Verify SAML responses using OpenSAML

coldbox-modules · Aug 30, 2024 · 7cf0359 · 7cf0359
1 parent 43377a4
commit 7cf0359
Show file tree

Hide file tree

Showing 14 changed files with 386 additions and 228 deletions.
diff --git a/ModuleConfig.cfc b/ModuleConfig.cfc
@@ -20,7 +20,7 @@ component {
 	this.entryPoint     = "/cbsso";
 
 	// Dependencies
-	this.dependencies = [ "hyper", "jwtcfml" ];
+	this.dependencies = [ "hyper", "jwtcfml", "cbjavaloader" ];
 
 	routes = [
 		{
@@ -52,7 +52,11 @@ component {
 				// 	accessTokenEndpoint : "https://www.googleapis.com/oauth2/v4/token",
 				// 	redirectUri         : getSystemSetting( key = "GOOGLE_REDIRECT_URI", defaultValue = "" )
 				// }
-			]
+			],
+			cbjavaloader: {
+				loadPaths: [ modulePath & "/lib" ],
+				parentClassLoader: createObject("java", "java.lang.ClassLoader").getSystemClassLoader()
+			}
 		};
 
 		interceptorSettings = { customInterceptionPoints : [ "CBSSOMissingProvider", "CBSSOAuthorization" ] };

diff --git a/box.json b/box.json
@@ -1,65 +1,67 @@
 {
-    "name": "cbsso",
-    "version": "1.0.0",
-    "location": "https://downloads.ortussolutions.com/ortussolutions/coldbox-modules/cbsso/@build.version@/cbsso-@build.version@.zip",
-    "author": "Ortus Solutions <info@ortussolutions.com>",
-    "homepage": "https://github.com/coldbox-modules/cbsso",
-    "documentation": "https://github.com/coldbox-modules/cbsso",
-    "repository": {
-        "type": "git",
-        "url": "https://github.com/coldbox-modules/cbsso"
+    "name":"cbsso",
+    "version":"1.0.0",
+    "location":"https://downloads.ortussolutions.com/ortussolutions/coldbox-modules/cbsso/@build.version@/cbsso-@build.version@.zip",
+    "author":"Ortus Solutions <info@ortussolutions.com>",
+    "homepage":"https://github.com/coldbox-modules/cbsso",
+    "documentation":"https://github.com/coldbox-modules/cbsso",
+    "repository":{
+        "type":"git",
+        "url":"https://github.com/coldbox-modules/cbsso"
     },
-    "bugs": "https://github.com/coldbox-modules/cbsso",
-    "shortDescription": "Description goes here",
-    "slug": "cbsso",
-    "type": "modules",
-    "keywords": "",
-    "license": [
+    "bugs":"https://github.com/coldbox-modules/cbsso",
+    "shortDescription":"Description goes here",
+    "slug":"cbsso",
+    "type":"modules",
+    "keywords":"",
+    "license":[
         {
-            "type": "Apache2",
-            "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
+            "type":"Apache2",
+            "url":"http://www.apache.org/licenses/LICENSE-2.0.html"
         }
     ],
-    "contributors": [ ],
-    "dependencies": {
-        "hyper": "^7.2.1",
-        "jwt-cfml": "^1.2.0"
+    "contributors":[],
+    "dependencies":{
+        "hyper":"^7.2.1",
+        "jwt-cfml":"^1.2.0",
+        "cbjavaloader":"^2.1.1+8"
     },
-    "devDependencies": {
-        "commandbox-cfformat": "*",
-        "commandbox-docbox": "*",
-        "commandbox-dotenv": "*",
-        "commandbox-cfconfig": "*"
+    "devDependencies":{
+        "commandbox-cfformat":"*",
+        "commandbox-docbox":"*",
+        "commandbox-dotenv":"*",
+        "commandbox-cfconfig":"*"
     },
-    "ignore": [
+    "ignore":[
         "**/.*",
         "test-harness",
         "/server*.json"
     ],
-    "scripts": {
-        "setupTemplate": "task run taskFile=build/SetupTemplate.cfc",
-        "build:module": "task run taskFile=build/Build.cfc :projectName=`package show slug` :version=`package show version`",
-        "build:docs": "task run taskFile=build/Build.cfc target=docs :projectName=`package show slug` :version=`package show version`",
-        "install:dependencies": "install && cd test-harness && install",
-        "release": "recipe build/release.boxr",
-        "format": "cfformat run helpers,models,test-harness/tests/,ModuleConfig.cfc --overwrite",
-        "format:watch": "cfformat watch helpers,models,test-harness/tests/,ModuleConfig.cfc ./.cfformat.json",
-        "format:check": "cfformat check helpers,models,test-harness/tests/,ModuleConfig.cfc ./.cfformat.json",
-        "start:lucee": "server start serverConfigFile=server-lucee@5.json",
-        "start:2018": "server start serverConfigFile=server-adobe@2018.json",
-        "start:2021": "server start serverConfigFile=server-adobe@2021.json",
-        "stop:lucee": "server stop serverConfigFile=server-lucee@5.json",
-        "stop:2018": "server stop serverConfigFile=server-adobe@2018.json",
-        "stop:2021": "server stop serverConfigFile=server-adobe@2021.json",
-        "logs:lucee": "server log serverConfigFile=server-lucee@5.json --follow",
-        "logs:2018": "server log serverConfigFile=server-adobe@2018.json --follow",
-        "logs:2021": "server log serverConfigFile=server-adobe@2021.json --follow"
+    "scripts":{
+        "setupTemplate":"task run taskFile=build/SetupTemplate.cfc",
+        "build:module":"task run taskFile=build/Build.cfc :projectName=`package show slug` :version=`package show version`",
+        "build:docs":"task run taskFile=build/Build.cfc target=docs :projectName=`package show slug` :version=`package show version`",
+        "install:dependencies":"install && cd test-harness && install",
+        "release":"recipe build/release.boxr",
+        "format":"cfformat run helpers,models,test-harness/tests/,ModuleConfig.cfc --overwrite",
+        "format:watch":"cfformat watch helpers,models,test-harness/tests/,ModuleConfig.cfc ./.cfformat.json",
+        "format:check":"cfformat check helpers,models,test-harness/tests/,ModuleConfig.cfc ./.cfformat.json",
+        "start:lucee":"server start serverConfigFile=server-lucee@5.json",
+        "start:2018":"server start serverConfigFile=server-adobe@2018.json",
+        "start:2021":"server start serverConfigFile=server-adobe@2021.json",
+        "stop:lucee":"server stop serverConfigFile=server-lucee@5.json",
+        "stop:2018":"server stop serverConfigFile=server-adobe@2018.json",
+        "stop:2021":"server stop serverConfigFile=server-adobe@2021.json",
+        "logs:lucee":"server log serverConfigFile=server-lucee@5.json --follow",
+        "logs:2018":"server log serverConfigFile=server-adobe@2018.json --follow",
+        "logs:2021":"server log serverConfigFile=server-adobe@2021.json --follow"
     },
-    "testbox": {
-        "runner": "http://localhost:60299/tests/runner.cfm"
+    "testbox":{
+        "runner":"http://localhost:60299/tests/runner.cfm"
     },
-    "installPaths": {
-        "hyper": "modules/hyper/",
-        "jwt-cfml": "modules/jwtcfml/"
+    "installPaths":{
+        "hyper":"modules/hyper/",
+        "jwt-cfml":"modules/jwtcfml/",
+        "cbjavaloader":"modules/cbjavaloader/"
     }
 }
diff --git a/java/cbsso-opensaml/app/build.gradle b/java/cbsso-opensaml/app/build.gradle
@@ -8,8 +8,13 @@
 plugins {
     // Apply the application plugin to add support for building a CLI application in Java.
     id 'application'
+
+    id 'com.github.johnrengelman.shadow' version '8.1.1'
 }
 
+sourceCompatibility = 11
+targetCompatibility = 11
+
 repositories {
     // Use Maven Central for resolving dependencies.
     mavenCentral()
@@ -48,6 +53,25 @@ application {
     mainClass = 'cbsso.opensaml.App'
 }
 
+jar {
+    archiveBaseName = "cbsso-opensaml"
+}
+
+shadowJar {
+	archiveBaseName = "cbsso-opensaml"
+    mergeServiceFiles()
+	minimize{
+        exclude( dependency( "org.opensaml:opensaml-core:.*" ) )
+        exclude( dependency( "org.slf4j:.*:.*" ) )
+        exclude( dependency( "org.opensaml:opensaml-saml-impl:.*" ) )
+        exclude( dependency( "org.opensaml:opensaml-soap-api:.*" ) )
+        exclude( dependency( "org.opensaml:opensaml-xmlsec-api:.*" ) )
+        exclude( dependency( "org.opensaml:opensaml-security-api:.*" ) )
+        exclude( dependency( "org.opensaml:opensaml-security-impl:.*" ) )
+        exclude( dependency( "org.opensaml:opensaml-profile-api:.*" ) )
+	}
+}
+
 tasks.named('test') {
     // Use JUnit Platform for unit tests.
     useJUnitPlatform()

diff --git a/java/cbsso-opensaml/app/src/main/java/cbsso/opensaml/App.java b/java/cbsso-opensaml/app/src/main/java/cbsso/opensaml/App.java
diff --git a/java/cbsso-opensaml/app/src/main/java/cbsso/opensaml/AuthNRequestGenerator.java b/java/cbsso-opensaml/app/src/main/java/cbsso/opensaml/AuthNRequestGenerator.java
@@ -18,19 +18,27 @@
 import net.shibboleth.utilities.java.support.xml.ParserPool;
 
 public class AuthNRequestGenerator {
+
+    private static boolean initialized = false;
+
     public static String generateAuthNRequest(String issuerId, String requestId)
             throws InitializationException, ComponentInitializationException {
-        initOpenSAML();
+        // initOpenSAML();
         AuthnRequest authnRequest = buildAuthnRequest(issuerId, requestId);
         return OpenSAMLUtils.stringifySAMLObject(authnRequest);
     }
 
-    private static void initOpenSAML() throws InitializationException, ComponentInitializationException {
+    public synchronized static void initOpenSAML() throws InitializationException, ComponentInitializationException {
+        if (initialized) {
+            return;
+        }
         XMLObjectProviderRegistry registry = new XMLObjectProviderRegistry();
         ConfigurationService.register(XMLObjectProviderRegistry.class, registry);
 
         registry.setParserPool(getParserPool());
         InitializationService.initialize();
+
+        initialized = true;
     }
 
     private static ParserPool getParserPool() throws ComponentInitializationException {