSODescriptorImpl) roleDescriptor;
|
||||||
|
|
||||||
// System.out.println("- : "+sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());
|
System.out.println("- : "+sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());
|
||||||
|
|
||||||
// System.out.println("- : "+sPSSODescriptor.getAssertionConsumerServices().get(0).getBinding());
|
// System.out.println("- : "+sPSSODescriptor.getAssertionConsumerServices().get(0).getBinding());
|
||||||
}
|
}
|
||||||
|
|||||||
@ -113,7 +113,8 @@ public class MetadataGenerator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public void samlmtest(){
|
@SuppressWarnings({ "unchecked", "rawtypes" })
|
||||||
|
public void samlmtest(){
|
||||||
try {
|
try {
|
||||||
KeyStoreLoader keyStoreLoader=new KeyStoreLoader();
|
KeyStoreLoader keyStoreLoader=new KeyStoreLoader();
|
||||||
keyStoreLoader.setKeystorePassword("secret");
|
keyStoreLoader.setKeystorePassword("secret");
|
||||||
@ -342,7 +343,8 @@ public class MetadataGenerator {
|
|||||||
return encryptionKeyDescriptor;
|
return encryptionKeyDescriptor;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static XMLObject buildXMLObject(QName objectQName){
|
@SuppressWarnings("rawtypes")
|
||||||
|
public static XMLObject buildXMLObject(QName objectQName){
|
||||||
XMLObjectBuilder builder = builderFactory.getBuilder(objectQName);
|
XMLObjectBuilder builder = builderFactory.getBuilder(objectQName);
|
||||||
if(builder == null){
|
if(builder == null){
|
||||||
; //fail("Unable to retrieve builder for object QName " + objectQName);
|
; //fail("Unable to retrieve builder for object QName " + objectQName);
|
||||||
|
|||||||
@ -36,6 +36,7 @@ public class WebServicePostEncoder extends HTTPPostEncoder {
|
|||||||
super(engine, templateId);
|
super(engine, templateId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
public VelocityContext encodeMsgContext(MessageContext messageContext)
|
public VelocityContext encodeMsgContext(MessageContext messageContext)
|
||||||
throws MessageEncodingException {
|
throws MessageEncodingException {
|
||||||
|
|
||||||
@ -66,6 +67,7 @@ public class WebServicePostEncoder extends HTTPPostEncoder {
|
|||||||
* @throws MessageEncodingException
|
* @throws MessageEncodingException
|
||||||
* thrown if there is a problem encoding the message
|
* thrown if there is a problem encoding the message
|
||||||
*/
|
*/
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
protected VelocityContext encodeMsgContext(SAMLMessageContext messageContext)
|
protected VelocityContext encodeMsgContext(SAMLMessageContext messageContext)
|
||||||
throws MessageEncodingException {
|
throws MessageEncodingException {
|
||||||
|
|
||||||
@ -83,6 +85,7 @@ public class WebServicePostEncoder extends HTTPPostEncoder {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
protected void populateVelocityContext(VelocityContext velocityContext,
|
protected void populateVelocityContext(VelocityContext velocityContext,
|
||||||
SAMLMessageContext messageContext) throws MessageEncodingException {
|
SAMLMessageContext messageContext) throws MessageEncodingException {
|
||||||
|
|
||||||
@ -185,6 +188,7 @@ public class WebServicePostEncoder extends HTTPPostEncoder {
|
|||||||
*
|
*
|
||||||
* @return the form control data string for signature computation
|
* @return the form control data string for signature computation
|
||||||
*/
|
*/
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
protected String buildFormDataToSign(VelocityContext velocityContext,
|
protected String buildFormDataToSign(VelocityContext velocityContext,
|
||||||
SAMLMessageContext messageContext, String sigAlgURI) {
|
SAMLMessageContext messageContext, String sigAlgURI) {
|
||||||
StringBuilder builder = new StringBuilder();
|
StringBuilder builder = new StringBuilder();
|
||||||
|
|||||||
@ -9,7 +9,7 @@ import javax.servlet.http.HttpServletResponse;
|
|||||||
import org.joda.time.DateTime;
|
import org.joda.time.DateTime;
|
||||||
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
||||||
import org.maxkey.authz.saml.common.EndpointGenerator;
|
import org.maxkey.authz.saml.common.EndpointGenerator;
|
||||||
import org.maxkey.authz.saml20.BindingAdapter;
|
import org.maxkey.authz.saml20.binding.BindingAdapter;
|
||||||
import org.maxkey.authz.saml20.provider.xml.AuthnResponseGenerator;
|
import org.maxkey.authz.saml20.provider.xml.AuthnResponseGenerator;
|
||||||
import org.maxkey.domain.apps.AppsSAML20Details;
|
import org.maxkey.domain.apps.AppsSAML20Details;
|
||||||
import org.maxkey.web.WebContext;
|
import org.maxkey.web.WebContext;
|
||||||
|
|||||||
@ -6,8 +6,8 @@ import javax.servlet.http.HttpServletRequest;
|
|||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
||||||
import org.maxkey.authz.saml20.BindingAdapter;
|
import org.maxkey.authz.saml20.binding.BindingAdapter;
|
||||||
import org.maxkey.authz.saml20.ExtractBindingAdapter;
|
import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
|
||||||
import org.maxkey.crypto.keystore.KeyStoreLoader;
|
import org.maxkey.crypto.keystore.KeyStoreLoader;
|
||||||
import org.maxkey.crypto.keystore.KeyStoreUtil;
|
import org.maxkey.crypto.keystore.KeyStoreUtil;
|
||||||
import org.maxkey.dao.service.AppsSaml20DetailsService;
|
import org.maxkey.dao.service.AppsSaml20DetailsService;
|
||||||
|
|||||||
@ -6,8 +6,8 @@ import javax.servlet.http.HttpServletRequest;
|
|||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
||||||
import org.maxkey.authz.saml20.BindingAdapter;
|
import org.maxkey.authz.saml20.binding.BindingAdapter;
|
||||||
import org.maxkey.authz.saml20.ExtractBindingAdapter;
|
import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
|
||||||
import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite;
|
import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite;
|
||||||
import org.maxkey.crypto.keystore.KeyStoreUtil;
|
import org.maxkey.crypto.keystore.KeyStoreUtil;
|
||||||
import org.maxkey.dao.service.AppsSaml20DetailsService;
|
import org.maxkey.dao.service.AppsSaml20DetailsService;
|
||||||
@ -105,6 +105,7 @@ public class SingleSignOnEndpoint {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@SuppressWarnings("rawtypes")
|
||||||
public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter,HttpServletRequest request) throws Exception{
|
public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter,HttpServletRequest request) throws Exception{
|
||||||
SAMLMessageContext messageContext;
|
SAMLMessageContext messageContext;
|
||||||
logger.debug("extract SAML Message .");
|
logger.debug("extract SAML Message .");
|
||||||
|
|||||||
@ -1,8 +1,5 @@
|
|||||||
/**
|
/**
|
||||||
*
|
* @author Crystal.Sea
|
||||||
|
* SAML 2.0 must use velocity,but spring 5.* is removed
|
||||||
*/
|
*/
|
||||||
/**
|
package org.springframework.ui.velocity;
|
||||||
* @author Administrator
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
package org.springframework.ui.velocity;
|
|
||||||
|
|||||||
@ -42,21 +42,31 @@
|
|||||||
|
|
||||||
<bean id="mapBasedStorageService" class="org.opensaml.util.storage.MapBasedStorageService"/>
|
<bean id="mapBasedStorageService" class="org.opensaml.util.storage.MapBasedStorageService"/>
|
||||||
|
|
||||||
|
<bean id="replayCache" class="org.opensaml.util.storage.ReplayCache">
|
||||||
|
<constructor-arg ref="mapBasedStorageService"/>
|
||||||
|
<constructor-arg value="${config.saml.v20.replay.cache.life.in.millis}"></constructor-arg>
|
||||||
|
</bean>
|
||||||
|
|
||||||
|
<bean id="messageReplayRule" class="org.opensaml.common.binding.security.MessageReplayRule">
|
||||||
|
<constructor-arg ref="replayCache"/>
|
||||||
|
</bean>
|
||||||
|
|
||||||
<bean id="samlParserPool" class="org.opensaml.xml.parse.BasicParserPool" >
|
<bean id="samlParserPool" class="org.opensaml.xml.parse.BasicParserPool" >
|
||||||
<property name="maxPoolSize" value="${config.saml.v20.max.parser.pool.size}" />
|
<property name="maxPoolSize" value="${config.saml.v20.max.parser.pool.size}" />
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="OpenHTTPPostSimpleSignDecoder" class="org.maxkey.authz.saml20.OpenHTTPPostSimpleSignDecoder">
|
<!-- Decoder -->
|
||||||
|
<bean id="openHTTPPostSimpleSignDecoder" class="org.maxkey.authz.saml20.binding.decoder.OpenHTTPPostSimpleSignDecoder">
|
||||||
<constructor-arg ref="samlParserPool"/>
|
<constructor-arg ref="samlParserPool"/>
|
||||||
<property name="receiverEndpoint" value="${config.saml.v20.idp.receiver.endpoint}" />
|
<property name="receiverEndpoint" value="${config.saml.v20.idp.receiver.endpoint}" />
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="openHTTPPostDecoder" class="org.maxkey.authz.saml20.OpenHTTPPostDecoder">
|
<bean id="openHTTPPostDecoder" class="org.maxkey.authz.saml20.binding.decoder.OpenHTTPPostDecoder">
|
||||||
<constructor-arg ref="samlParserPool"/>
|
<constructor-arg ref="samlParserPool"/>
|
||||||
<property name="receiverEndpoint" value="${config.saml.v20.idp.receiver.endpoint}" />
|
<property name="receiverEndpoint" value="${config.saml.v20.idp.receiver.endpoint}" />
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="openHTTPRedirectDecoder" class="org.maxkey.authz.saml20.OpenHTTPRedirectDecoder">
|
<bean id="openHTTPRedirectDecoder" class="org.maxkey.authz.saml20.binding.decoder.OpenHTTPRedirectDecoder">
|
||||||
<constructor-arg ref="samlParserPool"/>
|
<constructor-arg ref="samlParserPool"/>
|
||||||
<property name="receiverEndpoint" value="${config.saml.v20.idp.receiver.endpoint}" />
|
<property name="receiverEndpoint" value="${config.saml.v20.idp.receiver.endpoint}" />
|
||||||
</bean>
|
</bean>
|
||||||
@ -69,19 +79,9 @@
|
|||||||
|
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
|
<!-- Binding -->
|
||||||
<bean id="replayCache" class="org.opensaml.util.storage.ReplayCache">
|
|
||||||
<constructor-arg ref="mapBasedStorageService"/>
|
|
||||||
<constructor-arg value="${config.saml.v20.replay.cache.life.in.millis}"></constructor-arg>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean id="messageReplayRule" class="org.opensaml.common.binding.security.MessageReplayRule">
|
|
||||||
<constructor-arg ref="replayCache"/>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
|
|
||||||
<!-- ExtractPostBindingAdapter -->
|
<!-- ExtractPostBindingAdapter -->
|
||||||
<bean id="extractPostBindingAdapter" class="org.maxkey.authz.saml20.ExtractPostBindingAdapter">
|
<bean id="extractPostBindingAdapter" class="org.maxkey.authz.saml20.binding.impl.ExtractPostBindingAdapter">
|
||||||
<constructor-arg ref="openHTTPPostDecoder"/>
|
<constructor-arg ref="openHTTPPostDecoder"/>
|
||||||
<property name="keyStoreLoader" ref="keyStoreLoader" />
|
<property name="keyStoreLoader" ref="keyStoreLoader" />
|
||||||
<property name="issueInstantRule" ref="issueInstantRule" />
|
<property name="issueInstantRule" ref="issueInstantRule" />
|
||||||
@ -89,7 +89,7 @@
|
|||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- ExtractRedirectBindingAdapter -->
|
<!-- ExtractRedirectBindingAdapter -->
|
||||||
<bean id="extractRedirectBindingAdapter" class="org.maxkey.authz.saml20.ExtractRedirectBindingAdapter">
|
<bean id="extractRedirectBindingAdapter" class="org.maxkey.authz.saml20.binding.impl.ExtractRedirectBindingAdapter">
|
||||||
<constructor-arg ref="openHTTPRedirectDecoder"/>
|
<constructor-arg ref="openHTTPRedirectDecoder"/>
|
||||||
<property name="keyStoreLoader" ref="keyStoreLoader" />
|
<property name="keyStoreLoader" ref="keyStoreLoader" />
|
||||||
<property name="issueInstantRule" ref="issueInstantRule" />
|
<property name="issueInstantRule" ref="issueInstantRule" />
|
||||||
@ -97,13 +97,13 @@
|
|||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- PostBindingAdapter -->
|
<!-- PostBindingAdapter -->
|
||||||
<bean id="postSimpleSignBindingAdapter" class="org.maxkey.authz.saml20.PostSimpleSignBindingAdapter">
|
<bean id="postSimpleSignBindingAdapter" class="org.maxkey.authz.saml20.binding.impl.PostSimpleSignBindingAdapter">
|
||||||
<property name="velocityEngine" ref="velocityEngine" />
|
<property name="velocityEngine" ref="velocityEngine" />
|
||||||
<property name="issuerEntityName" value="${config.saml.v20.idp.issuer}"/>
|
<property name="issuerEntityName" value="${config.saml.v20.idp.issuer}"/>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- PostBindingAdapter -->
|
<!-- PostBindingAdapter -->
|
||||||
<bean id="postBindingAdapter" class="org.maxkey.authz.saml20.PostBindingAdapter">
|
<bean id="postBindingAdapter" class="org.maxkey.authz.saml20.binding.impl.PostBindingAdapter">
|
||||||
<property name="velocityEngine" ref="velocityEngine" />
|
<property name="velocityEngine" ref="velocityEngine" />
|
||||||
<property name="issuerEntityName" ref="issuerEntityName"/>
|
<property name="issuerEntityName" ref="issuerEntityName"/>
|
||||||
</bean>
|
</bean>
|
||||||
@ -126,7 +126,6 @@
|
|||||||
<property name="keystoreFile" value="${config.saml.v20.idp.keystore}"/>
|
<property name="keystoreFile" value="${config.saml.v20.idp.keystore}"/>
|
||||||
|
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
|
|
||||||
<bean id="spKeyStoreLoader" class="org.maxkey.crypto.keystore.KeyStoreLoader">
|
<bean id="spKeyStoreLoader" class="org.maxkey.crypto.keystore.KeyStoreLoader">
|
||||||
<property name="entityName" value="${config.saml.v20.sp.issuing.entity.id}" />
|
<property name="entityName" value="${config.saml.v20.sp.issuing.entity.id}" />
|
||||||
@ -138,6 +137,7 @@
|
|||||||
<constructor-arg value="${config.saml.v20.sp.issuing.entity.id}"/>
|
<constructor-arg value="${config.saml.v20.sp.issuing.entity.id}"/>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
|
<!-- Metadata -->
|
||||||
<bean id="saml20Metadata" class="org.maxkey.domain.Saml20Metadata">
|
<bean id="saml20Metadata" class="org.maxkey.domain.Saml20Metadata">
|
||||||
<property name="orgName" value="${config.saml.v20.metadata.orgName}" />
|
<property name="orgName" value="${config.saml.v20.metadata.orgName}" />
|
||||||
<property name="orgDisplayName" value="${config.saml.v20.metadata.orgDisplayName}" />
|
<property name="orgDisplayName" value="${config.saml.v20.metadata.orgDisplayName}" />
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user